bond: T6709: add EAPoL support (backport #4069) (#4076)

* ethernet: T6709: move EAPoL support to common framework Instead of having EAPoL (Extensible Authentication Protocol over Local Area Network) support only available for ethernet interfaces, move this to common ground at vyos.ifconfig.interface making it available for all sorts of interfaces by simply including the XML portion #include <include/interface/eapol.xml.i> (cherry picked from commit 0ee8d5e35044e7480dac6a23e92d43744b8c5d36) * bond: T6709: add EAPoL support (cherry picked from commit 8eeb1bdcdfc104ffa77531f270a38cda2aee7f82) --------- Co-authored-by: Christian Breunig <christian@breunig.cc>
author: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2024-09-17 20:32:02 +0300
committer: GitHub <noreply@github.com> 2024-09-17 20:32:02 +0300
commit: 787f8c44327fc0adc38af51d034e178b32424fea (patch)
tree: c6dd0e31ab4fcd30dc4737d9d2d1d41f3b037fab /smoketest/scripts/cli/test_interfaces_ethernet.py
parent: 47875491f077284e8a10889a1677d1e469f7cdc4 (diff)
download: vyos-1x-787f8c44327fc0adc38af51d034e178b32424fea.tar.gz
vyos-1x-787f8c44327fc0adc38af51d034e178b32424fea.zip
1 files changed, 0 insertions, 142 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_ethernet.py b/smoketest/scripts/cli/test_interfaces_ethernet.py
index 4843a40da..3d12364f7 100755
--- a/smoketest/scripts/cli/test_interfaces_ethernet.py
+++ b/smoketest/scripts/cli/test_interfaces_ethernet.py
@@ -15,7 +15,6 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
-import re
 import unittest
 
 from glob import glob
@@ -28,86 +27,11 @@ from netifaces import ifaddresses
 from base_interfaces_test import BasicInterfaceTest
 from vyos.configsession import ConfigSessionError
 from vyos.ifconfig import Section
-from vyos.pki import CERT_BEGIN
 from vyos.utils.process import cmd
-from vyos.utils.process import process_named_running
 from vyos.utils.process import popen
 from vyos.utils.file import read_file
 from vyos.utils.network import is_ipv6_link_local
 
-server_ca_root_cert_data = """
-MIIBcTCCARagAwIBAgIUDcAf1oIQV+6WRaW7NPcSnECQ/lUwCgYIKoZIzj0EAwIw
-HjEcMBoGA1UEAwwTVnlPUyBzZXJ2ZXIgcm9vdCBDQTAeFw0yMjAyMTcxOTQxMjBa
-Fw0zMjAyMTUxOTQxMjBaMB4xHDAaBgNVBAMME1Z5T1Mgc2VydmVyIHJvb3QgQ0Ew
-WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ0y24GzKQf4aM2Ir12tI9yITOIzAUj
-ZXyJeCmYI6uAnyAMqc4Q4NKyfq3nBi4XP87cs1jlC1P2BZ8MsjL5MdGWozIwMDAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRwC/YaieMEnjhYa7K3Flw/o0SFuzAK
-BggqhkjOPQQDAgNJADBGAiEAh3qEj8vScsjAdBy5shXzXDVVOKWCPTdGrPKnu8UW
-a2cCIQDlDgkzWmn5ujc5ATKz1fj+Se/aeqwh4QyoWCVTFLIxhQ==
-"""
-
-server_ca_intermediate_cert_data = """
-MIIBmTCCAT+gAwIBAgIUNzrtHzLmi3QpPK57tUgCnJZhXXQwCgYIKoZIzj0EAwIw
-HjEcMBoGA1UEAwwTVnlPUyBzZXJ2ZXIgcm9vdCBDQTAeFw0yMjAyMTcxOTQxMjFa
-Fw0zMjAyMTUxOTQxMjFaMCYxJDAiBgNVBAMMG1Z5T1Mgc2VydmVyIGludGVybWVk
-aWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEl2nJ1CzoqPV6hWII2m
-eGN/uieU6wDMECTk/LgG8CCCSYb488dibUiFN/1UFsmoLIdIhkx/6MUCYh62m8U2
-WNujUzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMV3YwH88I5gFsFUibbQ
-kMR0ECPsMB8GA1UdIwQYMBaAFHAL9hqJ4wSeOFhrsrcWXD+jRIW7MAoGCCqGSM49
-BAMCA0gAMEUCIQC/ahujD9dp5pMMCd3SZddqGC9cXtOwMN0JR3e5CxP13AIgIMQm
