diff options
author | Daniil Baturin <daniil@vyos.io> | 2023-12-09 16:31:44 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-09 16:31:44 +0000 |
commit | 48e512ffec259d8753a8fd5a0a6a961f332ab8c1 (patch) | |
tree | 43a1213ffb6d4ed5550aaf6397d51752c7082a13 /smoketest | |
parent | 5d42ac22b2dd152327ed7c12d13faf01268dd363 (diff) | |
parent | 2c1c3613567e23e14ce89bbf872e6e9dee16badb (diff) | |
download | vyos-1x-48e512ffec259d8753a8fd5a0a6a961f332ab8c1.tar.gz vyos-1x-48e512ffec259d8753a8fd5a0a6a961f332ab8c1.zip |
Merge pull request #2540 from aapostoliuk/T5413-equuleus
wireguard: T5413: Blocked adding the peer with the router's public key
Diffstat (limited to 'smoketest')
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_wireguard.py | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py index 5562a697d..222a659aa 100755 --- a/smoketest/scripts/cli/test_interfaces_wireguard.py +++ b/smoketest/scripts/cli/test_interfaces_wireguard.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2021 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -91,5 +91,39 @@ class WireGuardInterfaceTest(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path + [interface, 'peer', 'PEER01']) self.cli_commit() + def test_wireguard_same_public_key(self): + # T5413: Test prevention of using peer own public key. + interface = 'wg0' + port = '12345' + pubkey_ok = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I=' + + public_key_path = f'/config/auth/wireguard/default/public.key' + with open(public_key_path, 'r') as file: + pubkey_fail = file.read().rstrip() + + self.cli_set(base_path + [interface, 'address', '172.16.0.1/24']) + self.cli_set(base_path + [interface, 'private-key', 'default']) + + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_fail]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'port', port]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips', + '10.205.212.10/32']) + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1']) + + # The same pubkey as the interface wg0 + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_ok]) + + # Commit peers + self.cli_commit() + + self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}')) + + if __name__ == '__main__': unittest.main(verbosity=2) |