From f814cf851be11c5c07bd83034c7bfd9e4cf814a0 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 9 Aug 2020 11:54:04 +0200 Subject: [PATCH 1/3] tests: added session resumption test Signed-off-by: Nikos Mavrogiannopoulos --- tests/Makefile.am | 2 +- tests/common.sh | 44 ++++++++++++++++++++++++++++++++++ tests/resumption | 61 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+), 1 deletion(-) create mode 100755 tests/resumption diff --git a/tests/Makefile.am b/tests/Makefile.am index 60e78fe9..e5400879 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -95,7 +95,7 @@ dist_check_SCRIPTS += test-pass test-pass-cert test-cert test-group-pass \ test-pass-group-cert test-pass-group-cert-no-pass test-sighup \ test-enc-key test-sighup-key-change test-get-cert test-san-cert \ test-gssapi test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \ - test-gssapi-opt-cert haproxy-auth test-maintenance \ + test-gssapi-opt-cert haproxy-auth test-maintenance resumption \ test-group-name flowcontrol banner invalid-configs if HAVE_CWRAP_PAM diff --git a/tests/common.sh b/tests/common.sh index 477d568c..c97f540d 100644 --- a/tests/common.sh +++ b/tests/common.sh @@ -215,4 +215,48 @@ cleanup() { return $ret } +# Check for a utility to list ports. Both ss and netstat will list +# ports for normal users, and have similar semantics, so put the +# command in the caller's PFCMD, or exit, indicating an unsupported +# test. Prefer ss from iproute2 over the older netstat. +have_port_finder() { + for file in $(which ss 2> /dev/null) /*bin/ss /usr/*bin/ss /usr/local/*bin/ss;do + if test -x "$file";then + PFCMD="$file";return 0 + fi + done + + if test -z "$PFCMD";then + for file in $(which netstat 2> /dev/null) /bin/netstat /usr/bin/netstat /usr/local/bin/netstat;do + if test -x "$file";then + PFCMD="$file";return 0 + fi + done + fi + + if test -z "$PFCMD";then + echo "neither ss nor netstat found" + exit 1 + fi +} + +check_if_port_in_use() { + local PORT="$1" + local PFCMD; have_port_finder + $PFCMD -an|grep "[\:\.]$PORT" >/dev/null 2>&1 +} + +# Find a port number not currently in use. +GETPORT=' + rc=0 + unset myrandom + while test $rc = 0; do + if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi + if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi + if test -z "$myrandom"; then myrandom=0; fi + PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" + check_if_port_in_use $PORT;rc=$? + done +' + trap "fail \"Failed to launch the server, aborting test... \"" 10 diff --git a/tests/resumption b/tests/resumption new file mode 100755 index 00000000..64a312aa --- /dev/null +++ b/tests/resumption @@ -0,0 +1,61 @@ +#!/bin/bash +# +# Copyright (C) 2020 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +SERV="${SERV:-../src/ocserv}" +srcdir=${srcdir:-.} +NO_NEED_ROOT=1 + +TMPFILE=resume.$$.tmp + +. `dirname $0`/common.sh + +eval "${GETPORT}" + +echo "Testing ocserv session resumption... " + +function finish { + echo " * Cleaning up..." + test -n "${PID}" && kill ${PID} >/dev/null 2>&1 + rm -f ${TMPFILE} + rm -f ${CONFIG} +} +trap finish EXIT + +update_config test1.config +launch_simple_sr_server -d 1 -f -c ${CONFIG} +PID=$! + +wait_server $PID + +echo -n "Connecting to resume... " +( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -r --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 $ADDRESS --port $PORT --insecure > $TMPFILE 2>/dev/null Date: Sun, 9 Aug 2020 12:05:51 +0200 Subject: [PATCH 2/3] tests: replaced explicit ports with random assignment Signed-off-by: Nikos Mavrogiannopoulos --- tests/apple-ios | 3 ++- tests/banner | 3 ++- tests/cipher-common.sh | 3 ++- tests/common.sh | 2 +- tests/data/multiple-routes.config | 4 ++-- tests/data/test-cert-opt-pass.config | 4 ++-- tests/data/test-cookie-invalidation.config | 4 ++-- tests/data/test-cookie-timeout-2.config | 4 ++-- tests/data/test-cookie-timeout.config | 4 ++-- tests/data/test-ed25519.config | 4 ++-- tests/data/test-enc-key.config | 4 ++-- tests/data/test-enc-key2.config | 4 ++-- tests/data/test-explicit-ip.config | 4 ++-- tests/data/test-group-cert.config | 4 ++-- tests/data/test-group-pass.config | 4 ++-- tests/data/test-gssapi-local-map.config | 4 ++-- tests/data/test-gssapi-opt-cert.config | 4 ++-- tests/data/test-gssapi-opt-pass.config | 4 ++-- tests/data/test-gssapi.config | 4 ++-- tests/data/test-iroute.config | 4 ++-- tests/data/test-otp-cert.config | 4 ++-- tests/data/test-otp.config | 4 ++-- tests/data/test-pam-noauth.config | 4 ++-- tests/data/test-pam.config | 4 ++-- tests/data/test-pass-opt-cert.config | 4 ++-- tests/data/test-pass-script.config | 4 ++-- tests/data/test-rsa-pss.config | 4 ++-- tests/data/test-san-cert.config | 4 ++-- tests/data/test-sighup-key-change.config | 4 ++-- tests/data/test-stress.config | 4 ++-- tests/data/test-user-cert.config | 4 ++-- tests/data/test-user-config.config | 4 ++-- tests/data/test-user-group-cert-no-pass.config | 4 ++-- tests/data/test-user-group-cert.config | 4 ++-- tests/data/test-vhost-pass-cert.config | 4 ++-- tests/data/test3.config | 4 ++-- tests/disconnect-user | 3 ++- tests/disconnect-user2 | 3 ++- tests/flowcontrol | 5 +++-- tests/haproxy-auth | 9 ++++++--- tests/haproxy-connect | 7 +++++-- tests/invalid-configs | 5 +++-- tests/ipv6-iface | 3 ++- tests/json | 3 ++- tests/kerberos | 3 ++- tests/lz4-compression | 3 ++- tests/lzs-compression | 3 ++- tests/multiple-routes | 8 +++++--- tests/no-route-default | 3 ++- tests/no-route-group | 3 ++- tests/radius | 3 ++- tests/radius-config | 3 ++- tests/radius-group | 3 ++- tests/radius-otp | 3 ++- tests/server-cert-ed25519 | 5 +++-- tests/server-cert-rsa-pss | 5 +++-- tests/test-append-routes | 13 ++++++------- tests/test-ban | 3 ++- tests/test-cert | 3 ++- tests/test-cert-opt-pass | 3 ++- tests/test-config-per-group | 3 ++- tests/test-cookie-invalidation | 7 +++++-- tests/test-cookie-timeout | 8 +++++--- tests/test-cookie-timeout-2 | 8 +++++--- tests/test-enc-key | 3 ++- tests/test-explicit-ip | 6 ++++-- tests/test-fork | 3 ++- tests/test-get-cert | 3 ++- tests/test-group-cert | 3 ++- tests/test-group-name | 5 +++-- tests/test-group-pass | 3 ++- tests/test-gssapi | 3 ++- tests/test-gssapi-opt-cert | 3 ++- tests/test-gssapi-opt-pass | 3 ++- tests/test-iroute | 8 +++++--- tests/test-maintenance | 3 ++- tests/test-max-same-1 | 3 ++- tests/test-multi-cookie | 3 ++- tests/test-namespace-listen | 3 ++- tests/test-oidc | 3 ++- tests/test-otp | 3 ++- tests/test-otp-cert | 3 ++- tests/test-pam | 3 ++- tests/test-pam-noauth | 3 ++- tests/test-pass | 3 ++- tests/test-pass-cert | 3 ++- tests/test-pass-group-cert | 3 ++- tests/test-pass-group-cert-no-pass | 3 ++- tests/test-pass-opt-cert | 3 ++- tests/test-pass-script | 8 ++++++-- tests/test-san-cert | 10 ++++++---- tests/test-script-multi-user | 3 ++- tests/test-sighup | 3 ++- tests/test-sighup-key-change | 3 ++- tests/test-stress | 3 ++- tests/test-udp-listen-host | 6 ++++-- tests/test-user-config | 8 +++++--- tests/test-vhost | 3 ++- tests/traffic | 3 ++- 99 files changed, 243 insertions(+), 162 deletions(-) diff --git a/tests/apple-ios b/tests/apple-ios index 4cce7548..897d8233 100755 --- a/tests/apple-ios +++ b/tests/apple-ios @@ -21,13 +21,14 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} builddir=${builddir:-.