Merge branch 'testing-stretch'

Use Debian stretch as base image for the testing environment.

Author: tobiasbrunner

src/libimcv/imv/data.sql

@@ -574,6 +574,24 @@ INSERT INTO products (      /* 96 */
  'Ubuntu 18.04 x86_64'
 );
 
+INSERT INTO products (      /* 97 */
+  name
+) VALUES (
+ 'Debian 9.5 i686'
+);
+
+INSERT INTO products (      /* 98 */
+  name
+) VALUES (
+ 'Debian 9.5 x86_64'
+);
+
+INSERT INTO products (      /* 99 */
+  name
+) VALUES (
+ 'Debian 9.6 x86_64'
+);
+
 /* Directories */
 
 INSERT INTO directories (		/*  1 */
@@ -1144,6 +1162,12 @@ INSERT INTO groups_product_defaults (
   4, 94
 );
 
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 97
+);
+
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (
@@ -1264,6 +1288,18 @@ INSERT INTO groups_product_defaults (
   5, 95
 );
 
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 98
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 99
+);
+
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (

testing/config/kvm/alice.xml

@@ -1,8 +1,8 @@
 <domain type='kvm'>
   <name>alice</name>
   <uuid>1f35c25d-6a7b-4ee1-2461-d7e530e7b2a9</uuid>
-  <memory unit='KiB'>131072</memory>
-  <currentMemory unit='KiB'>131072</currentMemory>
+  <memory unit='KiB'>163840</memory>
+  <currentMemory unit='KiB'>163840</currentMemory>
   <vcpu placement='static'>1</vcpu>
   <os>
     <type arch='x86_64' machine='pc'>hvm</type>

testing/do-tests

@@ -51,11 +51,15 @@ subdir_cnt="0"
 ##############################################################################
 # parse optional arguments
 #
-while getopts "v" opt
+while getopts "vt" opt
 do
 	case "$opt" in
 	v)
 		verbose=YES
+		timestamps=YES
+		;;
+	t)
+		timestamps=YES
 		;;
 	esac
 done
@@ -64,7 +68,7 @@ shift $((OPTIND-1))
 
 function print_time()
 {
-	[ "$verbose" == "YES" ] && echo "$(date +%T.%N) ~ "
+	[ "$timestamps" == "YES" ] && echo "$(date +%T.%N) ~ "
 }
 
 ##############################################################################
@@ -689,21 +693,25 @@ do
 	do
 	    eval HOSTLOGIN=root@\$ipv4_${host}
 
-	    for file in clients.conf eap.conf radiusd.conf proxy.conf users
+		RADIUS_DIR=/etc/freeradius/3.0
+		RADIUS_EAP_FILE=mods-enabled/eap
+		RADIUS_EAP_NAME=eap
+		if [ "$BASEIMGSUITE" == "jessie" ]
+		then
+			RADIUS_DIR=/etc/freeradius
+			RADIUS_EAP_FILE=eap.conf
+			RADIUS_EAP_NAME=eap.conf
+		fi
+
+		for file in clients.conf radiusd.conf proxy.conf users sites-enabled/default sites-enabled/inner-tunnel $RADIUS_EAP_FILE
 	    do
-		scp $SSHCONF $HOSTLOGIN:/etc/freeradius/$file \
-		    $TESTRESULTDIR/${host}.$file  > /dev/null 2>&1
+		scp $SSHCONF $HOSTLOGIN:$RADIUS_DIR/$file \
+		    $TESTRESULTDIR/${host}.$(basename $file) > /dev/null 2>&1
 	    done
 
-		scp $SSHCONF $HOSTLOGIN:/etc/strongswan.conf \
-		    $TESTRESULTDIR/${host}.strongswan.conf  > /dev/null 2>&1
-
 	    scp $SSHCONF $HOSTLOGIN:/var/log/freeradius/radius.log \
 		$TESTRESULTDIR/${host}.radius.log  > /dev/null 2>&1
 
