From: Alan T. DeKok Date: Sun, 17 Dec 2023 23:14:41 +0000 (-0500) Subject: make sure to handle nested, too X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2665ec09197a6d8d8d9d23d10a5bd4b400c7f55;p=thirdparty%2Ffreeradius-server.git make sure to handle nested, too and add tests so that everything is parented correctly --- diff --git a/src/lib/server/pairmove.c b/src/lib/server/pairmove.c index ca0f0b34356..ff21e73c9d0 100644 --- a/src/lib/server/pairmove.c +++ b/src/lib/server/pairmove.c @@ -331,32 +331,32 @@ int fr_pairmove_map(request_t *request, map_t const *map) switch (map->op) { case T_OP_CMP_FALSE: /* delete all */ - fr_pair_delete_by_da(list, da); + fr_pair_delete_by_da_nested(list, da); break; case T_OP_EQ: /* set only if not already exist */ - vp = fr_pair_find_by_da(list, NULL, da); + vp = fr_pair_find_by_da_nested(list, NULL, da); if (vp) return 0; goto add; case T_OP_SET: /* delete all and set one */ - fr_pair_delete_by_da(list, da); + fr_pair_delete_by_da_nested(list, da); FALL_THROUGH; case T_OP_ADD_EQ: /* append one */ add: - vp = fr_pair_afrom_da(ctx, da); + vp = fr_pair_afrom_da_nested(ctx, list, da); if (!vp) return -1; if (fr_value_box_copy(vp, &vp->data, tmpl_value(map->rhs)) < 0) { talloc_free(vp); return -1; } - - fr_pair_append(list, vp); break; case T_OP_PREPEND: /* prepend one */ + fr_assert(0); /* doesn't work with nested? */ + vp = fr_pair_afrom_da(ctx, da); if (!vp) return -1; @@ -369,7 +369,7 @@ int fr_pairmove_map(request_t *request, map_t const *map) break; case T_OP_SUB_EQ: /* delete if match */ - vp = fr_pair_find_by_da(list, NULL, da); + vp = fr_pair_find_by_da_nested(list, NULL, da); if (!vp) break; redo_sub: @@ -379,7 +379,9 @@ int fr_pairmove_map(request_t *request, map_t const *map) if (rcode < 0) return -1; if (rcode == 1) { - fr_pair_delete(list, vp); + fr_pair_list_t *parent = fr_pair_parent_list(vp); + + fr_pair_delete(parent, vp); } if (!next) break; @@ -389,7 +391,7 @@ int fr_pairmove_map(request_t *request, map_t const *map) case T_OP_CMP_EQ: /* replace if not == */ case T_OP_LE: /* replace if not <= */ case T_OP_GE: /* replace if not >= */ - vp = fr_pair_find_by_da(list, NULL, da); + vp = fr_pair_find_by_da_nested(list, NULL, da); if (!vp) goto add; redo_filter: @@ -402,7 +404,7 @@ int fr_pairmove_map(request_t *request, map_t const *map) } } - vp = fr_pair_find_by_da(list, vp, da); + vp = fr_pair_find_by_da_nested(list, vp, da); if (vp) goto redo_filter; break; diff --git a/src/tests/modules/files/authorize b/src/tests/modules/files/authorize index b563196982a..fe159fa47c6 100644 --- a/src/tests/modules/files/authorize +++ b/src/tests/modules/files/authorize @@ -113,6 +113,10 @@ addcontrol Reply-Message += "success2" regex NAS-Identifier =~ /der/, Password.Cleartext := "testing123" Reply-Message := "wonderful" +vendor Password.Cleartext := "we_are_so_smart" + Cisco.AVPair := "1", + Cisco.AVPair += "2" + DEFAULT User-Name == "cmp_eq", Password.Cleartext := "hopping" Reply-Message := "success-cmp_eq" diff --git a/src/tests/modules/files/vendor.attrs b/src/tests/modules/files/vendor.attrs new file mode 100644 index 00000000000..e80e8bbc874 --- /dev/null +++ b/src/tests/modules/files/vendor.attrs @@ -0,0 +1,13 @@ +# +# Input packet +# +Packet-Type = Access-Request +User-Name = "vendor" +User-Password = "we_are_so_smart" + +# +# Expected answer +# +Packet-Type == Access-Accept +Vendor-Specific == { Cisco == { AVPair == "1", AVPair == "2" } } + diff --git a/src/tests/modules/files/vendor.unlang b/src/tests/modules/files/vendor.unlang new file mode 100644 index 00000000000..4a0a1666c9b --- /dev/null +++ b/src/tests/modules/files/vendor.unlang @@ -0,0 +1,4 @@ +# +# Really a test of nested VPs +# +files