} -PORT=4358 VPNNET=172.23.115.0/24 TMPFILE=ios.$$.tmp VERBOSE=1 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing environment under apple ios client" function finish { diff --git a/tests/banner b/tests/banner index e43fc7a8..c18b249b 100755 --- a/tests/banner +++ b/tests/banner @@ -23,12 +23,13 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4173 TMPFILE=ocserv-plbanner.$$.tmp PIDFILE=ocserv-pid.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + function finish { set +e echo " * Cleaning up..." diff --git a/tests/cipher-common.sh b/tests/cipher-common.sh index 3f2c7536..fb9e2acb 100755 --- a/tests/cipher-common.sh +++ b/tests/cipher-common.sh @@ -23,7 +23,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4574 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -32,6 +31,8 @@ OUTFILE=traffic.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/common.sh b/tests/common.sh index c97f540d..cd9bc885 100644 --- a/tests/common.sh +++ b/tests/common.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Copyright (C) 2011-2013 Free Software Foundation, Inc. # Copyright 2013 Nikos Mavrogiannopoulos diff --git a/tests/data/multiple-routes.config b/tests/data/multiple-routes.config index 75a5de70..74f37fad 100644 --- a/tests/data/multiple-routes.config +++ b/tests/data/multiple-routes.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4513 -udp-port = 4513 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-cert-opt-pass.config b/tests/data/test-cert-opt-pass.config index 710a059a..4b6d3f67 100644 --- a/tests/data/test-cert-opt-pass.config +++ b/tests/data/test-cert-opt-pass.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4425 -udp-port = 4425 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-cookie-invalidation.config b/tests/data/test-cookie-invalidation.config index 74f05cdf..18c730fc 100644 --- a/tests/data/test-cookie-invalidation.config +++ b/tests/data/test-cookie-invalidation.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4502 -udp-port = 4502 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-cookie-timeout-2.config b/tests/data/test-cookie-timeout-2.config index dc443c39..f82e7a7e 100644 --- a/tests/data/test-cookie-timeout-2.config +++ b/tests/data/test-cookie-timeout-2.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4498 -udp-port = 4498 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-cookie-timeout.config b/tests/data/test-cookie-timeout.config index af01f4bb..f82e7a7e 100644 --- a/tests/data/test-cookie-timeout.config +++ b/tests/data/test-cookie-timeout.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4499 -udp-port = 4499 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-ed25519.config b/tests/data/test-ed25519.config index 5e666182..f60c6240 100644 --- a/tests/data/test-ed25519.config +++ b/tests/data/test-ed25519.config @@ -30,8 +30,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4444 -udp-port = 4444 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-enc-key.config b/tests/data/test-enc-key.config index 0bb0aee6..1a50389b 100644 --- a/tests/data/test-enc-key.config +++ b/tests/data/test-enc-key.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4456 -udp-port = 4456 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-enc-key2.config b/tests/data/test-enc-key2.config index bfb6b694..1be9a5c5 100644 --- a/tests/data/test-enc-key2.config +++ b/tests/data/test-enc-key2.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4456 -udp-port = 4456 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-explicit-ip.config b/tests/data/test-explicit-ip.config index f2247a3f..e2fbcfac 100644 --- a/tests/data/test-explicit-ip.config +++ b/tests/data/test-explicit-ip.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 8446 -udp-port = 8446 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-group-cert.config b/tests/data/test-group-cert.config index d51d09a2..6c6b624a 100644 --- a/tests/data/test-group-cert.config +++ b/tests/data/test-group-cert.config @@ -35,8 +35,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 6550 -udp-port = 6550 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-group-pass.config b/tests/data/test-group-pass.config index 54b75882..389e51ea 100644 --- a/tests/data/test-group-pass.config +++ b/tests/data/test-group-pass.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 6552 -udp-port = 6552 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-gssapi-local-map.config b/tests/data/test-gssapi-local-map.config index a946099a..cb398cc2 100644 --- a/tests/data/test-gssapi-local-map.config +++ b/tests/data/test-gssapi-local-map.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4449 -udp-port = 4449 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-gssapi-opt-cert.config b/tests/data/test-gssapi-opt-cert.config index 679205f4..b3f5ade5 100644 --- a/tests/data/test-gssapi-opt-cert.config +++ b/tests/data/test-gssapi-opt-cert.config @@ -29,8 +29,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4438 -udp-port = 4438 +tcp-port = @PORT@ +udp-port = @PORT@ #listen-clear-file = ./ocserv-gssapi-conn.socket diff --git a/tests/data/test-gssapi-opt-pass.config b/tests/data/test-gssapi-opt-pass.config index be25cabb..1a080c93 100644 --- a/tests/data/test-gssapi-opt-pass.config +++ b/tests/data/test-gssapi-opt-pass.config @@ -29,8 +29,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4439 -udp-port = 4439 +tcp-port = @PORT@ +udp-port = @PORT@ #listen-clear-file = ./ocserv-gssapi-conn.socket diff --git a/tests/data/test-gssapi.config b/tests/data/test-gssapi.config index 77f004b1..916d064f 100644 --- a/tests/data/test-gssapi.config +++ b/tests/data/test-gssapi.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4449 -udp-port = 4449 +tcp-port = @PORT@ +udp-port = @PORT@ #listen-clear-file = ./ocserv-gssapi-conn.socket diff --git a/tests/data/test-iroute.config b/tests/data/test-iroute.config index e06a74f3..87908972 100644 --- a/tests/data/test-iroute.config +++ b/tests/data/test-iroute.