diff --git a/.github/workflows/freebsd.yml b/.github/workflows/freebsd.yml index 4ba2b147e..0633f5660 100644 --- a/.github/workflows/freebsd.yml +++ b/.github/workflows/freebsd.yml @@ -6,31 +6,54 @@ on: jobs: freebsd: - runs-on: macos-12 + runs-on: ubuntu-latest name: FreeBSD - if: ${{ contains(github.event.pull_request.labels.*.name, 'tests:full') || contains(github.event.pull_request.labels.*.name, 'tests:long') || contains(github.event.pull_request.labels.*.name, 'tests:freebsd') }} + timeout-minutes: 180 + if: ${{ contains(github.event.pull_request.labels.*.name, 'tests:freebsd') }} steps: - uses: actions/checkout@v4 with: persist-credentials: false - name: Functional tests under FreeBSD - uses: vmactions/freebsd-vm@v0 + uses: cross-platform-actions/action@master with: - usesh: true - sync: sshfs + operating_system: freebsd + version: '13.2' + shell: bash + sync_files: runner-to-vm run: | - set -ex + # source this to get the $SSH_DIR var properly filled + source lib/shell/functions.inc + # a few debug commands + set -x freebsd-version - mount -o acls / - pkg install -y bash rsync ca_root_nss jq fping screen flock curl - mkdir -p /opt/bastion - rsync -a . /opt/bastion/ - /opt/bastion/bin/admin/packages-check.sh -i - /opt/bastion/bin/admin/install-ttyrec.sh -s - /opt/bastion/bin/admin/install-yubico-piv-checker.sh -s - /opt/bastion/bin/admin/install-mkhash-helper.sh -s - /opt/bastion/bin/admin/install --new-install - ssh-keygen -t ed25519 -f id_user - ssh-keygen -t ed25519 -f id_root - WANT_HTTP_PROXY=0 NO_SLEEP=1 user_pubkey=$(cat id_user.pub) root_pubkey=$(cat id_root.pub) TARGET_USER=user5000 /opt/bastion/tests/functional/docker/target_role.sh - /opt/bastion/tests/functional/launch_tests_on_instance.sh --has-mfa=0 --has-mfa-password=1 --has-pamtester=1 --skip-consistency-check --remote-etc-bastion=/usr/local/etc/bastion 127.0.0.1 22 0 user5000 id_user id_root + id + # to do proper tests, we need the fs to have ACLs enabled + sudo mount -o acls / + # install required packages + sudo pkg update + sudo pkg install -y bash rsync ca_root_nss jq fping screen flock curl + # create required folder + sudo mkdir -p /opt/bastion + # copy bastion code to the proper location + sudo rsync -a . /opt/bastion/ + # save default ssh config, so we can restore it when we're done, + # or the github action will fail because the post-run actions it'll + # try to do over ssh won't complete due to our modified ssh config + sudo tar czf /opt/bastion/ssh_config.tar.gz $SSH_DIR/ + # setup bastion + sudo /opt/bastion/bin/admin/packages-check.sh -i + sudo /opt/bastion/bin/admin/install-ttyrec.sh -s + sudo /opt/bastion/bin/admin/install-yubico-piv-checker.sh -s + sudo /opt/bastion/bin/admin/install-mkhash-helper.sh -s + sudo /opt/bastion/bin/admin/install --new-install + # by default, this is 0700, but we'll run those as non-root + sudo chmod 0755 /opt/bastion/tests + # generate two sets of keys + ssh-keygen -t ed25519 -f id_user -N '' + ssh-keygen -t ed25519 -f id_root -N '' + # setup the local bastion for tests + sudo env WANT_HTTP_PROXY=0 NO_SLEEP=1 user_pubkey="$(cat id_user.pub)" root_pubkey="$(cat id_root.pub)" TARGET_USER=user5000 /opt/bastion/tests/functional/docker/target_role.sh + # run the tests, then in post-run, restore saved ssh config and restart sshd + /opt/bastion/tests/functional/launch_tests_on_instance.sh --has-mfa=0 --has-mfa-password=1 --has-pamtester=1 --skip-consistency-check --remote-etc-bastion=/usr/local/etc/bastion --slowness-factor=2 --module=320-base.sh --post-run="sudo tar xzf /opt/bastion/ssh_config.tar.gz -C / ; sudo /etc/rc.d/sshd restart" 127.0.0.1 22 0 user5000 id_user id_root + # now, the post-run of cross-platform-actions will work diff --git a/tests/functional/docker/target_role.sh b/tests/functional/docker/target_role.sh index b3b632b2c..c1e68ead1 100755 --- a/tests/functional/docker/target_role.sh +++ b/tests/functional/docker/target_role.sh @@ -125,15 +125,18 @@ if [ "$OS_FAMILY" = Linux ] ; then fi elif [ "$OS_FAMILY" = OpenBSD ] || [ "$OS_FAMILY" = FreeBSD ] || [ "$OS_FAMILY" = NetBSD ] ; then - # setup some 127.0.0.x IPs (needed for our tests) # this automatically works under Linux on lo + nic=$(ifconfig | perl -ne 'm{^([a-z._0-9]+): flags}i and $nic=$1; m{inet 127\.0\.0\.1} and print $nic and exit') + : "${nic:=lo0}" i=2 while [ $i -lt 20 ] ; do - ifconfig lo0 127.0.0.$i netmask 255.0.0.0 alias + ifconfig $nic 127.0.0.$i netmask 255.0.0.0 alias (( i++ )) done - ifconfig lo0 127.7.7.7 netmask 255.0.0.0 alias + ifconfig $nic 127.7.7.7 netmask 255.0.0.0 alias + echo "Added a few local IP aliases" + ifconfig $nic set +e for st in restart onestart @@ -150,7 +153,6 @@ if [ -n "$NO_SLEEP" ]; then fi if [ "$WANT_HTTP_PROXY" = 1 ]; then - # build a self-signed certificate for the http proxy and adjust the config openssl req -x509 -nodes -days 7 -newkey rsa:2048 -keyout /tmp/selfsigned.key -out /tmp/selfsigned.crt -subj "/CN=testcert" chgrp proxyhttp /tmp/selfsigned.key diff --git a/tests/functional/launch_tests_on_instance.sh b/tests/functional/launch_tests_on_instance.sh index e2c822057..6416d4e62 100755 --- a/tests/functional/launch_tests_on_instance.sh +++ b/tests/functional/launch_tests_on_instance.sh @@ -13,8 +13,10 @@ opt_remote_etc_bastion=/etc/bastion opt_remote_basedir=$basedir opt_skip_consistency_check=0 opt_no_pause_on_fail=0 +opt_slowness_factor=1 opt_log_prefix= opt_module= +opt_post_run= declare -A capabilities=( [ed25519]=1 [mfa]=1 [mfa-password]=0 [pamtester]=1 [piv]=1 ) # set the helptext now to get the proper default values @@ -24,6 +26,8 @@ Test Options: --no-pause-on-fail Don't pause when a test fails --log-prefix=X Prefix all logs by this name --module=X Only test this module (specify a filename found in \`functional/tests.d/\`), can be specified multiple times + --slowness-factor=X If your test environment is slow, set this to 2, 3 or more to use higher timeouts (default: 1) + --post-run=X Commands to run after we're done testing Remote OS directory locations: --remote-etc-bastion=X Override the default remote bastion configuration directory (default: $opt_remote_etc_bastion) @@ -67,9 +71,17 @@ do --no-pause-on-fail) opt_no_pause_on_fail=1 ;; + --slowness-factor=*) + if [[ $optval =~ ^[1-9]$ ]]; then + opt_slowness_factor=$optval + fi + ;; --log-prefix=*) opt_log_prefix="$optval" ;; + --post-run=*) + opt_post_run="$optval" + ;; --module=*) if [ ! -e "$basedir/tests/functional/tests.d/$optval" ]; then echo "Unknown module specified '$optval', supported modules are:" @@ -173,8 +185,9 @@ fi jq="jq --raw-output --compact-output --sort-keys" js="--json-greppable" - t="timeout --foreground 30" - tf="timeout --foreground 15" + default_timeout=$((30 * opt_slowness_factor)) + t="timeout --foreground $default_timeout" + tf="timeout --foreground $((default_timeout / 2))" a0=" $t ssh -F $mytmpdir/ssh_config -i $account0key1file $account0@$remote_ip -p $remote_port -- $js " a1=" $t