GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'tmp-test-updates' into 'master'

Browse Source 
test updates

Closes #340

See merge request openconnect/ocserv!207
This commit is contained in:
Nikos Mavrogiannopoulos
2020-08-09 16:39:57 +00:00
parent ae9f299b0f d84272ffed
commit c914b8d398
103 changed files with 598 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/Makefile.am
View File

@@ -41,7 +41,7 @@ EXTRA_DIST = certs/ca-key.pem certs/ca.pem ns.sh common.sh certs/server-cert.pem
data/kdc.conf data/krb5.conf data/k5.KERBEROS.TEST data/kadm5.acl \
data/ipv6-iface.config data/no-route-default.config data/no-route-group.config \
data/group-config/group1 data/test-namespace-listen.config data/disconnect-user.config \
data/disconnect-user2.config
data/disconnect-user2.config data/ping-leases.config
SUBDIRS = docker-ocserv
@@ -66,7 +66,8 @@ dist_check_SCRIPTS += haproxy-connect test-iroute test-multi-cookie test-pass-sc
test-cookie-timeout test-cookie-timeout-2 test-explicit-ip \
test-cookie-invalidation test-user-config test-append-routes test-ban \
multiple-routes json test-udp-listen-host test-max-same-1 test-script-multi-user \
apple-ios ipv6-iface test-namespace-listen disconnect-user disconnect-user2
apple-ios ipv6-iface test-namespace-listen disconnect-user disconnect-user2 \
ping-leases
if RADIUS_ENABLED
dist_check_SCRIPTS += radius-group radius-otp
@@ -95,7 +96,7 @@ dist_check_SCRIPTS += test-pass test-pass-cert test-cert test-group-pass \
test-pass-group-cert test-pass-group-cert-no-pass test-sighup \
test-enc-key test-sighup-key-change test-get-cert test-san-cert \
test-gssapi test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \
test-gssapi-opt-cert haproxy-auth test-maintenance \
test-gssapi-opt-cert haproxy-auth test-maintenance resumption \
test-group-name flowcontrol banner invalid-configs
if HAVE_CWRAP_PAM

3
tests/apple-ios
View File

@@ -21,13 +21,14 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
builddir=${builddir:-.}
PORT=4358
VPNNET=172.23.115.0/24
TMPFILE=ios.$$.tmp
VERBOSE=1
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing environment under apple ios client"
function finish {

3
tests/banner
View File

@@ -23,12 +23,13 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4173
TMPFILE=ocserv-plbanner.$$.tmp
PIDFILE=ocserv-pid.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
function finish {
set +e
echo " * Cleaning up..."

3
tests/cipher-common.sh
View File

@@ -23,7 +23,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4574
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -32,6 +31,8 @@ OUTFILE=traffic.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

46
tests/common.sh
View File

@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
#
# Copyright (C) 2011-2013 Free Software Foundation, Inc.
# Copyright 2013 Nikos Mavrogiannopoulos
@@ -215,4 +215,48 @@ cleanup() {
return $ret
}
# Check for a utility to list ports. Both ss and netstat will list
# ports for normal users, and have similar semantics, so put the
# command in the caller's PFCMD, or exit, indicating an unsupported
# test. Prefer ss from iproute2 over the older netstat.
have_port_finder() {
for file in $(which ss 2> /dev/null) /*bin/ss /usr/*bin/ss /usr/local/*bin/ss;do
if test -x "$file";then
PFCMD="$file";return 0
fi
done
if test -z "$PFCMD";then
for file in $(which netstat 2> /dev/null) /bin/netstat /usr/bin/netstat /usr/local/bin/netstat;do
if test -x "$file";then
PFCMD="$file";return 0
fi
done
fi
if test -z "$PFCMD";then
echo "neither ss nor netstat found"
exit 1
fi
}
check_if_port_in_use() {
local PORT="$1"
local PFCMD; have_port_finder
$PFCMD -an|grep "[\:\.]$PORT" >/dev/null 2>&1
}
# Find a port number not currently in use.
GETPORT='
rc=0
unset myrandom
while test $rc = 0; do
if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi
if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi
if test -z "$myrandom"; then myrandom=0; fi
PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))"
check_if_port_in_use $PORT;rc=$?
done
'
trap "fail \"Failed to launch the server, aborting test... \"" 10

4
tests/data/multiple-routes.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4513
udp-port = 4513
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