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4501 -udp-port = 4501 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-otp-cert.config b/tests/data/test-otp-cert.config index 62f0e60f..ffd8b352 100644 --- a/tests/data/test-otp-cert.config +++ b/tests/data/test-otp-cert.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4479 -udp-port = 4479 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-otp.config b/tests/data/test-otp.config index d7f7c43d..6382fecd 100644 --- a/tests/data/test-otp.config +++ b/tests/data/test-otp.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4489 -udp-port = 4489 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-pam-noauth.config b/tests/data/test-pam-noauth.config index c732471c..a01a8ab5 100644 --- a/tests/data/test-pam-noauth.config +++ b/tests/data/test-pam-noauth.config @@ -30,8 +30,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 6552 -udp-port = 6552 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-pam.config b/tests/data/test-pam.config index 95e20d6d..c5e8b5fa 100644 --- a/tests/data/test-pam.config +++ b/tests/data/test-pam.config @@ -29,8 +29,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 6552 -udp-port = 6552 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-pass-opt-cert.config b/tests/data/test-pass-opt-cert.config index 37d92615..10dc55ac 100644 --- a/tests/data/test-pass-opt-cert.config +++ b/tests/data/test-pass-opt-cert.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 8445 -udp-port = 8445 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-pass-script.config b/tests/data/test-pass-script.config index 5f97f45e..351a5e6e 100644 --- a/tests/data/test-pass-script.config +++ b/tests/data/test-pass-script.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 4 # TCP and UDP port number -tcp-port = 4448 -udp-port = 4448 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-rsa-pss.config b/tests/data/test-rsa-pss.config index bd4ec617..b215bdeb 100644 --- a/tests/data/test-rsa-pss.config +++ b/tests/data/test-rsa-pss.config @@ -30,8 +30,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4444 -udp-port = 4444 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-san-cert.config b/tests/data/test-san-cert.config index c678429a..2c159c4c 100644 --- a/tests/data/test-san-cert.config +++ b/tests/data/test-san-cert.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 443 -udp-port = 443 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-sighup-key-change.config b/tests/data/test-sighup-key-change.config index f0418f41..6b1f04c2 100644 --- a/tests/data/test-sighup-key-change.config +++ b/tests/data/test-sighup-key-change.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4473 -udp-port = 4473 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-stress.config b/tests/data/test-stress.config index 1602e5a5..9f0fbd5b 100644 --- a/tests/data/test-stress.config +++ b/tests/data/test-stress.config @@ -28,8 +28,8 @@ rate-limit-ms = 0 max-same-clients = 5 # TCP and UDP port number -tcp-port = 4450 -udp-port = 4450 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-user-cert.config b/tests/data/test-user-cert.config index 9b9ebfe8..a090ece6 100644 --- a/tests/data/test-user-cert.config +++ b/tests/data/test-user-cert.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4445 -udp-port = 4445 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-user-config.config b/tests/data/test-user-config.config index 9a73fab9..93232c12 100644 --- a/tests/data/test-user-config.config +++ b/tests/data/test-user-config.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4512 -udp-port = 4512 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-user-group-cert-no-pass.config b/tests/data/test-user-group-cert-no-pass.config index 13b489bb..9259c489 100644 --- a/tests/data/test-user-group-cert-no-pass.config +++ b/tests/data/test-user-group-cert-no-pass.config @@ -35,8 +35,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 6555 -udp-port = 6555 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-user-group-cert.config b/tests/data/test-user-group-cert.config index 7999f2d8..c7c51734 100644 --- a/tests/data/test-user-group-cert.config +++ b/tests/data/test-user-group-cert.config @@ -35,8 +35,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 6551 -udp-port = 6551 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test-vhost-pass-cert.config b/tests/data/test-vhost-pass-cert.config index 21bdfcb3..2a1afb3e 100644 --- a/tests/data/test-vhost-pass-cert.config +++ b/tests/data/test-vhost-pass-cert.config @@ -30,8 +30,8 @@ max-ban-score = 0 max-same-clients = 2 # TCP and UDP port number -tcp-port = 443 -udp-port = 443 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/data/test3.config b/tests/data/test3.config index 83eab956..dbd4c583 100644 --- a/tests/data/test3.config +++ b/tests/data/test3.config @@ -28,8 +28,8 @@ max-clients = 16 max-same-clients = 2 # TCP and UDP port number -tcp-port = 4446 -udp-port = 4446 +tcp-port = @PORT@ +udp-port = @PORT@ # Keepalive in seconds keepalive = 32400 diff --git a/tests/disconnect-user b/tests/disconnect-user index f0113d89..67a016ea 100755 --- a/tests/disconnect-user +++ b/tests/disconnect-user @@ -27,7 +27,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4477 TMPFILE=ocfile.$$.tmp PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp @@ -35,6 +34,8 @@ OCCTL_SOCKET=./occtl-$$.socket . `dirname $0`/common.sh +eval "${GETPORT}" + if test "$(id -u)" != "0";then echo "This test must be run as root" exit 77 diff --git a/tests/disconnect-user2 b/tests/disconnect-user2 index cded8a95..ef8c3c12 100755 --- a/tests/disconnect-user2 +++ b/tests/disconnect-user2 @@ -25,7 +25,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4459 TMPFILE=ocfile.$$.tmp PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp @@ -33,6 +32,8 @@ OCCTL_SOCKET=./occtl-$$.socket . `dirname $0`/common.sh +eval "${GETPORT}" + if test "$(id -u)" != "0";then echo "This test must be run as root" exit 77 diff --git a/tests/flowcontrol b/tests/flowcontrol index 67784376..fb60f672 100755 --- a/tests/flowcontrol +++ b/tests/flowcontrol @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Copyright (C) 2020 Microsoft Corp. # @@ -21,11 +21,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4504 PIDFILE=ocserv-pid.