GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-27 07:18:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

tests: explicitly specify the path (srcdir vs builddir) of config files

Browse Source 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2026-03-17 19:37:34 +01:00
parent f98bf6afcb
commit 97ad7e479a
60 changed files with 144 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/ac-aes128-gcm-cipher
View File

@@ -27,4 +27,4 @@ GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)"
${PKG_CONFIG} --atleast-version=8.02 openconnect
test $? != 0 && exit 77
. cipher-common.sh
. ${srcdir}/cipher-common.sh

2
tests/ac-aes256-gcm-cipher
View File

@@ -29,4 +29,4 @@ GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)"
${PKG_CONFIG} --atleast-version=8.03 openconnect
test $? != 0 && exit 77
. cipher-common.sh
. ${srcdir}/cipher-common.sh

2
tests/aes128-cipher
View File

@@ -23,4 +23,4 @@
CIPHER_NAME="AES128-SHA"
GNUTLS_NAME="(DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1)"
. cipher-common.sh
. ${srcdir}/cipher-common.sh

2
tests/aes256-cipher
View File

@@ -23,4 +23,4 @@
CIPHER_NAME="AES256-SHA"
GNUTLS_NAME="(DTLS0.9)-(RSA)-(AES-256-CBC)-(SHA1)"
. cipher-common.sh
. ${srcdir}/cipher-common.sh

5
tests/common.sh
View File

@@ -50,7 +50,7 @@ fi
# NO_NEED_ROOT implies NEED_SOCKET_WRAPPER
if test "${NEED_SOCKET_WRAPPER}" = 1 || test "${NO_NEED_ROOT}" = 1;then
SOCKDIR="${srcdir}/tmp/sockwrap.$$.tmp"
SOCKDIR="sockwrap.$$.tmp"
mkdir -p $SOCKDIR
export SOCKET_WRAPPER_DIR=$SOCKDIR
export SOCKET_WRAPPER_DEFAULT_IFACE=2
@@ -93,7 +93,8 @@ update_config() {
-e 's|@ROUTE2@|'${ROUTE2}'|g' "$file.$$.tmp" \
-e 's|@MATCH_CIPHERS@|'${MATCH_CIPHERS}'|g' "$file.$$.tmp" \
-e 's|@OCCTL_SOCKET@|'${OCCTL_SOCKET}'|g' "$file.$$.tmp" \
-e 's|@LISTEN_NS@|'${LISTEN_NS}'|g' "$file.$$.tmp"
-e 's|@LISTEN_NS@|'${LISTEN_NS}'|g' "$file.$$.tmp" \
-e 's|@RADIUSCLIENT_DIR@|'${RADIUSCLIENT_DIR}'|g' "$file.$$.tmp"
CONFIG="$file.$$.tmp"
}

4
tests/data/apple-ios.config
View File

@@ -111,8 +111,8 @@ auth-timeout = 40
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
connect-script = ./connect-ios-script
disconnect-script = ./connect-ios-script
connect-script = @SRCDIR@/connect-ios-script
disconnect-script = @SRCDIR@/connect-ios-script
# UTMP
#use-utmp = true

2
tests/data/haproxy-proxyproto-v1.config
View File

@@ -111,7 +111,7 @@ auth-timeout = 40
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
connect-script = ./scripts/proxy-connectscript-v1
connect-script = @SRCDIR@/scripts/proxy-connectscript-v1
#disconnect-script = /usr/bin/myscript
# UTMP

2
tests/data/haproxy-proxyproto.config
View File

@@ -114,7 +114,7 @@ auth-timeout = 40
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
connect-script = ./scripts/proxy-connectscript
connect-script = @SRCDIR@/scripts/proxy-connectscript
#disconnect-script = /usr/bin/myscript
# UTMP

6
tests/data/idle-timeout.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -50,8 +50,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).