178
tests/data/ping-leases.config Normal file
View File

@@ -0,0 +1,178 @@
# User authentication method. Could be set multiple times and in that case
# all should succeed.
# Options: certificate, pam.
#auth = "certificate"
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"
isolate-workers = @ISOLATE_WORKERS@
max-ban-score = 0
# A banner to be displayed on clients
#banner = "Welcome"
pre-login-banner = "AN UNPREDICTABLE BANNER"
# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
#listen-host = [IP|HOSTNAME]
use-dbus = no
# Limit the number of clients. Unset or set to zero for unlimited.
#max-clients = 1024
max-clients = 16
# Limit the number of client connections to one every X milliseconds
# (X is the provided value). Set to zero for no limit.
#rate-limit-ms = 100
# Limit the number of identical clients (i.e., users connecting multiple times)
# Unset or set to zero for unlimited.
max-same-clients = 2
# TCP and UDP port number
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400
# Dead peer detection in seconds
dpd = 440
# MTU discovery (DPD must be enabled)
try-mtu-discovery = false
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (e.g.,
# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
# or pkcs11:object=my-vpn-key;object-type=private)
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = @SRCDIR@/certs/server-cert.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
# Can be generated using:
# certtool --generate-dh-params --outfile /path/to/dh.pem
#dh-params = /path/to/dh.pem
# If you have a certificate from a CA that provides an OCSP
# service you may provide a fresh OCSP status response within
# the TLS handshake. That will prevent the client from connecting
# independently on the OCSP server.
# You can update this response periodically using:
# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
# Make sure that you replace the following file in an atomic way.
#ocsp-response = /path/to/ocsp.der
# In case PKCS #11 or TPM keys are used the PINs should be available
# in files. The srk-pin-file is applicable to TPM keys only (It's the storage
# root key).
#pin-file = /path/to/pin.txt
#srk-pin-file = /path/to/srkpin.txt
# The Certificate Authority that will be used
# to verify clients if certificate authentication
# is set.
#ca-cert = /path/to/ca.pem
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
# Useful OIDs are:
# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
#cert-user-oid = 0.9.2342.19200300.100.1.1
# The object identifier that will be used to read the user group in the client
# certificate. The object identifier should be part of the certificate's DN
# Useful OIDs are:
# OU (organizational unit) = 2.5.4.11
#cert-group-oid = 2.5.4.11
# A revocation list of ca-cert is set
#crl = /path/to/crl.pem
# GnuTLS priority string
tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# To enforce perfect forward secrecy (PFS) on the main channel.
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA"
# The time (in seconds) that a client is allowed to stay connected prior
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
#connect-script = /usr/bin/myscript
#disconnect-script = /usr/bin/myscript
# The default server directory. Does not require any devices present.
#chroot-dir = /path/to/chroot
# socket file used for IPC, will be appended with .PID
# It must be accessible within the chroot environment (if any)
socket-file = ./ocserv-socket
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = @USERNAME@
run-as-group = @GROUP@
# Network settings
device = vpns
# The default domain to be advertised
default-domain = example.com
ipv4-network = 192.168.1.0
ipv4-netmask = 255.255.255.0
# Use the keywork local to advertize the local P-t-P address as DNS server
ipv4-dns = 192.168.1.1
# The NBNS server (if any)
#ipv4-nbns = 192.168.2.3
#ipv6-address =
#ipv6-mask =
#ipv6-dns =
# Prior to leasing any IP from the pool ping it to verify that
# it is not in use by another (unrelated to this server) host.
ping-leases = true
# Leave empty to assign the default MTU of the device
# mtu =
route = 192.168.1.0/255.255.255.0
#route = 192.168.5.0/255.255.255.0
#
# The following options are for (experimental) AnyConnect client
# compatibility. They are only available if the server is built
# with --enable-anyconnect
#
# Client profile xml. A sample file exists in doc/profile.xml.
# This file must be accessible from inside the worker's chroot.
# The profile is ignored by the openconnect client.
#user-profile = profile.xml
# Unless set to false it is required for clients to present their
# certificate even if they are authenticating via a previously granted
# cookie. Legacy CISCO clients do not do that, and thus this option
# should be set for them.
#always-require-cert = false

4
tests/data/test-cert-opt-pass.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4425
udp-port = 4425
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-cookie-invalidation.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4502
udp-port = 4502
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-cookie-timeout-2.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4498
udp-port = 4498
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-cookie-timeout.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4499
udp-port = 4499
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-ed25519.config
View File