-	    ssh $SSHCONF $HOSTLOGIN grep imcv /var/log/daemon.log \
-		>> $TESTRESULTDIR/${host}.daemon.log 2>/dev/null
-
 	    chmod a+r $TESTRESULTDIR/*
 	    cat >> $TESTRESULTDIR/index.html <<@EOF
     <h3>$host</h3>
@@ -713,14 +721,14 @@ do
 	  <ul>
 	    <li><a href="$host.clients.conf">clients.conf</a></li>
 	    <li><a href="$host.radiusd.conf">radiusd.conf</a></li>
-	    <li><a href="$host.strongswan.conf">strongswan.conf</a></li>
+	    <li><a href="$host.$RADIUS_EAP_NAME">$RADIUS_EAP_NAME</a></li>
 	  </ul>
 	</td>
 	<td valign="top">
 	  <ul>
-	    <li><a href="$host.eap.conf">eap.conf</a></li>
+	    <li><a href="$host.default">sites-enabled/default</a></li>
+	    <li><a href="$host.inner-tunnel">sites-enabled/inner-tunnel</a></li>
 	    <li><a href="$host.radius.log">radius.log</a></li>
-	    <li><a href="$host.daemon.log">daemon.log</a></li>
 	  </ul>
       </td>
 	<td valign="top">

testing/hosts/alice/etc/freeradius/3.0/clients.conf

@@ -0,0 +1,5 @@
+client moon {
+  ipaddr = 10.1.0.1
+  secret = gv6URkSs
+  require_message_authenticator = yes
+}

testing/hosts/alice/etc/freeradius/3.0/radiusd.conf

@@ -0,0 +1,99 @@
+# radiusd.conf	-- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = /usr
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = /var/log/freeradius
+raddbdir = /etc/freeradius/3.0
+radacctdir = ${logdir}/radacct
+
+#  name of the running server.  See also the "-n" command-line option.
+name = freeradius
+
+#  Location of config and logfiles.
+confdir = ${raddbdir}
+modconfdir = ${confdir}/mods-config
+certdir = ${sysconfdir}/raddb/certs
+cadir   = ${sysconfdir}/raddb/certs
+run_dir = ${localstatedir}/run/${name}
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+#  pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+#  correct_escapes: use correct backslash escaping
+correct_escapes = true
+
+#  max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+#  cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+#  max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+#  hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+#  Logging section
+log {
+  destination = files
+  colourise = yes
+  file = ${logdir}/radius.log
+  syslog_facility = daemon
+  stripped_names = no
+  auth = yes
+  auth_badpass = yes
+  auth_goodpass = yes
+}
+
+#  The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+#  SECURITY CONFIGURATION
+security {
+  user = freerad
+  group = freerad
+  allow_core_dumps = no
+  max_attributes = 200
+  reject_delay = 1
+  status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+  start_servers = 5
+  max_servers = 32
+  min_spare_servers = 3
+  max_spare_servers = 10
+  max_requests_per_server = 0
+  auto_limit_acct = no
+}
+
+# MODULE CONFIGURATION
+modules {
+  $INCLUDE ${confdir}/mods-enabled/
+}
+
+# Policies
+policy {
+  $INCLUDE policy.d/
+}
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/

testing/hosts/alice/etc/freeradius/dictionary

@@ -11,7 +11,7 @@
 #
 #	The filename given here should be an absolute path.
 #
-$INCLUDE	/usr/local/share/freeradius/dictionary
+$INCLUDE	/usr/share/freeradius/dictionary
 
 #
 #	Place additional attributes or $INCLUDEs here.  They will

testing/hosts/alice/etc/freeradius/radiusd.conf

@@ -101,8 +101,6 @@ thread pool {
 modules {
   $INCLUDE ${confdir}/modules/
   $INCLUDE eap.conf
-  $INCLUDE sql.conf
-  $INCLUDE sql/mysql/counter.conf
 }
 
 # Instantiation

testing/hosts/default/etc/ssh/sshd_config

@@ -2,7 +2,6 @@ Port 22
 Protocol 2
 Ciphers aes128-gcm@openssh.com
 HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 UsePrivilegeSeparation no
 PermitRootLogin yes

testing/hosts/default/usr/local/bin/init_collector

@@ -1,4 +1,6 @@
 #! /bin/sh
 
 cat /usr/local/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/db.d/collector.db
+sed -i "s:DEBIAN_VERSION:`cat /etc/debian_version`:" /etc/pts/collector.sql
+cat /etc/pts/collector.sql | sqlite3 /etc/db.d/collector.db
 LEAK_DETECTIVE_DISABLE=1 /usr/local/sbin/sw-collector

testing/hosts/venus/etc/default/isc-dhcp-server

@@ -0,0 +1,3 @@
+# explicitly set an interface to avoid having to configure and run DHCPv6
+INTERFACESv4="eth0"
+INTERFACESv6=""