ssh -F $mytmpdir/ssh_config -i $account1key1file $account1@$remote_ip -p $remote_port -- $js " a1k2="$t ssh -F $mytmpdir/ssh_config -i $account1key2file $account1@$remote_ip -p $remote_port -- $js " @@ -714,6 +727,7 @@ testno=0 runtests echo +set -x if [ $((nbfailedret + nbfailedgrep + nbfailedcon + nbfailedgeneric)) -eq 0 ] ; then printf "%b%b%b\\n" "$BLACK_ON_GREEN" "All tests succeeded :)" "$NOC" else @@ -738,4 +752,7 @@ update_totalerrors rm -rf "$mytmpdir" trap EXIT +if [ -n "$opt_post_run" ]; then + bash -c "$opt_post_run" +fi exit $totalerrors diff --git a/tests/functional/tests.d/200-scripts.sh b/tests/functional/tests.d/200-scripts.sh index 293a992cd..6c7d59b77 100644 --- a/tests/functional/tests.d/200-scripts.sh +++ b/tests/functional/tests.d/200-scripts.sh @@ -58,8 +58,8 @@ testsuite_scripts() contain "50-gpg-admins-key.conf updated:" contain "50-gpg.conf updated:" contain "Parsed and added 2 keys" - contain "GPGKEYS='CF27BEC1C8266FFE EC6CEA6719EF3700'" - contain '[ "CF27BEC1C8266FFE", "EC6CEA6719EF3700" ]' + contain REGEX "GPGKEYS='(CF27BEC1C8266FFE EC6CEA6719EF3700|EC6CEA6719EF3700 CF27BEC1C8266FFE)'" + contain REGEX '("CF27BEC1C8266FFE", "EC6CEA6719EF3700"|"EC6CEA6719EF3700", "CF27BEC1C8266FFE")' nocontain "WARN:" nocontain "ERROR:" nocontain "Unexpected termination" diff --git a/tests/functional/tests.d/340-selfaccesses.sh b/tests/functional/tests.d/340-selfaccesses.sh index 3a796f9a9..3c6d1b056 100644 --- a/tests/functional/tests.d/340-selfaccesses.sh +++ b/tests/functional/tests.d/340-selfaccesses.sh @@ -198,14 +198,17 @@ testsuite_selfaccesses() # scp & sftp + # patch bastionCommand in config + configchg 's=^\\\\x22bastionCommand\\\\x22.+=\\\\x22bastionCommand\\\\x22:\\\\x22ssh\\\\x20USER\\\\x40'"$remote_ip"'\\\\x20-p\\\\x20'"$remote_port"'\\\\x20-t\\\\x20--\\\\x22,=' + ## get both helpers first for proto in scp sftp; do success $proto $a0 --osh $proto if [ "$COUNTONLY" != 1 ]; then tmpb64=$(get_json | $jq '.value.script') - base64 -d <<< "$tmpb64" | gunzip -c > /tmp/${proto}helpertmp - perl -pe "s/ssh $account0\\@\\S+/ssh -p $remote_port $account0\\@$remote_ip/" /tmp/${proto}helpertmp > /tmp/${proto}helper - chmod +x /tmp/${proto}helper + base64 -d <<< "$tmpb64" | gunzip -c > "/tmp/${proto}helper" + perl -i -pe 'print "BASTION_SCP_DEBUG=1\nBASTION_SFTP_DEBUG=1\n" if ++$line==2' "/tmp/${proto}helper" + chmod +x "/tmp/${proto}helper" unset tmpb64 fi done @@ -243,7 +246,7 @@ testsuite_selfaccesses() run scp_invalidhostname scp $scp_options -F $mytmpdir/ssh_config -S /tmp/scphelper -i $account0key1file $shellaccount@_invalid._invalid:uptest /tmp/downloaded retvalshouldbe 1 - contain "Sorry, couldn't resolve the host you specified" + contain REGEX "Sorry, couldn't resolve the host you specified|I was unable to resolve host" success scp_upload scp $scp_options -F $mytmpdir/ssh_config -S /tmp/scphelper -i $account0key1file /etc/passwd $shellaccount@127.0.0.2:uptest contain "through the bastion to" diff --git a/tests/functional/tests.d/341-selfaccesses-force-password.sh b/tests/functional/tests.d/341-selfaccesses-force-password.sh index 2d4fed9dd..fdf3bab83 100644 --- a/tests/functional/tests.d/341-selfaccesses-force-password.sh +++ b/tests/functional/tests.d/341-selfaccesses-force-password.sh @@ -25,7 +25,7 @@ testsuite_selfaccesses_force_password() retvalshouldbe 124 contain 'enter this:' a4_password_tmp=$(get_stdout | grep -Eo 'enter this: [a-zA-Z0-9_-]+' | sed -e 's/enter this: //') - script