@@ -30,8 +30,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4444
udp-port = 4444
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-enc-key.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4456
udp-port = 4456
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-enc-key2.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4456
udp-port = 4456
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-explicit-ip.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 8446
udp-port = 8446
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-group-cert.config
View File

@@ -35,8 +35,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 6550
udp-port = 6550
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-group-pass.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 6552
udp-port = 6552
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-gssapi-local-map.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4449
udp-port = 4449
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-gssapi-opt-cert.config
View File

@@ -29,8 +29,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4438
udp-port = 4438
tcp-port = @PORT@
udp-port = @PORT@
#listen-clear-file = ./ocserv-gssapi-conn.socket

4
tests/data/test-gssapi-opt-pass.config
View File

@@ -29,8 +29,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4439
udp-port = 4439
tcp-port = @PORT@
udp-port = @PORT@
#listen-clear-file = ./ocserv-gssapi-conn.socket

4
tests/data/test-gssapi.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4449
udp-port = 4449
tcp-port = @PORT@
udp-port = @PORT@
#listen-clear-file = ./ocserv-gssapi-conn.socket

4
tests/data/test-iroute.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4501
udp-port = 4501
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-otp-cert.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4479
udp-port = 4479
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-otp.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4489
udp-port = 4489
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-pam-noauth.config
View File

@@ -30,8 +30,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 6552
udp-port = 6552
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-pam.config
View File

@@ -29,8 +29,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 6552
udp-port = 6552
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-pass-opt-cert.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 8445
udp-port = 8445
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-pass-script.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 4
# TCP and UDP port number
tcp-port = 4448
udp-port = 4448
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-rsa-pss.config
View File

@@ -30,8 +30,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4444
udp-port = 4444
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-san-cert.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 443
udp-port = 443
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-sighup-key-change.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4473
udp-port = 4473
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-stress.config
View File

@@ -28,8 +28,8 @@ rate-limit-ms = 0
max-same-clients = 5
# TCP and UDP port number
tcp-port = 4450
udp-port = 4450
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-user-cert.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4445
udp-port = 4445
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-user-config.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4512
udp-port = 4512
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-user-group-cert-no-pass.config
View File

@@ -35,8 +35,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 6555
udp-port = 6555
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-user-group-cert.config
View File

@@ -35,8 +35,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 6551
udp-port = 6551
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test-vhost-pass-cert.config
View File

@@ -30,8 +30,8 @@ max-ban-score = 0
max-same-clients = 2
# TCP and UDP port number
tcp-port = 443
udp-port = 443
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

4
tests/data/test3.config
View File

@@ -28,8 +28,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4446
udp-port = 4446
tcp-port = @PORT@
udp-port = @PORT@
# Keepalive in seconds
keepalive = 32400

3
tests/disconnect-user
View File

@@ -27,7 +27,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4477
TMPFILE=ocfile.$$.tmp
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
@@ -35,6 +34,8 @@ OCCTL_SOCKET=./occtl-$$.socket
. `dirname $0`/common.sh
eval "${GETPORT}"
if test "$(id -u)" != "0";then
echo "This test must be run as root"
exit 77

3
tests/disconnect-user2
View File

@@ -25,7 +25,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4459
TMPFILE=ocfile.$$.tmp
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
@@ -33,6 +32,8 @@ OCCTL_SOCKET=./occtl-$$.socket
. `dirname $0`/common.sh
eval "${GETPORT}"
if test "$(id -u)" != "0";then
echo "This test must be run as root"
exit 77

5
tests/flowcontrol
View File

@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
#
# Copyright (C) 2020 Microsoft Corp.
#
@@ -21,11 +21,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4504
PIDFILE=ocserv-pid.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing flow control... "
update_config test1.config

9
tests/haproxy-auth
View File

@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
#
# Copyright (C) 2013 Nikos Mavrogiannopoulos
#
@@ -21,8 +21,6 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4466
HAPORT=4467
PIDFILE=ocserv-pid.$$.tmp
PATH=${PATH}:/usr/sbin
HACONFIG=haproxy.conf.$$.tmp
@@ -30,6 +28,11 @@ HAPROXY=$(which haproxy)
. `dirname $0`/common.sh
eval "${GETPORT}"
HAPORT=${PORT}
eval "${GETPORT}"
if test -z "${HAPROXY}";then
echo "no haproxy present"
exit 77

