#
EAP_TARGETS := $(filter rlm_eap_%,$(ALL_TGTS))
EAP_TYPES := $(patsubst rlm_eap_%.la,%,$(EAP_TARGETS))
-EAPOL_TEST_FILES := $(foreach x,$(EAP_TYPES),$(wildcard $(DIR)/$(x)*.conf))
+#
+# Discover both `<type>*.conf` (positive tests) and `fail-<type>*.conf`
+# (negative tests where eapol_test is expected to fail but the server
+# must remain alive).
+#
+EAPOL_TEST_FILES := $(foreach x,$(EAP_TYPES),$(wildcard $(DIR)/$(x)*.conf) $(wildcard $(DIR)/fail-$(x)*.conf))
EAPOL_OK_FILES := $(patsubst $(DIR)/%.conf,$(OUTPUT)/%.ok,$(EAPOL_TEST_FILES))
EAP_TESTS := $(sort $(patsubst $(DIR)/%.conf,%,$(EAPOL_TEST_FILES)))
#
# Ensure that we run
#
-$(OUTPUT)/${1}.ok: $(patsubst %,rlm_eap_%.la,$(word 1,$(subst -, ,${1})))
+$(OUTPUT)/${1}.ok: $(patsubst %,rlm_eap_%.la,$(word 1,$(subst -, ,$(patsubst fail-%,%,${1}))))
endif
endef
#
# Run EAP tests.
#
+# A test conf whose filename starts with `fail-` is a negative scenario:
+# eapol_test is expected NOT to complete authentication, but the server
+# must remain alive. radiusd_stop will fail the build if the daemon
+# died, which is what catches the actual regression.
+#
# We don't depend on server build artifacts when we are executing from the post-install test environment
#
$(OUTPUT)/%.ok: $(DIR)/%.conf $(if $(POST_INSTALL_MAKEFILE_ARG),,$(BUILD_DIR)/lib/libfreeradius-server.la $(BUILD_DIR)/lib/libfreeradius-util.la) | $(GENERATED_CERT_FILES)
$(eval KEY := $(shell grep key_mgmt=NONE $< | sed 's/key_mgmt=NONE/-n/'))
$(eval RADIUS_LOG := $(dir $@)/test.$(METHOD)/radiusd.log)
$(eval TEST_PORT := $($(METHOD)_port))
- @echo "EAPOL-TEST $(METHOD)"
+ $(eval EXPECT_FAIL := $(if $(filter fail-%,$(METHOD)),yes,))
+ @echo "EAPOL-TEST $(METHOD)$(if $(EXPECT_FAIL), (expect-fail),)"
${Q}$(MAKE) $(POST_INSTALL_MAKEFILE_ARG) --no-print-directory test.$(METHOD).radiusd_kill
${Q}$(MAKE) $(POST_INSTALL_MAKEFILE_ARG) --no-print-directory test.$(METHOD).radiusd_start $(POST_INSTALL_RADIUSD_BIN_ARG)
- ${Q}if ! $(EAPOL_TEST) -t $(EAPOL_TEST_TIMEOUT) -c $< -p $(TEST_PORT) -s $(SECRET) $(KEY) > $(EAPOL_TEST_LOG) 2>&1; then \
- echo "Last entries in supplicant log ($(EAPOL_TEST_LOG)):"; \
- tail -n 40 "$(EAPOL_TEST_LOG)"; \
- echo "--------------------------------------------------"; \
- tail -n 40 "$(RADIUS_LOG)"; \
- echo "Last entries in server log ($(RADIUS_LOG)):"; \
- echo "--------------------------------------------------"; \
+ ${Q}$(EAPOL_TEST) -t $(EAPOL_TEST_TIMEOUT) -c $< -p $(TEST_PORT) -s $(SECRET) $(KEY) > $(EAPOL_TEST_LOG) 2>&1; rc=$$?; \
+ if [ -z "$(EXPECT_FAIL)" ] && [ $$rc -ne 0 ]; then \
+ failed=1; reason="eapol_test exited $$rc, expected success"; \
+ elif [ -n "$(EXPECT_FAIL)" ] && [ $$rc -eq 0 ]; then \
+ failed=1; reason="eapol_test exited 0, expected non-zero (test marked expect-fail)"; \
+ else \
+ failed=0; \
+ fi; \
+ if [ $$failed -eq 1 ]; then \
+ echo "$$reason"; \
+ echo "Last entries in supplicant log ($(EAPOL_TEST_LOG)):"; \
+ tail -n 40 "$(EAPOL_TEST_LOG)"; \
+ echo "--------------------------------------------------"; \
+ tail -n 40 "$(RADIUS_LOG)"; \
+ echo "Last entries in server log ($(RADIUS_LOG)):"; \
+ echo "--------------------------------------------------"; \
echo "RADIUSD : OUTPUT=$(dir $@) TESTDIR=$(dir $<) TEST=$(METHOD) TEST_PORT=$(TEST_PORT) $(RADIUSD_BIN) -fxxx -n servers -d $(dir $<)config -D $(DICT_PATH) -lstdout -f"; \
echo "EAPOL : $(EAPOL_TEST) -c \"$<\" -p $(TEST_PORT) -s $(SECRET) $(KEY) "; \
echo " log is in $(OUT)"; \
- rm -f $(BUILD_DIR)/tests/test.eap; \
- $(MAKE) $(POST_INSTALL_MAKEFILE_ARG) --no-print-directory test.$(METHOD).radiusd_kill; \
- exit 1;\
+ rm -f $(BUILD_DIR)/tests/test.eap; \
+ $(MAKE) $(POST_INSTALL_MAKEFILE_ARG) --no-print-directory test.$(METHOD).radiusd_kill; \
+ exit 1; \
fi
${Q}$(MAKE) $(POST_INSTALL_MAKEFILE_ARG) --no-print-directory test.$(METHOD).radiusd_stop
${Q}touch $@
projects / thirdparty / freeradius-server.git / commitdiff