8
tests/data/multiple-routes.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
auth = "certificate"
#auth = "plain[./data/test1.passwd]"
#auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = false
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
@@ -74,7 +74,7 @@ server-key = ./certs/server-key.pem
# The Certificate Authority that will be used
# to verify clients if certificate authentication
# is set.
ca-cert = ./certs/ca.pem
ca-cert = @SRCDIR@/certs/ca.pem
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN

4
tests/data/radius-group.config
View File

@@ -4,7 +4,7 @@
#auth = "certificate"
#auth = "plain[/etc/ocserv/passwd]"
#auth = "pam"
auth = "radius[config=@SRCDIR@/data/radiusclient/radiusclient.conf,groupconfig=true,nas-identifier=ocserv1]"
auth = "radius[config=@RADIUSCLIENT_DIR@/radiusclient.conf,groupconfig=true,nas-identifier=ocserv1]"
#enable-auth = "certificate"
# Whether to enable support for the occtl tool (i.e., either through D-BUS,
@@ -29,7 +29,7 @@ isolate-workers = @ISOLATE_WORKERS@
# to generate password entries.
#auth = "plain[/etc/ocserv/ocpasswd]"
acct = "radius[config=@SRCDIR@/data/radiusclient/radiusclient.conf]"
acct = "radius[config=@RADIUSCLIENT_DIR@/radiusclient.conf]"
# A banner to be displayed on clients
#banner = "Welcome"

4
tests/data/radius-multi-group.config
View File

@@ -4,7 +4,7 @@
#auth = "certificate"
#auth = "plain[/etc/ocserv/passwd]"
#auth = "pam"
auth = "radius[config=@SRCDIR@/data/radiusclient/radiusclient.conf,groupconfig=true,nas-identifier=ocserv1]"
auth = "radius[config=@RADIUSCLIENT_DIR@/radiusclient.conf,groupconfig=true,nas-identifier=ocserv1]"
#enable-auth = "certificate"
# Whether to enable support for the occtl tool (i.e., either through D-BUS,
@@ -30,7 +30,7 @@ isolate-workers = @ISOLATE_WORKERS@
# to generate password entries.
#auth = "plain[/etc/ocserv/ocpasswd]"
acct = "radius[config=@SRCDIR@/data/radiusclient/radiusclient.conf]"
acct = "radius[config=@RADIUSCLIENT_DIR@/radiusclient.conf]"
# A banner to be displayed on clients
#banner = "Welcome"

4
tests/data/radius-otp.config
View File

@@ -4,7 +4,7 @@
#auth = "certificate"
#auth = "plain[/etc/ocserv/passwd]"
#auth = "pam"
auth = "radius[config=@SRCDIR@/data/radiusclient/radiusclient.conf,nas-identifier=ocserv1]"
auth = "radius[config=@RADIUSCLIENT_DIR@/radiusclient.conf,nas-identifier=ocserv1]"
#enable-auth = "certificate"
# Whether to enable support for the occtl tool (i.e., either through D-BUS,
@@ -25,7 +25,7 @@ isolate-workers = @ISOLATE_WORKERS@
# to generate password entries.
#auth = "plain[/etc/ocserv/ocpasswd]"
acct = "radius[config=@SRCDIR@/data/radiusclient/radiusclient.conf]"
acct = "radius[config=@RADIUSCLIENT_DIR@/radiusclient.conf]"
# A banner to be displayed on clients
#banner = "Welcome"

4
tests/data/radius.config
View File

@@ -4,7 +4,7 @@
#auth = "certificate"
#auth = "plain[/etc/ocserv/passwd]"
#auth = "pam"
auth = "radius[config=@SRCDIR@/data/radiusclient/radiusclient.conf,groupconfig=true,nas-identifier=ocserv1]"
auth = "radius[config=@RADIUSCLIENT_DIR@/radiusclient.conf,groupconfig=true,nas-identifier=ocserv1]"
#enable-auth = "certificate"
# Whether to enable support for the occtl tool (i.e., either through D-BUS,
@@ -25,7 +25,7 @@ isolate-workers = @ISOLATE_WORKERS@
# to generate password entries.
#auth = "plain[/etc/ocserv/ocpasswd]"
acct = "radius[config=@SRCDIR@/data/radiusclient/radiusclient.conf]"
acct = "radius[config=@RADIUSCLIENT_DIR@/radiusclient.conf]"
# A banner to be displayed on clients
#banner = "Welcome"