7
tests/haproxy-connect
View File

@@ -20,8 +20,6 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4566
HAPORT=4567
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
HACONFIG=haproxy.conf.$$.tmp
@@ -31,6 +29,11 @@ IP=$(which ip)
. `dirname $0`/common.sh
eval "${GETPORT}"
HAPORT=${PORT}
eval "${GETPORT}"
if test -z "${HAPROXY}";then
echo "no haproxy present"
exit 77

5
tests/invalid-configs
View File

@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
#
# Copyright (C) 2013 Nikos Mavrogiannopoulos
#
@@ -21,11 +21,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PIDFILE=ocserv-pid.$$.tmp
PORT=3492
NO_NEED_ROOT=1
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing whether invalid configurations fail as expected... "
# plain + pam (primary)

3
tests/ipv6-iface
View File

@@ -20,13 +20,14 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4313
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
IP=$(which ip)
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

3
tests/json
View File

@@ -21,7 +21,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4568
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -30,6 +29,8 @@ OUTFILE=json.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

3
tests/kerberos
View File

@@ -23,13 +23,14 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=443
PIDFILE=ocserv-pid.$$.tmp
KRB5PIDFILE=krb5-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
IP=$(which ip)
OUTFILE=traffic.$$.tmp
# This port needs to be fixed to 443 due to KKDCP
PORT=443
USERNAME=krb5user
USERPASS=krb5user123

3
tests/lz4-compression
View File

@@ -23,7 +23,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4568
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -32,6 +31,8 @@ OUTFILE=traffic.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

3
tests/lzs-compression
View File

@@ -23,7 +23,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4568
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -32,6 +31,8 @@ OUTFILE=traffic.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

8
tests/multiple-routes
View File

@@ -20,19 +20,21 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4513
# Test whether more than 128 routes can be read from a config file.
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv and user route application... "
TMPFILE1=multiple-routes.$$.tmp
rm -f ${TMPFILE1}
launch_simple_server -d 1 -f -c "${srcdir}/data/multiple-routes.config"
update_config multiple-routes.config
launch_simple_server -d 1 -f -c "${CONFIG}"
PID=$!
wait_server $PID
@@ -57,7 +59,7 @@ fi
echo ok
rm -f ${TMPFILE1}
rm -f ${TMPFILE1} ${CONFIG}
kill $PID
wait

3
tests/no-route-default
View File

@@ -20,11 +20,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=5743
TMPFILE=$(mktemp)
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing whether exclude routes are being sent (with route=default)... "
function finish {

3
tests/no-route-group
View File

@@ -20,11 +20,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=5744
TMPFILE=$(mktemp)
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing whether group exclude routes are being sent (with route=default)... "
function finish {

68
tests/ping-leases Executable file
View File

@@ -0,0 +1,68 @@
#!/bin/bash
#
# Copyright (C) 2020 Nikos Mavrogiannopoulos
#
# This file is part of ocserv.
#
# ocserv is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# ocserv is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PIDFILE=ocserv-pid.$$.tmp
OPIDFILE=oc-pid.$$.tmp
VERBOSE=1
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing connection with ping-leases=true..."
function finish {
echo " * Cleaning up..."
test -f ${OPIDFILE} && kill $(cat ${OPIDFILE}) >/dev/null 2>&1
test -f ${PIDFILE} && kill $(cat ${PIDFILE}) >/dev/null 2>&1
rm -f ${OPIDFILE}
rm -f ${CONFIG}
}
trap finish EXIT
update_config ping-leases.config
launch_simple_server -d 1 -p ${PIDFILE} --no-chdir -c ${CONFIG}
sleep 3
PID=$(cat ${PIDFILE})
if test -z "${PID}";then
echo "server did not start"
exit 1
fi
echo "Server started with PID $PID..."
echo "Connecting to obtain cookie..."
( echo "test" | $OPENCONNECT -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
fail $PID "Could not receive cookie from server"
echo "Connecting to ping lease..."
echo "test" | timeout 10 $OPENCONNECT localhost:$PORT -u "test" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true
if test $? != 124;then
fail $PID "Could not connect to server"
fi
cleanup
exit 0

3
tests/radius
View File

@@ -23,7 +23,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4569
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -38,6 +37,8 @@ fi
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