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing flow control... " update_config test1.config diff --git a/tests/haproxy-auth b/tests/haproxy-auth index bcfb5c0a..b6537146 100755 --- a/tests/haproxy-auth +++ b/tests/haproxy-auth @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Copyright (C) 2013 Nikos Mavrogiannopoulos # @@ -21,8 +21,6 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4466 -HAPORT=4467 PIDFILE=ocserv-pid.$$.tmp PATH=${PATH}:/usr/sbin HACONFIG=haproxy.conf.$$.tmp @@ -30,6 +28,11 @@ HAPROXY=$(which haproxy) . `dirname $0`/common.sh +eval "${GETPORT}" +HAPORT=${PORT} + +eval "${GETPORT}" + if test -z "${HAPROXY}";then echo "no haproxy present" exit 77 diff --git a/tests/haproxy-connect b/tests/haproxy-connect index 7b0adeba..c42b76c7 100755 --- a/tests/haproxy-connect +++ b/tests/haproxy-connect @@ -20,8 +20,6 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4566 -HAPORT=4567 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp HACONFIG=haproxy.conf.$$.tmp @@ -31,6 +29,11 @@ IP=$(which ip) . `dirname $0`/common.sh +eval "${GETPORT}" +HAPORT=${PORT} + +eval "${GETPORT}" + if test -z "${HAPROXY}";then echo "no haproxy present" exit 77 diff --git a/tests/invalid-configs b/tests/invalid-configs index e696353d..0eafb4b4 100755 --- a/tests/invalid-configs +++ b/tests/invalid-configs @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Copyright (C) 2013 Nikos Mavrogiannopoulos # @@ -21,11 +21,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} PIDFILE=ocserv-pid.$$.tmp -PORT=3492 NO_NEED_ROOT=1 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing whether invalid configurations fail as expected... " # plain + pam (primary) diff --git a/tests/ipv6-iface b/tests/ipv6-iface index 4fd415d9..d5262e5c 100755 --- a/tests/ipv6-iface +++ b/tests/ipv6-iface @@ -20,13 +20,14 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4313 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp IP=$(which ip) . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/json b/tests/json index 1869a6dc..72dd4bf7 100755 --- a/tests/json +++ b/tests/json @@ -21,7 +21,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4568 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -30,6 +29,8 @@ OUTFILE=json.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/kerberos b/tests/kerberos index cdd75e4e..cd41facc 100755 --- a/tests/kerberos +++ b/tests/kerberos @@ -23,13 +23,14 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=443 PIDFILE=ocserv-pid.$$.tmp KRB5PIDFILE=krb5-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin IP=$(which ip) OUTFILE=traffic.$$.tmp +# This port needs to be fixed to 443 due to KKDCP +PORT=443 USERNAME=krb5user USERPASS=krb5user123 diff --git a/tests/lz4-compression b/tests/lz4-compression index 6ae6be7c..76478cf9 100755 --- a/tests/lz4-compression +++ b/tests/lz4-compression @@ -23,7 +23,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4568 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -32,6 +31,8 @@ OUTFILE=traffic.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/lzs-compression b/tests/lzs-compression index 1420dfb7..c485df2a 100755 --- a/tests/lzs-compression +++ b/tests/lzs-compression @@ -23,7 +23,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4568 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -32,6 +31,8 @@ OUTFILE=traffic.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/multiple-routes b/tests/multiple-routes index 5195972b..b6cc0c58 100755 --- a/tests/multiple-routes +++ b/tests/multiple-routes @@ -20,19 +20,21 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4513 # Test whether more than 128 routes can be read from a config file. . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv and user route application... " TMPFILE1=multiple-routes.$$.tmp rm -f ${TMPFILE1} -launch_simple_server -d 1 -f -c "${srcdir}/data/multiple-routes.config" +update_config multiple-routes.config +launch_simple_server -d 1 -f -c "${CONFIG}" PID=$! wait_server $PID @@ -57,7 +59,7 @@ fi echo ok -rm -f ${TMPFILE1} +rm -f ${TMPFILE1} ${CONFIG} kill $PID wait diff --git a/tests/no-route-default b/tests/no-route-default index de713425..0c6f4f20 100755 --- a/tests/no-route-default +++ b/tests/no-route-default @@ -20,11 +20,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=5743 TMPFILE=$(mktemp) . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing whether exclude routes are being sent (with route=default)... " function finish { diff --git a/tests/no-route-group b/tests/no-route-group index 2775aefc..59ec2f0f 100755 --- a/tests/no-route-group +++ b/tests/no-route-group @@ -20,11 +20,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=5744 TMPFILE=$(mktemp) . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing whether group exclude routes are being sent (with route=default)... " function finish { diff --git a/tests/radius b/tests/radius index 2746faa3..b7ba3ab2 100755 --- a/tests/radius +++ b/tests/radius @@ -23,7 +23,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4569 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -38,6 +37,8 @@ fi . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/radius-config b/tests/radius-config index fcd2012c..8597b626 100755 --- a/tests/radius-config +++ b/tests/radius-config @@ -23,7 +23,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4569 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -38,6 +37,8 @@ fi . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/radius-group b/tests/radius-group index 3cc47584..77a3f720 100755 --- a/tests/radius-group +++ b/tests/radius-group @@ -23,7 +23,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4569 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -38,6 +37,8 @@ fi . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/radius-otp b/tests/radius-otp index fc6aae76..bd99a204 100755 --- a/tests/radius-otp +++ b/tests/radius-otp @@ -24,7 +24,6 @@ PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}" OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4569 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -39,6 +38,8 @@ fi . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/server-cert-ed25519 b/tests/server-cert-ed25519 index 1175ed5f..39314911 100755 --- a/tests/server-cert-ed25519 +++ b/tests/server-cert-ed25519 @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Copyright (C) 2017 Red Hat, Inc. # @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4444 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing server cert with ed25519... " update_config test-ed25519.config diff --git a/tests/server-cert-rsa-pss b/tests/server-cert-rsa-pss index be3d098e..ce071539 100755 --- a/tests/server-cert-rsa-pss +++ b/tests/server-cert-rsa-pss @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Copyright (C) 2017 Red Hat, Inc. # @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4444 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing server cert with RSA-PSS... " update_config test-rsa-pss.config diff --git a/tests/test-append-routes b/tests/test-append-routes index b87c3604..be71d228 100755 --- a/tests/test-append-routes +++ b/tests/test-append-routes @@ -20,24 +20,23 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4612 # Test whether append-routes behaves as expected. . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv and user append-route application... " -CONFFILE=${srcdir}/test-append-routes-conf.tmp TMPFILE1=${srcdir}/test-append-routes.tmp rm -f ${TMPFILE1} -cp ${srcdir}/data/test-user-config.config ${CONFFILE} -echo "append-routes = true" >> ${CONFFILE} -sed -i 's/= 4512/= 4612/g' ${CONFFILE} +update_config test-user-config.config +echo "append-routes = true" >> ${CONFIG} -launch_server -d 1 -f -c ${CONFFILE} & PID=$! +launch_server -d 1 -f -c ${CONFIG} & PID=$! wait_server $PID echo "Checking if routes are appended... " @@ -68,7 +67,7 @@ fi echo ok rm -f ${TMPFILE1} -rm -f ${CONFFILE} +rm -f ${CONFIG} kill $PID wait diff --git a/tests/test-ban b/tests/test-ban index ad769073..eb6a8748 100755 --- a/tests/test-ban +++ b/tests/test-ban @@ -21,7 +21,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4497 OCCTL_SOCKET=./occtl-ban-$$.socket PIDFILE=ocserv-pid.$$.tmp OUTFILE=ban.$$.tmp @@ -36,6 +35,8 @@ VPNADDR6=fc39:d561:62c6:861b:9f38:9734:9fa1:0 . `dirname $0`/common.sh . `dirname $0`/ns.sh +eval "${GETPORT}" + update_config test-ban.config if test "$VERBOSE" = 1;then DEBUG="-d 3" diff --git a/tests/test-cert b/tests/test-cert index 34780d15..41362aa2 100755 --- a/tests/test-cert +++ b/tests/test-cert @@ -21,13 +21,14 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4446 CRLNAME=crl.pem.$$.tmp CRLTMPLNAME=crl.tmpl.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv with certificates... " rm -f "${CRLNAME}" "${CRLTMPLNAME}" diff --git a/tests/test-cert-opt-pass b/tests/test-cert-opt-pass index 3e69bf21..18893d32 100755 --- a/tests/test-cert-opt-pass +++ b/tests/test-cert-opt-pass @@ -20,11 +20,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4425 OUTFILE=test-cert-opt-pass.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with certificate and optional username-password... " connect() diff --git a/tests/test-config-per-group b/tests/test-config-per-group index ef1ee6c5..4a8bd60b 100755 --- a/tests/test-config-per-group +++ b/tests/test-config-per-group @@ -23,7 +23,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=8447 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -32,6 +31,8 @@ OUTFILE=traffic.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 diff --git a/tests/test-cookie-invalidation b/tests/test-cookie-invalidation index 92808bff..5f77afa3 100755 --- a/tests/test-cookie-invalidation +++ b/tests/test-cookie-invalidation @@ -20,16 +20,18 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4502 . `dirname $0`/common.sh +eval "${GETPORT}" + PIDFILE1="${srcdir}/ci$$-1.pid.tmp" PIDFILE2="${srcdir}/ci$$-2.pid.tmp" echo "Testing whether cookies are being correctly invalidated... " rm -f "${PIDFILE1}" "${PIDFILE2}" -launch_server -d 1 -f -c ${srcdir}/data/test-cookie-invalidation.config & PID=$! +update_config test-cookie-invalidation.config +launch_server -d 1 -f -c ${CONFIG} & PID=$! wait_server $PID echo "Connecting to obtain cookie... " @@ -91,6 +93,7 @@ if [ -f "${PIDFILE2}" ];then fi rm -f "${PIDFILE1}" "${PIDFILE2}" +rm -f ${CONFIG} kill $PID wait diff --git a/tests/test-cookie-timeout b/tests/test-cookie-timeout index a86558b7..08081b27 100755 --- a/tests/test-cookie-timeout +++ b/tests/test-cookie-timeout @@ -20,15 +20,17 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4499 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing whether cookies will expire as expected... " PIDFILE="${srcdir}/ct$$.pid.tmp" -launch_server -d 1 -f -c ${srcdir}/data/test-cookie-timeout.config & PID=$! +update_config test-cookie-timeout.config +launch_server -d 1 -f -c ${CONFIG} & PID=$! wait_server $PID echo "Connecting to obtain cookie... " @@ -111,6 +113,6 @@ fi kill $PID wait -rm -f "${PIDFILE}" +rm -f "${PIDFILE}" ${CONFIG} exit 0 diff --git a/tests/test-cookie-timeout-2 b/tests/test-cookie-timeout-2 index c42ec0fe..fbeba81f 100755 --- a/tests/test-cookie-timeout-2 +++ b/tests/test-cookie-timeout-2 @@ -20,14 +20,16 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4498 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing whether cookies will remain valid during the session time... " rm -f ${srcdir}/pid.$$ -launch_server -d 1 -f -c ${srcdir}/data/test-cookie-timeout-2.config & PID=$! +update_config test-cookie-timeout-2.config +launch_server -d 1 -f -c ${CONFIG} & PID=$! wait_server $PID echo "Connecting to obtain cookie... " @@ -73,6 +75,6 @@ kill $PID wait rm -f ${srcdir}/pid.$$ -rm -f ${srcdir}/pid2.$$ +rm -f ${srcdir}/pid2.$$ ${CONFIG} exit 0 diff --git a/tests/test-enc-key b/tests/test-enc-key index 3bbe4cb3..0ca6249c 100755 --- a/tests/test-enc-key +++ b/tests/test-enc-key @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4456 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with encrypted PKCS #8 key file... " update_config test-enc-key.config diff --git a/tests/test-explicit-ip b/tests/test-explicit-ip index b347c9d8..bfd1a9df 100755 --- a/tests/test-explicit-ip +++ b/tests/test-explicit-ip @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} TMPFILE=${srcdir}/outfile.$$ -PORT=8446 . `dirname $0`/common.sh +eval "${GETPORT}" + connect() { opts=$1 @@ -54,7 +55,8 @@ return 0 echo "Testing local backend with username-password and explicit IP addresses... " -launch_server -d 1 -f -c "${srcdir}/data/test-explicit-ip.config" & PID=$! +update_config test-explicit-ip.config +launch_server -d 1 -f -c "${CONFIG}" & PID=$! wait_server $PID echo -n "Connecting with an illegal address assigned... " diff --git a/tests/test-fork b/tests/test-fork index e027e138..2a0c5d63 100755 --- a/tests/test-fork +++ b/tests/test-fork @@ -20,11 +20,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4432 PIDFILE=ocserv-pid.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing operation when run on background..." update_config test1.config diff --git a/tests/test-get-cert b/tests/test-get-cert index 5f1eb007..1097a1e8 100755 --- a/tests/test-get-cert +++ b/tests/test-get-cert @@ -21,13 +21,14 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4445 TMPFILE=getcert.$$.tmp TMPFILE2=getcert2.