summaryrefslogtreecommitdiffstats
path: root/src/tests/modules
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests/modules')
-rw-r--r--src/tests/modules/date/all.mk3
-rw-r--r--src/tests/modules/date/date_xlat.attrs13
-rw-r--r--src/tests/modules/date/date_xlat.unlang243
-rw-r--r--src/tests/modules/date/module.conf3
-rw-r--r--src/tests/modules/dpsk/pmk.txt7
-rw-r--r--src/tests/modules/dpsk/psk.txt9
-rw-r--r--src/tests/modules/dpsk/radiusd.conf15
-rw-r--r--src/tests/modules/files/authorize10
-rw-r--r--src/tests/modules/files/empty_default.attrs11
-rw-r--r--src/tests/modules/files/empty_default.unlang9
-rw-r--r--src/tests/modules/yubikey/all.mk3
-rw-r--r--src/tests/modules/yubikey/module.conf11
-rw-r--r--src/tests/modules/yubikey/yubikey_auth.attrs11
-rw-r--r--src/tests/modules/yubikey/yubikey_auth.unlang56
-rw-r--r--src/tests/modules/yubikey/yubikey_xlat.attrs11
-rw-r--r--src/tests/modules/yubikey/yubikey_xlat.unlang42
16 files changed, 457 insertions, 0 deletions
diff --git a/src/tests/modules/date/all.mk b/src/tests/modules/date/all.mk
new file mode 100644
index 0000000..90966df
--- /dev/null
+++ b/src/tests/modules/date/all.mk
@@ -0,0 +1,3 @@
+#
+# Test the "date" module
+#
diff --git a/src/tests/modules/date/date_xlat.attrs b/src/tests/modules/date/date_xlat.attrs
new file mode 100644
index 0000000..ba430d2
--- /dev/null
+++ b/src/tests/modules/date/date_xlat.attrs
@@ -0,0 +1,13 @@
+#
+# Input packet
+#
+Packet-Type = Access-Request
+User-Name = 'Bob'
+User-Password = 'Alice'
+Tmp-Integer-6 = 0
+
+#
+# Expected answer
+#
+Response-Packet-Type == Access-Accept
+
diff --git a/src/tests/modules/date/date_xlat.unlang b/src/tests/modules/date/date_xlat.unlang
new file mode 100644
index 0000000..c5501dd
--- /dev/null
+++ b/src/tests/modules/date/date_xlat.unlang
@@ -0,0 +1,243 @@
+#
+# Selection of tests for the %{time_since:} xlat
+#
+# Somewhat limited in what we can do here, as it bases its
+# responses off the current system time. So we need to do some
+# comparisons rather than actual value checks.
+#
+
+#
+# %{time_since:...} should never return 0
+#
+update {
+ &Tmp-Integer64-0 := "%{time_since:s}"
+ &Tmp-Integer64-1 := "%{time_since:ms}"
+ &Tmp-Integer64-2 := "%{time_since:us}"
+}
+
+if (&Tmp-Integer64-0 == 0 || &Tmp-Integer64-1 == 0 || &Tmp-Integer64-2 == 0) {
+ test_fail
+}
+
+#
+# and they should all be different
+#
+if (&Tmp-Integer64-0 == &Tmp-Integer64-1 || \
+ &Tmp-Integer64-1 == &Tmp-Integer64-2 || \
+ &Tmp-Integer64-2 == &Tmp-Integer64-0) {
+ test_fail
+}
+
+#
+# %c and %{time_since:s:0} should match
+#
+update {
+ &Tmp-Integer-9 := 0
+}
+
+update {
+ &Tmp-Integer-0 := "%c"
+ &Tmp-Integer-1 := "%{time_since:s 0}"
+ &Tmp-Integer-2 := "%{time_since:s &Tmp-Integer-9}"
+}
+
+if (&Tmp-Integer-0 != &Tmp-Integer-1) {
+ if (&Tmp-Integer-0 != "%{expr:&Tmp-Integer-1 - 1}") {
+ # at a push, %{time_since:s 0} might be one second later,
+ # depending on when the test ran
+ test_fail
+ }
+}
+
+if (&Tmp-Integer-1 != &Tmp-Integer-2) {
+ if (&Tmp-Integer-1 != "%{expr:&Tmp-Integer-2 - 1}") {
+ test_fail
+ }
+}
+
+#
+# If we run time_since 3 times, they should be the same or increasing
+#
+update {
+ &Tmp-Integer64-0 := "%{time_since:s 0}"
+}
+
+update {
+ &Tmp-Integer64-1 := "%{time_since:s }"
+}
+
+update {
+ &Tmp-Integer64-2 := "%{time_since:s}"
+}
+
+if (&Tmp-Integer64-0 > &Tmp-Integer64-1 || \
+ &Tmp-Integer64-1 > &Tmp-Integer64-2 || \
+ &Tmp-Integer64-0 > &Tmp-Integer64-2) {
+ test_fail
+}
+
+#
+# It's way past the year 2020, so this should only fail if the
+# computer's clock is very wrong...
