Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T7038: T7039: fix broken RADIUS IPv6 source address and add smoketests #4299

Merged
merged 2 commits into from
Jan 13, 2025
Merged

T7038: T7039: fix broken RADIUS IPv6 source address and add smoketests #4299

merged 2 commits into from
Jan 13, 2025

Conversation

c-po
Copy link
Member

@c-po c-po commented Jan 10, 2025
edited
Loading

Change summary

RADIUS is pretty sensible to its configuration.

Instead of manual testing, extend the smoketest platform to ship a FreeRADIUS container and perform logins against a locally running FreeRADIUS server in a container.

When configuring RADIUS to use IPv6 as connection to the server with an optional source-address:

set system login radius server 2001:db8::4 key '9LMVCtPYpG'
set system login radius source-address '2001:db8::1'

It will error out:

pam_radius_auth(sshd:auth): Failed looking up source IP address [2001:db8::1] for server [2001:db8::4]:1812 (error=System error)

The source address is not allowed to be in [] - thus the brackets need to be removed.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

How to test / Smoketest result

vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_system_login.py
test_add_linux_system_user (__main__.TestSystemLogin.test_add_linux_system_user) ... ok
test_delete_current_user (__main__.TestSystemLogin.test_delete_current_user) ... ok
test_radius_kernel_features (__main__.TestSystemLogin.test_radius_kernel_features) ... ok
test_system_login_max_login_session (__main__.TestSystemLogin.test_system_login_max_login_session) ... ok
test_system_login_otp (__main__.TestSystemLogin.test_system_login_otp) ... ok
test_system_login_radius_ipv4 (__main__.TestSystemLogin.test_system_login_radius_ipv4) ... ok
test_system_login_radius_ipv6 (__main__.TestSystemLogin.test_system_login_radius_ipv6) ... ok
test_system_login_tacacs (__main__.TestSystemLogin.test_system_login_tacacs) ... ok
test_system_login_user (__main__.TestSystemLogin.test_system_login_user) ... ok
test_system_user_ssh_key (__main__.TestSystemLogin.test_system_user_ssh_key) ... ok

----------------------------------------------------------------------
Ran 10 tests in 47.576s

OK

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 10, 2025
edited
Loading

👍
No issues in PR Title / Commit Title

@c-po c-po force-pushed the radius-smoketest branch from 5080575 to e67853b Compare January 10, 2025 12:30
@c-po c-po marked this pull request as draft January 10, 2025 12:35
@c-po c-po force-pushed the radius-smoketest branch from e67853b to 13d2ad2 Compare January 10, 2025 20:01
@c-po c-po changed the title smoketest: T7038: add freeradius container to live validate login via RADIUS radius: T7039: fix broken IPv6 source address Jan 10, 2025
@c-po c-po marked this pull request as ready for review January 10, 2025 20:06
@c-po c-po changed the title radius: T7039: fix broken IPv6 source address T7038: T7039: fix broken RADIUS IPv6 source address and add smoketests Jan 10, 2025
@c-po c-po marked this pull request as draft January 11, 2025 09:07
c-po added 2 commits January 11, 2025 10:59
@c-po
smoketest: T7038: add freeradius container to live validate login via…
fee77a6 
… RADIUS

RADIUS is pretty sensible to its configuration. Instead of manual testing,
extend the smoketest platform to ship a freeradius container and perform logins
against a locally running freeradius server in a container.
@c-po
radius: T7039: fix broken IPv6 source address
21b2541 
When configuring RADIUS to use IPv6 as connection to the server with an
optional source-address

set system login radius server 2001:db8::4 key '9LMVCtPYpG'
set system login radius source-address '2001:db8::1'

It will error out:

  pam_radius_auth(sshd:auth): Failed looking up source IP address [2001:db8::1]
    for server [2001:db8::4]:1812 (error=System error)

The source address is not allowed to be in [] - thus the brackets need to be
removed.
@c-po c-po marked this pull request as ready for review January 11, 2025 10:05
@c-po c-po force-pushed the radius-smoketest branch from f48eb0c to 21b2541 Compare January 11, 2025 10:05
@github-actions GitHub Actions
Copy link

CI integration 👍 passed!

Details

CI logs

  • CLI Smoketests (no interfaces) 👍 passed
  • CLI Smoketests (interfaces only) 👍 passed
  • Config tests 👍 passed
  • RAID1 tests 👍 passed
  • TPM tests 👍 passed

@c-po c-po merged commit 99d0c7a into vyos:current Jan 13, 2025
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sever-sever sever-sever sever-sever approved these changes

@dmbaturin dmbaturin dmbaturin approved these changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner

@fett0 fett0 Awaiting requested review from fett0 fett0 is a code owner

@nicolas-fort nicolas-fort Awaiting requested review from nicolas-fort nicolas-fort is a code owner

@zdc zdc Awaiting requested review from zdc zdc is a code owner

Assignees

@c-po c-po

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@c-po @dmbaturin @sever-sever