summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2023-12-09 16:31:44 +0000
committerGitHub <noreply@github.com>2023-12-09 16:31:44 +0000
commit48e512ffec259d8753a8fd5a0a6a961f332ab8c1 (patch)
tree43a1213ffb6d4ed5550aaf6397d51752c7082a13 /smoketest
parent5d42ac22b2dd152327ed7c12d13faf01268dd363 (diff)
parent2c1c3613567e23e14ce89bbf872e6e9dee16badb (diff)
downloadvyos-1x-48e512ffec259d8753a8fd5a0a6a961f332ab8c1.tar.gz
vyos-1x-48e512ffec259d8753a8fd5a0a6a961f332ab8c1.zip
Merge pull request #2540 from aapostoliuk/T5413-equuleus
wireguard: T5413: Blocked adding the peer with the router's public key
Diffstat (limited to 'smoketest')
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_wireguard.py36
1 files changed, 35 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py
index 5562a697d..222a659aa 100755
--- a/smoketest/scripts/cli/test_interfaces_wireguard.py
+++ b/smoketest/scripts/cli/test_interfaces_wireguard.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020-2021 VyOS maintainers and contributors
+# Copyright (C) 2020-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -91,5 +91,39 @@ class WireGuardInterfaceTest(VyOSUnitTestSHIM.TestCase):
self.cli_delete(base_path + [interface, 'peer', 'PEER01'])
self.cli_commit()
+ def test_wireguard_same_public_key(self):
+ # T5413: Test prevention of using peer own public key.
+ interface = 'wg0'
+ port = '12345'
+ pubkey_ok = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I='
+
+ public_key_path = f'/config/auth/wireguard/default/public.key'
+ with open(public_key_path, 'r') as file:
+ pubkey_fail = file.read().rstrip()
+
+ self.cli_set(base_path + [interface, 'address', '172.16.0.1/24'])
+ self.cli_set(base_path + [interface, 'private-key', 'default'])
+
+ self.cli_set(
+ base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_fail])
+ self.cli_set(base_path + [interface, 'peer', 'PEER01', 'port', port])
+ self.cli_set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips',
+ '10.205.212.10/32'])
+ self.cli_set(
+ base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1'])
+
+ # The same pubkey as the interface wg0
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+
+ self.cli_set(
+ base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_ok])
+
+ # Commit peers
+ self.cli_commit()
+
+ self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}'))
+
+
if __name__ == '__main__':
unittest.main(verbosity=2)