+#
+if (&Tmp-Integer64-0 < 1600000000) {
+ test_fail
+}
+
+
+#
+# Similar for milliseconds
+#
+update {
+ &Tmp-Integer64-3 := "%{time_since:ms &request:Tmp-Integer-6}"
+}
+
+update {
+ &Tmp-Integer64-4 := "%{time_since:ms}"
+}
+
+update {
+ &Tmp-Integer64-5 := "%{time_since:ms &Tmp-Integer-9}"
+}
+
+if (&Tmp-Integer64-3 > &Tmp-Integer64-4 || \
+ &Tmp-Integer64-4 > &Tmp-Integer64-5 || \
+ &Tmp-Integer64-3 > &Tmp-Integer64-5) {
+ test_fail
+}
+
+
+#
+# ...and microseconds
+#
+update session-state {
+ &Tmp-Integer-7 := 0
+}
+
+update {
+ &Tmp-Integer64-6 := "%{time_since:us &session-state:Tmp-Integer-7 }"
+}
+
+update {
+ &Tmp-Integer64-7 := "%{time_since:us }"
+}
+
+update {
+ &Tmp-Integer64-8 := "%{time_since:us}"
+}
+
+if (&Tmp-Integer64-6 > &Tmp-Integer64-7 || \
+ &Tmp-Integer64-7 > &Tmp-Integer64-8 || \
+ &Tmp-Integer64-6 > &Tmp-Integer64-8) {
+ test_fail
+}
+
+if ("%{expr:&Tmp-Integer64-7 - &Tmp-Integer64-6}" > 250) {
+ # you have a really slow computer if the time between
+ # getting these took more than 250us
+ test_fail
+}
+
+
+#
+# Seconds component * 1000 must always be same or less than
+# milliseconds, and microseconds.
+#
+if ("%{expr:%{time_since:s 0} * 1000}" > "%{time_since:ms 0}") {
+ test_fail
+}
+
+if ("%{expr:%{time_since:ms 0} * 1000}" > "%{time_since:us 0}") {
+ test_fail
+}
+
+if ("%{expr:%{time_since:s 0} * 1000000}" > "%{time_since:us 0}") {
+ test_fail
+}
+
+
+#
+# Test for some errors
+#
+
+# missing time base
+update {
+ &Tmp-Integer-0 := "%{time_since:}"
+}
+
+if (!(&Module-Failure-Message[*] == 'Time base (ms, us, s) missing in time_since xlat')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# invalid time base
+update {
+ &Tmp-Integer-0 := "%{time_since:bob}"
+}
+
+if (!(&Module-Failure-Message[*] == 'Time base (ms, us, s) missing in time_since xlat')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# negative values
+update {
+ &Tmp-Integer-0 := "%{time_since:ms -1234}"
+}
+
+if (!(&Module-Failure-Message[*] == 'time_since xlat only accepts positive integers')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# invalid attribute
+update {
+ &Tmp-Integer-0 := "%{time_since:us &Test-Non-Existant-Attr}"
+}
+
+if (!(&Module-Failure-Message[*] == 'Unable to parse attribute in time_since xlat')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# silly text
+update {
+ &Tmp-Integer-0 := "%{time_since:us test random text}"
+}
+
+if (!(&Module-Failure-Message[*] == 'Failed parsing "test random text" as integer')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# attribute not in list (warning, so check output)
+update {
+ &Tmp-Integer-0 := "%{time_since:us &reply:Tmp-Integer-4}"
+}
+
+if (&Tmp-Integer-0 != 0) {
+ test_fail
+}
+
+
+test_pass
diff --git a/src/tests/modules/date/module.conf b/src/tests/modules/date/module.conf
new file mode 100644
index 0000000..cb7ef07
--- /dev/null
+++ b/src/tests/modules/date/module.conf
@@ -0,0 +1,3 @@
+#date unit test config
+date {
+}
diff --git a/src/tests/modules/dpsk/pmk.txt b/src/tests/modules/dpsk/pmk.txt
new file mode 100644
index 0000000..db3b6bd
--- /dev/null
+++ b/src/tests/modules/dpsk/pmk.txt
@@ -0,0 +1,7 @@
+User-Name = "cae78dfa6504"
+User-Password = "cae78dfa6504"
+Called-Station-Id = "5c:df:89:11L3bL3c:SSID"
