diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:46 +0000 |
commit | 50b37d4a27d3295a29afca2286f1a5a086142cec (patch) | |
tree | 9212f763934ee090ef72d823f559f52ce387f268 /src/tests/keywords/update | |
parent | Initial commit. (diff) | |
download | freeradius-upstream.tar.xz freeradius-upstream.zip |
Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
22 files changed, 1591 insertions, 0 deletions
diff --git a/src/tests/keywords/update b/src/tests/keywords/update new file mode 100644 index 0000000..97a2557 --- /dev/null +++ b/src/tests/keywords/update @@ -0,0 +1,7 @@ +update control { + Cleartext-Password := 'hello' +} + +update reply { + Filter-Id := "filter" +} diff --git a/src/tests/keywords/update-add-ref-index b/src/tests/keywords/update-add-ref-index new file mode 100644 index 0000000..7f5e74a --- /dev/null +++ b/src/tests/keywords/update-add-ref-index @@ -0,0 +1,118 @@ +# +# PRE: update array +# + +update request { + reply:Filter-Id := "filter" + Class := 0x01020304 + Class += 0x05060708 + Class += 0x090a0b0c +} + +# +# Copy all the class attributes to Proxy-State +# +update request { + Proxy-State += &Class[*] +} + +if (&Proxy-State[0] != 0x01020304) { + update reply { + Filter-Id := "fail 0a" + } +} + +# Must be the same as above +if (&Proxy-State[1] != 0x05060708) { + update reply { + Filter-Id += "fail 0b" + } +} + +if (&Proxy-State[2] != 0x090a0b0c) { + update reply { + Filter-Id += "fail 0c" + } +} + +# must not exist +if (&Proxy-State[3]) { + update reply { + Filter-Id += "fail 1" + } +} + +# Remove all the Proxy-State attributes +update request { + Proxy-State !* ANY +} + +# +# Copy the first instance (implicitly) of class +# +update request { + Proxy-State += &Class +} + +if (&Proxy-State[0] != 0x01020304) { + update reply { + Filter-Id := "fail 2a" + } +} + +# Must be the same as above +if (&Proxy-State[1]) { + update reply { + Filter-Id += "fail 2b" + } +} + +# Remove all the Proxy-State attributes +update request { + Proxy-State !* ANY +} + +# +# Copy the first instance (explicitly) of class +# +update request { + Proxy-State += &Class[0] +} + +if (&Proxy-State[0] != 0x01020304) { + update reply { + Filter-Id := "fail 3a" + } +} + +# Must be the same as above +if (&Proxy-State[1]) { + update reply { + Filter-Id += "fail 3b" + } +} + +# Remove all the Proxy-State attributes +update request { + Proxy-State !* ANY +} + +# +# Copy the second instance of class +# +update request { + Proxy-State += &Class[1] +} + +if (&Proxy-State[0] != 0x05060708) { + update reply { + Filter-Id := "fail 4a" + } +} + +# Must be the same as above +if (&Proxy-State[1]) { + update reply { + Filter-Id += "fail 4b" + } +} diff --git a/src/tests/keywords/update-add-ref-tag b/src/tests/keywords/update-add-ref-tag new file mode 100644 index 0000000..39800b8 --- /dev/null +++ b/src/tests/keywords/update-add-ref-tag @@ -0,0 +1,118 @@ +# +# PRE: update array +# + +update request { + reply:Filter-Id := "filter" + request:Tunnel-Server-Endpoint += '192.0.1.1' + request:Tunnel-Server-Endpoint += '192.0.1.2' + request:Tunnel-Server-Endpoint:1 += '192.0.1.1' + request:Tunnel-Server-Endpoint:2 += '192.0.2.1' + request:Tunnel-Server-Endpoint:2 += '192.0.2.2' + request:Tunnel-Server-Endpoint:3 += '192.0.3.1' +} + +# +# Copy all Tunnel-Server-Endpoint attributes +# +update request { + control:Tunnel-Server-Endpoint += &Tunnel-Server-Endpoint[*] +} + +if ((&control:Tunnel-Server-Endpoint[0] != '192.0.1.1') || \ + (&control:Tunnel-Server-Endpoint[1] != '192.0.1.2') || \ + (&control:Tunnel-Server-Endpoint[2] != '192.0.1.1') || \ + (&control:Tunnel-Server-Endpoint[3] != '192.0.2.1') || \ + (&control:Tunnel-Server-Endpoint[4] != '192.0.2.2') || \ + (&control:Tunnel-Server-Endpoint[5] != '192.0.3.1') || \ + &control:Tunnel-Server-Endpoint[6]) { + update reply { + Filter-Id := "fail 0" + } +} + +# +# Clear out control attributes... +# +update control { + Tunnel-Server-Endpoint !* ANY +} + +# +# Copy all Tunnel-Server-Endpoint attributes with tag 2 +# +update request { + control:Tunnel-Server-Endpoint += &Tunnel-Server-Endpoint:2[*] +} + +if ((&control:Tunnel-Server-Endpoint[0] != '192.0.2.1') || \ + (&control:Tunnel-Server-Endpoint[1] != '192.0.2.2') || \ + &control:Tunnel-Server-Endpoint[2]) { + update reply { + Filter-Id := "fail 1" + } +} + +# +# Clear out control attributes... +# +update control { + Tunnel-Server-Endpoint !