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv certificate GET handlers... " update_config test-user-cert.config diff --git a/tests/test-group-cert b/tests/test-group-cert index 673b9a6e..a86a6898 100755 --- a/tests/test-group-cert +++ b/tests/test-group-cert @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=6550 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with certificate... " launch_sr_server -d 1 -f -c data/test-group-cert.config & PID=$! diff --git a/tests/test-group-name b/tests/test-group-name index 739dc05d..5da7ece5 100755 --- a/tests/test-group-name +++ b/tests/test-group-name @@ -21,7 +21,6 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=443 HEAD=$(mktemp) POST=$(mktemp) COOKIES=$(mktemp) @@ -29,6 +28,8 @@ OUTFILE=$(mktemp) . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing whether group labels are translated to groups... " # This is a necessary condition for some anyconnect clients @@ -47,7 +48,7 @@ launch_simple_sr_server -d 1 -f -c ${CONFIG} PID=$! wait_server $PID -TARGET=https://$ADDRESS +TARGET=https://$ADDRESS:$PORT cat >$HEAD <<_EOF Accept-Encoding:identity diff --git a/tests/test-group-pass b/tests/test-group-pass index a4f14e88..1530f43b 100755 --- a/tests/test-group-pass +++ b/tests/test-group-pass @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=6552 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with username-group-password... " update_config test-group-pass.config diff --git a/tests/test-gssapi b/tests/test-gssapi index 1996ec6f..9e8b1cd7 100755 --- a/tests/test-gssapi +++ b/tests/test-gssapi @@ -22,7 +22,6 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} builddir=${builddir:-.} NO_NEED_ROOT=1 -PORT=4449 NTLMSSP_CONF="" for conf in /etc/gss/mech.d/mech.ntlmssp.conf /etc/gss/mech.d/ntlmssp.conf;do @@ -45,6 +44,8 @@ fi . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with gssapi... " export NTLM_USER_FILE=${builddir}/ntlm.pass diff --git a/tests/test-gssapi-opt-cert b/tests/test-gssapi-opt-cert index 40be5e82..0ef2d55b 100755 --- a/tests/test-gssapi-opt-cert +++ b/tests/test-gssapi-opt-cert @@ -21,7 +21,6 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} builddir=${builddir:-.} NO_NEED_ROOT=1 -PORT=4438 OUTFILE=test-gssapi-opt-pass.$$.tmp connect() @@ -68,6 +67,8 @@ fi . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with gssapi and password fallback... " VERBOSE=1 diff --git a/tests/test-gssapi-opt-pass b/tests/test-gssapi-opt-pass index 79e19950..8999d308 100755 --- a/tests/test-gssapi-opt-pass +++ b/tests/test-gssapi-opt-pass @@ -21,7 +21,6 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} builddir=${builddir:-.} NO_NEED_ROOT=1 -PORT=4439 OUTFILE=test-gssapi-opt-pass.$$.tmp connect() @@ -68,6 +67,8 @@ fi . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with gssapi and password fallback... " VERBOSE=1 diff --git a/tests/test-iroute b/tests/test-iroute index cdd99d2c..d7b5f528 100755 --- a/tests/test-iroute +++ b/tests/test-iroute @@ -20,15 +20,17 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4501 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv and user route application... " rm -f ${srcdir}/test-iroute.tmp -launch_server -d 1 -f -c "${srcdir}/data/test-iroute.config" & PID=$! +update_config test-iroute.config +launch_server -d 1 -f -c "${CONFIG}" & PID=$! wait_server $PID echo -n "Connecting to obtain cookie (with certificate)... " @@ -60,7 +62,7 @@ fi echo ok -rm -f ${srcdir}/test-iroute.tmp +rm -f ${srcdir}/test-iroute.tmp ${CONFIG} kill $PID wait diff --git a/tests/test-maintenance b/tests/test-maintenance index e06c9cef..208a30bc 100755 --- a/tests/test-maintenance +++ b/tests/test-maintenance @@ -20,10 +20,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4434 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv and SIGUSR2/forced maintenance behavior... " update_config test-sighup.config diff --git a/tests/test-max-same-1 b/tests/test-max-same-1 index daa7e7ae..51464837 100755 --- a/tests/test-max-same-1 +++ b/tests/test-max-same-1 @@ -20,10 +20,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4516 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing whether max-same-clients=1 allows cookie re-use... " PIDFILE1="${srcdir}/ci$$-1.pid.tmp" diff --git a/tests/test-multi-cookie b/tests/test-multi-cookie index 01f08253..83c9cb57 100755 --- a/tests/test-multi-cookie +++ b/tests/test-multi-cookie @@ -20,10 +20,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4500 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing whether cookies are being re-used... " PIDFILE1="${srcdir}/ci$$-1.pid.tmp" diff --git a/tests/test-namespace-listen b/tests/test-namespace-listen index 19ee5f46..f21cd380 100755 --- a/tests/test-namespace-listen +++ b/tests/test-namespace-listen @@ -18,7 +18,6 @@ SERV="${SERV:-../src/ocserv}" PIDFILE=ocserv-pid.$$.tmp srcdir=${srcdir:-.} -PORT=4498 LISTEN_NS="ocserv-listen-ns-tmp-$$" OUTFILE=lsof.$$.tmp SS=$(which ss) @@ -42,6 +41,8 @@ trap finish EXIT . `dirname $0`/common.sh . `dirname $0`/ns.sh +eval "${GETPORT}" + update_config test-namespace-listen.config if test "$VERBOSE" = 1;then DEBUG="-d 3" diff --git a/tests/test-oidc b/tests/test-oidc index 3daa404b..de917ba6 100755 --- a/tests/test-oidc +++ b/tests/test-oidc @@ -21,12 +21,13 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4503 PIDFILE=ocserv-pid.$$.tmp OCCTL_SOCKET=./occtl-oidc-$$.socket . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with oidc token auth... " update_config test-oidc-auth.config diff --git a/tests/test-otp b/tests/test-otp index d34b44bd..5209b0af 100755 --- a/tests/test-otp +++ b/tests/test-otp @@ -22,11 +22,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4489 OTP_FILE=test-otp.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with username-password-otp and certificate... " $SERV --version 2>&1|grep oath >/dev/null 2>&1 diff --git a/tests/test-otp-cert b/tests/test-otp-cert index 64be7afd..c8dc12c1 100755 --- a/tests/test-otp-cert +++ b/tests/test-otp-cert @@ -22,11 +22,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4479 OTP_FILE=test-otp-users.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with username-password-otp and certificate... " #user 'test' has cert, password + OTP diff --git a/tests/test-pam b/tests/test-pam index f4026793..8ec787a7 100755 --- a/tests/test-pam +++ b/tests/test-pam @@ -21,12 +21,13 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=6552 VERBOSE=1 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing PAM backend with username-password... " export TEST_PAMDIR=data/pam diff --git a/tests/test-pam-noauth b/tests/test-pam-noauth index e261211f..dc8dd3de 100755 --- a/tests/test-pam-noauth +++ b/tests/test-pam-noauth @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=6552 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing PAM acct backend with username-password... " export TEST_PAMDIR=data/pam-single diff --git a/tests/test-pass b/tests/test-pass index 3130fba4..9d5484ae 100755 --- a/tests/test-pass +++ b/tests/test-pass @@ -21,11 +21,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4444 PIDFILE=ocserv-pid.