+Calling-Station-Id = "ca:e7:8d:fa:65:04"
+FreeRADIUS-802.1X-Anonce = 0x43426fd6469d4254eb0d5ba449eb9895360894f1948cece9196751336d4c5daf
+FreeRADIUS-802.1X-EAPoL-Key-Msg = 0x0103007502010a00000000000000000001b16a8514b84d7843e53754f5c9131cb203fbe8277dbf216d6e87fd6e30b0577a0000000000000000000000000000000000000000000000000000000000000000dc81aec5a05ee8aa21a52947041fd2fc001630140100000fac040100000fac040100000fac028000
+Class = 0xd6175aed517504c40b8831d7ce7b7d1fe24c65ce0f92c2816ca14ba7acb47b13
diff --git a/src/tests/modules/dpsk/psk.txt b/src/tests/modules/dpsk/psk.txt
new file mode 100644
index 0000000..f4e584f
--- /dev/null
+++ b/src/tests/modules/dpsk/psk.txt
@@ -0,0 +1,9 @@
+User-Name = "8ab3a0ebd5e5"
+User-Password = "8ab3a0ebd5e5"
+NAS-IP-Address = 127.0.0.1
+Called-Station-Id = "34:ef:b6:af:48:9e:Andrena_39_Lincoln"
+Calling-Station-Id = "8a:b3:a0:eb:d5:e5"
+NAS-Identifier = "34efb6af489e"
+FreeRADIUS-802.1X-Anonce = 0x4df70a4285c5c61f177cdbfc29d7e3cac94167f6101f1bcab420dd50c4f8809d
+FreeRADIUS-802.1X-EAPoL-Key-Msg = 0x0203007502010a00100000000000000001c3bb319516614aacfb44e933bf1671131fb1856e5b2721952d414ce3f5aa312b000000000000000000000000000000000000000000000000000000000000000035cddcedad0dfb6a12a2eca55c17c323001630140100000fac040100000fac040100000fac028c00
+Filter-ID = "Pancakes1124"
diff --git a/src/tests/modules/dpsk/radiusd.conf b/src/tests/modules/dpsk/radiusd.conf
new file mode 100644
index 0000000..c4d1782
--- /dev/null
+++ b/src/tests/modules/dpsk/radiusd.conf
@@ -0,0 +1,15 @@
+ rewrite_called_station_id
+ dpsk
+ if (ok) {
+ if (&Class) {
+ update control {
+ &Pairwise-Master-Key := &Class
+ }
+ }
+ elsif (&Filter-ID) {
+ update control {
+ &Pre-Shared-Key := &Filter-ID
+ }
+ }
+ }
+
diff --git a/src/tests/modules/files/authorize b/src/tests/modules/files/authorize
index b85f6a2..6ef314e 100644
--- a/src/tests/modules/files/authorize
+++ b/src/tests/modules/files/authorize
@@ -90,3 +90,13 @@ addcontrol Cleartext-Password := "testing123", Reply-Message := "success1"
Fall-Through = yes
addcontrol Reply-Message += "success2"
+
+
+#
+# Doesn't match
+#
+DEFAULT Framed-IP-Address == 192.0.2.1
+ Reply-Message += "unexpected match in DEFAULT"
+
+DEFAULT
+ Reply-Message = "empty DEFAULT"
diff --git a/src/tests/modules/files/empty_default.attrs b/src/tests/modules/files/empty_default.attrs
new file mode 100644
index 0000000..428fa1e
--- /dev/null
+++ b/src/tests/modules/files/empty_default.attrs
@@ -0,0 +1,11 @@
+#
+# Input packet
+#
+User-Name = "empty_default"
+User-Password = "testing123"
+
+#
+# Expected answer
+#
+Response-Packet-Type == Access-Accept
+Reply-Message == "empty DEFAULT"
diff --git a/src/tests/modules/files/empty_default.unlang b/src/tests/modules/files/empty_default.unlang
new file mode 100644
index 0000000..ac4aa4d
--- /dev/null
+++ b/src/tests/modules/files/empty_default.unlang
@@ -0,0 +1,9 @@
+#
+# Run the "files" module
+#
+files
+
+update control {
+ Auth-Type := Accept
+}
+
diff --git a/src/tests/modules/yubikey/all.mk b/src/tests/modules/yubikey/all.mk
new file mode 100644
index 0000000..b62dbc2
--- /dev/null
+++ b/src/tests/modules/yubikey/all.mk
@@ -0,0 +1,3 @@
+#
+# Test the "yubikey" module xlat
+#
diff --git a/src/tests/modules/yubikey/module.conf b/src/tests/modules/yubikey/module.conf