3
tests/radius-config
View File

@@ -23,7 +23,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4569
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -38,6 +37,8 @@ fi
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

3
tests/radius-group
View File

@@ -23,7 +23,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4569
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -38,6 +37,8 @@ fi
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

3
tests/radius-otp
View File

@@ -24,7 +24,6 @@ PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}"
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4569
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -39,6 +38,8 @@ fi
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

61
tests/resumption Executable file
View File

@@ -0,0 +1,61 @@
#!/bin/bash
#
# Copyright (C) 2020 Nikos Mavrogiannopoulos
#
# This file is part of ocserv.
#
# ocserv is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# ocserv is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
TMPFILE=resume.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv session resumption... "
function finish {
echo " * Cleaning up..."
test -n "${PID}" && kill ${PID} >/dev/null 2>&1
rm -f ${TMPFILE}
rm -f ${CONFIG}
}
trap finish EXIT
update_config test1.config
launch_simple_sr_server -d 1 -f -c ${CONFIG}
PID=$!
wait_server $PID
echo -n "Connecting to resume... "
( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -r --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 $ADDRESS --port $PORT --insecure > $TMPFILE 2>/dev/null </dev/null ) ||
(cat ${TMPFILE} && fail $PID "Could not connect to resume!" )
grep "This is a resumed session" ${TMPFILE}
if test $? != 0;then
cat ${TMPFILE}
fail $PID "failed, session was not resumed"
fi
echo "ok"
rm -f "$TMPFILE"
exit 0

5
tests/server-cert-ed25519
View File

@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
#
# Copyright (C) 2017 Red Hat, Inc.
#
@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4444
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing server cert with ed25519... "
update_config test-ed25519.config

5
tests/server-cert-rsa-pss
View File

@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
#
# Copyright (C) 2017 Red Hat, Inc.
#
@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4444
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing server cert with RSA-PSS... "
update_config test-rsa-pss.config

13
tests/test-append-routes
View File

@@ -20,24 +20,23 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4612
# Test whether append-routes behaves as expected.
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv and user append-route application... "
CONFFILE=${srcdir}/test-append-routes-conf.tmp
TMPFILE1=${srcdir}/test-append-routes.tmp
rm -f ${TMPFILE1}
cp ${srcdir}/data/test-user-config.config ${CONFFILE}
echo "append-routes = true" >> ${CONFFILE}
sed -i 's/= 4512/= 4612/g' ${CONFFILE}
update_config test-user-config.config
echo "append-routes = true" >> ${CONFIG}
launch_server -d 1 -f -c ${CONFFILE} & PID=$!
launch_server -d 1 -f -c ${CONFIG} & PID=$!
wait_server $PID
echo "Checking if routes are appended... "
@@ -68,7 +67,7 @@ fi
echo ok
rm -f ${TMPFILE1}
rm -f ${CONFFILE}
rm -f ${CONFIG}
kill $PID
wait

3
tests/test-ban
View File

@@ -21,7 +21,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4497
OCCTL_SOCKET=./occtl-ban-$$.socket
PIDFILE=ocserv-pid.$$.tmp
OUTFILE=ban.$$.tmp
@@ -36,6 +35,8 @@ VPNADDR6=fc39:d561:62c6:861b:9f38:9734:9fa1:0
. `dirname $0`/common.sh
. `dirname $0`/ns.sh
eval "${GETPORT}"
update_config test-ban.config
if test "$VERBOSE" = 1;then
DEBUG="-d 3"

3
tests/test-cert
View File

@@ -21,13 +21,14 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4446
CRLNAME=crl.pem.$$.tmp
CRLTMPLNAME=crl.tmpl.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv with certificates... "
rm -f "${CRLNAME}" "${CRLTMPLNAME}"

3
tests/test-cert-opt-pass
View File

@@ -20,11 +20,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4425
OUTFILE=test-cert-opt-pass.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with certificate and optional username-password... "
connect()

3
tests/test-config-per-group
View File

@@ -23,7 +23,6 @@
OCCTL="${OCCTL:-../src/occtl/occtl}"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=8447
PIDFILE=ocserv-pid.$$.tmp
CLIPID=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
@@ -32,6 +31,8 @@ OUTFILE=traffic.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
if test -z "${IP}";then
echo "no IP tool is present"
exit 77