-jMYrinFoInxmX64HfshYqnUY8608nK9D2BNPOHo=
-"""
-
-client_ca_root_cert_data = """
-MIIBcDCCARagAwIBAgIUZmoW2xVdwkZSvglnkCq0AHKa6zIwCgYIKoZIzj0EAwIw
-HjEcMBoGA1UEAwwTVnlPUyBjbGllbnQgcm9vdCBDQTAeFw0yMjAyMTcxOTQxMjFa
-Fw0zMjAyMTUxOTQxMjFaMB4xHDAaBgNVBAMME1Z5T1MgY2xpZW50IHJvb3QgQ0Ew
-WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATUpKXzQk2NOVKDN4VULk2yw4mOKPvn
-mg947+VY7lbpfOfAUD0QRg95qZWCw899eKnXp/U4TkAVrmEKhUb6OJTFozIwMDAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTXu6xGWUl25X3sBtrhm3BJSICIATAK
-BggqhkjOPQQDAgNIADBFAiEAnTzEwuTI9bz2Oae3LZbjP6f/f50KFJtjLZFDbQz7
-DpYCIDNRHV8zBUibC+zg5PqMpQBKd/oPfNU76nEv6xkp/ijO
-"""
-
-client_ca_intermediate_cert_data = """
-MIIBmDCCAT+gAwIBAgIUJEMdotgqA7wU4XXJvEzDulUAGqgwCgYIKoZIzj0EAwIw
-HjEcMBoGA1UEAwwTVnlPUyBjbGllbnQgcm9vdCBDQTAeFw0yMjAyMTcxOTQxMjJa
-Fw0zMjAyMTUxOTQxMjJaMCYxJDAiBgNVBAMMG1Z5T1MgY2xpZW50IGludGVybWVk
-aWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGyIVIi217s9j3O+WQ2b
-6R65/Z0ZjQpELxPjBRc0CA0GFCo+pI5EvwI+jNFArvTAJ5+ZdEWUJ1DQhBKDDQdI
-avCjUzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOUS8oNJjChB1Rb9Blcl
-ETvziHJ9MB8GA1UdIwQYMBaAFNe7rEZZSXblfewG2uGbcElIgIgBMAoGCCqGSM49
-BAMCA0cAMEQCIArhaxWgRsAUbEeNHD/ULtstLHxw/P97qPUSROLQld53AiBjgiiz
-9pDfISmpekZYz6bIDWRIR0cXUToZEMFNzNMrQg==
-"""
-
-client_cert_data = """
-MIIBmTCCAUCgAwIBAgIUV5T77XdE/tV82Tk4Vzhp5BIFFm0wCgYIKoZIzj0EAwIw
-JjEkMCIGA1UEAwwbVnlPUyBjbGllbnQgaW50ZXJtZWRpYXRlIENBMB4XDTIyMDIx
-NzE5NDEyMloXDTMyMDIxNTE5NDEyMlowIjEgMB4GA1UEAwwXVnlPUyBjbGllbnQg
-Y2VydGlmaWNhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARuyynqfc/qJj5e
-KJ03oOH8X4Z8spDeAPO9WYckMM0ldPj+9kU607szFzPwjaPWzPdgyIWz3hcN8yAh
-CIhytmJao1AwTjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTIFKrxZ+PqOhYSUqnl
-TGCUmM7wTjAfBgNVHSMEGDAWgBTlEvKDSYwoQdUW/QZXJRE784hyfTAKBggqhkjO
-PQQDAgNHADBEAiAvO8/jvz05xqmP3OXD53XhfxDLMIxzN4KPoCkFqvjlhQIgIHq2
-/geVx3rAOtSps56q/jiDouN/aw01TdpmGKVAa9U=
-"""
-
-client_key_data = """
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxaxAQsJwjoOCByQE
-+qSYKtKtJzbdbOnTsKNSrfgkFH6hRANCAARuyynqfc/qJj5eKJ03oOH8X4Z8spDe
-APO9WYckMM0ldPj+9kU607szFzPwjaPWzPdgyIWz3hcN8yAhCIhytmJa
-"""
-
-def get_wpa_supplicant_value(interface, key):
-    tmp = read_file(f'/run/wpa_supplicant/{interface}.conf')
-    tmp = re.findall(r'\n?{}=(.*)'.format(key), tmp)
-    return tmp[0]
-
-def get_certificate_count(interface, cert_type):
-    tmp = read_file(f'/run/wpa_supplicant/{interface}_{cert_type}.pem')
-    return tmp.count(CERT_BEGIN)
-
 class EthernetInterfaceTest(BasicInterfaceTest.TestCase):
     @classmethod
     def setUpClass(cls):
@@ -237,72 +161,6 @@ class EthernetInterfaceTest(BasicInterfaceTest.TestCase):
             self.cli_set(self._base_path + [interface, 'speed', 'auto'])
             self.cli_commit()
 
-    def test_eapol_support(self):
-        ca_certs = {
-            'eapol-server-ca-root': server_ca_root_cert_data,
-            'eapol-server-ca-intermediate': server_ca_intermediate_cert_data,
-            'eapol-client-ca-root': client_ca_root_cert_data,
-            'eapol-client-ca-intermediate': client_ca_intermediate_cert_data,
-        }
-        cert_name = 'eapol-client'
-
