2026-02-10 00:37:00 +08:00 · 2015-05-19 19:00:53 +02:00
parent 2d386261ac
commit 419fd1e63c
7 changed files with 26 additions and 32 deletions
						
						
							
						
						
						
@@ -15,12 +15,8 @@ RUN sed 's/PermitRootLogin without-password/PermitRootLogin yes/g' -i /etc/ssh/s
RUN echo 'root:root' |chpasswd
RUN echo 'root:root' |chpasswd
RUN useradd -m -d /home/admin -s /bin/bash admin
RUN useradd -m -d /home/admin -s /bin/bash admin
RUN echo 'admin:admin' |chpasswd
RUN echo 'admin:admin' |chpasswd
EXPOSE 5000
EXPOSE 443
EXPOSE 5000/udp
EXPOSE 443/udp
EXPOSE 5001
EXPOSE 5001/udp
EXPOSE 5551
EXPOSE 5551/udp
EXPOSE 22
EXPOSE 22
RUN mkdir /etc/ocserv
RUN mkdir /etc/ocserv
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -12,12 +12,8 @@ RUN sed 's/PermitRootLogin without-password/PermitRootLogin yes/g' -i /etc/ssh/s
RUN echo 'root:root' |chpasswd
RUN echo 'root:root' |chpasswd
RUN useradd -m -d /home/admin -s /bin/bash admin
RUN useradd -m -d /home/admin -s /bin/bash admin
RUN echo 'admin:admin' |chpasswd
RUN echo 'admin:admin' |chpasswd
EXPOSE 5000
EXPOSE 443
EXPOSE 5000/udp
EXPOSE 443/udp
EXPOSE 5001
EXPOSE 5001/udp
EXPOSE 5551
EXPOSE 5551/udp
EXPOSE 22
EXPOSE 22
RUN mkdir /etc/ocserv
RUN mkdir /etc/ocserv
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -40,8 +40,8 @@ max-clients = 16
max-same-clients = 2
max-same-clients = 2
# TCP and UDP port number
# TCP and UDP port number
tcp-port = 5551
tcp-port = 443
udp-port = 5551
udp-port = 443
# Keepalive in seconds
# Keepalive in seconds
keepalive = 32400
keepalive = 32400
						
							
						
						
							
						
						
						
@@ -131,6 +131,8 @@ auth-timeout = 40
# a failed authentication attempt.
# a failed authentication attempt.
#min-reauth-time = 2
#min-reauth-time = 2
#max-ban-score = 50
# Cookie validity time (in seconds)
# Cookie validity time (in seconds)
# Once a client is authenticated he's provided a cookie with
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. This option sets the maximum lifetime
# which he can reconnect. This option sets the maximum lifetime
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -26,14 +26,14 @@ if [ $? != 0 ];then
	exit 77
	exit 77
fi
fi
PORT_OCSERV=5551
PORT_OCSERV=443
CONFIG="tcp"
CONFIG="tcp"
IMAGE=ocserv-test1
IMAGE=ocserv-test1
IMAGE_NAME=test_ocserv
IMAGE_NAME=test_ocserv
TMP=$IMAGE_NAME.tmp
TMP=$IMAGE_NAME.tmp
. ./docker-common.sh
. ./docker-common.sh
$DOCKER run -P --privileged=true -p 5000:5000/udp -p 5001:5001/udp -p 22 -p 5551:5551/udp --tty=false -d --name test_ocserv $IMAGE
$DOCKER run -P --privileged=true -p 22 -p $PORT_OCSERV:$PORT_OCSERV/udp --tty=false -d --name $IMAGE_NAME $IMAGE
if test $? != 0;then
if test $? != 0;then
	echo "Cannot run docker image"
	echo "Cannot run docker image"
	exit 1
	exit 1
						
						
						
							
						
						
@@ -43,7 +43,7 @@ echo "ocserv image was run"
#wait for ocserv to server
#wait for ocserv to server
sleep 5
sleep 5
IP=`$DOCKER inspect test_ocserv | grep IPAddress | cut -d '"' -f 4`
IP=`$DOCKER inspect $IMAGE_NAME | grep IPAddress | cut -d '"' -f 4`
if test -z "$IP";then
if test -z "$IP";then
	echo "Detected IP is null!"
	echo "Detected IP is null!"
	stop
	stop
						
						
						
							
						
						
@@ -54,21 +54,23 @@ if test ! -z "$QUIT_ON_INIT";then
	exit 0
	exit 0
fi
fi
echo -e "testuser\n" >pass-full$TMP
echo -e "testuser" >pass-full$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-full$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-full$TMP
if test $? = 0;then
if test $? = 0;then
	echo "Authentication with wrong password succeeded!"
	echo "Authentication with wrong password succeeded!"
	stop
	stop
fi
fi
echo -e "test\n" >pass-full$TMP
echo -e "test" >pass-full$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-full$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-full$TMP
if test $? = 0;then
if test $? = 0;then
	echo "Authentication with wrong username succeeded!"
	echo "Authentication with wrong username succeeded!"
	stop
	stop
fi
fi
echo -e "test\n" >pass-full$TMP
echo ""
echo "Connecting with correct username"
echo -e "test" >pass-full$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-full$TMP &
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-full$TMP &
PID=$!
PID=$!
						
