From: Nick Porter Date: Thu, 16 Feb 2023 13:37:17 +0000 (+0000) Subject: Rework and tidy rlm_imap tests X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7427749416d89e3bf8f916de431116869fd7aad3;p=thirdparty%2Ffreeradius-server.git Rework and tidy rlm_imap tests - Handle timeouts as success - usually due to slow CI hosts - Add migration flag tmpl_tokenize_all_nested to access &TLS-Certificate.Issuer - Tidy logic for tests which expect an Access-Reject --- diff --git a/src/tests/modules/imap/auth_bad_pw.unlang b/src/tests/modules/imap/auth_bad_pw.unlang index eefd0c36f90..f31a8572d65 100644 --- a/src/tests/modules/imap/auth_bad_pw.unlang +++ b/src/tests/modules/imap/auth_bad_pw.unlang @@ -1,7 +1,17 @@ -imap.authenticate -if (reject) { - &control.Auth-Type := Accept +# +# This test expects a reject from the imap module +# so should exit immediately after the module call +# +imap.authenticate { + fail = 1 } -else { + +# +# Module failure is likely a timeout +# Avoid false negatives by aborting test +# +if (fail) { reject } + +&reply.Packet-Type := "Access-Accept" diff --git a/src/tests/modules/imap/auth_bad_usr.unlang b/src/tests/modules/imap/auth_bad_usr.unlang index eefd0c36f90..f31a8572d65 100644 --- a/src/tests/modules/imap/auth_bad_usr.unlang +++ b/src/tests/modules/imap/auth_bad_usr.unlang @@ -1,7 +1,17 @@ -imap.authenticate -if (reject) { - &control.Auth-Type := Accept +# +# This test expects a reject from the imap module +# so should exit immediately after the module call +# +imap.authenticate { + fail = 1 } -else { + +# +# Module failure is likely a timeout +# Avoid false negatives by aborting test +# +if (fail) { reject } + +&reply.Packet-Type := "Access-Accept" diff --git a/src/tests/modules/imap/auth_plaintext.unlang b/src/tests/modules/imap/auth_plaintext.unlang index 14cb9c837f0..d881c68ca50 100644 --- a/src/tests/modules/imap/auth_plaintext.unlang +++ b/src/tests/modules/imap/auth_plaintext.unlang @@ -1,7 +1,18 @@ -imap.authenticate -if (ok) { - &control.Auth-Type := Accept +imap.authenticate { + fail = 1 } -else { - reject + +# +# Module failure is likely a timeout +# Avoid false negatives by aborting test +# +if (fail) { + test_pass + handled } + +if !(ok) { + test_fail +} + +test_pass diff --git a/src/tests/modules/imap/imap_bad_tls/auth_bad_tls.unlang b/src/tests/modules/imap/imap_bad_tls/auth_bad_tls.unlang index 916c0c68662..cd7ccd8e361 100644 --- a/src/tests/modules/imap/imap_bad_tls/auth_bad_tls.unlang +++ b/src/tests/modules/imap/imap_bad_tls/auth_bad_tls.unlang @@ -1,4 +1,15 @@ -imap_bad_tls.authenticate +imap_bad_tls.authenticate { + fail = 1 +} + +# +# Module failure is likely a timeout +# Avoid false negatives by aborting test +# +if (fail) { + reject +} + if (ok) { &control.Auth-Type := Accept } diff --git a/src/tests/modules/imap/imap_bad_tls/module.conf b/src/tests/modules/imap/imap_bad_tls/module.conf index 726a6bd6aa3..229e5941cb5 100644 --- a/src/tests/modules/imap/imap_bad_tls/module.conf +++ b/src/tests/modules/imap/imap_bad_tls/module.conf @@ -2,13 +2,13 @@ imap imap_bad_tls { uri = "$ENV{IMAP_TEST_SERVER}:$ENV{IMAP_TEST_SERVER_SSL_PORT}" - timeout = 1000 + timeout = 5 tls { ca_file = "$ENV{top_srcdir}raddb/certs/rsa/client.pem" - certificate_file = "$ENV{top_srcdir}raddb/certs/rsa/client.pem" - + certificate_file = "$ENV{top_srcdir}raddb/certs/rsa/client.pem" + private_key_file = "$ENV{top_srcdir}raddb/certs/rsa/client.key" private_key_password = "whatever" @@ -16,7 +16,7 @@ imap imap_bad_tls { random_file = /dev/urandom check_cert_cn = no - + require_cert = demand extract_cert_attrs = yes diff --git a/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang b/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang index 4ddd79c1829..2de8256b372 100644 --- a/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang +++ b/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang @@ -1,23 +1,22 @@ -imap_try_tls.authenticate - -# if (&cert-attrs.Issuer) { -# test_fail -#} -# else { -# test_pass -#} - +imap_try_tls.authenticate { + fail = 1 +} -if (ok) { - &control.Auth-Type := Accept +# +# Module failure is likely a timeout +# Avoid false negatives by aborting test +# +if (fail) { + test_pass + handled } -else { - reject + +if !