diff options
Diffstat (limited to 'src/tests/keywords/pap')
| -rw-r--r-- | src/tests/keywords/pap | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/src/tests/keywords/pap b/src/tests/keywords/pap new file mode 100644 index 0000000..a347b7c --- /dev/null +++ b/src/tests/keywords/pap @@ -0,0 +1,146 @@ +# +# PRE: update if +# +update { + reply:Filter-Id := 'filter' + control: !* ANY + request:Tmp-String-0 := "5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK" # 60 byte salt +} + +# +# Unencoded Cleartext-Password in password with header +# +update { + control:Password-With-Header := "%{request:User-Password}" +} +pap.authorize +pap.authenticate { + reject = 1 +} +if (reject) { + update reply { + Filter-Id += 'fail 0' + } +} + +update { + control: !* ANY +} + +# +# Base64 encoded Cleartext-Password in password with header +# +update { + Tmp-String-1 := "{clear}%{User-Password}" +} +update { + control:Password-With-Header := "%{base64:&request:Tmp-String-1}" +} +pap.authorize +pap.authenticate { + reject = 1 +} +if (reject) { + update reply { + Filter-Id += 'fail 0' + } +} + +update { + control: !* ANY +} + +# +# Hex encoded SSHA password +# +update { + control:Password-With-Header += "{ssha}%{sha1:%{request:User-Password}%{&request:Tmp-String-0}}%{hex:&request:Tmp-String-0}" +} + +pap.authorize +pap.authenticate { + reject = 1 +} +if (reject) { + update reply { + Filter-Id += 'fail 1' + } +} + +update { + control: !* ANY +} + +# +# Base64 encoded SSHA password +# +update { + control:Tmp-String-1 := "%{sha1:%{request:User-Password}%{&request:Tmp-String-0}}%{hex:&request:Tmp-String-0}" +} + +# To Binary +update { + control:Tmp-Octets-0 := "0x%{control:Tmp-String-1}" +} + +# To Base64 +update { + control:Tmp-String-1 := "%{base64:&control:Tmp-Octets-0}" +} + +update { + control:Password-With-Header += "{ssha}%{control:Tmp-String-1}" +} + +pap.authorize +pap.authenticate { + reject = 1 +} +if (reject) { + update reply { + Filter-Id += 'fail 2' + } +} + +update { + control: !* ANY +} + +# +# Base64 of Base64 encoded SSHA password +# +update { + control:Tmp-String-1 := "%{sha1:%{request:User-Password}%{&request:Tmp-String-0}}%{hex:&request:Tmp-String-0}" +} + +# To Binary +update { + control:Tmp-Octets-0 := "0x%{control:Tmp-String-1}" +} + +# To Base64 +update { + control:Tmp-String-1 := "{ssha}%{base64:&control:Tmp-Octets-0}" +} + +update { + control:Password-With-Header += "%{base64:&control:Tmp-String-1}" +} + +pap.authorize +pap.authenticate { + reject = 1 +} +if (reject) { + update reply { + Filter-Id += 'fail 3' + } +} + +update { + control: !* ANY +} + +update control { + Auth-Type := Accept +} |