Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: check_mock_history_request is failing #8456

Open
JeGoi opened this issue Dec 30, 2024 · 4 comments
Open

tests: check_mock_history_request is failing #8456

JeGoi opened this issue Dec 30, 2024 · 4 comments
Assignees
@jrouzierinverse
Labels
Priority: High tests Issues related to tests performed by CI
Milestone
PacketFence-14.1

Comments

@JeGoi
Copy link
Contributor

JeGoi commented Dec 30, 2024

Describe the problem

            • check_mock_history_request FAILURE
    Testcase "check_mock_history_request", step #0: Assertion "result.bodyjson.bodyjson2.request.path ShouldEqual /api/" failed. expected: /api/  got: <nil> (/usr/local/pf/t/venom/test_suites/wired_dot1x_eap_peap_firewall_sso_https/56_check_firewall_sso_start.yml:14)
    Testcase "check_mock_history_request", step #0: Assertion "result.bodyjson.bodyjson2.request.method ShouldEqual POST" failed. expected: POST  got: <nil> (/usr/local/pf/t/venom/test_suites/wired_dot1x_eap_peap_firewall_sso_https/56_check_firewall_sso_start.yml:15)
    Testcase "check_mock_history_request", step #0: Assertion "result.bodyjson.bodyjson2.request.query_params.key ShouldEqual [secret]" failed. expected: [secret]  got: <nil> (/usr/local/pf/t/venom/test_suites/wired_dot1x_eap_peap_firewall_sso_https/56_check_firewall_sso_start.yml:0)
    It's a failure after 61 attempts

https://github.com/inverse-inc/packetfence/blob/devel/t/venom/test_suites/wired_dot1x_eap_peap_firewall_sso_https/56_check_firewall_sso_start.yml#L4

Mandatory informations

Symptoms
How the problem can be identified if it appears again ?
Return is

Dec 30 05:30:55.015^[[37m [DEBU] [Check firewall SSO Stop] [check_mock_history_request] [exec] ^[[0mresult of runTestStepExecutor: {Systemout:{
  "path": "/test",
  "method": "GET",
  "origin": "172.18.200.12",
  "body_string": "",
  "body": "",
  "headers": {
    "Accept-Encoding": [
      "gzip"
    ],
    "Content-Type": [
      "application/json"
    ],
    "Host": [
      "172.18.200.12:8182"
    ],
    "User-Agent": [
      "Go-http-client/1.1"
    ]
  },
  "date": "2024-12-30T05:25:47.186588537Z"
} SystemoutJSON:map[body: body_string: date:2024-12-30T05:25:47.186588537Z headers:map[Accept-Encoding:[gzip] Content-Type:[application/json] Host:[172.18.200.12:8182] User-Agent:[Go-http-client/1.1]] method:GET origin:172.18.200.12 path:/test] Systemerr: SystemerrJSON:<nil> Err: Code:0 TimeSeconds:0.059424102}
@JeGoi JeGoi added the tests Issues related to tests performed by CI label Dec 30, 2024
@JeGoi
Copy link
Contributor Author

JeGoi commented Dec 30, 2024
edited
Loading

tail of conf/authentication.conf

[cli_login_radius_source]
set_access_durations_action=
description=Test for radius cli
options=type = auth+acct
realms=
port=1820
host=127.0.0.1
monitor=1
timeout=1
type=RADIUS
secret=testing123

[cli_login_radius_source rule Catch_all]
class=administration
status=enabled
match=all
action0=set_access_level=Switch_Access

[cli_login_radius_source rule catchall]
class=authentication
action1=set_access_duration=5D
action0=set_role=default
match=all

@JeGoi
Copy link
Contributor Author

JeGoi commented Dec 30, 2024
edited
Loading 

root@pfdeb12dev:/usr/local/pf# ps -edf | grep "50033"
root       50033       1  0 17:07 ?        00:00:01 /usr/sbin/freeradius -d /usr/local/pf/raddb -n test -fm
root@pfdeb12dev:/usr/local/pf# systemctl status radius-test.service
● radius-test.service - RADIUS test service
     Loaded: loaded (/lib/systemd/system/radius-test.service; static)
     Active: active (running) since Mon 2024-12-30 17:07:07 UTC; 23min ago
       Docs: man:radiusd(8)
             man:radiusd.conf(5)
             http://wiki.freeradius.org/
             http://networkradius.com/doc/
   Main PID: 50033 (freeradius)
     Status: "Processing requests"
      Tasks: 5 (limit: 19137)
     Memory: 166.0M
        CPU: 2.034s
     CGroup: /system.slice/radius-test.service
             ├─50033 /usr/sbin/freeradius -d /usr/local/pf/raddb -n test -fm
             └─50035 /bin/cat

Dec 30 17:07:07 pfdeb12dev systemd[1]: Started radius-test.service - RADIUS test service.
Dec 30 17:07:23 pfdeb12dev test[50033]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Dec 30 17:07:23 pfdeb12dev test[50033]: BlastRADIUS check: Received packet without Proxy-State.
Dec 30 17:07:23 pfdeb12dev test[50033]: Setting "limit_proxy_state = true" for client localhost
Dec 30 17:07:23 pfdeb12dev test[50033]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Dec 30 17:07:23 pfdeb12dev test[50033]: The packet does not contain Message-Authenticator, which is a security issue.
Dec 30 17:07:23 pfdeb12dev test[50033]: UPGRADE THE CLIENT AS YOUR NETWORK MAY BE VULNERABLE TO THE BLASTRADIUS ATTACK.
Dec 30 17:07:23 pfdeb12dev test[50033]: Once the client is upgraded, set "require_message_authenticator = true" for client localhost
Dec 30 17:07:23 pfdeb12dev test[50033]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Dec 30 17:07:23 pfdeb12dev test[50033]: (1) Login OK: [bob] (from client localhost port 0)
Dec 30 17:32:22 pfdeb12dev test[50033]: (152) Login OK: [bob] (from client localhost port 0)