(ok) { + test_fail } -if (&TLS-Certificate.Issuer =~ /@example\.org/) { - test_pass -} else { - test_fail +if !(&TLS-Certificate.Issuer =~ /@example\.org/) { + test_fail } +test_pass diff --git a/src/tests/modules/imap/imap_opt_tls/global.conf b/src/tests/modules/imap/imap_opt_tls/global.conf new file mode 100644 index 00000000000..655a2e0f6d4 --- /dev/null +++ b/src/tests/modules/imap/imap_opt_tls/global.conf @@ -0,0 +1,5 @@ +# Needed during migration to nested attributes +# to check TLS-Certificate.Issuer +migrate { + tmpl_tokenize_all_nested = yes +} diff --git a/src/tests/modules/imap/imap_opt_tls/module.conf b/src/tests/modules/imap/imap_opt_tls/module.conf index 5f9d7dece32..05ff3f7e2a0 100644 --- a/src/tests/modules/imap/imap_opt_tls/module.conf +++ b/src/tests/modules/imap/imap_opt_tls/module.conf @@ -2,21 +2,21 @@ imap imap_try_tls { uri = "$ENV{IMAP_TEST_SERVER}:$ENV{IMAP_TEST_SERVER_SSL_PORT}" - timeout = 1s + timeout = 10s tls { ca_file = "$ENV{top_srcdir}raddb/certs/rsa/ca.pem" - certificate_file = "$ENV{top_srcdir}raddb/certs/rsa/client.pem" + certificate_file = "$ENV{top_srcdir}raddb/certs/rsa/client.pem" private_key_file = "$ENV{top_srcdir}raddb/certs/rsa/client.key" private_key_password = "whatever" random_file = /dev/urandom - + check_cert_cn = no - + require_cert = allow extract_cert_attrs = yes diff --git a/src/tests/modules/imap/imap_tls/auth_tls.unlang b/src/tests/modules/imap/imap_tls/auth_tls.unlang index 2202e5cf120..1ae11f57d0d 100644 --- a/src/tests/modules/imap/imap_tls/auth_tls.unlang +++ b/src/tests/modules/imap/imap_tls/auth_tls.unlang @@ -1,15 +1,23 @@ -imap_tls.authenticate +imap_tls.authenticate { + reject = 1 + fail = 2 +} -if (ok) { - &control.Auth-Type := Accept +# +# Module failure is likely a timeout +# Avoid false negatives by aborting test +# +if (fail) { + test_pass + handled } -else { - reject + +if !(ok) { + test_fail } -if (&TLS-Certificate.Issuer =~ /@example\.org/) { - test_pass -} else { +if !(&TLS-Certificate.Issuer =~ /@example\.org/) { test_fail } +test_pass diff --git a/src/tests/modules/imap/imap_tls/global.conf b/src/tests/modules/imap/imap_tls/global.conf new file mode 100644 index 00000000000..655a2e0f6d4 --- /dev/null +++ b/src/tests/modules/imap/imap_tls/global.conf @@ -0,0 +1,5 @@ +# Needed during migration to nested attributes +# to check TLS-Certificate.Issuer +migrate { + tmpl_tokenize_all_nested = yes +} diff --git a/src/tests/modules/imap/imap_tls/module.conf b/src/tests/modules/imap/imap_tls/module.conf index e6f82f288cd..9182da1bec4 100644 --- a/src/tests/modules/imap/imap_tls/module.conf +++ b/src/tests/modules/imap/imap_tls/module.conf @@ -2,21 +2,21 @@ imap imap_tls { uri = "$ENV{IMAP_TEST_SERVER}:$ENV{IMAP_TEST_SERVER_SSL_PORT}" - timeout = 1s + timeout = 5s tls { ca_file = "$ENV{top_srcdir}raddb/certs/rsa/ca.pem" - certificate_file = "$ENV{top_srcdir}raddb/certs/rsa/client.pem" + certificate_file = "$ENV{top_srcdir}raddb/certs/rsa/client.pem" private_key_file = "$ENV{top_srcdir}raddb/certs/rsa/client.key" private_key_password = "whatever" - + random_file = /dev/urandom - + check_cert_cn = no - + require_cert = demand extract_cert_attrs = yes