* ANY +} + +# +# Copy all Tunnel-Server-Endpoint attributes with no tag +# +update request { + control:Tunnel-Server-Endpoint += &Tunnel-Server-Endpoint:0[*] +} + +if ((&control:Tunnel-Server-Endpoint[0] != '192.0.1.1') || \ + (&control:Tunnel-Server-Endpoint[1] != '192.0.1.2') || \ + &control:Tunnel-Server-Endpoint[2]) { + update reply { + Filter-Id := "fail 2" + } +} + +# +# Clear out control attributes... +# +update control { + Tunnel-Server-Endpoint !* ANY +} + +# +# Copy the first attribute with tag 2 (implicit) +# +update request { + control:Tunnel-Server-Endpoint += &Tunnel-Server-Endpoint:2 +} + +if ((&control:Tunnel-Server-Endpoint[0] != '192.0.2.1') || \ + &control:Tunnel-Server-Endpoint[1]) { + update reply { + Filter-Id := "fail 3" + } +} + +# +# Clear out control attributes... +# +update control { + Tunnel-Server-Endpoint !* ANY +} + +# +# Copy the first attribute with tag 2 (explicit) +# +update request { + control:Tunnel-Server-Endpoint += &Tunnel-Server-Endpoint:2[0] +} + +if ((&control:Tunnel-Server-Endpoint[0] != '192.0.2.1') || \ + &control:Tunnel-Server-Endpoint[1]) { + update reply { + Filter-Id := "fail 4" + } +} diff --git a/src/tests/keywords/update-all b/src/tests/keywords/update-all new file mode 100644 index 0000000..549a122 --- /dev/null +++ b/src/tests/keywords/update-all @@ -0,0 +1,9 @@ +# +# PRE: update +# +# A more generic "update" mechanism +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := "filter" +} diff --git a/src/tests/keywords/update-array b/src/tests/keywords/update-array new file mode 100644 index 0000000..c872f4e --- /dev/null +++ b/src/tests/keywords/update-array @@ -0,0 +1,63 @@ +# +# PRE: update array +# + +update request { + Class := 0x01020304 + Class += 0x05060708 + Class += 0x090a0b0c +} + + +# +# Use array references in the RHS +# of the update section +# + +update request { + Proxy-State += &Class[0] + Proxy-State += &Class[1] + Proxy-State += &Class[2] +} + +if (&Proxy-State != 0x01020304) { + update reply { + Filter-Id := "fail 0" + } +} + +# Must be the same as above +if (&Proxy-State[0] != 0x01020304) { + update reply { + Filter-Id += "fail 0a" + } +} + +if (&Proxy-State[1] != 0x05060708) { + update reply { + Filter-Id += "fail 1" + } +} + +if (&Proxy-State[2] != 0x090a0b0c) { + update reply { + Filter-Id += "fail 2" + } +} + +# must not exist +if (&Proxy-State[3]) { + update reply { + Filter-Id += "fail 3" + } +} + +# +# The test passes only if no test above +# added a Filter-Id +# +if (!reply:Filter-Id) { + update reply { + Filter-Id := "filter" + } +}
\ No newline at end of file diff --git a/src/tests/keywords/update-delete b/src/tests/keywords/update-delete new file mode 100644 index 0000000..a5c2d5a --- /dev/null +++ b/src/tests/keywords/update-delete @@ -0,0 +1,40 @@ +# +# PRE: update +# +# Remove all attributes in a list +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := 'filter' +} + +update request { + Tmp-String-0 := 'foobarbaz' + Tmp-Integer-0 := 123456789 + Tmp-IP-Address-0 := 192.0.2.1 +} + +if ((Tmp-String-0 != 'foobarbaz') || (Tmp-Integer-0 != 123456789) || (Tmp-IP-Address-0 != 192.0.2.1)) { + update { + reply:Filter-Id := 'fail' + } +} + +# Remove all attributes in the control list +update { + request: !* ANY +} + +# All attributes should now of been removed +if ((Tmp-String-0 && (Tmp-String-0 == 'foobarbaz')) || \ + (Tmp-Integer-0 && (Tmp-Integer-0 == 123456789)) || \ + (Tmp-IP-Address-0 && (Tmp-IP-Address-0 == 192.0.2.1))) { + update { + reply:Filter-Id := 'fail' + } +} + +# This will of been removed too +update request { + User-Password := 'hello' +} diff --git a/src/tests/keywords/update-error b/src/tests/keywords/update-error new file mode 100644 index 0000000..92e0ed2 --- /dev/null +++ b/src/tests/keywords/update-error @@ -0,0 +1,9 @@ +# +# PRE: update +# +# It's an error to update lists that don't exist. +# +update no-such-list { # ERROR + control:Cleartext-Password := 'hello' + reply:Filter-Id := "filter" +} diff --git a/src/tests/keywords/update-error-2 b/src/tests/keywords/update-error-2 new file mode 100644 index 0000000..1fe98f0 --- /dev/null +++ b/src/tests/keywords/update-error-2 @@ -0,0 +1,9 @@ +# +# PRE: update-error +# +# It's an error to update lists that don't exist. +# +update { + no-such-list:Cleartext-Password := 'hello' # ERROR + reply:Filter-Id := "filter" +} diff --git a/src/tests/keywords/update-error-3 b/src/tests/keywords/update-error-3 new file mode 100644 index 0000000..ffab73a --- /dev/null +++ b/src/tests/keywords/update-error-3 @@ -0,0 +1,10 @@ +# +# PRE: update-error +# +# It's an error to assign literal values which are not +# part of the set of enumerated values for an attribute +# +update { + Service-Type := 'hello' # ERROR + reply:Filter-Id := "filter" +} diff --git a/src/tests/keywords/update-exec b/src/tests/keywords/update-exec new file mode 100644 index 0000000..b9a0f73 --- /dev/null +++ b/src/tests/keywords/update-exec @@ -0,0 +1,94 @@ +# +# PRE: update if redundant +# +update control { + Cleartext-Password := 'hello' +} + +update reply { + Filter-Id := "filter" +} + +# +# Exec with script output to attribute +# +update request { + Tmp-String-0 = `/bin/sh -c "echo 'foo bar baz'"` +} + +if (Tmp-String-0 != "foo bar baz") { + update reply { + Filter-Id += "fail 1" + } +} + +# +# Exec with output to list (single attribute) +# +update { + request: = `/bin/sh -c "echo Tmp-String-0 := foo"` +} + +if (Tmp-String-0 != 'foo') { + update reply { + Filter-Id += "fail 2" + } +} + +# +# Exec with output to list (multiple attributes) +# +update { + request: = `/bin/sh -c 'echo Tmp-String-0 := foo, Tmp-String-1 := bar'` +} + +if ((Tmp-String-0 != 'foo') || (Tmp-String-1 != 'bar')) { + update reply { + Filter-Id += "fail 3" + } +} + +# +# Failed exec (malformed attributes) - check no attributes are added +# +update request { + Tmp-String-0 !* ANY + Tmp-String-1 !* ANY +} + +redundant { + group { + update { + request: = `/bin/sh -c 'echo Tmp-String-0 := foo, Tmp-String-1 ?= bar'` + } + } + ok +} +if (Tmp-String-0 || Tmp-String-1) { + update reply { + Filter-Id += "fail 4" + } +} + +# +# Exec with output to list - error code +# +update request { + Tmp-String-0 !* ANY + Tmp-String-1 !* ANY +} + +redundant { + group { + update { + request: = `/bin/sh -c 'echo Tmp-String-0 := foo; exit 64'` + } + } + ok +} +if (Tmp-String-0) { + update reply { + Filter-Id += "fail 5" + } +} + diff --git a/src/tests/keywords/update-filter b/src/tests/keywords/update-filter new file mode 100644 index 0000000..30f96be --- /dev/null +++ b/src/tests/keywords/update-filter @@ -0,0 +1,75 @@ +# +# PRE: update +# +update control { + Tmp-Integer-0 := 5 + Tmp-Integer-0 += 10 + Tmp-Integer-0 += 15 + Tmp-Integer-0 += 20 + Tmp-String-0 := 'foo' + Tmp-String-0 += 'baz' + Tmp-String-0 += 'boink' +} + +# +# Reset the request list +# +update { + &request: !* ANY + &request: += &control:[*] +} + +debug_request + +# +# Only matching attributes of the specified type should remain +# +update request { + &Tmp-Integer-0 == 10 +} + +if (&Tmp-Integer-0[0] != 10) { + update reply { + Filter-Id += "fail 1" + } +} + +if ("%{Tmp-Integer-0[#]}" != 1) { + update reply { + Filter-Id += "fail 2" + } +} + +if ("%{Tmp-String-0[#]}" != 3) { + update reply { + Filter-Id += "fail 3" + } +} + +debug_request + +# +# Only matching attributes of the specified type should remain +# +update request { + &Tmp-String-0 == 'baz' +} + +if (&Tmp-String-0[0] != 'baz') { + update reply { + Filter-Id += "fail 4" + } +} + +if ("%{Tmp-String-0[#]}" != 1) { + update reply { + Filter-Id += "fail 5" + } +} + +update { + control:Auth-Type := Accept + reply:Filter-Id := "filter" +} + +debug_request diff --git a/src/tests/keywords/update-index b/src/tests/keywords/update-index new file mode 100644 index 0000000..390aca7 --- /dev/null +++ b/src/tests/keywords/update-index @@ -0,0 +1,52 @@ +# +# PRE: update update-remove-index +# +# A more generic "update" mechanism +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := "filter" +} + +update { + control:Reply-Message += 'a' + control:Reply-Message += 'b' + control:Reply-Message += 'c' +} + +if ((&control:Reply-Message[0] != 'a') || (&control:Reply-Message[1] != 'b') || (&control:Reply-Message[2] != 'c')) { + update { + reply:Filter-Id := 'Fail 0' + } +} + +# Overwrite a specific index, and check the value here is replaced +update { + &control:Reply-Message[1] := 'd' +} + +if ((&control:Reply-Message[0] != 'a') || (&control:Reply-Message[1] != 'd') || (&control:Reply-Message[2] != 'c')) { + update { + reply:Filter-Id := 'Fail 1' + } +} + +# Check isolation... +update { + &control:Reply-Message[0] := &control:Reply-Message[0] +} + +if ((&control:Reply-Message[0] != 'a') || (&control:Reply-Message[1] != 'd') || (&control:Reply-Message[2] != 'c')) { + update { + reply:Filter-Id := 'Fail 2' + } +} + +# Verify we haven't acquired any extra.. + +if ("%{control:Reply-Message[#]}" != 3) { + update { + reply:Filter-Id := 'Fail 3' + } +} + diff --git a/src/tests/keywords/update-list-error b/src/tests/keywords/update-list-error new file mode 100644 index 0000000..2613055 --- /dev/null +++ b/src/tests/keywords/update-list-error @@ -0,0 +1,19 @@ +# +# PRE: update +# +# It's an error to update lists that don't exist. +# +update { + request := reply + config += request + reply !