a4_setup_pass_2of2 "echo 'set timeout 30; \ + script a4_setup_pass_2of2 "echo 'set timeout $default_timeout; \ spawn $a4 --osh selfMFASetupPassword --yes; \ expect \":\" { sleep 0.2; send \"$a4_password_tmp\\n\"; }; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ diff --git a/tests/functional/tests.d/370-mfa.sh b/tests/functional/tests.d/370-mfa.sh index f9e426c9f..d3a363a33 100644 --- a/tests/functional/tests.d/370-mfa.sh +++ b/tests/functional/tests.d/370-mfa.sh @@ -37,7 +37,7 @@ testsuite_mfa() # setup our password, step2 local a4_password a4_password=']BkL>3x#T)g~~B#rLv^!T2&N' - script a4_setup_pass_step2of2 "echo 'set timeout 30; \ + script a4_setup_pass_step2of2 "echo 'set timeout $default_timeout; \ spawn $a4 --osh selfMFASetupPassword --yes; \ expect \":\" { sleep 0.2; send \"$a4_password_tmp\\n\"; }; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ @@ -75,7 +75,7 @@ testsuite_mfa() success batch_set_mfa $r0 "echo '{\\\"mfa_required\\\":\\\"any\\\"}' \> $opt_remote_etc_bastion/plugin.info.conf \; chmod o+r $opt_remote_etc_bastion/plugin.info.conf" if [ "${capabilities[mfa]}" = 1 ] || [ "${capabilities[mfa-password]}" = 1 ]; then - script batch_try_mfa "echo 'set timeout 30; \ + script batch_try_mfa "echo 'set timeout $default_timeout; \ spawn $a4 --osh batch; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \"waiting for input\" { sleep 0.2; send \"info\\n\"; }; \ @@ -90,7 +90,7 @@ testsuite_mfa() nocontain "Your alias to connect" json .command batch .error_code OK '.value[0].command' info '.value[0].result.error_code' KO_MFA_FAILED else - script batch_try_mfa "echo 'set timeout 30; \ + script batch_try_mfa "echo 'set timeout $default_timeout; \ spawn $a4 --osh batch; \ expect \"waiting for input\" { sleep 0.2; send \"info\\n\"; }; \ expect \"failed\" { sleep 0.2; send \"quit\\n\"; }; \ @@ -118,7 +118,7 @@ testsuite_mfa() revoke groupCreate # setup group to force JIT egress MFA - script a4_modify_g3_egress_mfa "echo 'set timeout 30; \ + script a4_modify_g3_egress_mfa "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupModify --group $group3 --mfa-required any; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -130,7 +130,7 @@ testsuite_mfa() json .command groupModify .error_code OK # check that the MFA is set for the group - script a4_verify_g3_egress_mfa "echo 'set timeout 30; \ + script a4_verify_g3_egress_mfa "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupInfo --group $group3; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -143,7 +143,7 @@ testsuite_mfa() json .value.mfa_required any # add 127.7.7.7 to this group - script a4_add_g3_server "echo 'set timeout 30; \ + script a4_add_g3_server "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupAddServer --group $group3 --host 127.7.7.7 --user-any --port-any --force; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -174,7 +174,7 @@ testsuite_mfa() nocontain 'Permission denied' # connect to 127.7.7.7 with MFA JIT, good password - script a4_connect_g3_server_goodpass "echo 'set timeout 30; \ + script a4_connect_g3_server_goodpass "echo 'set timeout $default_timeout; \ spawn $a4 root@127.7.7.7; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \"is required (password)\" { sleep 0.1; }; \ @@ -192,7 +192,7 @@ testsuite_mfa() script set_help_mfa $r0 "'"'echo \{\"mfa_required\":\ \"password\"\} > '"$opt_remote_etc_bastion"'/plugin.help.conf; chmod 644 '"$opt_remote_etc_bastion"'/plugin.help.conf'"'" retvalshouldbe 