diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-06-13 19:42:09 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-06-13 20:25:09 +0200 |
commit | cc967f1e3287970908062affd23b94f66ccee4b8 (patch) | |
tree | 9b20e4076fd3e94d8e7ef57a84dab074c237b7d7 | |
parent | f8b37aa4792e88a332c0e37f196480ef0220718b (diff) | |
download | vyos-1x-cc967f1e3287970908062affd23b94f66ccee4b8.tar.gz vyos-1x-cc967f1e3287970908062affd23b94f66ccee4b8.zip |
pppoe: T3621: validate that both username and password are set
A validator is missing checking that if authentication is used on a PPPoE
interface, both username and password are set.
(cherry picked from commit 0361c3ac449f183476f7aee31439417d9f7f8012)
-rw-r--r-- | python/vyos/configverify.py | 13 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_pppoe.py | 14 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-pppoe.py | 2 |
3 files changed, 29 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 88cbf2d5b..979e28b11 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -166,6 +166,19 @@ def verify_mirror(config): raise ConfigError(f'Can not mirror "{direction}" traffic back ' \ 'the originating interface!') +def verify_authentication(config): + """ + Common helper function used by interface implementations to perform + recurring validation of authentication for either PPPoE or WWAN interfaces. + + If authentication CLI option is defined, both username and password must + be set! + """ + if 'authentication' not in config: + return + if not {'user', 'password'} <= set(config['authentication']): + raise ConfigError('Authentication requires both username and ' \ + 'password to be set!') def verify_address(config): """ diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py index b8682fe71..3412ebae0 100755 --- a/smoketest/scripts/cli/test_interfaces_pppoe.py +++ b/smoketest/scripts/cli/test_interfaces_pppoe.py @@ -179,5 +179,19 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase): tmp = re.findall(f'systemctl restart dhcp6c@{interface}.service', tmp) self.assertTrue(tmp) + def test_pppoe_authentication(self): + # When username or password is set - so must be the other + interface = 'pppoe0' + self.cli_set(base_path + [interface, 'authentication', 'user', 'vyos']) + self.cli_set(base_path + [interface, 'source-interface', self._source_interface]) + self.cli_set(base_path + [interface, 'ipv6', 'address', 'autoconf']) + + # check validate() - if user is set, so must be the password + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set(base_path + [interface, 'authentication', 'password', 'vyos']) + self.cli_commit() + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py index 3675db73b..6c4c6c95b 100755 --- a/src/conf_mode/interfaces-pppoe.py +++ b/src/conf_mode/interfaces-pppoe.py @@ -22,6 +22,7 @@ from netifaces import interfaces from vyos.config import Config from vyos.configdict import get_interface_dict +from vyos.configverify import verify_authentication from vyos.configverify import verify_source_interface from vyos.configverify import verify_vrf from vyos.configverify import verify_mtu_ipv6 @@ -51,6 +52,7 @@ def verify(pppoe): return None verify_source_interface(pppoe) + verify_authentication(pppoe) verify_vrf(pppoe) verify_mtu_ipv6(pppoe) |