							
						
						
							
						
						
						
@@ -103,12 +105,10 @@ rm -f known-hosts$TMP
echo "UserKnownHostsFile ./known-hosts$TMP" >config$TMP
echo "UserKnownHostsFile ./known-hosts$TMP" >config$TMP
echo -e '#!'"/bin/sh\n" >echo-admin$TMP
echo -e '#!'"/bin/sh\n" >echo-admin$TMP
echo -e "echo yes" >>echo-admin$TMP
echo -e "echo yes" >>echo-admin$TMP
echo -e "echo root" >>echo-admin$TMP
echo -e "\n" >>echo-admin$TMP
echo -e "\n" >>echo-admin$TMP
chmod 755 echo-admin$TMP
chmod 755 echo-admin$TMP
export SSH_ASKPASS="./echo-admin$TMP"
export SSH_ASKPASS="./echo-admin$TMP"
setsid ssh -T -F config$TMP root@192.168.1.1 occtl show user test >out$TMP 2>&1
setsid ssh -T -F config$TMP root@192.168.1.1 occtl show users >/dev/null 2>&1
cat out$TMP
echo -e '#!'"/bin/sh\n" >echo-admin$TMP
echo -e '#!'"/bin/sh\n" >echo-admin$TMP
echo -e "echo root" >>echo-admin$TMP
echo -e "echo root" >>echo-admin$TMP
						
							
						
						
							
						
						
						
@@ -157,7 +157,7 @@ sleep 4
#check whether /tmp/disconnect/ok was created
#check whether /tmp/disconnect/ok was created
rm -f ./not-ok
rm -f ./not-ok
$DOCKER cp test_ocserv:/tmp/disconnect/not-ok ./
$DOCKER cp $IMAGE_NAME:/tmp/disconnect/not-ok ./
if test -f ./not-ok;then
if test -f ./not-ok;then
	echo "There was an issue getting stats"
	echo "There was an issue getting stats"
	stop
	stop
						
						
						
							
						
						
@@ -167,7 +167,7 @@ rm -f ./not-ok
ret=0
ret=0
rm -f ./tmp-full/ok
rm -f ./tmp-full/ok
$DOCKER cp test_ocserv:/tmp/disconnect/ok ./tmp-full/
$DOCKER cp $IMAGE_NAME:/tmp/disconnect/ok ./tmp-full/
if ! test -f ./tmp-full/ok;then
if ! test -f ./tmp-full/ok;then
	echo "Don't know if stats were received"
	echo "Don't know if stats were received"
	ret=77
	ret=77
						
						
						
							
						
						
@@ -177,7 +177,7 @@ else
	rm -rf ./tmp-full/
	rm -rf ./tmp-full/
fi
fi
$DOCKER stop test_ocserv
$DOCKER stop $IMAGE_NAME
$DOCKER rm test_ocserv
$DOCKER rm $IMAGE_NAME
exit $ret
exit $ret
						
						
						
						
 
						
						
							
						
						
						
@@ -56,14 +56,14 @@ if test ! -z "$QUIT_ON_INIT";then
	exit 0
	exit 0
fi
fi
echo -e "testuser\n" >pass-radius$TMP
echo -e "testuser" >pass-radius$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP
if test $? = 0;then
if test $? = 0;then
	echo "Authentication with wrong password succeeded!"
	echo "Authentication with wrong password succeeded!"
	stop
	stop
fi
fi
echo -e "test\n" >pass-radius$TMP
echo -e "test" >pass-radius$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP
if test $? = 0;then
if test $? = 0;then
	echo "Authentication with wrong username succeeded!"
	echo "Authentication with wrong username succeeded!"
						
						
						
							
						
						
@@ -71,7 +71,7 @@ if test $? = 0;then
fi
fi
echo "Trying with correct password"
echo "Trying with correct password"
echo -e "test\n" >pass-radius$TMP
echo -e "test" >pass-radius$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-radius$TMP &
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-radius$TMP &
PID=$!
PID=$!
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -55,7 +55,7 @@ if test ! -z "$QUIT_ON_INIT";then
fi
fi
echo "Trying with correct password"
echo "Trying with correct password"
printf "test\n" >pass-radius$TMP
echo "test" >pass-radius$TMP
$OPENCONNECT $IP:$PORT_OCSERV -u testtime --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-radius$TMP &
$OPENCONNECT $IP:$PORT_OCSERV -u testtime --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-radius$TMP &
PID=$!
PID=$!
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -53,7 +53,7 @@ if test ! -z "$QUIT_ON_INIT";then
	exit 0
	exit 0
fi
fi
echo -e "test\ntest\n" >pass$TMP
echo -e "test\ntest" >pass$TMP
$OPENCONNECT $IP:6551 -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass$TMP &
$OPENCONNECT $IP:6551 -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass$TMP &
PID=$!
PID=$!