5
tests/data/radiusclient/meson.build Normal file
View File

@@ -0,0 +1,5 @@
configure_file(
input: 'radiusclient.conf.in',
output: 'radiusclient.conf',
configuration: {'SRCDIR': meson.current_source_dir()},
)

6
tests/data/radiusclient/radiusclient.conf → tests/data/radiusclient/radiusclient.conf.in
View File

@@ -33,18 +33,18 @@ acctserver localhost
# file holding shared secrets used for the communication
# between the RADIUS client and server
servers ./data/radiusclient/servers
servers @SRCDIR@/servers
# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary ./data/radiusclient/dictionary
dictionary @SRCDIR@/dictionary
# file which holds sequence number for communication with the
# RADIUS server
seqfile ./radius.seq.tmp
# file which specifies mapping between ttyname and NAS-Port attribute
#mapfile ./data/radiusclient/port-id-map
#mapfile @SRCDIR@/port-id-map
# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user

6
tests/data/session-timeout.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -50,8 +50,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).

6
tests/data/test-camouflage-norealm.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).

6
tests/data/test-camouflage.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).

2
tests/data/test-cert-opt-pass.config
View File

@@ -171,6 +171,6 @@ route = 192.168.1.0/255.255.255.0
# should be set for them.
cisco-client-compat = true
config-per-user = ./user-config-opt/
config-per-user = @SRCDIR@/user-config-opt/
max-ban-score = 0

6
tests/data/test-cookie-invalidation.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).

6
tests/data/test-cookie-timeout-2.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).

6
tests/data/test-cookie-timeout.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).

10
tests/data/test-explicit-ip.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate[optional]"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
@@ -74,7 +74,7 @@ server-key = ./certs/server-key.pem
# The Certificate Authority that will be used
# to verify clients if certificate authentication
# is set.
ca-cert = ./certs/ca.pem
ca-cert = @SRCDIR@/certs/ca.pem
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
@@ -173,4 +173,4 @@ route = 192.168.1.0/255.255.255.0
# should be set for them.
cisco-client-compat = true
config-per-user = ./user-config-explicit/
config-per-user = @SRCDIR@/user-config-explicit/

2
tests/data/test-group-cert.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
auth = "certificate"
#auth = "plain[./data/test-group.passwd]"
#auth = "plain[@SRCDIR@/data/test-group.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@

2
tests/data/test-gssapi-local-map.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
#auth = "plain[./data/test1.passwd]"
#auth = "plain[@SRCDIR@/data/test1.passwd]"
auth = "gssapi"
isolate-workers = @ISOLATE_WORKERS@

2
tests/data/test-gssapi-opt-cert.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
#auth = "plain[./data/test1.passwd]"
#auth = "plain[@SRCDIR@/data/test1.passwd]"
auth = "gssapi[require-local-user-map=false]"
enable-auth = certificate

2
tests/data/test-gssapi-opt-pass.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
#auth = "plain[./data/test1.passwd]"
#auth = "plain[@SRCDIR@/data/test1.passwd]"
auth = "gssapi[require-local-user-map=false]"
enable-auth = "plain[passwd=@SRCDIR@/data/test1.passwd]"

2
tests/data/test-gssapi.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
#auth = "plain[./data/test1.passwd]"
#auth = "plain[@SRCDIR@/data/test1.passwd]"
auth = "gssapi[require-local-user-map=false]"
isolate-workers = @ISOLATE_WORKERS@

10
tests/data/test-iroute.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
auth = "certificate"
#auth = "plain[./data/test1.passwd]"
#auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
@@ -74,7 +74,7 @@ server-key = ./certs/server-key.pem
# The Certificate Authority that will be used
# to verify clients if certificate authentication
# is set.
ca-cert = ./certs/ca.pem
ca-cert = @SRCDIR@/certs/ca.pem
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
@@ -157,7 +157,7 @@ ping-leases = false
route = 192.168.1.0/255.255.255.0
#route = 192.168.5.0/255.255.255.0
config-per-user = ./user-config/
config-per-user = @SRCDIR@/user-config/
route-add-cmd = "echo %R %{RI} %D > ./test-iroute.tmp"
#route-del-cmd = "ip route delete %R dev %D"

