diff options
| author | aapostoliuk <a.apostoliuk@vyos.io> | 2023-11-24 16:21:37 +0200 |
|---|---|---|
| committer | aapostoliuk <a.apostoliuk@vyos.io> | 2023-11-24 16:57:10 +0200 |
| commit | 2c1c3613567e23e14ce89bbf872e6e9dee16badb (patch) | |
| tree | 0c24ff28f6bd22507cdce5c5234a68aacb5599a6 /smoketest | |
| parent | d026297e12e097bc1d178e320fa4f1a93ee37926 (diff) | |
| download | vyos-1x-2c1c3613567e23e14ce89bbf872e6e9dee16badb.tar.gz vyos-1x-2c1c3613567e23e14ce89bbf872e6e9dee16badb.zip | |
wireguard: T5413: Blocked adding the peer with the router's public key
Disabled adding the peer with the same public key as the router has.
Backport from current
https://github.com/vyos/vyos-1x/pull/2122
Diffstat (limited to 'smoketest')
| -rwxr-xr-x | smoketest/scripts/cli/test_interfaces_wireguard.py | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py index 5562a697d..222a659aa 100755 --- a/smoketest/scripts/cli/test_interfaces_wireguard.py +++ b/smoketest/scripts/cli/test_interfaces_wireguard.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2021 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -91,5 +91,39 @@ class WireGuardInterfaceTest(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path + [interface, 'peer', 'PEER01']) self.cli_commit() + def test_wireguard_same_public_key(self): + # T5413: Test prevention of using peer own public key. + interface = 'wg0' + port = '12345' + pubkey_ok = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I=' + + public_key_path = f'/config/auth/wireguard/default/public.key' + with open(public_key_path, 'r') as file: + pubkey_fail = file.read().rstrip() + + self.cli_set(base_path + [interface, 'address', '172.16.0.1/24']) + self.cli_set(base_path + [interface, 'private-key', 'default']) + + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_fail]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'port', port]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips', + '10.205.212.10/32']) + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1']) + + # The same pubkey as the interface wg0 + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_ok]) + + # Commit peers + self.cli_commit() + + self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}')) + + if __name__ == '__main__': unittest.main(verbosity=2) |