7
tests/test-cookie-invalidation
View File

@@ -20,16 +20,18 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4502
. `dirname $0`/common.sh
eval "${GETPORT}"
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"
PIDFILE2="${srcdir}/ci$$-2.pid.tmp"
echo "Testing whether cookies are being correctly invalidated... "
rm -f "${PIDFILE1}" "${PIDFILE2}"
launch_server -d 1 -f -c ${srcdir}/data/test-cookie-invalidation.config & PID=$!
update_config test-cookie-invalidation.config
launch_server -d 1 -f -c ${CONFIG} & PID=$!
wait_server $PID
echo "Connecting to obtain cookie... "
@@ -91,6 +93,7 @@ if [ -f "${PIDFILE2}" ];then
fi
rm -f "${PIDFILE1}" "${PIDFILE2}"
rm -f ${CONFIG}
kill $PID
wait

8
tests/test-cookie-timeout
View File

@@ -20,15 +20,17 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4499
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing whether cookies will expire as expected... "
PIDFILE="${srcdir}/ct$$.pid.tmp"
launch_server -d 1 -f -c ${srcdir}/data/test-cookie-timeout.config & PID=$!
update_config test-cookie-timeout.config
launch_server -d 1 -f -c ${CONFIG} & PID=$!
wait_server $PID
echo "Connecting to obtain cookie... "
@@ -111,6 +113,6 @@ fi
kill $PID
wait
rm -f "${PIDFILE}"
rm -f "${PIDFILE}" ${CONFIG}
exit 0

8
tests/test-cookie-timeout-2
View File

@@ -20,14 +20,16 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4498
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing whether cookies will remain valid during the session time... "
rm -f ${srcdir}/pid.$$
launch_server -d 1 -f -c ${srcdir}/data/test-cookie-timeout-2.config & PID=$!
update_config test-cookie-timeout-2.config
launch_server -d 1 -f -c ${CONFIG} & PID=$!
wait_server $PID
echo "Connecting to obtain cookie... "
@@ -73,6 +75,6 @@ kill $PID
wait
rm -f ${srcdir}/pid.$$
rm -f ${srcdir}/pid2.$$
rm -f ${srcdir}/pid2.$$ ${CONFIG}
exit 0

3
tests/test-enc-key
View File

@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4456
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with encrypted PKCS #8 key file... "
update_config test-enc-key.config

6
tests/test-explicit-ip
View File

@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
TMPFILE=${srcdir}/outfile.$$
PORT=8446
. `dirname $0`/common.sh
eval "${GETPORT}"
connect()
{
opts=$1
@@ -54,7 +55,8 @@ return 0
echo "Testing local backend with username-password and explicit IP addresses... "
launch_server -d 1 -f -c "${srcdir}/data/test-explicit-ip.config" & PID=$!
update_config test-explicit-ip.config
launch_server -d 1 -f -c "${CONFIG}" & PID=$!
wait_server $PID
echo -n "Connecting with an illegal address assigned... "

3
tests/test-fork
View File

@@ -20,11 +20,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4432
PIDFILE=ocserv-pid.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing operation when run on background..."
update_config test1.config

3
tests/test-get-cert
View File

@@ -21,13 +21,14 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4445
TMPFILE=getcert.$$.tmp
TMPFILE2=getcert2.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv certificate GET handlers... "
update_config test-user-cert.config

3
tests/test-group-cert
View File

@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=6550
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with certificate... "
launch_sr_server -d 1 -f -c data/test-group-cert.config & PID=$!

5
tests/test-group-name
View File

@@ -21,7 +21,6 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=443
HEAD=$(mktemp)
POST=$(mktemp)
COOKIES=$(mktemp)
@@ -29,6 +28,8 @@ OUTFILE=$(mktemp)
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing whether group labels are translated to groups... "
# This is a necessary condition for some anyconnect clients
@@ -47,7 +48,7 @@ launch_simple_sr_server -d 1 -f -c ${CONFIG}
PID=$!
wait_server $PID
TARGET=https://$ADDRESS
TARGET=https://$ADDRESS:$PORT
cat >$HEAD <<_EOF
Accept-Encoding:identity

3
tests/test-group-pass
View File

@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=6552
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with username-group-password... "
update_config test-group-pass.config

3
tests/test-gssapi
View File

@@ -22,7 +22,6 @@ SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
builddir=${builddir:-.}
NO_NEED_ROOT=1
PORT=4449
NTLMSSP_CONF=""
for conf in /etc/gss/mech.d/mech.ntlmssp.conf /etc/gss/mech.d/ntlmssp.conf;do
@@ -45,6 +44,8 @@ fi
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with gssapi... "
export NTLM_USER_FILE=${builddir}/ntlm.pass

