summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-06-13 19:42:09 +0200
committerChristian Poessinger <christian@poessinger.com>2021-06-13 20:25:09 +0200
commitcc967f1e3287970908062affd23b94f66ccee4b8 (patch)
tree9b20e4076fd3e94d8e7ef57a84dab074c237b7d7
parentf8b37aa4792e88a332c0e37f196480ef0220718b (diff)
downloadvyos-1x-cc967f1e3287970908062affd23b94f66ccee4b8.tar.gz
vyos-1x-cc967f1e3287970908062affd23b94f66ccee4b8.zip
pppoe: T3621: validate that both username and password are set
A validator is missing checking that if authentication is used on a PPPoE interface, both username and password are set. (cherry picked from commit 0361c3ac449f183476f7aee31439417d9f7f8012)
-rw-r--r--python/vyos/configverify.py13
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_pppoe.py14
-rwxr-xr-xsrc/conf_mode/interfaces-pppoe.py2
3 files changed, 29 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 88cbf2d5b..979e28b11 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -166,6 +166,19 @@ def verify_mirror(config):
raise ConfigError(f'Can not mirror "{direction}" traffic back ' \
'the originating interface!')
+def verify_authentication(config):
+ """
+ Common helper function used by interface implementations to perform
+ recurring validation of authentication for either PPPoE or WWAN interfaces.
+
+ If authentication CLI option is defined, both username and password must
+ be set!
+ """
+ if 'authentication' not in config:
+ return
+ if not {'user', 'password'} <= set(config['authentication']):
+ raise ConfigError('Authentication requires both username and ' \
+ 'password to be set!')
def verify_address(config):
"""
diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py
index b8682fe71..3412ebae0 100755
--- a/smoketest/scripts/cli/test_interfaces_pppoe.py
+++ b/smoketest/scripts/cli/test_interfaces_pppoe.py
@@ -179,5 +179,19 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
tmp = re.findall(f'systemctl restart dhcp6c@{interface}.service', tmp)
self.assertTrue(tmp)
+ def test_pppoe_authentication(self):
+ # When username or password is set - so must be the other
+ interface = 'pppoe0'
+ self.cli_set(base_path + [interface, 'authentication', 'user', 'vyos'])
+ self.cli_set(base_path + [interface, 'source-interface', self._source_interface])
+ self.cli_set(base_path + [interface, 'ipv6', 'address', 'autoconf'])
+
+ # check validate() - if user is set, so must be the password
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+
+ self.cli_set(base_path + [interface, 'authentication', 'password', 'vyos'])
+ self.cli_commit()
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py
index 3675db73b..6c4c6c95b 100755
--- a/src/conf_mode/interfaces-pppoe.py
+++ b/src/conf_mode/interfaces-pppoe.py
@@ -22,6 +22,7 @@ from netifaces import interfaces
from vyos.config import Config
from vyos.configdict import get_interface_dict
+from vyos.configverify import verify_authentication
from vyos.configverify import verify_source_interface
from vyos.configverify import verify_vrf
from vyos.configverify import verify_mtu_ipv6
@@ -51,6 +52,7 @@ def verify(pppoe):
return None
verify_source_interface(pppoe)
+ verify_authentication(pppoe)
verify_vrf(pppoe)
verify_mtu_ipv6(pppoe)