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with username-password... " update_config test1.config diff --git a/tests/test-pass-cert b/tests/test-pass-cert index ab221776..80507886 100755 --- a/tests/test-pass-cert +++ b/tests/test-pass-cert @@ -21,11 +21,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4445 ISOLATE_WORKERS=false . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with username-password and certificate... " update_config test-user-cert.config diff --git a/tests/test-pass-group-cert b/tests/test-pass-group-cert index 9282d6c8..ff649933 100755 --- a/tests/test-pass-group-cert +++ b/tests/test-pass-group-cert @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=6551 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with username-password and certificate... " update_config test-user-group-cert.config diff --git a/tests/test-pass-group-cert-no-pass b/tests/test-pass-group-cert-no-pass index 3043a3ff..bc39b459 100755 --- a/tests/test-pass-group-cert-no-pass +++ b/tests/test-pass-group-cert-no-pass @@ -21,10 +21,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=6555 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with username-password and certificate... " update_config test-user-group-cert-no-pass.config diff --git a/tests/test-pass-opt-cert b/tests/test-pass-opt-cert index 86d20e69..ac9adc1f 100755 --- a/tests/test-pass-opt-cert +++ b/tests/test-pass-opt-cert @@ -22,11 +22,12 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} TMPFILE=${srcdir}/outfile.$$.tmp NO_NEED_ROOT=1 -PORT=8445 PIDFILE=ocserv-pid.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing local backend with username-password and optional certificate... " update_config test-pass-opt-cert.config diff --git a/tests/test-pass-script b/tests/test-pass-script index 6be97528..89a40946 100755 --- a/tests/test-pass-script +++ b/tests/test-pass-script @@ -21,13 +21,14 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} builddir=${builddir:-.} -PORT=4448 OPIDFILE=pass-script.$$.tmp OPIDFILE2=pass-script2.$$.tmp PARAMSFILE=pass-script.params.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing connect and disconnect script behavior" rm -f ${OPIDFILE} @@ -61,7 +62,8 @@ fi echo " * Testing local backend with username-password... " -launch_server -d 1 -f -c "${srcdir}/data/test-pass-script.config" & PID=$! +update_config test-pass-script.config +launch_server -d 1 -f -c "${CONFIG}" & PID=$! wait_server $PID echo " * Connecting to obtain cookie with wrong username... " @@ -213,4 +215,6 @@ wait echo "Script tests were successful" +rm -f ${CONFIG} + exit 0 diff --git a/tests/test-san-cert b/tests/test-san-cert index c6a96a5c..a5040ae8 100755 --- a/tests/test-san-cert +++ b/tests/test-san-cert @@ -27,6 +27,8 @@ CRLTMPLNAME=crl.tmpl.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv with certificates... " rm -f "${CRLNAME}" "${CRLTMPLNAME}" @@ -47,25 +49,25 @@ PID=$! wait_server $PID echo -n "Connecting to obtain cookie (without certificate)... " -( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) && +( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) && fail $PID "Connected without certificate!" echo "ok (failed as expected)" echo -n "Connecting to obtain cookie (with invalid certificate)... " -( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) && +( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) && fail $PID "Connected with invalid certificate!" echo "ok (failed as expected)" echo -n "Connecting to obtain cookie (with certificate - no SAN)... " -( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) && +( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) && fail $PID "Connected with invalid certificate!" echo "ok (failed as expected)" echo -n "Connecting to obtain cookie (with certificate - SAN)... " -( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-san-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) || +( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-san-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) || fail $PID "Failed to connect with certificate!" echo ok diff --git a/tests/test-script-multi-user b/tests/test-script-multi-user index a5e86ba2..9c639117 100755 --- a/tests/test-script-multi-user +++ b/tests/test-script-multi-user @@ -22,7 +22,6 @@ SERV="${SERV:-../src/ocserv}" OCCTL="${OCCTL:-../src/occtl/occtl}" srcdir=${srcdir:-.} builddir=${builddir:-.} -PORT=4472 PIDFILE=ocserv-pid.$$.tmp VPNNET=172.29.205.0/24 OUTFILE=out.$$.tmp @@ -30,6 +29,8 @@ USERNAME=test . `dirname $0`/common.sh +eval "${GETPORT}" + if test "${DISABLE_ASAN_BROKEN_TESTS}" = 1;then echo "Skipping test requiring ldpreload" exit 77 diff --git a/tests/test-sighup b/tests/test-sighup index cbcaafa1..add538f6 100755 --- a/tests/test-sighup +++ b/tests/test-sighup @@ -20,10 +20,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4441 . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv and SIGHUP behavior... " update_config test-sighup.config diff --git a/tests/test-sighup-key-change b/tests/test-sighup-key-change index 42163da5..675c11f3 100755 --- a/tests/test-sighup-key-change +++ b/tests/test-sighup-key-change @@ -21,13 +21,14 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} NO_NEED_ROOT=1 -PORT=4473 TEMPLATE=temp-key.$$.tmpl.tmp SERVER_CERT=server-cert-temp.pem.tmp SERVER_KEY=server-key-temp.pem.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv and SIGHUP behavior on server key change... " cat <<_EOF_>"${TEMPLATE}" diff --git a/tests/test-stress b/tests/test-stress index cad699a2..3816604f 100755 --- a/tests/test-stress +++ b/tests/test-stress @@ -20,10 +20,11 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4450 . `dirname $0`/common.sh +eval "${GETPORT}" + run_client() { HOST=$1; shift; diff --git a/tests/test-udp-listen-host b/tests/test-udp-listen-host index 574bf666..f3e66232 100755 --- a/tests/test-udp-listen-host +++ b/tests/test-udp-listen-host @@ -24,8 +24,6 @@ CLIPID="${srcdir:-.}/ci$$-1.pid.tmp" CLIPID2="${srcdir:-.}/ci$$-2.pid.tmp" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4166 -HAPORT=4167 PIDFILE=ocserv-pid.