2
tests/data/test-oidc-auth.config
View File

@@ -1,7 +1,7 @@
# User authentication method. Could be set multiple times and in that case
# all should succeed.
# Options: certificate, pam.
auth = "oidc[config=@SRCDIR@/data/oidc.json]"
auth = "oidc[config=./data/oidc.json]"
isolate-workers = @ISOLATE_WORKERS@

2
tests/data/test-pass-opt-cert.config
View File

@@ -171,6 +171,6 @@ route = 192.168.1.0/255.255.255.0
# should be set for them.
cisco-client-compat = true
config-per-user = ./user-config-opt/
config-per-user = @SRCDIR@/user-config-opt/
max-ban-score = 0

12
tests/data/test-pass-script.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
@@ -111,9 +111,9 @@ auth-timeout = 40
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
connect-script = ./connect-script
host-update-script = ./connect-script
disconnect-script = ./connect-script
connect-script = @SRCDIR@/connect-script
host-update-script = @SRCDIR@/connect-script
disconnect-script = @SRCDIR@/connect-script
# UTMP
use-utmp = true

4
tests/data/test-script-multi-user.config
View File

@@ -107,8 +107,8 @@ auth-timeout = 40
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
connect-script = ./sleep-connect-script
disconnect-script = ./sleep-connect-script
connect-script = @SRCDIR@/sleep-connect-script
disconnect-script = @SRCDIR@/sleep-connect-script
# UTMP
use-utmp = true

6
tests/data/test-stress.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[./data/test1.passwd]"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).

10
tests/data/test-user-config.config
View File

@@ -2,7 +2,7 @@
# all should succeed.
# Options: certificate, pam.
auth = "certificate"
#auth = "plain[./data/test1.passwd]"
#auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
@@ -47,8 +47,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
@@ -74,7 +74,7 @@ server-key = ./certs/server-key.pem
# The Certificate Authority that will be used
# to verify clients if certificate authentication
# is set.
ca-cert = ./certs/ca.pem
ca-cert = @SRCDIR@/certs/ca.pem
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
@@ -161,7 +161,7 @@ ping-leases = false
route = 192.168.5.0/255.255.255.0
no-route = 192.168.98.0/255.255.255.0
config-per-user = ./user-config/
config-per-user = @SRCDIR@/user-config/
#route-add-cmd = "echo %R %D > ./test-expose-iroute.tmp"
#route-del-cmd = "ip route delete %R dev %D"

8
tests/meson.build
View File

@@ -2,8 +2,8 @@ test_inc = [top_inc, src_inc, src_build_inc, common_inc]
test_base_deps = [common_dep, ccan_dep, nettle_dep, talloc_dep, llhttp_dep, protobuf_dep]
# Tests run with cwd = source tests/ so relative paths (./certs/, ./data/) work
test_workdir = meson.current_source_dir()
# Tests run with cwd = build tests/ dir; source paths in configs use @SRCDIR@
test_workdir = meson.current_build_dir()
test_env = environment()
test_env.set('srcdir', meson.current_source_dir())
@@ -25,6 +25,10 @@ raddb_build_dir = meson.current_build_dir() / 'data' / 'raddb'
test_env.set('RADDB_DIR', raddb_build_dir)
subdir('data/raddb')
radiusclient_build_dir = meson.current_build_dir() / 'data' / 'radiusclient'
test_env.set('RADIUSCLIENT_DIR', radiusclient_build_dir)
subdir('data/radiusclient')
# --------------------------------------------------------------------------
# C unit tests
# --------------------------------------------------------------------------

2
tests/no-dtls-cipher
View File

@@ -24,4 +24,4 @@ PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}"
CIPHER_NAME="UNKNOWN"
GNUTLS_NAME=""
. cipher-common.sh
. ${srcdir}/cipher-common.sh

2
tests/oc-aes128-gcm-cipher
View File

@@ -23,4 +23,4 @@
CIPHER_NAME="OC-DTLS1_2-AES128-GCM"
GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)"
. cipher-common.sh
. ${srcdir}/cipher-common.sh