3
tests/test-gssapi-opt-cert
View File

@@ -21,7 +21,6 @@ SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
builddir=${builddir:-.}
NO_NEED_ROOT=1
PORT=4438
OUTFILE=test-gssapi-opt-pass.$$.tmp
connect()
@@ -68,6 +67,8 @@ fi
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with gssapi and password fallback... "
VERBOSE=1

3
tests/test-gssapi-opt-pass
View File

@@ -21,7 +21,6 @@ SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
builddir=${builddir:-.}
NO_NEED_ROOT=1
PORT=4439
OUTFILE=test-gssapi-opt-pass.$$.tmp
connect()
@@ -68,6 +67,8 @@ fi
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with gssapi and password fallback... "
VERBOSE=1

8
tests/test-iroute
View File

@@ -20,15 +20,17 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4501
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv and user route application... "
rm -f ${srcdir}/test-iroute.tmp
launch_server -d 1 -f -c "${srcdir}/data/test-iroute.config" & PID=$!
update_config test-iroute.config
launch_server -d 1 -f -c "${CONFIG}" & PID=$!
wait_server $PID
echo -n "Connecting to obtain cookie (with certificate)... "
@@ -60,7 +62,7 @@ fi
echo ok
rm -f ${srcdir}/test-iroute.tmp
rm -f ${srcdir}/test-iroute.tmp ${CONFIG}
kill $PID
wait

3
tests/test-maintenance
View File

@@ -20,10 +20,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4434
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv and SIGUSR2/forced maintenance behavior... "
update_config test-sighup.config

3
tests/test-max-same-1
View File

@@ -20,10 +20,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4516
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing whether max-same-clients=1 allows cookie re-use... "
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"

3
tests/test-multi-cookie
View File

@@ -20,10 +20,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4500
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing whether cookies are being re-used... "
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"

3
tests/test-namespace-listen
View File

@@ -18,7 +18,6 @@
SERV="${SERV:-../src/ocserv}"
PIDFILE=ocserv-pid.$$.tmp
srcdir=${srcdir:-.}
PORT=4498
LISTEN_NS="ocserv-listen-ns-tmp-$$"
OUTFILE=lsof.$$.tmp
SS=$(which ss)
@@ -42,6 +41,8 @@ trap finish EXIT
. `dirname $0`/common.sh
. `dirname $0`/ns.sh
eval "${GETPORT}"
update_config test-namespace-listen.config
if test "$VERBOSE" = 1;then
DEBUG="-d 3"

3
tests/test-oidc
View File

@@ -21,12 +21,13 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4503
PIDFILE=ocserv-pid.$$.tmp
OCCTL_SOCKET=./occtl-oidc-$$.socket
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with oidc token auth... "
update_config test-oidc-auth.config

3
tests/test-otp
View File

@@ -22,11 +22,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4489
OTP_FILE=test-otp.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with username-password-otp and certificate... "
$SERV --version 2>&1|grep oath >/dev/null 2>&1

3
tests/test-otp-cert
View File

@@ -22,11 +22,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4479
OTP_FILE=test-otp-users.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with username-password-otp and certificate... "
#user 'test' has cert, password + OTP

3
tests/test-pam
View File

@@ -21,12 +21,13 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=6552
VERBOSE=1
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing PAM backend with username-password... "
export TEST_PAMDIR=data/pam

3
tests/test-pam-noauth
View File

@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=6552
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing PAM acct backend with username-password... "
export TEST_PAMDIR=data/pam-single

3
tests/test-pass
View File

@@ -21,11 +21,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4444
PIDFILE=ocserv-pid.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with username-password... "
update_config test1.config

3
tests/test-pass-cert
View File

@@ -21,11 +21,12 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4445
ISOLATE_WORKERS=false
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with username-password and certificate... "
update_config test-user-cert.config

3
tests/test-pass-group-cert
View File

@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=6551
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with username-password and certificate... "
update_config test-user-group-cert.config

3
tests/test-pass-group-cert-no-pass
View File

@@ -21,10 +21,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=6555
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with username-password and certificate... "
update_config test-user-group-cert-no-pass.config