0 - script a4_mfa_help_jitmfa "echo 'set timeout 30; \ + script a4_mfa_help_jitmfa "echo 'set timeout $default_timeout; \ spawn $a4 --osh help; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \"is required (password)\" { sleep 0.1; }; \ @@ -206,7 +206,7 @@ testsuite_mfa() contain REGEX 'Password:|Password for' nocontain 'proactive MFA' - script a4_proactive_mfa_help "echo 'set timeout 30; \ + script a4_proactive_mfa_help "echo 'set timeout $default_timeout; \ spawn $a4 --osh help --proactive-mfa; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \"is required (password)\" { sleep 0.1; }; \ @@ -234,7 +234,7 @@ testsuite_mfa() json .command accountModify .error_code OK # add to JIT MFA group - script a0_add_a3_as_member "echo 'set timeout 30; \ + script a0_add_a3_as_member "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupAddMember --group $group3 --account $account3; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -274,7 +274,7 @@ testsuite_mfa() # change our password a4_password_new="rkw=*Ffyqs23" if [ "${capabilities[mfa]}" = 1 ] || [ "${capabilities[mfa-password]}" = 1 ]; then - script a4_change_pass "echo 'set timeout 30; \ + script a4_change_pass "echo 'set timeout $default_timeout; \ spawn $a4 --osh selfMFASetupPassword --yes; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ @@ -287,7 +287,7 @@ testsuite_mfa() contain 'Multi-Factor Authentication enabled, an additional authentication factor is required (password).' contain REGEX 'Password:|Password for' else - script a4_change_pass "echo 'set timeout 30; \ + script a4_change_pass "echo 'set timeout $default_timeout; \ spawn $a4 --osh selfMFASetupPassword --yes; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \":\" { sleep 0.2; send \"$a4_password_new\\n\"; }; \ @@ -306,7 +306,7 @@ testsuite_mfa() unset a4_password_new if [ "${capabilities[mfa]}" = 1 ] || [ "${capabilities[mfa-password]}" = 1 ]; then - script a4_connect_with_pass "echo 'set timeout 30; \ + script a4_connect_with_pass "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupList; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -328,7 +328,7 @@ testsuite_mfa() # now try to connect with account4 if [ "${capabilities[mfa]}" = 1 ] || [ "${capabilities[mfa-password]}" = 1 ]; then - script a4_connect_with_totpreq "echo 'set timeout 30; \ + script a4_connect_with_totpreq "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupList; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -342,7 +342,7 @@ testsuite_mfa() if [ "${capabilities[mfa]}" = 1 ]; then # setup totp - script a4_setup_totp "echo 'set timeout 30; \ + script a4_setup_totp "echo 'set timeout $default_timeout; \ spawn $a4 --osh selfMFASetupTOTP --no-confirm; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ @@ -360,7 +360,7 @@ testsuite_mfa() #a4_totp_code_4=$(get_stdout | grep -A4 'Your emergency scratch codes are:' | tail -n1 | tr -d '[:space:]') # login and fail without totp (timeout) - script a4_connect_after_totp_fail "echo 'set timeout 30; \ + script a4_connect_after_totp_fail "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupList; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -376,7 +376,7 @@ testsuite_mfa() nocontain 'JSON_OUTPUT' # success with password + totp - script a4_connect_after_totp_ok "echo 'set timeout 30; \ + script a4_connect_after_totp_ok "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupList; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \"code:\" { sleep 