* ANY +} + +update { + reply += `/path/to/foo bar baz` +} + + +update { + request := nope # ERROR +} diff --git a/src/tests/keywords/update-operator b/src/tests/keywords/update-operator new file mode 100644 index 0000000..ccbcb16 --- /dev/null +++ b/src/tests/keywords/update-operator @@ -0,0 +1,85 @@ +# +# PRE: update +# + +# +# Set it. +# +update request { + NAS-Port := 1000 +} + +# +# Enforce it. +# +update request { + NAS-Port == 1000 +} + +if (NAS-Port != 1000) { + update reply { + Filter-Id += "fail 1" + } +} + +# +# Enforce to new lower value. +# +update request { + NAS-Port <= 500 +} + +if (NAS-Port != 500) { + update reply { + Filter-Id += "fail 2 - expected 500, got %{NAS-Port}" + } +} + +# +# Enforce to new higher value +# +update request { + NAS-Port >= 2000 +} + +if (NAS-Port != 2000) { + update reply { + Filter-Id += "fail 3 - expected 2000, got %{NAS-Port}" + } +} + +# +# Enforce value which previously didn't exist. +# +update request { + Idle-Timeout >= 14400 +} + +if (&request:Idle-Timeout != 14400) { + update reply { + Filter-Id += "fail Idle-Timeout >= 14400" + } +} + +# non-existent attribute +update request { + Class -= 0xabcdef +} + +update request { + Class -= &Class +} + +update request { + NAS-Port -= &NAS-Port +} + +if (!reply:Filter-Id) { + update control { + Cleartext-Password := 'hello' + } + + update reply { + Filter-Id := "filter" + } +} diff --git a/src/tests/keywords/update-prepend b/src/tests/keywords/update-prepend new file mode 100644 index 0000000..4ba9335 --- /dev/null +++ b/src/tests/keywords/update-prepend @@ -0,0 +1,65 @@ +# +# PRE: update +# +update control { + &Tmp-String-0 := 'foo' + &Tmp-String-0 += 'baz' +} + +# Reset the request list +update { + &request !* ANY + &request += &control +} + +debug_request + +# Prepend a single value +update request { + &Tmp-String-0 ^= 'boink' +} + +# The prepended value should be first followd by the other two +if (("%{Tmp-String-0[0]}" != 'boink') || ("%{Tmp-String-0[1]}" != 'foo') || ("%{Tmp-String-0[2]}" != 'baz')) { + update reply { + Filter-Id += "fail 1" + } +} + +if ("%{Tmp-String-0[#]}" != 3) { + update reply { + Filter-Id += "fail 1a" + } +} + +# Add an extra element to the start of control +update control { + &Tmp-String-0 ^= 'wibble' +} + +# Prepend control to request +update { + &request ^= &control +} + +debug_request + +# The attributes should now be "wibble", "foo", "baz", "boink", "foo", "baz" +if (("%{Tmp-String-0[0]}" != 'wibble') || ("%{Tmp-String-0[1]}" != 'foo') || ("%{Tmp-String-0[2]}" != 'baz') || ("%{Tmp-String-0[3]}" != 'boink') || ("%{Tmp-String-0[4]}" != 'foo') || ("%{Tmp-String-0[5]}" != 'baz')) { + update reply { + Filter-Id += "fail 2" + } +} + +if ("%{Tmp-String-0[#]}" != 6) { + update reply { + Filter-Id += "fail 2a" + } +} + +if (!reply:Filter-Id) { + update { + &request:User-Password := 'hello' + &reply:Filter-Id := 'filter' + } +} diff --git a/src/tests/keywords/update-remove-any b/src/tests/keywords/update-remove-any new file mode 100644 index 0000000..e0ef600 --- /dev/null +++ b/src/tests/keywords/update-remove-any @@ -0,0 +1,50 @@ +# +# PRE: update +# +# Remove all attributes in a list +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := 'filter' +} + +update { + request:Tmp-String-0 := 'foobarbaz' + request:Tmp-Integer-0 := 123456789 + request:Tmp-IP-Address-0 := 192.0.2.1 + request:Tmp-IP-Address-0 += 192.0.2.2 + control:Tmp-IP-Address-0 := 192.0.2.1 + control:Tmp-IP-Address-0 += 192.0.2.3 +} + +if (("%{Tmp-IP-Address-0[0]}" != 192.0.2.1) || ("%{Tmp-IP-Address-0[1]}" != 192.0.2.2)) { + update { + reply:Filter-Id := 'fail 1' + } +} + +# Remove all attributes in the control list +update { + request:Tmp-IP-Address-0 !* ANY +} + +# Non Tmp-IP-Address-0 address attributes should still be in the request list +if ((Tmp-String-0 != 'foobarbaz') || (Tmp-Integer-0 != 123456789)) { + update reply { + reply:Filter-Id += 'fail 2' + } +} + +# There should be no Tmp-IP-Address attributes in the request list +if (Tmp-IP-Address-0 || ("%{Tmp-IP-Address-0[1]}" != '')) { + update { + reply:Filter-Id += 'fail 3' + } +} + +# But there should still be some in the control list +if ((control:Tmp-IP-Address-0 != 192.0.2.1) || ("%{control:Tmp-IP-Address-0[1]}" != 192.0.2.3)) { + update { + reply:Filter-Id += 'fail 4' + } +} diff --git a/src/tests/keywords/update-remove-index b/src/tests/keywords/update-remove-index new file mode 100644 index 0000000..58df9a5 --- /dev/null +++ b/src/tests/keywords/update-remove-index @@ -0,0 +1,100 @@ +# +# PRE: update update-remove-value +# +# Remove all attributes in a list +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := 'filter' +} + +update { + request:Tmp-String-0 := 'foobarbaz' + request:Tmp-Integer-0 := 123456789 + request:Tmp-IP-Address-0 := 192.0.2.1 + request:Tmp-IP-Address-0 += 192.0.2.2 + request:Tmp-IP-Address-0 += 192.0.2.3 + request:Tmp-IP-Address-0 += 192.0.2.2 + request:Tmp-IP-Address-0 += 192.0.2.4 +} + + +update request { + Tmp-IP-Address-0[3] -= 192.0.2.2 +} + +# Only the 1st, 2nd, 3rd and 5th Tmp-IP-Address attributes should still be in the list +if (("%{Tmp-IP-Address-0[0]}" != '192.0.2.1') || \ + ("%{Tmp-IP-Address-0[1]}" != '192.0.2.2') || \ + ("%{Tmp-IP-Address-0[2]}" != '192.0.2.3') || \ + ("%{Tmp-IP-Address-0[3]}" != '192.0.2.4') || \ + ("%{Tmp-IP-Address-0[4]}" != '')) { + update reply { + Filter-Id += 'fail 1' + } +} + +# There's still a 192.0.2.2 but it's not at index 3 +update request { + Tmp-IP-Address-0[3] -= 192.0.2.2 +} + +# Should be the same as the previous result +if (("%{Tmp-IP-Address-0[0]}" != '192.0.2.1') || \ + ("%{Tmp-IP-Address-0[1]}" != '192.0.2.2') || \ + ("%{Tmp-IP-Address-0[2]}" != '192.0.2.3') || \ + ("%{Tmp-IP-Address-0[3]}" != '192.0.2.4') || \ + ("%{Tmp-IP-Address-0[4]}" != '')) { + update reply { + Filter-Id += 'fail 2' + } +} + +# Remove whatever's at index 0 +update request { + Tmp-IP-Address-0[0] !* ANY +} + +# IP address at index 0 should be removed +if (("%{Tmp-IP-Address-0[0]}" != '192.0.2.2') || \ + ("%{Tmp-IP-Address-0[1]}" != '192.0.2.3') || \ + ("%{Tmp-IP-Address-0[2]}" != '192.0.2.4') || \ + ("%{Tmp-IP-Address-0[3]}" != '')) { + update reply { + Filter-Id += 'fail 3' + } +} + +# Remove whatever's at index 3 (should be nothing) +update request { + Tmp-IP-Address-0[3] !* ANY +} + +# Should be the same as the previous result +if (("%{Tmp-IP-Address-0[0]}" != '192.0.2.2') || \ + ("%{Tmp-IP-Address-0[1]}" != '192.0.2.3') || \ + ("%{Tmp-IP-Address-0[2]}" != '192.0.2.4') || \ + ("%{Tmp-IP-Address-0[3]}" != '')) { + update reply { + Filter-Id += 'fail 4' + } +} + +# Remove all instances of Tmp-IP-Address +update request { + Tmp-IP-Address-0 !* ANY +} + +# No more IP address attributes! +if ("%{Tmp-IP-Address-0[0]}" != '') { + update reply { + Filter-Id += 'fail 5' + } +} + +# Non Tmp-IP-Address-0 address attributes should still be in the request list +if ((Tmp-String-0 != 'foobarbaz') || (Tmp-Integer-0 != 123456789)) { + update reply { + Filter-Id += 'fail 6' + } +} diff --git a/src/tests/keywords/update-remove-list b/src/tests/keywords/update-remove-list new file mode 100644 index 0000000..22ae577 --- /dev/null +++ b/src/tests/keywords/update-remove-list @@ -0,0 +1,40 @@ +# +# PRE: update +# +# Remove all attributes in a list +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := 'filter' +} + +update request { + Tmp-String-0 := 'foobarbaz' + Tmp-Integer-0 := 123456789 + Tmp-IP-Address-0 := 192.0.2.1 +} + +if ((Tmp-String-0 != 'foobarbaz') || (Tmp-Integer-0 != 123456789) || (Tmp-IP-Address-0 != 192.0.2.1)) { + update reply { + Filter-Id += 'fail 0' + } +} + +# Remove all attributes in the control list +update { + request: !* ANY +} + +# All attributes should now of been removed +if ((Tmp-String-0 && (Tmp-String-0 == 'foobarbaz')) || \ + (Tmp-Integer-0 && (Tmp-Integer-0 == 123456789)) || \ + (Tmp-IP-Address-0 && (Tmp-IP-Address-0 == 192.0.2.1))) { + update reply { + Filter-Id := 'fail 1' + } +} + +# This will of been removed too +update request { + User-Password := 'hello' +} diff --git a/src/tests/keywords/update-remove-tag b/src/tests/keywords/update-remove-tag new file mode 100644 index 0000000..3328789 --- /dev/null +++ b/src/tests/keywords/update-remove-tag @@ -0,0 +1,275 @@ +# +# PRE: update update-remove-value update-remove-index update-tag +# +# Remove all attributes in a list +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := 'filter' +} + +update { + request:Tunnel-Server-Endpoint += '192.0.1.1' + request:Tunnel-Server-Endpoint += '192.0.1.2' + request:Tunnel-Server-Endpoint:1 += '192.0.1.1' + request:Tunnel-Server-Endpoint:2 += '192.0.2.1' + request:Tunnel-Server-Endpoint:2 += '192.0.2.2' + request:Tunnel-Server-Endpoint:3 += '192.0.3.1' + request:Tunnel-Server-Endpoint:3 += '192.0.3.2' + request:Tunnel-Server-Endpoint:3 += '192.0.3.3' + control: += request: +} + +# Check [#] is working correctly (should probably be another set of tests) +if (("%{request:Tunnel-Server-Endpoint[#]}" != 8) || \ + ("%{request:Tunnel-Server-Endpoint:0[#]}" != 2) || \ + ("%{request:Tunnel-Server-Endpoint:1[#]}" != 1) || \ + ("%{request:Tunnel-Server-Endpoint:2[#]}" != 2) || \ + ("%{request:Tunnel-Server-Endpoint:3[#]}" != 3)) { + update reply { + Filter-Id += 'fail 0' + } +} + +update { + Tunnel-Server-Endpoint !