3
tests/test-pass-opt-cert
View File

@@ -22,11 +22,12 @@ SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
TMPFILE=${srcdir}/outfile.$$.tmp
NO_NEED_ROOT=1
PORT=8445
PIDFILE=ocserv-pid.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing local backend with username-password and optional certificate... "
update_config test-pass-opt-cert.config

8
tests/test-pass-script
View File

@@ -21,13 +21,14 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
builddir=${builddir:-.}
PORT=4448
OPIDFILE=pass-script.$$.tmp
OPIDFILE2=pass-script2.$$.tmp
PARAMSFILE=pass-script.params.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing connect and disconnect script behavior"
rm -f ${OPIDFILE}
@@ -61,7 +62,8 @@ fi
echo " * Testing local backend with username-password... "
launch_server -d 1 -f -c "${srcdir}/data/test-pass-script.config" & PID=$!
update_config test-pass-script.config
launch_server -d 1 -f -c "${CONFIG}" & PID=$!
wait_server $PID
echo " * Connecting to obtain cookie with wrong username... "
@@ -213,4 +215,6 @@ wait
echo "Script tests were successful"
rm -f ${CONFIG}
exit 0

10
tests/test-san-cert
View File

@@ -27,6 +27,8 @@ CRLTMPLNAME=crl.tmpl.$$.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv with certificates... "
rm -f "${CRLNAME}" "${CRLTMPLNAME}"
@@ -47,25 +49,25 @@ PID=$!
wait_server $PID
echo -n "Connecting to obtain cookie (without certificate)... "
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
fail $PID "Connected without certificate!"
echo "ok (failed as expected)"
echo -n "Connecting to obtain cookie (with invalid certificate)... "
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
fail $PID "Connected with invalid certificate!"
echo "ok (failed as expected)"
echo -n "Connecting to obtain cookie (with certificate - no SAN)... "
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
fail $PID "Connected with invalid certificate!"
echo "ok (failed as expected)"
echo -n "Connecting to obtain cookie (with certificate - SAN)... "
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-san-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-san-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
fail $PID "Failed to connect with certificate!"
echo ok

3
tests/test-script-multi-user
View File

@@ -22,7 +22,6 @@ SERV="${SERV:-../src/ocserv}"
OCCTL="${OCCTL:-../src/occtl/occtl}"
srcdir=${srcdir:-.}
builddir=${builddir:-.}
PORT=4472
PIDFILE=ocserv-pid.$$.tmp
VPNNET=172.29.205.0/24
OUTFILE=out.$$.tmp
@@ -30,6 +29,8 @@ USERNAME=test
. `dirname $0`/common.sh
eval "${GETPORT}"
if test "${DISABLE_ASAN_BROKEN_TESTS}" = 1;then
echo "Skipping test requiring ldpreload"
exit 77

3
tests/test-sighup
View File

@@ -20,10 +20,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4441
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv and SIGHUP behavior... "
update_config test-sighup.config

3
tests/test-sighup-key-change
View File

@@ -21,13 +21,14 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4473
TEMPLATE=temp-key.$$.tmpl.tmp
SERVER_CERT=server-cert-temp.pem.tmp
SERVER_KEY=server-key-temp.pem.tmp
. `dirname $0`/common.sh
eval "${GETPORT}"
echo "Testing ocserv and SIGHUP behavior on server key change... "
cat <<_EOF_>"${TEMPLATE}"

3
tests/test-stress
View File

@@ -20,10 +20,11 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4450
. `dirname $0`/common.sh
eval "${GETPORT}"
run_client() {
HOST=$1;
shift;

6
tests/test-udp-listen-host
View File

@@ -24,8 +24,6 @@ CLIPID="${srcdir:-.}/ci$$-1.pid.tmp"
CLIPID2="${srcdir:-.}/ci$$-2.pid.tmp"
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4166
HAPORT=4167
PIDFILE=ocserv-pid.$$.tmp
CONFIG_UDP_LISTEN_LOCAL=ocserv_udp_listen_local.conf.$$.tmp
HACONFIG=haproxy.conf.$$.tmp
@@ -35,6 +33,10 @@ IP=$(command -v ip)
. "$(dirname "$0")/common.sh"
eval "${GETPORT}"
HAPORT=${PORT}
eval "${GETPORT}"
if test -z "${HAPROXY}";then
echo "no haproxy present"
exit 77

Some files were not shown because too many files have changed in this diff Show More