From: Alan T. DeKok Date: Thu, 7 Sep 2023 18:52:05 +0000 (-0400) Subject: make pair_legacy_nested=true the default X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fca89e096d2d66fdfd529a09b3435650ec9344c3;p=thirdparty%2Ffreeradius-server.git make pair_legacy_nested=true the default EAP-SIM and TACACS+ do not yet handle nested attributes, so they manually set the flag to false. --- diff --git a/src/bin/unit_test_attribute.c b/src/bin/unit_test_attribute.c index 204e2d5b49c..2be133ac59c 100644 --- a/src/bin/unit_test_attribute.c +++ b/src/bin/unit_test_attribute.c @@ -2273,10 +2273,6 @@ static size_t command_migrate(command_result_t *result, UNUSED command_file_ctx_ p += sizeof("pair_legacy_nested") - 1; out = &fr_pair_legacy_nested; - } else if (strncmp(p, "pair_legacy_print_nested", sizeof("pair_legacy_print_nested") - 1) == 0) { - p += sizeof("pair_legacy_print_nested") - 1; - out = &fr_pair_legacy_print_nested; - } else { fr_strerror_const("Unknown migration flag"); RETURN_PARSE_ERROR(0); @@ -3643,6 +3639,8 @@ int main(int argc, char *argv[]) goto cleanup; } + fr_pair_legacy_nested = true; /* force migration flags */ + if (receipt_file && (fr_unlink(receipt_file) < 0)) { fr_perror("unit_test_attribute"); EXIT_WITH_FAILURE; diff --git a/src/tests/unit/file.txt b/src/tests/unit/file.txt index b7eac60ecb7..832e134f782 100644 --- a/src/tests/unit/file.txt +++ b/src/tests/unit/file.txt @@ -12,38 +12,26 @@ proto-dictionary radius # @todo - future - we arguably want to force nesting on these attributes? Or change the nesting when printed? # read_file files/cisco_avpair.txt -match User-Name = "bob", User-Password = "hello", Vendor-Specific.Cisco.AVPair = "1", Vendor-Specific.Cisco.AVPair += "2", Vendor-Specific.Cisco.AVPair += "3", Vendor-Specific.Cisco.AVPair += "4" - -# nested -#match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } +match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } # # Relative attributes, all on the same line. # read_file files/cisco_relative.txt -match User-Name = "bob", User-Password = "hello", Vendor-Specific.Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } - -# nested -#match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } +match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } # # Relative attributes, each on a different line # read_file files/cisco_multiline_relative.txt -match User-Name = "bob", User-Password = "hello", Vendor-Specific.Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } - -# nested -#match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } +match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } # # Multiple Cisco AVPAir, all on one line # read_file files/cisco_single_line.txt -match User-Name = "bob", User-Password = "hello", Vendor-Specific.Cisco.AVPair = "1", Vendor-Specific.Cisco.AVPair += "2", Vendor-Specific.Cisco.AVPair += "3", Vendor-Specific.Cisco.AVPair += "4" - -# nested -#match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } +match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } count match 9 diff --git a/src/tests/unit/file_nested.txt b/src/tests/unit/file_nested.txt index ee8b92c261b..1598437d607 100644 --- a/src/tests/unit/file_nested.txt +++ b/src/tests/unit/file_nested.txt @@ -7,7 +7,6 @@ # proto-dictionary radius -migrate pair_legacy_nested = yes # # Fully specified paths. @@ -35,4 +34,4 @@ read_file files/cisco_single_line.txt match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } count -match 10 +match 9 diff --git a/src/tests/unit/file_unflatten.txt b/src/tests/unit/file_unflatten.txt index 84698140432..5fa34c100fb 100644 --- a/src/tests/unit/file_unflatten.txt +++ b/src/tests/unit/file_unflatten.txt @@ -6,16 +6,9 @@ proto-dictionary radius -# -# The same as "file.txt", but where we set a migration flag which prints flat attributes as nested. -# -migrate pair_legacy_print_nested = true - # # Fully specified paths. # -# @todo - we arguably want to force nesting on these attributes? Or change the nesting when printed? -# read_file files/cisco_avpair.txt match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } @@ -39,4 +32,4 @@ read_file files/cisco_single_line.txt match User-Name = "bob", User-Password = "hello", Vendor-Specific = { Cisco = { AVPair = "1", AVPair += "2", AVPair += "3", AVPair += "4" } } count -match 10 +match 9 diff --git a/src/tests/unit/protocols/dhcpv4/vendor.txt b/src/tests/unit/protocols/dhcpv4/vendor.txt index eb0bc049281..30ebba18fd1 100644 --- a/src/tests/unit/protocols/dhcpv4/vendor.txt +++ b/src/tests/unit/protocols/dhcpv4/vendor.txt @@ -5,8 +5,6 @@ proto dhcpv4 proto-dictionary dhcpv4 fuzzer-out dhcpv4 -migrate pair_legacy_nested=true - # # When the caller gives us flat lists, we create nested ones. # @@ -38,4 +36,4 @@ decode-pair 7d 0d 00 00 00 09 09 05 06 61 61 2e 74 78 74 match V-I-Vendor-Specific = { raw.Cisco = 0x09050661612e747874 } count -match 20 +match 19 diff --git a/src/tests/unit/protocols/eap/sim/encode.txt b/src/tests/unit/protocols/eap/sim/encode.txt index 3147030e6b1..18bf19a5dc5 100644 --- a/src/tests/unit/protocols/eap/sim/encode.txt +++ b/src/tests/unit/protocols/eap/sim/encode.txt @@ -4,11 +4,12 @@ # Only run the tests if we have TLS support need-feature tls - # Load the EAP-AKA/SIM encoder/decoder proto eap-aka-sim proto-dictionary eap-aka-sim eap/aka-sim +migrate pair_legacy_nested = false + # Boolean attribute encode-pair.sim_tp_encode Any-ID-Req = yes match 0d 01 00 00 @@ -125,4 +126,4 @@ encode-pair.sim_tp_encode_rfc4186 IV = 0xcdf7ffa65de04c026b56c86b76b102ea, Encr- match 81 05 00 00 cd f7 ff a6 5d e0 4c 02 6b 56 c8 6b 76 b1 02 ea 82 05 00 00 b6 ed d3 82 79 e2 a1 42 3c 1a fc 5c 45 5c 7d 56 count -match 62 +match 63 diff --git a/src/tests/unit/protocols/eap/sim/encrypted.txt b/src/tests/unit/protocols/eap/sim/encrypted.txt index 350ccf2a261..63dc0fe7f6e 100644 --- a/src/tests/unit/protocols/eap/sim/encrypted.txt +++ b/src/tests/unit/protocols/eap/sim/encrypted.txt @@ -9,6 +9,8 @@ need-feature tls proto eap-aka-sim proto-dictionary eap-aka-sim eap/aka-sim +migrate pair_legacy_nested = false + # Encr-Data attributes should not be split between multiple outer TLVs (regression test) encode-pair.sim_tp_encode_rfc4186 IV = 0xd585ac7786b90336657c77b46575b9c4, Encr-Data.Next-Reauth-ID = "8osafwilQBCdof4", Encr-Data.Next-Pseudonym = "7QSzGAfgFKU8De9", Encr-Data.Nonce-S = 0xd61d1c6124106953f6f7283ae680a5ed, Encr-Data.Counter = 1 match 81 05 00 00 d5 85 ac 77 86 b9 03 36 65 7c 77 b4 65 75 b9 c4 82 11 00 00 6e a1 2b 5c d1 57 fa fc be a9 c9 7c ad 30 07 ff 72 dc cb c8 a9 96 b3 33 1f 71 aa 06 bb f0 1d 04 6b 51 9e fa 83 31 11 67 c6 93 1e 9c 06 5c 1f 2c 62 0d 1d 6d b0 b1 59 2f 91 f1 56 98 a9 e2 dc 3c diff --git a/src/tests/unit/protocols/internal/encode.txt b/src/tests/unit/protocols/internal/encode.txt index 109540e04a3..d497c1deff0 100644 --- a/src/tests/unit/protocols/internal/encode.txt +++ b/src/tests/unit/protocols/internal/encode.txt @@ -10,4 +10,10 @@ encode-pair User-Name = "0123456789012345678901234567890123456789012345678901234 match 04 01 01 2c 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 encode-pair Extended-Attribute-1.Unit-Ext-241-TLV.Unit-TLV-Integer = 1, Extended-Attribute-1.Unit-Ext-241-TLV.Unit-TLV-Integer = 2 -match 00 f1 0a 00 f3 07 00 01 04 00 00 00 01 00 f1 0a 00 f3 07 00 01 04 00 00 00 02 +match 00 f1 11 00 f3 0e 00 01 04 00 00 00 01 00 01 04 00 00 00 02 + +decode-pair - +match Extended-Attribute-1 = { Unit-Ext-241-TLV = { Unit-TLV-Integer = 1, Unit-TLV-Integer = 2 } } + +count +match 10 diff --git a/src/tests/unit/protocols/radius/time_delta.txt b/src/tests/unit/protocols/radius/time_delta.txt index 0186414cbd1..f8d248921e0 100644 --- a/src/tests/unit/protocols/radius/time_delta.txt +++ b/src/tests/unit/protocols/radius/time_delta.txt @@ -5,8 +5,6 @@ proto radius proto-dictionary radius fuzzer-out radius -migrate pair_legacy_nested = true - # # Time delta in milliseconds. # @@ -121,4 +119,4 @@ decode-pair - match Unit-TLV = { Delta-MSec-int32 = 2147483647 } count -match 66 +match 65 diff --git a/src/tests/unit/protocols/radius/unit.txt b/src/tests/unit/protocols/radius/unit.txt index ebdf2532827..7066de856af 100644 --- a/src/tests/unit/protocols/radius/unit.txt +++ b/src/tests/unit/protocols/radius/unit.txt @@ -3,8 +3,6 @@ proto radius proto-dictionary radius fuzzer-out radius -migrate pair_legacy_nested = true - # # And using the dictionaries # @@ -80,4 +78,4 @@ pair Unit-TLV.Milliseconds = "2019-08-21T07:40:31.123-04:00" match Unit-TLV = { Milliseconds = "2019-08-21T03:40:31.123Z" } count -match 36 +match 35 diff --git a/src/tests/unit/protocols/radius/wimax.txt b/src/tests/unit/protocols/radius/wimax.txt index 199f6576403..632f8c9337d 100644 --- a/src/tests/unit/protocols/radius/wimax.txt +++ b/src/tests/unit/protocols/radius/wimax.txt @@ -2,8 +2,6 @@ proto radius proto-dictionary radius fuzzer-out radius -migrate pair_legacy_nested=true - # # Test vectors for WiMAX attributes. # @@ -312,4 +310,4 @@ match Vendor-Specific.WiMAX.Capability = { Release = "1.0", Accounting-Capabilit count -match 148 +match 147 diff --git a/src/tests/unit/protocols/tacacs/base.txt b/src/tests/unit/protocols/tacacs/base.txt index edcb9c2c6e3..5f2892254c2 100644 --- a/src/tests/unit/protocols/tacacs/base.txt +++ b/src/tests/unit/protocols/tacacs/base.txt @@ -6,6 +6,8 @@ proto tacacs proto-dictionary tacacs fuzzer-out tacacs +migrate pair_legacy_nested = false + # ./pam_tacplus/tacc -TRA -u bob -p hello -s 172.17.0.2 -r 1.1.1.1 -k testing123 -S ppp -P ip -L pap # N.B. decrypted and unencrypted flag has been set @@ -70,4 +72,4 @@ decode-proto c002 20ff 2020 2020 0000 0043 2009 0000 0009 000a 2120 2020 2020 20 match Argument 3 length 32 overflows packet count -match 29 +match 30 diff --git a/src/tests/unit/protocols/tacacs/regression.txt b/src/tests/unit/protocols/tacacs/regression.txt index 92d71df39d3..336a62696c0 100644 --- a/src/tests/unit/protocols/tacacs/regression.txt +++ b/src/tests/unit/protocols/tacacs/regression.txt @@ -6,6 +6,8 @@ proto tacacs proto-dictionary tacacs fuzzer-out tacacs +migrate pair_legacy_nested = false + # # Authorization - Response: (Client <- Server) # @@ -17,4 +19,4 @@ encode-proto Packet.Version-Major = Plus, Packet.Version-Minor = 0, Packet.Packe match c0 02 02 04 e1 66 78 e6 00 00 00 13 02 59 f9 90 38 81 e1 bb 9d a6 13 93 fc 86 7e 4a 14 1c 24 count -match 5 +match 6