* ANY +} + +# List should now be empty +if ("%{request:Tunnel-Server-Endpoint[#]}" != 0) { + update reply { + Filter-Id += 'fail 1' + } +} + +# Reset the list +update { + request: += control: +} + +# Now remove all Tunnel-Server-Endpoint attributes with :2 +update { + Tunnel-Server-Endpoint:2 !* ANY +} + +if (("%{request:Tunnel-Server-Endpoint[#]}" != 6) || \ + ("%{request:Tunnel-Server-Endpoint:0[#]}" != 2) || \ + ("%{request:Tunnel-Server-Endpoint:1[#]}" != 1) || \ + ("%{request:Tunnel-Server-Endpoint:2[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:3[#]}" != 3)) { + update reply { + Filter-Id += 'fail 2' + } +} + +# Now remove all Tunnel-Server-Endpoint attributes with :0 (no tags) +update { + Tunnel-Server-Endpoint:0 !* ANY +} + +if (("%{request:Tunnel-Server-Endpoint[#]}" != 4) || \ + ("%{request:Tunnel-Server-Endpoint:0[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:1[#]}" != 1) || \ + ("%{request:Tunnel-Server-Endpoint:2[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:3[#]}" != 3)) { + update reply { + Filter-Id += 'fail 3' + } +} + +# Now remove all Tunnel-Server-Endpoint attributes with :3 +update { + Tunnel-Server-Endpoint:3 !* ANY +} + +if (("%{request:Tunnel-Server-Endpoint[#]}" != 1) || \ + ("%{request:Tunnel-Server-Endpoint:0[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:1[#]}" != 1) || \ + ("%{request:Tunnel-Server-Endpoint:2[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:3[#]}" != 0)) { + update reply { + Filter-Id += 'fail 4' + } +} + +# Now remove all Tunnel-Server-Endpoint attributes with :1 +update { + Tunnel-Server-Endpoint:1 !* ANY +} + +if (("%{request:Tunnel-Server-Endpoint[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:0[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:1[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:2[#]}" != 0) || \ + ("%{request:Tunnel-Server-Endpoint:3[#]}" != 0)) { + update reply { + Filter-Id += 'fail 5' + } +} + +# Reset the list +update { + request: += control: +} + +# Remove all Tunnel-Server-Endpoint attributes at :3[0] (none) +update { + Tunnel-Server-Endpoint:1[3] !* ANY +} + +if (Tunnel-Server-Endpoint:3[0] != '192.0.3.1') { + update reply { + Filter-Id += 'fail 6' + } +} + +if (Tunnel-Server-Endpoint:3[1] != '192.0.3.2') { + update reply { + Filter-Id += 'fail 7' + } +} + +if (Tunnel-Server-Endpoint:3[2] != '192.0.3.3') { + update reply { + Filter-Id += 'fail 8' + } +} + +# Remove all Tunnel-Server-Endpoint attributes at :3[1] +update { + Tunnel-Server-Endpoint:3[1] !* ANY +} + +if (Tunnel-Server-Endpoint:3[0] != '192.0.3.1') { + update reply { + Filter-Id += 'fail 9' + } +} + +if (Tunnel-Server-Endpoint:3[1] != '192.0.3.3') { + update reply { + Filter-Id += 'fail 10' + } +} + +# Remove any Tunnel-Server-Endpoint with a value of '192.0.1.1' (should remove both tagged and untagged versions) +update { + Tunnel-Server-Endpoint -= '192.0.1.1' +} + +# Also checks whether presence checks for tagged attributes work correctly +if (request:Tunnel-Server-Endpoint:1) { + update reply { + Filter-Id += 'fail 11' + } +} + +if (request:Tunnel-Server-Endpoint:0[0] != '192.0.1.2') { + update reply { + Filter-Id += 'fail 12' + } +} + +# Remove any Tunnel-Server-Endpoint with a value of '192.0.3.1' +update { + Tunnel-Server-Endpoint:3 -= '192.0.3.2' +} + +if (request:Tunnel-Server-Endpoint:3[0] != '192.0.3.1') { + update reply { + Filter-Id += 'fail 13' + } +} + +if (request:Tunnel-Server-Endpoint:3[1] != '192.0.3.3') { + update reply { + Filter-Id += 'fail 14' + } +} + +# Reset the list +update { + request: !* ANY +} +update { + request: += control: +} + +# Remove only the tagged version of '192.0.1.1' +update { + request:Tunnel-Server-Endpoint:1 -= '192.0.1.1' +} + +if (request:Tunnel-Server-Endpoint:0[0] != '192.0.1.1') { + update reply { + Filter-Id += 'fail 15' + } +} + +# Reset the list +update { + request: !* ANY +} +update { + request: += control: +} + +# Remove only the untagged version of '192.0.1.1' +update { + request:Tunnel-Server-Endpoint:0 -= '192.0.1.1' +} + +if (request:Tunnel-Server-Endpoint:1[0] != '192.0.1.1') { + update reply { + Filter-Id += 'fail 16' + } +} + +# Remove the value of Tunnel-Server-Endpoint:3 at index 1 only if it matches '192.0.3.3' (which it does) +update { + Tunnel-Server-Endpoint:3[1] -= '192.0.3.2' +} + +if (Tunnel-Server-Endpoint:3[0] != '192.0.3.1') { + update reply { + Filter-Id += 'fail 17' + } +} + +if (Tunnel-Server-Endpoint:3[1] != '192.0.3.3') { + update reply { + Filter-Id += 'fail 18' + } +} + +# Reset the list +update { + request: !