-        for name, data in ca_certs.items():
-            self.cli_set(['pki', 'ca', name, 'certificate', data.replace('\n','')])
-
-        self.cli_set(['pki', 'certificate', cert_name, 'certificate', client_cert_data.replace('\n','')])
-        self.cli_set(['pki', 'certificate', cert_name, 'private', 'key', client_key_data.replace('\n','')])
-
-        for interface in self._interfaces:
-            # Enable EAPoL
-            self.cli_set(self._base_path + [interface, 'eapol', 'ca-certificate', 'eapol-server-ca-intermediate'])
-            self.cli_set(self._base_path + [interface, 'eapol', 'ca-certificate', 'eapol-client-ca-intermediate'])
-            self.cli_set(self._base_path + [interface, 'eapol', 'certificate', cert_name])
-
-        self.cli_commit()
-
-        # Test multiple CA chains
-        self.assertEqual(get_certificate_count(interface, 'ca'), 4)
-
-        for interface in self._interfaces:
-            self.cli_delete(self._base_path + [interface, 'eapol', 'ca-certificate', 'eapol-client-ca-intermediate'])
-
-        self.cli_commit()
-
-        # Check for running process
-        self.assertTrue(process_named_running('wpa_supplicant'))
-
-        # Validate interface config
-        for interface in self._interfaces:
-            tmp = get_wpa_supplicant_value(interface, 'key_mgmt')
-            self.assertEqual('IEEE8021X', tmp)
-
-            tmp = get_wpa_supplicant_value(interface, 'eap')
-            self.assertEqual('TLS', tmp)
-
-            tmp = get_wpa_supplicant_value(interface, 'eapol_flags')
-            self.assertEqual('0', tmp)
-
-            tmp = get_wpa_supplicant_value(interface, 'ca_cert')
-            self.assertEqual(f'"/run/wpa_supplicant/{interface}_ca.pem"', tmp)
-
-            tmp = get_wpa_supplicant_value(interface, 'client_cert')
-            self.assertEqual(f'"/run/wpa_supplicant/{interface}_cert.pem"', tmp)
-
-            tmp = get_wpa_supplicant_value(interface, 'private_key')
-            self.assertEqual(f'"/run/wpa_supplicant/{interface}_cert.key"', tmp)
-
-            mac = read_file(f'/sys/class/net/{interface}/address')
-            tmp = get_wpa_supplicant_value(interface, 'identity')
-            self.assertEqual(f'"{mac}"', tmp)
-
-        # Check certificate files have the full chain
-        self.assertEqual(get_certificate_count(interface, 'ca'), 2)
-        self.assertEqual(get_certificate_count(interface, 'cert'), 3)
-
-        for name in ca_certs:
-            self.cli_delete(['pki', 'ca', name])
-        self.cli_delete(['pki', 'certificate', cert_name])
-
     def test_ethtool_ring_buffer(self):
         for interface in self._interfaces:
             # We do not use vyos.ethtool here to not have any chance
author	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-09-17 20:32:02 +0300
committer	GitHub <noreply@github.com>	2024-09-17 20:32:02 +0300
commit	787f8c44327fc0adc38af51d034e178b32424fea (patch)
tree	c6dd0e31ab4fcd30dc4737d9d2d1d41f3b037fab /smoketest/scripts/cli/test_interfaces_ethernet.py
parent	47875491f077284e8a10889a1677d1e469f7cdc4 (diff)
download	vyos-1x-787f8c44327fc0adc38af51d034e178b32424fea.tar.gz vyos-1x-787f8c44327fc0adc38af51d034e178b32424fea.zip