diff options
Diffstat (limited to 'src/tests/sql_nas_table')
| -rw-r--r-- | src/tests/sql_nas_table/all.mk | 78 | ||||
| -rw-r--r-- | src/tests/sql_nas_table/auth.txt | 2 | ||||
| -rw-r--r-- | src/tests/sql_nas_table/clients.sql | 1 | ||||
| -rw-r--r-- | src/tests/sql_nas_table/config/radiusd.conf | 143 |
4 files changed, 224 insertions, 0 deletions
diff --git a/src/tests/sql_nas_table/all.mk b/src/tests/sql_nas_table/all.mk new file mode 100644 index 0000000..da21501 --- /dev/null +++ b/src/tests/sql_nas_table/all.mk @@ -0,0 +1,78 @@ +# +# Unit tests validating the SQL 'nas' table clients +# + +# +# Test name +# +TEST := test.sql_nas_table +FILES := $(subst $(DIR)/,,$(wildcard $(DIR)/*.txt)) + +# +# If we have rlm_sql_sqlite and sqlite3 +# +ifneq "$(findstring rlm_sql_sqlite,$(ALL_TGTS))" "" +SQLITE3 := $(shell which sqlite3) +endif + +ifneq "$(SQLITE3)" "" + +# +# Run the full tests +# +$(eval $(call TEST_BOOTSTRAP)) + +# +# Config settings +# +SQL_NASTABLE_BUILD_DIR := $(BUILD_DIR)/tests/sql_nas_table +SQL_NASTABLE_RADIUS_LOG := $(SQL_NASTABLE_BUILD_DIR)/radiusd.log +SQL_NASTABLE_GDB_LOG := $(SQL_NASTABLE_BUILD_DIR)/gdb.log +SQL_NASTABLE_DB := $(SQL_NASTABLE_BUILD_DIR)/sql_nas_table.db + +# Used by src/tests/sql_nas_table/config/radiusd.conf +export SQL_NASTABLE_DB + +# +# Generic rules to start / stop the radius service. +# +include src/tests/radiusd.mk +$(eval $(call RADIUSD_SERVICE,radiusd,$(OUTPUT))) + +.PHONY: sql_nas_table_bootstrap +sql_nas_table_bootstrap: + $(Q)rm -f $(SQL_NASTABLE_DB) + $(Q)mkdir -p $(SQL_NASTABLE_BUILD_DIR) + $(Q)sqlite3 $(SQL_NASTABLE_DB) < ./raddb/mods-config/sql/main/sqlite/schema.sql + $(Q)sqlite3 $(SQL_NASTABLE_DB) < ./src/tests/sql_nas_table/clients.sql + +# +# Run the radclient commands against the radiusd. +# +$(OUTPUT)/%: $(DIR)/% | $(TEST).radiusd_kill sql_nas_table_bootstrap $(TEST).radiusd_start + $(Q)echo "SQL_NASTABLE-TEST" + $(Q)mkdir -p $(dir $@) + $(Q)[ -f $(dir $@)/radiusd.pid ] || exit 1 + $(Q)if ! $(TESTBIN)/radclient $(ARGV) -xf src/tests/sql_nas_table/auth.txt -D share/ 127.0.0.1:$(PORT) auth $(SECRET) 1> $(SQL_NASTABLE_BUILD_DIR)/radclient.log 2>&1; then \ + echo "FAILED"; \ + rm -f $(BUILD_DIR)/tests/test.sql_nas_table; \ + $(MAKE) --no-print-directory test.sql_nas_table.radiusd_kill; \ + echo ==============================; \ + tail -10 $(SQL_NASTABLE_BUILD_DIR)/radclient.log; \ + echo ==============================; \ + echo "RADIUSD: $(RADIUSD_RUN)"; \ + echo "SQL_NASTABLE: $(TESTBIN)/radclient $(ARGV) -f $< -xF -d src/tests/sql_nas_table/config -D share/ 127.0.0.1:$(PORT) auth $(SECRET)"; \ + exit 1; \ + fi + + $(Q)touch $@ + +$(TEST): + $(Q)$(MAKE) --no-print-directory $@.radiusd_stop + @touch $(BUILD_DIR)/tests/$@ +else +# +# No sqlite3 command, don't do anything. +# +$(TEST): +endif diff --git a/src/tests/sql_nas_table/auth.txt b/src/tests/sql_nas_table/auth.txt new file mode 100644 index 0000000..c1b0a1d --- /dev/null +++ b/src/tests/sql_nas_table/auth.txt @@ -0,0 +1,2 @@ +User-Name = bob +Cleartext-Password = hello diff --git a/src/tests/sql_nas_table/clients.sql b/src/tests/sql_nas_table/clients.sql new file mode 100644 