* ANY +} +update { + request: += control: +} + +# Remove the value of Tunnel-Server-Endpoint:3 at index 1 only if it matches '192.0.3.4' (which it doesn't) +update { + Tunnel-Server-Endpoint:3[1] -= '192.0.3.4' +} + +if (Tunnel-Server-Endpoint:3[0] != '192.0.3.1') { + update reply { + Filter-Id += 'fail 19' + } +} + +if (Tunnel-Server-Endpoint:3[1] != '192.0.3.2') { + update reply { + Filter-Id += 'fail 20' + } +} + +if (Tunnel-Server-Endpoint:3[2] != '192.0.3.3') { + update reply { + Filter-Id += 'fail 21' + } +} + diff --git a/src/tests/keywords/update-remove-value b/src/tests/keywords/update-remove-value new file mode 100644 index 0000000..3fd1f94 --- /dev/null +++ b/src/tests/keywords/update-remove-value @@ -0,0 +1,116 @@ +# +# PRE: update +# +# Remove all attributes in a list +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := 'filter' +} + +update { + request:Tmp-String-0 := 'foobarbaz' + request:Tmp-Integer-0 := 123456789 + request:Tmp-IP-Address-0 := 192.0.2.1 + request:Tmp-IP-Address-0 += 192.0.2.2 + request:Tmp-IP-Address-0 += 192.0.2.3 + request:Tmp-IP-Address-0 += 192.0.2.4 + control:Tmp-IP-Address-0 := 192.0.2.1 + control:Tmp-IP-Address-0 += 192.0.2.3 +} + +if (("%{Tmp-IP-Address-0[0]}" != 192.0.2.1) || \ + ("%{Tmp-IP-Address-0[1]}" != 192.0.2.2) || \ + ("%{Tmp-IP-Address-0[2]}" != 192.0.2.3) || \ + ("%{Tmp-IP-Address-0[3]}" != 192.0.2.4)) { + update reply { + Filter-Id += 'fail 0' + } +} + +# Remove Tmp-IP-Address-0 with a specific value +update { + request:Tmp-IP-Address-0 -= 192.0.2.1 +} + +# Only the 2nd, 3rd and 4th Tmp-IP-Address attributes should still be in the list +if (("%{Tmp-IP-Address-0[0]}" != '192.0.2.2') || \ + ("%{Tmp-IP-Address-0[1]}" != '192.0.2.3') || \ + ("%{Tmp-IP-Address-0[2]}" != '192.0.2.4') || \ + ("%{Tmp-IP-Address-0[3]}" != '')) { + update reply { + Filter-Id += 'fail 1' + } +} + +# Remove Tmp-IP-Address-0 with a specific value (somewhere in the middle) +update { + request:Tmp-IP-Address-0 -= 192.0.2.3 +} + +# Only the 1st, and 3rd Tmp-IP-Address attributes should still be in the list +if (("%{Tmp-IP-Address-0[0]}" != '192.0.2.2') || \ + ("%{Tmp-IP-Address-0[1]}" != '192.0.2.4') || \ + ("%{Tmp-IP-Address-0[2]}" != '')) { + update reply { + Filter-Id += 'fail 2' + } +} + +# Remove Tmp-IP-Address-0 with a specific value (which doesn't exist) +update { + request:Tmp-IP-Address-0 -= 192.0.2.3 +} + +# Only the 1st, and 3rd Tmp-IP-Address attributes should still be in the list +if (("%{Tmp-IP-Address-0[0]}" != '192.0.2.2') || \ + ("%{Tmp-IP-Address-0[1]}" != '192.0.2.4') || \ + ("%{Tmp-IP-Address-0[2]}" != '')) { + update reply { + Filter-Id += 'fail 3' + } +} + +# Remove Tmp-IP-Address-4 (which doesn't exist - more to check for SEGV/assert) +update { + request:Tmp-IP-Address-4 -= 192.0.2.3 +} + +# Remove Tmp-IP-Address-0 with a specific value +update { + request:Tmp-IP-Address-0 -= 192.0.2.4 +} + +# Only the 1st, and 3rd Tmp-IP-Address attributes should still be in the list +if (("%{Tmp-IP-Address-0[0]}" != '192.0.2.2') || \ + ("%{Tmp-IP-Address-0[1]}" != '')) { + update reply { + Filter-Id += 'fail 4' + } +} + +# Remove Tmp-IP-Address-0 with a specific value +update { + request:Tmp-IP-Address-0 -= 192.0.2.2 +} + +# Only the 1st, and 3rd Tmp-IP-Address attributes should still be in the list +if ("%{Tmp-IP-Address-0[0]}" != '') { + update reply { + Filter-Id += 'fail 5' + } +} + +# Non Tmp-IP-Address-0 address attributes should still be in the request list +if ((Tmp-String-0 != 'foobarbaz') || (Tmp-Integer-0 != 123456789)) { + update reply { + Filter-Id += 'fail 6' + } +} + +# But there should still be some in the control list +if (("%{control:Tmp-IP-Address-0[0]}" != 192.0.2.1) || ("%{control:Tmp-IP-Address-0[1]}" != 192.0.2.3)) { + update { + Filter-Id += 'fail 7' + } +} diff --git a/src/tests/keywords/update-tag b/src/tests/keywords/update-tag new file mode 100644 index 0000000..15afd59 --- /dev/null +++ b/src/tests/keywords/update-tag @@ -0,0 +1,176 @@ +# +# PRE: update +# +# Remove all attributes in a list +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := 'filter' +} + +update request { + Tunnel-Server-Endpoint:0 := '192.0.1.1' # Should not be tagged + Tunnel-Server-Endpoint:0 += '192.0.1.2' # Should not be tagged + Tunnel-Server-Endpoint:1 := '192.0.2.1' + Tunnel-Server-Endpoint:1 += '192.0.2.2' + Tunnel-Server-Endpoint:2 := '192.0.3.1' + Tunnel-Server-Endpoint:2 += '192.0.3.2' +} + +update request { + Tmp-Integer-0 := "%{debug_attr:request:}" +} + + +# +# Selecting on attributes which have no tag (0) +# +if (Tunnel-Server-Endpoint:0[0] != '192.0.1.1') { + update { + reply:Filter-Id += 'fail 1' + } +} + +if (Tunnel-Server-Endpoint:0[1] != '192.0.1.2') { + update { + reply:Filter-Id += 'fail 2' + } +} + +# +# Selecting on attributes with no tag specified (should match all of that type) +# +if (Tunnel-Server-Endpoint[0] != '192.0.1.1') { + update { + reply:Filter-Id += 'fail 3' + } +} + +if (Tunnel-Server-Endpoint[1] != '192.0.1.2') { + update { + reply:Filter-Id += 'fail 4' + } +} + +if (Tunnel-Server-Endpoint[2] != '192.0.2.1') { + update { + reply:Filter-Id += 'fail 5' + } +} + +# +# Now the none xlat version +# +# Check that access attributes by tag works first +if (Tunnel-Server-Endpoint:2 != '192.0.3.1') { + update { + reply:Filter-Id += 'fail 6' + } +} + +if (Tunnel-Server-Endpoint:2 == '192.0.3.2') { + update { + reply:Filter-Id += 'fail 7' + } +} + +if (Tunnel-Server-Endpoint:1 != '192.0.2.1') { + update { + reply:Filter-Id += 'fail 8' + } +} + +# Get the first instance of Tunnel-Server-Endpoint:2 +if (Tunnel-Server-Endpoint:2[0] != '192.0.3.1') { + update { + reply:Filter-Id += 'fail 9' + } +} + +# Get the first instance of Tunnel-Server-Endpoint:2 +if (Tunnel-Server-Endpoint:2[1] != '192.0.3.2') { + update { + reply:Filter-Id += 'fail 10' + } +} + +# +# Assignment (bare) +# +update request { + Tmp-String-1 += &Tunnel-Server-Endpoint:2 # 0 + Tmp-String-1 += &Tunnel-Server-Endpoint:2 # 1 + Tmp-String-1 += &Tunnel-Server-Endpoint:1 # 2 + Tmp-String-1 += &Tunnel-Server-Endpoint:2[0] # 3 + Tmp-String-1 += &Tunnel-Server-Endpoint:2[1] # 4 + Tmp-String-1 += &Tunnel-Server-Endpoint:0[0] # 5 + Tmp-String-1 += &Tunnel-Server-Endpoint:0[1] # 6 + Tmp-String-1 += &Tunnel-Server-Endpoint:0[2] # 7 (No attribute should be added here) + Tmp-String-1 += &Tunnel-Server-Endpoint[0] # 8 + Tmp-String-1 += &Tunnel-Server-Endpoint[1] # 9 + Tmp-String-1 += &Tunnel-Server-Endpoint[2] # 10 +} + +# Check that access attributes by tag works first +if (Tmp-String-1[0] != '192.0.3.1') { + update { + reply:Filter-Id += 'fail 11' + } +} + +if (Tmp-String-1[1] == '192.0.3.2') { + update { + reply:Filter-Id += 'fail 12' + } +} + +if (Tmp-String-1[2] != '192.0.2.1') { + update { + reply:Filter-Id += 'fail 13' + } +} + +# Get the first instance of Tunnel-Server-Endpoint:2 +if (Tmp-String-1[3] != '192.0.3.1') { + update { + reply:Filter-Id += 'fail 14' + } +} + +# Get the first instance of Tunnel-Server-Endpoint:2 +if (Tmp-String-1[4] != '192.0.3.2') { + update { + reply:Filter-Id += 'fail 15' + } +} + +# Now check the assignment +if (Tmp-String-1[5] != '192.0.1.1') { + update { + reply:Filter-Id += 'fail 16' + } +} + +if (Tmp-String-1[6] != '192.0.1.2') { + update { + reply:Filter-Id += 'fail 17' + } +} + +if (Tmp-String-1[7] != '192.0.1.1') { + update { + reply:Filter-Id += 'fail 19' + } +} + +if (Tmp-String-1[8] != '192.0.1.2') { + update { + reply:Filter-Id += 'fail 20' + } +} + +if (Tmp-String-1[9] != '192.0.2.1') { + update { + reply:Filter-Id += 'fail 21' + } +} diff --git a/src/tests/keywords/update-xlat b/src/tests/keywords/update-xlat new file mode 100644 index 0000000..59230dc --- /dev/null +++ b/src/tests/keywords/update-xlat @@ -0,0 +1,61 @@ +# +# PRE: update +# +# Form attribute references with xlats +# +update { + control:Cleartext-Password := 'hello' + reply:Filter-Id := 'filter' +} + + +update request { + Tmp-String-0 := 'Tmp-String-1' +} + +# +# Shouldn't update Tmp-String-0, should instead update Tmp-String-1 +# ... maybe this is what Alan meant when he was talking about people +# doing stupid things with this feature. +# +update request { + "%{Tmp-String-0}" := 'hello' +} + +if (&Tmp-String-1 != 'hello') { + update reply { + Filter-Id += 'Fail 0' + } +} + +if (&Tmp-String-0 == 'hello') { + update reply { + Filter-Id += 'Fail 1' + } +} + +# +# Try updating an attribute specified by an OID string +# +update { + Tmp-Integer-0 := 11344 +} +update { + "Vendor-%{Tmp-Integer-0}-Attr-1" := 127.0.0.1 +} + +if (&FreeRADIUS-Proxied-To != 127.0.0.1) { + update reply { + Filter-Id += 'Fail 2' + } +} + +update { + "Attr-%{attr_num:Tmp-String-1}" := 'hello2' +} + +if (&Tmp-String-1 != 'hello2') { + update reply { + Filter-Id += 'Fail 3' + } +} |