new file mode 100644
index 0000000..a9549f3
--- /dev/null
+++ b/src/tests/modules/yubikey/module.conf
@@ -0,0 +1,11 @@
+yubikey {
+
+ id_length = 12
+
+ split = yes
+
+ decrypt = yes
+
+ validate = no
+
+}
diff --git a/src/tests/modules/yubikey/yubikey_auth.attrs b/src/tests/modules/yubikey/yubikey_auth.attrs
new file mode 100644
index 0000000..d1fa1de
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_auth.attrs
@@ -0,0 +1,11 @@
+#
+# Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "helloddddgciilcjkjhlifidginuirlhgidcvbfnutjnibldi"
+
+#
+# Expected answer
+#
+Response-Packet-Type == Access-Accept
diff --git a/src/tests/modules/yubikey/yubikey_auth.unlang b/src/tests/modules/yubikey/yubikey_auth.unlang
new file mode 100644
index 0000000..ae9f534
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_auth.unlang
@@ -0,0 +1,56 @@
+# Call yubikey module to split OTP from password
+yubikey
+
+if !(&User-Password == 'hello') {
+ test_fail
+}
+if !(&Yubikey-OTP) {
+ test_fail
+}
+if !(&Yubikey-Public-Id == 'ddddgciilcjk') {
+ test_fail
+}
+
+update control {
+ &Yubikey-Counter := 1
+ &Yubikey-Key := 0xb8c56af07ff79b2230e04ab8891784ce
+}
+
+# Call module in authenticate mode to decrypt OTP
+yubikey.authenticate
+
+# Check all the attributes have been created
+if !(&Yubikey-Private-Id == 0x1dfc67f97828) {
+ test_fail
+}
+if !(&Yubikey-Timestamp) {
+ test_fail
+}
+if !(&Yubikey-Counter == 258) {
+ test_fail
+}
+if !(&Yubikey-Random) {
+ test_fail
+}
+
+
+# Increase the known "counter" value to detect a replay attack
+update {
+ &control:Yubikey-Counter := &Yubikey-Counter
+}
+
+yubikey.authenticate {
+ reject = 1
+}
+
+# Replay attack should result in a reject and a suitable module failure
+if !(reject) {
+ test_fail
+}
+debug_all
+
+if !(&Module-Failure-Message == 'yubikey: Replay attack detected! Counter value 258, is lt or eq to last known counter value 258') {
+ test_fail
+}
+
+test_pass
diff --git a/src/tests/modules/yubikey/yubikey_xlat.attrs b/src/tests/modules/yubikey/yubikey_xlat.attrs
new file mode 100644
index 0000000..1cce1c5
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_xlat.attrs
@@ -0,0 +1,11 @@
+#
+# Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "hello"
+
+#
+# Expected answer
+#
+Response-Packet-Type == Access-Accept
diff --git a/src/tests/modules/yubikey/yubikey_xlat.unlang b/src/tests/modules/yubikey/yubikey_xlat.unlang
new file mode 100644
index 0000000..bc17642
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_xlat.unlang
@@ -0,0 +1,42 @@
+update {
+ &Tmp-String-0 := 'vvrbuctetdhc'
+ &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (&Tmp-String-1 != 'ffc1e0d3d260') {
+ test_fail
+}
+
+# Invalid modhex string - not even length
+update {
+ &Tmp-String-0 := 'vvrbuctetdh'
+ &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (ok) {
+ test_fail
+}
+
+if (&Tmp-String-1 != "") {
+ test_fail
+}
+
+if (&Module-Failure-Message != "Modhex string invalid") {
+ test_fail
+}
+
+# Invalid modhex string - invalid characters
+update {
+ &Tmp-String-0 := 'vxrbmctetdhc'
+ &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (ok) {
+ test_fail
+}
+
+if (&Tmp-String-1 != "") {
+ test_fail
+}
+
+test_pass
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 21:09:57 +0000