diff --git a/tests/docker-ocserv/Dockerfile-fedora-radius b/tests/docker-ocserv/Dockerfile-fedora-radius index 1b7a0004..346f22c8 100644 --- a/tests/docker-ocserv/Dockerfile-fedora-radius +++ b/tests/docker-ocserv/Dockerfile-fedora-radius @@ -4,9 +4,7 @@ RUN yum install -y gnutls gnutls-utils protobuf-c iproute pcllib http-parser tcp RUN yum install -y bash openssh-server nuttcp RUN yum install -y libnl3 libtalloc libev RUN yum install -y procps-ng lz4 radcli liboauth oathtool -RUN yum install -y freeradius-client -RUN yum install -y freeradius -RUN yum install -y krb5-libs less +RUN yum install -y freeradius krb5-libs less bash RUN yum update -y RUN systemctl enable sshd RUN sed 's/PermitRootLogin without-password/PermitRootLogin yes/g' -i /etc/ssh/sshd_config diff --git a/tests/docker-ocserv/freeradius-users b/tests/docker-ocserv/freeradius-users index f5ebab91..f701c806 100644 --- a/tests/docker-ocserv/freeradius-users +++ b/tests/docker-ocserv/freeradius-users @@ -83,6 +83,15 @@ test8 Cleartext-Password := "test8" Framed-Routing = Broadcast-Listen, Framed-MTU = 1500 +test-arb Cleartext-Password := "test-arb" + Service-Type = Framed-User, + Framed-Protocol = PPP, + Framed-Route = 192.168.100.5/24, + Framed-IP-Address = 255.255.255.254, + Framed-IP-Netmask = 255.255.255.0, + Framed-Routing = Broadcast-Listen, + Framed-MTU = 1500 + test-class Cleartext-Password := "test-class" Service-Type = Framed-User, Framed-Protocol = PPP, diff --git a/tests/docker-ocserv/ocserv-radius.conf b/tests/docker-ocserv/ocserv-radius.conf index 0bd1cc35..61913c13 100644 --- a/tests/docker-ocserv/ocserv-radius.conf +++ b/tests/docker-ocserv/ocserv-radius.conf @@ -46,8 +46,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 10522 -udp-port = 10522 +tcp-port = 443 +udp-port = 443 # Keepalive in seconds keepalive = 32400 diff --git a/tests/radius-test b/tests/radius-test index 3a2b77a4..86022900 100755 --- a/tests/radius-test +++ b/tests/radius-test @@ -20,9 +20,7 @@ srcdir=${srcdir:-.} -PORT=10500 -PORT2=10501 -PORT_OCSERV=10522 +PORT_OCSERV=443 #this test can only be run as root id|grep root >/dev/null 2>&1 if [ $? != 0 ];then @@ -33,6 +31,7 @@ CONFIG="radius" IMAGE=ocserv-radius-test IMAGE_NAME=test_ocserv_radius TMP=$IMAGE_NAME.tmp +TMPFILE=$IMAGE_NAME-tmp.tmp . ./docker-common.sh $DOCKER run -e OCCTL_PAGER=cat -P --privileged=true --tty=false -d --name $IMAGE_NAME $IMAGE @@ -56,21 +55,49 @@ if test ! -z "$QUIT_ON_INIT";then exit 0 fi +echo "" $ECHO_E "testuser" >pass-radius$TMP -$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP +$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP if test $? = 0;then echo "Authentication with wrong password succeeded!" stop fi +echo "" $ECHO_E "test" >pass-radius$TMP -$OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP +$OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP if test $? = 0;then echo "Authentication with wrong username succeeded!" stop fi -echo "Trying with correct password" +echo "" +echo "Trying with correct password and special IP" +$ECHO_E "test-arb" >pass-radius$TMP +$OPENCONNECT $IP:$PORT_OCSERV -v -u test-arb --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-radius$TMP >$TMPFILE & +PID=$! + +sleep 5 + +grep 'X-CSTP-Address: 192.168.55.' $TMPFILE +if test $? != 0;then + kill -INT $PID + echo "Unexpected address was assigned" + stop +fi + +ping -w 3 192.168.55.1 +if test $? != 0;then + kill -INT $PID + echo "Cannot ping ocserv" + stop +fi + +kill -INT $PID + +sleep 3 + +echo "Trying with correct password and normal IP" $ECHO_E "test" >pass-radius$TMP $OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-radius$TMP & PID=$! @@ -238,6 +265,6 @@ fi $DOCKER stop $IMAGE_NAME $DOCKER rm $IMAGE_NAME -rm -f out$TMP +rm -f out$TMP $TMPFILE exit $ret