2
tests/oc-aes256-gcm-cipher
View File

@@ -23,4 +23,4 @@
CIPHER_NAME="OC-DTLS1_2-AES256-GCM"
GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)"
. cipher-common.sh
. ${srcdir}/cipher-common.sh

2
tests/psk-negotiate
View File

@@ -25,4 +25,4 @@ GNUTLS_NAME="(DTLS1.2)-(PSK)"
TEST_CONFIG="test-psk-negotiate.config"
MATCH_CIPHERS=false
. cipher-common.sh
. ${srcdir}/cipher-common.sh

2
tests/psk-negotiate-match
View File

@@ -25,4 +25,4 @@ GNUTLS_NAME="(DTLS1.2)-(PSK)"
TEST_CONFIG="test-psk-negotiate.config"
MATCH_CIPHERS=true
. cipher-common.sh
. ${srcdir}/cipher-common.sh

2
tests/test-append-routes
View File

@@ -29,7 +29,7 @@ eval "${GETPORT}"
echo "Testing ocserv and user append-route application... "
TMPFILE1=${srcdir}/test-append-routes.tmp
TMPFILE1=test-append-routes.$$.tmp
rm -f ${TMPFILE1}

4
tests/test-cert-opt-pass
View File

@@ -69,14 +69,14 @@ fi
echo ok
echo -n "Connecting to obtain cookie (with certificate)... "
connect "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem"
connect "-u test --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem"
if test $? != 0;then
fail $PID "Failed to connect with certificate!"
fi
echo ok
echo -n "Connecting to obtain cookie (with incorrect certificate)... "
connect "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert-wrong.pem" ""
connect "-u test --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem" ""
if test $? = 0;then
fail $PID "Should not have connected with wrong certificate!"
fi

4
tests/test-cookie-invalidation
View File

@@ -25,8 +25,8 @@ srcdir=${srcdir:-.}
eval "${GETPORT}"
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"
PIDFILE2="${srcdir}/ci$$-2.pid.tmp"
PIDFILE1="ci$$-1.pid.tmp"
PIDFILE2="ci$$-2.pid.tmp"
echo "Testing whether cookies are being correctly invalidated... "
rm -f "${PIDFILE1}" "${PIDFILE2}"

2
tests/test-cookie-timeout
View File

@@ -27,7 +27,7 @@ eval "${GETPORT}"
echo "Testing whether cookies will expire as expected... "
PIDFILE="${srcdir}/ct$$.pid.tmp"
PIDFILE="ct$$.pid.tmp"
update_config test-cookie-timeout.config
launch_server -d 1 -f -c ${CONFIG} & PID=$!

24
tests/test-cookie-timeout-2
View File

@@ -26,7 +26,7 @@ srcdir=${srcdir:-.}
eval "${GETPORT}"
echo "Testing whether cookies will remain valid during the session time... "
rm -f ${srcdir}/pid.$$
rm -f pid.$$
update_config test-cookie-timeout-2.config
launch_server -d 1 -f -c ${CONFIG} & PID=$!
@@ -43,38 +43,38 @@ fi
sleep 10
echo ""
echo "Connecting with cookie... "
echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pid.$$ --background
echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file pid.$$ --background
sleep 4
if [ ! -f ${srcdir}/pid.$$ ];then
if [ ! -f pid.$$ ];then
fail $PID "It was not possible to establish session!"
fi
CPID=`cat ${srcdir}/pid.$$`
rm -f "${srcdir}/pid.$$"
rm -f "${srcdir}/pid2.$$"
CPID=`cat pid.$$`
rm -f "pid.$$"
rm -f "pid2.$$"
sleep 30
echo ""
echo "Connecting again with cookie (overriding first session)... "
echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pid2.$$ --background
echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file pid2.$$ --background
sleep 6
kill $CPID
if [ ! -f ${srcdir}/pid2.$$ ];then
if [ ! -f pid2.$$ ];then
fail $PID "It was not possible to establish second session!"
else
CPID=`cat ${srcdir}/pid2.$$`
CPID=`cat pid2.$$`
kill $CPID
rm -f "${srcdir}/pid2.$$"
rm -f "pid2.$$"
fi
kill $PID
wait
rm -f ${srcdir}/pid.$$
rm -f ${srcdir}/pid2.$$ ${CONFIG}
rm -f pid.$$
rm -f pid2.$$ ${CONFIG}
exit 0

