From ff7830b3cca4653d7b1ffa2becf70b5909d96cf9 Mon Sep 17 00:00:00 2001 From: Thomas Munro Date: Mon, 5 Aug 2024 23:06:16 +1200 Subject: [PATCH v1 4/5] Teach 007_radius test about Message-Authenticator. From FreeRADIUS version 3.2.5, Access-Accept/Reject messages always have a Message-Authenticator. We can therefore test our new radiusrequirema=1 setting, if we detect that version or higher. --- src/test/authentication/t/007_radius.pl | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/test/authentication/t/007_radius.pl b/src/test/authentication/t/007_radius.pl index ebfdf7b36e3..d0994264c97 100644 --- a/src/test/authentication/t/007_radius.pl +++ b/src/test/authentication/t/007_radius.pl @@ -54,6 +54,29 @@ else "radius tests not supported on $^O or dependencies not installed"; } +note "inspecting FreeRADIUS version"; + +# FreeRADIUS began sending Message-Authenticator in responses in version 3.2.5. +# This allows us to test our feature for requiring it to be present. +my $stdout; +IPC::Run::run [ $radiusd, "-v" ], ">", \$stdout + or die "can't query FreeRADIUS version"; +print $stdout; +my $radiusrequirema = 0; +if ($stdout =~ /^FreeRADIUS Version ([0-9]+)\.([0-9]+)\.([0-9]+)/m) +{ + my ($major, $minor, $patch) = ($1, $2, $3); + if ( ($major > 3) + || ($major == 3 && $minor > 2) + || ($major == 3 && $minor == 2 && $patch >= 5)) + { + $radiusrequirema = 1; + } +} + +note + "setting radiusrequirema=$radiusrequirema based on detected version of FreeRADIUS"; + note "setting up radiusd"; my $radius_port = PostgreSQL::Test::Cluster::get_free_port(); @@ -142,7 +165,7 @@ unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf( 'pg_hba.conf', qq{ -local all test2 radius radiusservers="127.0.0.1" radiussecrets="shared-secret" radiusports="$radius_port" +local all test2 radius radiusservers="127.0.0.1" radiussecrets="shared-secret" radiusports="$radius_port" radiusrequirema=$radiusrequirema } ); $node->restart; -- 2.39.3 (Apple Git-146)