GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

tests: check whether IPs are being passed correctly to script when in proxyproto

Browse Source 
That is check whether the remote IP passed is other than localhost,
and there is a non-empty IP_REAL_LOCAL.
This commit is contained in:
Nikos Mavrogiannopoulos
2015-08-22 20:07:59 +02:00
parent f8c7bccfa1
commit 8ed48a14bb
6 changed files with 55 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
tests/docker-ocserv/Dockerfile-debian-proxyproto Normal file
View File

@@ -0,0 +1,35 @@
FROM debian:jessie
RUN apt-get update
RUN apt-get install -y libgnutls-deb0-28 libprotobuf-c1
RUN apt-get install -y libwrap0 libpam0g libseccomp2 libdbus-1-3 libreadline5 libnl-route-3-200
RUN apt-get install -y libhttp-parser2.1 libpcl1 libopts25 autogen
RUN apt-get install -y libsystemd-daemon0 valgrind nuttcp openssh-server bash
RUN apt-get install -y libtalloc2 liblz4-1 libkrb5-3 less haproxy
RUN sed 's/PermitRootLogin without-password/PermitRootLogin yes/g' -i /etc/ssh/sshd_config
RUN sed 's/PermitRootLogin without-password/PermitRootLogin yes/g' -i /etc/ssh/sshd_config
RUN echo 'root:root' |chpasswd
RUN useradd -m -d /home/admin -s /bin/bash admin
RUN echo 'admin:admin' |chpasswd
RUN mkdir /etc/ocserv
ADD key.pem /etc/ocserv/
ADD cert.pem /etc/ocserv/
ADD combo.pem /etc/ocserv/
ADD haproxy-proxyproto.cfg /etc/haproxy/haproxy.cfg
ADD ocserv-proxyproto.conf /etc/ocserv/ocserv.conf
ADD passwd /etc/ocserv/
ADD ocserv /usr/sbin/
ADD ocpasswd /usr/bin/
ADD occtl /usr/bin/
ADD myscript /usr/bin/
ADD proxy-connectscript /usr/bin/
# It's not possible to use mknod inside a container with the default LXC
# template, so we untar it from this archive.
ADD dev-tun.tgz /dev/
CMD nuttcp -S;/etc/init.d/ssh restart;mkdir -p /tmp/disconnect/;mkdir -p /tmp/connect;/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg;/usr/sbin/ocserv -d 1 -f;sleep 3600

1
tests/docker-ocserv/Dockerfile-fedora-proxyproto
View File

@@ -26,6 +26,7 @@ ADD ocserv /usr/sbin/
ADD ocpasswd /usr/bin/
ADD occtl /usr/bin/
ADD myscript /usr/bin/
ADD proxy-connectscript /usr/bin/
# It's not possible to use mknod inside a container with the default LXC
# template, so we untar it from this archive.
ADD dev-tun.tgz /dev/

3
tests/docker-ocserv/Makefile.am
View File

@@ -5,7 +5,8 @@ EXTRA_DIST = passwd ocserv.conf Dockerfile-debian-tcp dev-tun.tgz myscript key.p
radiusclient-servers pam-ocserv ocserv-pam.conf ca.pem ocserv-radius-config.conf \
Dockerfile-fedora-radius-config radius-dictionary Dockerfile-debian-radius-config \
ocserv-proxyproto.conf Dockerfile-fedora-proxyproto haproxy-proxyproto.cfg \
haproxy-proxyproto-unix.cfg Dockerfile-fedora-proxyproto-unix ocserv-proxyproto-unix.conf
haproxy-proxyproto-unix.cfg Dockerfile-fedora-proxyproto-unix ocserv-proxyproto-unix.conf \
proxy-connectscript
TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
top_builddir="$(top_builddir)"

2
tests/docker-ocserv/ocserv-proxyproto.conf
View File

@@ -176,7 +176,7 @@ rekey-method = ssl
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client),
# ID (a unique numeric ID); REASON may be "connect" or "disconnect".
#connect-script = /usr/bin/myscript
connect-script = /usr/bin/proxy-connectscript
disconnect-script = /usr/bin/myscript
# UTMP

9
tests/docker-ocserv/proxy-connectscript Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
if [ "$REASON" = "connect" ];then
if test "$IP_REAL" != "127.0.0.1" && test "$IP_REAL" != "::1" && test -n "$IP_REAL_LOCAL";then
echo "$IP_REAL:$IP_REAL_LOCAL" >/tmp/connect/ok
fi
fi
exit 0

7
tests/proxyproto-test
View File

@@ -115,6 +115,13 @@ sleep 2
kill $PID
check_for_file /tmp/connect/ok
if test $? != 0;then
echo "There was an issue in connect script"
stop
fi
$DOCKER exec $IMAGE_NAME cat /tmp/connect/ok
sleep 4
#check whether /tmp/disconnect/ok was created