4
tests/test-explicit-ip
View File

@@ -20,7 +20,7 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
TMPFILE=${srcdir}/outfile.$$
TMPFILE=outfile.$$
. `dirname $0`/common.sh
@@ -37,7 +37,7 @@ if [ -z "$COOKIE" ];then
fi
rm -f $TMPFILE
echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pidx >$TMPFILE 2>&1 &
echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file pidx.$$ >$TMPFILE 2>&1 &
CPID=$!
sleep 3

10
tests/test-iroute
View File

@@ -27,7 +27,7 @@ eval "${GETPORT}"
echo "Testing ocserv and user route application... "
rm -f ${srcdir}/test-iroute.tmp
rm -f test-iroute.tmp
update_config test-iroute.config
launch_server -d 1 -f -c "${CONFIG}" & PID=$!
@@ -50,19 +50,19 @@ kill $kpid
sleep 1
echo -n "Checking if routes have been applied... "
if [ ! -f ${srcdir}/test-iroute.tmp ];then
if [ ! -f test-iroute.tmp ];then
fail $PID "Temporary file cannot be found"
fi
CONTENTS=`cat ${srcdir}/test-iroute.tmp`
CONTENTS=`cat test-iroute.tmp`
if [[ "$CONTENTS" =~ "192.168.1.0/255.255.255.0 192.168.1.0/24 [vpns|tun]$" ]];then
cat ${srcdir}/test-iroute.tmp
cat test-iroute.tmp
fail $PID "Temporary file contents are not correct"
fi
echo ok
rm -f ${srcdir}/test-iroute.tmp ${CONFIG}
rm -f test-iroute.tmp ${CONFIG}
kill $PID
wait

4
tests/test-max-same-1
View File

@@ -27,8 +27,8 @@ eval "${GETPORT}"
echo "Testing whether max-same-clients=1 allows cookie reuse... "
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"
PIDFILE2="${srcdir}/ci$$-2.pid.tmp"
PIDFILE1="ci$$-1.pid.tmp"
PIDFILE2="ci$$-2.pid.tmp"
rm -f "${PIDFILE1}" "${PIDFILE2}"
function finish {

4
tests/test-multi-cookie
View File

@@ -27,8 +27,8 @@ eval "${GETPORT}"
echo "Testing whether cookies are being reused... "
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"
PIDFILE2="${srcdir}/ci$$-2.pid.tmp"
PIDFILE1="ci$$-1.pid.tmp"
PIDFILE2="ci$$-2.pid.tmp"
rm -f "${PIDFILE1}" "${PIDFILE2}"
function finish {

2
tests/test-oidc
View File

@@ -51,7 +51,7 @@ sleep 5s
# Generate new OIDC keys
# First client should fail, triggering reload of keys
`dirname $0`/gen_oidc_test_data
./gen_oidc_test_data
for token in data/success_*; do
http_result=$(LD_PRELOAD=libsocket_wrapper.so curl --insecure https://$ADDRESS:$PORT --request POST --data config-auth.xml --header "Authorization:Bearer=`cat $token`" --output /dev/null --write-out "%{http_code}")
if [ "$http_result" != "401" ]; then

2
tests/test-otp
View File

@@ -39,7 +39,7 @@ fi
#user 'testuser' has cert and OTP only
rm -f ${OTP_FILE}
cp data/test-otp.oath ${OTP_FILE}
cp ${srcdir}/data/test-otp.oath ${OTP_FILE}
update_config test-otp.config
launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
wait_server $PID

2
tests/test-otp-cert
View File

@@ -39,7 +39,7 @@ if [ $? != 0 ];then
fi
rm -f ${OTP_FILE}
cp data/test-otp.oath ${OTP_FILE}
cp ${srcdir}/data/test-otp.oath ${OTP_FILE}
update_config test-otp-cert.config
launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
wait_server $PID

