summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli/test_system_login.py
diff options
context:
space:
mode:
authorMarcus Hoff <marcus.hoff@ring2.dk>2020-09-20 11:59:32 +0200
committerMarcus Hoff <marcus.hoff@ring2.dk>2020-09-20 11:59:32 +0200
commit45b30adfaaec7065f768d04085138a75a76ed376 (patch)
treea9cd47236468077141eee56068ba23027b0d4c7d /smoketest/scripts/cli/test_system_login.py
parent46fb580fa0131f6815bbcfc95631654f6fe999a8 (diff)
parente0797331774a02ca23e8363fbcfe5a49fb3ca2bd (diff)
downloadvyos-1x-45b30adfaaec7065f768d04085138a75a76ed376.tar.gz
vyos-1x-45b30adfaaec7065f768d04085138a75a76ed376.zip
Merge remote-tracking branch 'upstream/current' into current
Diffstat (limited to 'smoketest/scripts/cli/test_system_login.py')
-rwxr-xr-xsmoketest/scripts/cli/test_system_login.py70
1 files changed, 67 insertions, 3 deletions
diff --git a/smoketest/scripts/cli/test_system_login.py b/smoketest/scripts/cli/test_system_login.py
index 3c4b1fa28..48ae78ccf 100755
--- a/smoketest/scripts/cli/test_system_login.py
+++ b/smoketest/scripts/cli/test_system_login.py
@@ -16,11 +16,15 @@
import os
import re
+import platform
import unittest
+from platform import release as kernel_version
from subprocess import Popen, PIPE
-from vyos.configsession import ConfigSession, ConfigSessionError
-import vyos.util as util
+
+from vyos.configsession import ConfigSession
+from vyos.util import cmd
+from vyos.util import read_file
base_path = ['system', 'login']
users = ['vyos1', 'vyos2']
@@ -37,7 +41,7 @@ class TestSystemLogin(unittest.TestCase):
self.session.commit()
del self.session
- def test_user(self):
+ def test_local_user(self):
""" Check if user can be created and we can SSH to localhost """
self.session.set(['service', 'ssh', 'port', '22'])
@@ -63,5 +67,65 @@ class TestSystemLogin(unittest.TestCase):
# b'Linux vyos 4.19.101-amd64-vyos #1 SMP Sun Feb 2 10:18:07 UTC 2020 x86_64 GNU/Linux\n'
self.assertTrue(len(stdout) > 40)
+ def test_radius_kernel_features(self):
+ """ T2886: RADIUS requires some Kernel options to be present """
+ kernel = platform.release()
+ kernel_config = read_file(f'/boot/config-{kernel}')
+
+ # T2886 - RADIUS authentication - check for statically compiled
+ # options (=y)
+ for option in ['CONFIG_AUDIT', 'CONFIG_HAVE_ARCH_AUDITSYSCALL',
+ 'CONFIG_AUDITSYSCALL', 'CONFIG_AUDIT_WATCH',
+ 'CONFIG_AUDIT_TREE', 'CONFIG_AUDIT_ARCH']:
+ self.assertIn(f'{option}=y', kernel_config)
+
+ def test_radius_config(self):
+ """ Verify generated RADIUS configuration files """
+
+ radius_key = 'VyOSsecretVyOS'
+ radius_server = '172.16.100.10'
+ radius_source = '127.0.0.1'
+ radius_port = '2000'
+ radius_timeout = '1'
+
+ self.session.set(base_path + ['radius', 'server', radius_server, 'key', radius_key])
+ self.session.set(base_path + ['radius', 'server', radius_server, 'port', radius_port])
+ self.session.set(base_path + ['radius', 'server', radius_server, 'timeout', radius_timeout])
+ self.session.set(base_path + ['radius', 'source-address', radius_source])
+
+ self.session.commit()
+
+ # this file must be read with higher permissions
+ pam_radius_auth_conf = cmd('sudo cat /etc/pam_radius_auth.conf')
+ tmp = re.findall(r'\n?{}:{}\s+{}\s+{}\s+{}'.format(radius_server,
+ radius_port, radius_key, radius_timeout,
+ radius_source), pam_radius_auth_conf)
+ self.assertTrue(tmp)
+
+ # required, static options
+ self.assertIn('priv-lvl 15', pam_radius_auth_conf)
+ self.assertIn('mapped_priv_user radius_priv_user', pam_radius_auth_conf)
+
+ # PAM
+ pam_common_account = read_file('/etc/pam.d/common-account')
+ self.assertIn('pam_radius_auth.so', pam_common_account)
+
+ pam_common_auth = read_file('/etc/pam.d/common-auth')
+ self.assertIn('pam_radius_auth.so', pam_common_auth)
+
+ pam_common_session = read_file('/etc/pam.d/common-session')
+ self.assertIn('pam_radius_auth.so', pam_common_session)
+
+ pam_common_session_noninteractive = read_file('/etc/pam.d/common-session-noninteractive')
+ self.assertIn('pam_radius_auth.so', pam_common_session_noninteractive)
+
+ # NSS
+ nsswitch_conf = read_file('/etc/nsswitch.conf')
+ tmp = re.findall(r'passwd:\s+mapuid\s+files\s+mapname', nsswitch_conf)
+ self.assertTrue(tmp)
+
+ tmp = re.findall(r'group:\s+mapname\s+files', nsswitch_conf)
+ self.assertTrue(tmp)
+
if __name__ == '__main__':
unittest.main()