Looks the login ok was return

@JeGoi
Copy link
Contributor Author

JeGoi commented Dec 30, 2024
edited
Loading 

==> logs/packetfence.log <==
2024-12-30T17:38:29.974887+00:00 pfdeb12dev httpd.aaa-docker-wrapper[36731]: httpd.aaa(7) ERROR: [mac:[undef]] Unable to perform RADIUS authentication on any server: EBADAUTH (pf::Authentication::Source::RADIUSSource::_handle_radius_request)
2024-12-30T17:38:29.975106+00:00 pfdeb12dev httpd.aaa-docker-wrapper[36731]: httpd.aaa(7) INFO: [mac:[undef]] User bob tried to login in 192.168.0.1 but authentication failed (pf::radius::authenticate)
==> logs/radius.log <==
2024-12-30T17:38:29.978090+00:00 pfdeb12dev auth[38636]: (2803) Rejected in post-auth: [bob] (from client pf port 0)
2024-12-30T17:38:29.978456+00:00 pfdeb12dev auth[38636]: (2803) Login incorrect: [bob] (from client pf port 0)

So, something wrong there.

@JeGoi
Copy link
Contributor Author

JeGoi commented Dec 30, 2024 

(3579) Mon Dec 30 17:51:24 2024: Debug: Auth-Type = Accept, accepting the user                                                                                                                    [304/3220]
(3579) Mon Dec 30 17:51:24 2024: Debug: # Executing section post-auth from file /usr/local/pf/raddb/sites-enabled/packetfence                                                                               
(3579) Mon Dec 30 17:51:24 2024: Debug:   post-auth {                                                                                                                                                       
(3579) Mon Dec 30 17:51:24 2024: Debug:     update {                                                                                                                                                        
(3579) Mon Dec 30 17:51:24 2024: Debug:       EXPAND %{Packet-Src-IP-Address}                                                                                                                               
(3579) Mon Dec 30 17:51:24 2024: Debug:          --> 172.18.120.12                                                                                                                                          
(3579) Mon Dec 30 17:51:24 2024: Debug:       EXPAND %{Packet-Dst-IP-Address}                                                                                                                               
(3579) Mon Dec 30 17:51:24 2024: Debug:          --> 172.18.120.12                                                                                                                                          
(3579) Mon Dec 30 17:51:24 2024: Debug:     } # update = noop                                                                                                                                               
(3579) Mon Dec 30 17:51:24 2024: Debug:     if ("%{%{control:PacketFence-Proxied-From}:-False}" == "True") {                                                                                                
(3579) Mon Dec 30 17:51:24 2024: Debug:     EXPAND %{%{control:PacketFence-Proxied-From}:-False}                                                                                                            
(3579) Mon Dec 30 17:51:24 2024: Debug:        --> False                                                                                                                                                    
(3579) Mon Dec 30 17:51:24 2024: Debug:     if ("%{%{control:PacketFence-Proxied-From}:-False}" == "True")  -> FALSE                                                                                        
(3579) Mon Dec 30 17:51:24 2024: Debug:     if (! EAP-Type || (EAP-Type != TTLS  && EAP-Type != PEAP) ) {                                                                                                   
(3579) Mon Dec 30 17:51:24 2024: Debug:     if (! EAP-Type || (EAP-Type != TTLS  && EAP-Type != PEAP) )  -> TRUE                                                                                            
(3579) Mon Dec 30 17:51:24 2024: Debug:     if (! EAP-Type || (EAP-Type != TTLS  && EAP-Type != PEAP) )  {                                                                                                  
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Expanding URI components                                                                                                                                      
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: EXPAND http://containers-gateway.internal:7070                                                                                                                
(3579) Mon Dec 30 17:51:24 2024: Debug: rest:    --> http://containers-gateway.internal:7070                                                                                                                
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: EXPAND //radius/rest/authorize                                                                                                                                
(3579) Mon Dec 30 17:51:24 2024: Debug: rest:    --> //radius/rest/authorize                                                                                                                                
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Sending HTTP POST to "http://containers-gateway.internal:7070//radius/rest/authorize"                                                                         
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "User-Name"                                                                                                                                
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "User-Password"                                                                                                                            
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "NAS-IP-Address"                                                                                                                           
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "Event-Timestamp"                    
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "Message-Authenticator"              
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "Stripped-User-Name"                 
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "Realm"                              
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "FreeRADIUS-Client-IP-Address"       
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "PacketFence-KeyBalanced"            
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Encoding attribute "PacketFence-Radius-Ip"              
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Processing response header                              
(3579) Mon Dec 30 17:51:24 2024: Debug: rest:   Status : 200 (OK)                                     
(3579) Mon Dec 30 17:51:24 2024: Debug: rest:   Type   : json (application/json)                      
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Adding reply:REST-HTTP-Status-Code = "200"              
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: Parsing attribute "control:PacketFence-Authorization-Status"
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: EXPAND deny                                             
(3579) Mon Dec 30 17:51:24 2024: Debug: rest:    --> deny                                             
(3579) Mon Dec 30 17:51:24 2024: Debug: rest: PacketFence-Authorization-Status := "deny"

@JeGoi JeGoi added this to the PacketFence-14.1 milestone Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jrouzierinverse jrouzierinverse

Labels
Priority: High tests Issues related to tests performed by CI
Projects
None yet
Milestone
PacketFence-14.1
Development

No branches or pull requests
2 participants
@jrouzierinverse @JeGoi