6
tests/test-pass-opt-cert
View File

@@ -20,7 +20,7 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
TMPFILE=${srcdir}/outfile.$$.tmp
TMPFILE=outfile.$$.tmp
NO_NEED_ROOT=1
PIDFILE=ocserv-pid.$$.tmp
@@ -69,14 +69,14 @@ fi
echo ok
echo -n "Connecting to obtain cookie (with certificate)... "
connect "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem"
connect "-u test --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem"
if test $? != 0;then
fail $PID "Failed to connect with certificate!"
fi
echo ok
echo -n "Connecting to obtain cookie (with incorrect certificate)... "
connect "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert-wrong.pem" ""
connect "-u test --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem" ""
if test $? = 0;then
fail $PID "Should not have connected with wrong certificate!"
fi

4
tests/test-replay
View File

@@ -35,8 +35,8 @@ fi
echo "Testing whether replay of DTLS hello breaks client session... "
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"
PIDFILE2="${srcdir}/ci$$-2.pid.tmp"
PIDFILE1="ci$$-1.pid.tmp"
PIDFILE2="ci$$-2.pid.tmp"
TCPDUMP_FILE="${srcdir}/dtls_hello.pcap"
rm -f "${PIDFILE1}" "${PIDFILE2}"

4
tests/test-udp-listen-host
View File

@@ -20,8 +20,8 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
OUTFILE=occtl-show-user.$$.tmp
CLIPID="${srcdir:-.}/ci$$-1.pid.tmp"
CLIPID2="${srcdir:-.}/ci$$-2.pid.tmp"
CLIPID="ci$$-1.pid.tmp"
CLIPID2="ci$$-2.pid.tmp"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PIDFILE=ocserv-pid.$$.tmp

4
tests/test-user-config
View File

@@ -30,8 +30,8 @@ eval "${GETPORT}"
echo "Testing ocserv and user route application... "
TMPFILE1=${srcdir}/test-user-config.tmp
TMPFILE2=${srcdir}/test-user-config-2.tmp
TMPFILE1=test-user-config.$$.tmp
TMPFILE2=test-user-config-2.$$.tmp
rm -f ${TMPFILE1}
rm -f ${TMPFILE2}

10
tests/test-vhost
View File

@@ -91,28 +91,28 @@ fi
echo ok
echo -n "Connecting to certificate host to obtain cookie (with certificate)... "
connect "cert.example.com" "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem" "" "sha1:8e253ef2a87dd9188fe444702f2fe349d30af816"
connect "cert.example.com" "-u test --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem" "" "sha1:8e253ef2a87dd9188fe444702f2fe349d30af816"
if test $? != 0;then
fail $PID "Failed to connect with certificate!"
fi
echo ok
echo -n "Connecting to certificate host to obtain cookie (with incorrect certificate)... "
connect "cert.example.com" "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert-wrong.pem" "" "sha1:8e253ef2a87dd9188fe444702f2fe349d30af816"
connect "cert.example.com" "-u test --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem" "" "sha1:8e253ef2a87dd9188fe444702f2fe349d30af816"
if test $? = 0;then
fail $PID "Should not have connected with wrong certificate!"
fi
echo ok
echo -n "Connecting to pass2 host to obtain cookie (with certificate)... "
connect "pass2.example.com" "-u vhost --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem" "" "sha1:8e253ef2a87dd9188fe444702f2fe349d30af816"
connect "pass2.example.com" "-u vhost --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem" "" "sha1:8e253ef2a87dd9188fe444702f2fe349d30af816"
if test $? = 0;then
fail $PID "Connected to wrong host with certificate!"
fi
echo ok
echo -n "Connecting to default host to obtain cookie (with certificate)... "
connect "default.example.com" "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem" "" "pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8="
connect "default.example.com" "-u test --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem" "" "pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8="
if test $? = 0;then
fail $PID "Connected to wrong host with certificate!"
fi
@@ -144,7 +144,7 @@ fi
echo ok
echo -n "Sanity check to cert host..."
connect "cert.example.com" "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem" "" "sha1:8e253ef2a87dd9188fe444702f2fe349d30af816"
connect "cert.example.com" "-u test --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem" "" "sha1:8e253ef2a87dd9188fe444702f2fe349d30af816"
if test $? != 0;then
fail $PID "Failed to connect with certificate!"
fi