summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli/test_system_login.py
AgeCommit message (Collapse)Author
2026-06-16T8923: normalize "can not" to "cannot"Christian Breunig
Replace two-word "can not" / "Can not" with "cannot" across comments, ConfigError messages, CLI help text, and op-mode output. Standard SNMP MIB files under mibs/ are left unchanged.
2026-03-27T8410: Fix typos and mistakes for comments and messagesViacheslav Hletenko
Fix typos and mistakes No functional changes
2026-03-20login: T8415: show Warning() if default password is used when adding userChristian Breunig
When performing an image installation and the user chooses vyos as the default password, a warning is emitted. The combination vyos/vyos is used in brute force lists and have been seen multiple times in the wild. When adding the user via: set system login user vyos authentication plaintext-password vyos a warning should be shown!
2025-12-17login: T8086: replace getpwall() occurances with get_local_passwd_entries()Christian Breunig
Switch to our custom implementation to avoid NSS/TACACS timeouts as explained in commit 4c9eaaa96e06 ("login: replace getpwall() user enumeration to avoid NSS/TACACS timeouts").
2025-10-21T7948: always call setUp() and tearDown() base class methodsChristian Breunig
While working on task T7664 (FRR 10.4 upgrade), I identified the need for additional validation and safeguards around the FRR management daemon. The most appropriate place for this logic is in the setUp() and tearDown() methods of the smoketest base class, VyOSUnitTestSHIM. However, during implementation, it became apparent that test cases do not consistently invoke the base class's setup and teardown methods. This inconsistency complicates the process of capturing the FRR mgmtd PID at the start of a test and verifying that it remains unchanged by the end - a key step in detecting crashes or unexpected terminations (e.g., SIGSEGV) of the FRR management daemon during tests.
2025-09-30smoketest: T7858: make failfast main argument dynamicChristian Breunig
When smoketest debugging is enabled (by creating the file /tmp/vyos.smoketest.debug), all available smoketests will fail fast instead of running to completion. This helps reduce test time when something is broken or undergoing refactoring, as it avoids waiting for the full test suite to finish.
2025-06-28T7591: remove copyright years from source filesChristian Breunig
The legal team says years are not necessary so we can go ahead with it, since it will simplify backporting. Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \ 's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g' In addition we will error-out during "make" if someone re-adds a legacy copyright notice
2025-05-09T7443: Un-restricting non-root logins after scheduled reboot/shutdown via ↵Christian Breunig
pam_nologin When using reboot in, reboot at, or shutdown in, non-root users are prevented from logging in via SSH or console starting 5 minutes before the scheduled shutdown or reboot time. This behavior is intended by pam_nologin.so, which is included in the SSH and login PAM stack (default on Debian). While expected, it may be inconvenient and could be reconsidered.
2025-04-13T7355: cleanup unused Python3 importsChristian Breunig
Some unused import statements sneaked into the codebase. This is about cleaning them up
2025-03-18T6353: Add password strength check and user warningoniko94
2025-01-11smoketest: T7038: add freeradius container to live validate login via RADIUSChristian Breunig
RADIUS is pretty sensible to its configuration. Instead of manual testing, extend the smoketest platform to ship a freeradius container and perform logins against a locally running freeradius server in a container.
2025-01-07smoketest: T7023: add tac_plus container to live validate login (#4285)Christian Breunig
* smoketest: T7023: unify container image loading * smoketest: T7023: add tac_plus container to live validate login TACACS is pretty sensible to its configuration. Instead of manual testing, extend the smoketest platform to ship a tac_plus container and perform logins against a locally running tac_plus server in a container. The login username/password and TACACS shared secret is generated randomly on the fly for every testcase.
2024-06-24smoketest: T6510: ensure one cannot delete the current user in "system login"Christian Breunig
2024-04-03T6199: drop unused Python importsChristian Breunig
found using "git ls-files *.py | xargs pylint | grep W0611"
2024-02-16login: T5972: add possibility to disable individual local user accountsChristian Breunig
* set system login user <name> disable
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-06-22tacacs: T141: initial implementationChristian Breunig
2023-06-21smoketest: move SSH login functionality to base classChristian Breunig
2023-04-04T5145: Add maximum number of all logins on systemViacheslav Hletenko
maxsyslogins maximum number of all logins on system; user is not allowed to log-in if total number of all user logins is greater than specified number (this limit does not apply to user with uid=0) set system login max-login-session 2
2022-10-14login: 2fa: T874: fix Google authenticator issuesChristian Poessinger
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos'
2022-10-11system login: T874: add 2FA support for local and ssh authenticationgoodNETnick
2022-04-04smoketest: login: verify test accounts are properly deletedChristian Poessinger
2022-03-16smoketest: remove failfast=True from certian testsChristian Poessinger
2021-11-21smoketest: remove superfluous ConfigSession importChristian Poessinger
2021-09-23smoketest: T3850: use as complicated as possible public-key nameChristian Poessinger
2021-09-02login: T3792: bugfix for usernames containing a hyphenChristian Poessinger
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius: T3192: migrate to get_config_dict()") the user-name was not excluded from mangling (no_tag_node_value_mangle=True). This resulted in a username "vyos-user" from CLI to be actually created as "vyos_user" on the system. This commit also adds respective Smoketests to prevent this in the future.
2021-07-23login: T3699: verify system username does not conflict with Linux base usersChristian Poessinger
(cherry picked from commit 7292631373ea50f9908796ef2eda32e672d1df2e)
2021-03-17smoketest: add shim for every test to re-use common tastsChristian Poessinger
Currently every smoketest does the setup and destruction of the configsession on its own durin setUp(). This creates a lot of overhead and one configsession should be re-used during execution of every smoketest script. In addiion a test that failed will leaf the system in an unconsistent state. For this reason before the test is executed we will save the running config to /tmp and the will re-load the config after the test has passed, always ensuring a clean environment for the next test.
2021-01-07login: radius: T3192: support IPv6 server(s) and source-addressChristian Poessinger
2020-12-29smoketest: adjust test method namesChristian Poessinger
This is for better readability during testruns
2020-12-29smoketest: run all tests with verbosity=2Christian Poessinger
2020-12-13smoketest: login: adjust to Kernel 5.0 config optionsChristian Poessinger
2020-09-19smoketest: T2886: validate RADIUS configurationChristian Poessinger
2020-08-27Merge branch 'master' of github.com:vyos/vyos-smoketest into ↵Christian Poessinger
vyos-smoketest-integration (T2832) * 'master' of github.com:vyos/vyos-smoketest: (153 commits) pppoe-server: test some more values lcd: adjust to cli changes lcd: adapt test to new CLI design pppoe-server: initial smoketest with local and radius auth pppoe: validate dhcpv6 client will be started wireless: validate hostapd/wpa_supplicant is running pppoe: sync to new dhcpv6-pd cli anyconnect: T2812: add basic testing ethernet: check interface disable state router-advert: check 'infinity' option in script logic ssh: config file is now volatile (moved to /run) ipv6: link-local: test address assignment on interfaces router-advert: add initial test mdns-repeater: add basic test pseudo-ethernet: extend smoketests with VIFs l2tpv3: add initial interface test wireless: use library function for loading kernel modules ethernet: test "ip" subtree of interface for e.g. ARP settings pppoe: use assertEqual() service: bcast-relay: add initial tests ...