0.2; send \"$a4_totp_code_1\\n\"; }; \ @@ -391,7 +391,7 @@ testsuite_mfa() json .command groupList .error_code OK_EMPTY # totp scratch codes don't work twice - script a4_connect_after_totp_dupe "echo 'set timeout 30; \ + script a4_connect_after_totp_dupe "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupList; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect \"code:\" { sleep 0.2; send \"$a4_totp_code_1\\n\"; }; \ @@ -437,7 +437,7 @@ testsuite_mfa() revoke accountMFAResetTOTP # pubkey-auth-optional disabled: success with pubkey and password - script a4_no_pubkeyauthoptional_login_pubkey_pam "echo 'set timeout 30; \ + script a4_no_pubkeyauthoptional_login_pubkey_pam "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupList; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -473,7 +473,7 @@ testsuite_mfa() json .error_code OK .command accountModify .value.pubkey_auth_optional.error_code OK_NO_CHANGE # pubkey-auth-optional enabled: success with pubkey and password - script a4_pubkeyauthoptional_login_pubkey_pam "echo 'set timeout 30; \ + script a4_pubkeyauthoptional_login_pubkey_pam "echo 'set timeout $default_timeout; \ spawn $a4 --osh groupList; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -485,7 +485,7 @@ testsuite_mfa() json .command groupList .error_code OK_EMPTY # pubkey-auth-optional enabled: success with password only - script a4_pubkeyauthoptional_login_nopubkey_pam "echo 'set timeout 30; \ + script a4_pubkeyauthoptional_login_nopubkey_pam "echo 'set timeout $default_timeout; \ spawn $a4np --osh groupList; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \ @@ -517,7 +517,7 @@ testsuite_mfa() # FIXME # # reset totp - # script mfa a4_reset_totp "echo 'set timeout 30; \ + # script mfa a4_reset_totp "echo 'set timeout $default_timeout; \ # spawn $a4 --osh selfMFAResetTOTP; \ # expect \"word:\" { send_user \"premier password\\n\"; send \"$a4_password\\n\"; }; \ # expect \"code:\" { send_user \"premier code\\n\"; send \"$a4_totp_code_2\\n\"; }; \ @@ -530,7 +530,7 @@ testsuite_mfa() # json .error_code OK .command selfMFAResetTOTP # # # reset password - # script mfa a4_reset_password "echo 'set timeout 30; \ + # script mfa a4_reset_password "echo 'set timeout $default_timeout; \ # spawn $a4 --osh selfMFAResetPassword; \ # expect \"word:\" { send \"$a4_password\\n\"; }; \ # expect eof; \ diff --git a/tests/functional/tests.d/390-mfa-realm.sh b/tests/functional/tests.d/390-mfa-realm.sh index e200bd77d..ddd9c65a8 100644 --- a/tests/functional/tests.d/390-mfa-realm.sh +++ b/tests/functional/tests.d/390-mfa-realm.sh @@ -76,7 +76,7 @@ testsuite_mfa_realm() # setup our password, step2 local a4_password='Hfv$!OKiG:(xl>Th8Kv!alz4436BFt~' - script a4_setup_pass_step2of2 "echo 'set timeout 30; \ + script a4_setup_pass_step2of2 "echo 'set timeout $default_timeout; \ spawn $a4 --osh selfMFASetupPassword --yes; \ expect \":\" { sleep 0.2; send \"$a4_password_tmp\\n\"; }; \ expect \":\" { sleep 0.2; send \"$a4_password\\n\"; }; \ @@ -109,7 +109,7 @@ testsuite_mfa_realm() json .command groupModify .error_code OK # try to connect, this one will finally work - script a4_connect_success_realm_with_remote_mfa "echo 'set timeout 30; \ + script a4_connect_success_realm_with_remote_mfa "echo 'set timeout $default_timeout; \ spawn $a4 realm_$realm_shared_account@127.0.0.1 --kbd-interactive -- $js nevermind@127.0.0.5; \ expect \"word:\" { sleep 0.2; send \"$a4_password\\n\"; }; \ expect eof; \