index 0000000..d631b7f --- /dev/null +++ b/src/tests/sql_nas_table/clients.sql @@ -0,0 +1 @@ +INSERT INTO nas (nasname,shortname,type,ports,secret,server,community,description) VALUES ('127.0.0.1', 'test', 'test', '123', 'testing123', 'extra', '', 'RADIUS Client'); diff --git a/src/tests/sql_nas_table/config/radiusd.conf b/src/tests/sql_nas_table/config/radiusd.conf new file mode 100644 index 0000000..16513bb --- /dev/null +++ b/src/tests/sql_nas_table/config/radiusd.conf @@ -0,0 +1,143 @@ +# -*- text -*- +# +# test configuration file. Do not install. +# +# $Id$ +# + +# +# Minimal radiusd.conf for testing +# +top_srcdir = $ENV{TOP_SRCDIR} +testdir = $ENV{TESTDIR} +output = ${top_srcdir}/$ENV{OUTPUT} +run_dir = ${output} +raddb = raddb +pidfile = ${run_dir}/radiusd.pid +panic_action = "gdb -batch -x src/tests/panic.gdb %e %p > ${run_dir}/gdb.log 2>&1; cat ${run_dir}/gdb.log" + +maindir = ${raddb} +radacctdir = ${run_dir}/radacct +modconfdir = ${maindir}/mods-config +certdir = ${maindir}/certs +cadir = ${maindir}/certs +test_port = $ENV{TEST_PORT} + +client docnet { + ipaddr = 192.0.2.1 + secret = testing123123 +} + +# Only for testing! +# Setting this on a production system is a BAD IDEA. +security { + allow_vulnerable_openssl = yes +} + +policy { + files.authorize { + if (&User-Name == "bob") { + update control { + &Password.Cleartext := "hello" + } + } + } + $INCLUDE ${maindir}/policy.d/ +} + +modules { + expr { + + } + + sql { + driver = "rlm_sql_sqlite" + dialect = "sqlite" + sqlite { + # Path to the sqlite database + filename = "$ENV{SQL_NASTABLE_DB}" + + # How long to wait for write locks on the database to be + # released (in ms) before giving up. + busy_timeout = 200 + + # The bootstrap is handled by src/tests/sql_nas_table/all.mk + } + + radius_db = "radius" + + acct_table1 = "radacct" + acct_table2 = "radacct" + postauth_table = "radpostauth" + authcheck_table = "radcheck" + groupcheck_table = "radgroupcheck" + authreply_table = "radreply" + groupreply_table = "radgroupreply" + usergroup_table = "radusergroup" + read_groups = yes + read_profiles = yes + + # Set to 'yes' to read radius clients from the database ('nas' table) + # Clients will ONLY be read on server startup. + read_clients = yes + + # Table to keep radius client info + client_table = "nas" + + # The group attribute specific to this instance of rlm_sql + group_attribute = "SQL-Group" + + # Read database-specific queries + $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf + } + + always reject { + rcode = reject + } + always fail { + rcode = fail + } + always ok { + rcode = ok + } + always handled { + rcode = handled + } + always invalid { + rcode = invalid + } + always notfound { + rcode = notfound + } + always noop { + rcode = noop + } + always updated { + rcode = updated + } +} + +# +# This virtual server is chosen for processing requests when using: +# +# radiusd -Xd src/tests/ -i 127.0.0.1 -p 12340 -n test +# +server extra { + listen { + ipaddr = 127.0.0.1 + port = ${test_port} + type = auth + } + + authorize { + if (&User-Name == "bob") { + accept + } else { + reject + } + } + + authenticate { + + } +} |