$$.tmp CONFIG_UDP_LISTEN_LOCAL=ocserv_udp_listen_local.conf.$$.tmp HACONFIG=haproxy.conf.$$.tmp @@ -35,6 +33,10 @@ IP=$(command -v ip) . "$(dirname "$0")/common.sh" +eval "${GETPORT}" +HAPORT=${PORT} +eval "${GETPORT}" + if test -z "${HAPROXY}";then echo "no haproxy present" exit 77 diff --git a/tests/test-user-config b/tests/test-user-config index bbe7ccff..21df4531 100755 --- a/tests/test-user-config +++ b/tests/test-user-config @@ -20,13 +20,14 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4512 # Test whether DPD, keepalive per user are actually set, and whether # the expose-iroutes option has an effect to other users. . `dirname $0`/common.sh +eval "${GETPORT}" + echo "Testing ocserv and user route application... " TMPFILE1=${srcdir}/test-user-config.tmp @@ -35,7 +36,8 @@ TMPFILE2=${srcdir}/test-user-config-2.tmp rm -f ${TMPFILE1} rm -f ${TMPFILE2} -launch_simple_server -d 1 -f -c "${srcdir}/data/test-user-config.config" +update_config test-user-config.config +launch_simple_server -d 1 -f -c "${CONFIG}" PID=$! wait_server $PID @@ -182,7 +184,7 @@ echo ok kill $kpid3 -rm -f ${TMPFILE1} +rm -f ${TMPFILE1} ${CONFIG} rm -f ${TMPFILE2} kill $PID wait diff --git a/tests/test-vhost b/tests/test-vhost index 0101f1f1..902f0112 100755 --- a/tests/test-vhost +++ b/tests/test-vhost @@ -20,7 +20,6 @@ PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=443 NO_NEED_ROOT=1 TMPFILE=pid.$$.tmp @@ -28,6 +27,8 @@ VERBOSE=1 . `dirname $0`/common.sh +eval "${GETPORT}" + connect() { vhost=$1:$PORT diff --git a/tests/traffic b/tests/traffic index 7a0d4fb6..3ea962f9 100755 --- a/tests/traffic +++ b/tests/traffic @@ -21,7 +21,6 @@ OCCTL="${OCCTL:-../src/occtl/occtl}" SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} -PORT=4568 PIDFILE=ocserv-pid.$$.tmp CLIPID=oc-pid.$$.tmp PATH=${PATH}:/usr/sbin @@ -30,6 +29,8 @@ OUTFILE=traffic.$$.tmp . `dirname $0`/common.sh +eval "${GETPORT}" + if test -z "${IP}";then echo "no IP tool is present" exit 77 From d84272ffed60a4394353ede1c31d00f049b34480 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 9 Aug 2020 12:57:23 +0200 Subject: [PATCH 3/3] tests: added test for ping-leases Resolves: #340 Signed-off-by: Nikos Mavrogiannopoulos --- tests/Makefile.am | 5 +- tests/data/ping-leases.config | 178 ++++++++++++++++++++++++++++++++++ tests/ping-leases | 68 +++++++++++++ 3 files changed, 249 insertions(+), 2 deletions(-) create mode 100644 tests/data/ping-leases.config create mode 100755 tests/ping-leases diff --git a/tests/Makefile.am b/tests/Makefile.am index e5400879..37122ecf 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -41,7 +41,7 @@ EXTRA_DIST = certs/ca-key.pem certs/ca.pem ns.sh common.sh certs/server-cert.pem data/kdc.conf data/krb5.conf data/k5.KERBEROS.TEST data/kadm5.acl \ data/ipv6-iface.config data/no-route-default.config data/no-route-group.config \ data/group-config/group1 data/test-namespace-listen.config data/disconnect-user.config \ - data/disconnect-user2.config + data/disconnect-user2.config data/ping-leases.config SUBDIRS = docker-ocserv @@ -66,7 +66,8 @@ dist_check_SCRIPTS += haproxy-connect test-iroute test-multi-cookie test-pass-sc test-cookie-timeout test-cookie-timeout-2 test-explicit-ip \ test-cookie-invalidation test-user-config test-append-routes test-ban \ multiple-routes json test-udp-listen-host test-max-same-1 test-script-multi-user \ - apple-ios ipv6-iface test-namespace-listen disconnect-user disconnect-user2 + apple-ios ipv6-iface test-namespace-listen disconnect-user disconnect-user2 \ + ping-leases if RADIUS_ENABLED dist_check_SCRIPTS += radius-group radius-otp diff --git a/tests/data/ping-leases.config b/tests/data/ping-leases.config new file mode 100644 index 00000000..cfb9c3a9 --- /dev/null +++ b/tests/data/ping-leases.config @@ -0,0 +1,178 @@ +# User authentication method. Could be set multiple times and in that case +# all should succeed. +# Options: certificate, pam. +#auth = "certificate" +auth = "plain[@SRCDIR@/data/test1.passwd]" +#auth = "pam" + +isolate-workers = @ISOLATE_WORKERS@ + +max-ban-score = 0 + +# A banner to be displayed on clients +#banner = "Welcome" + +pre-login-banner = "AN UNPREDICTABLE BANNER" + +# Use listen-host to limit to specific IPs or to the IPs of a provided hostname. +#listen-host = [IP|HOSTNAME] + +use-dbus = no + +# Limit the number of clients. Unset or set to zero for unlimited. +#max-clients = 1024 +max-clients = 16 + +# Limit the number of client connections to one every X milliseconds +# (X is the provided value). Set to zero for no limit. +#rate-limit-ms = 100 + +# Limit the number of identical clients (i.e., users connecting multiple times) +# Unset or set to zero for unlimited. +max-same-clients = 2 + +# TCP and UDP port number +tcp-port = @PORT@ +udp-port = @PORT@ + +# Keepalive in seconds +keepalive = 32400 + +# Dead peer detection in seconds +dpd = 440 + +# MTU discovery (DPD must be enabled) +try-mtu-discovery = false + +# The key and the certificates of the server +# The key may be a file, or any URL supported by GnuTLS (e.g., +# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user +# or pkcs11:object=my-vpn-key;object-type=private) +# +# There may be multiple certificate and key pairs and each key +# should correspond to the preceding certificate. +server-cert = @SRCDIR@/certs/server-cert.pem +server-key = @SRCDIR@/certs/server-key.pem + +# Diffie-Hellman parameters. Only needed if you require support +# for the DHE ciphersuites (by default this server supports ECDHE). +# Can be generated using: +# certtool --generate-dh-params --outfile /path/to/dh.pem +#dh-params = /path/to/dh.pem + +# If you have a certificate from a CA that provides an OCSP +# service you may provide a fresh OCSP status response within +# the TLS handshake. That will prevent the client from connecting +# independently on the OCSP server. +# You can update this response periodically using: +# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response +# Make sure that you replace the following file in an atomic way. +#ocsp-response = /path/to/ocsp.der + +# In case PKCS #11 or TPM keys are used the PINs should be available +# in files. The srk-pin-file is applicable to TPM keys only (It's the storage +# root key). +#pin-file = /path/to/pin.txt +#srk-pin-file = /path/to/srkpin.txt + +# The Certificate Authority that will be used +# to verify clients if certificate authentication +# is set. +#ca-cert = /path/to/ca.pem + +# The object identifier that will be used to read the user ID in the client certificate. +# The object identifier should be part of the certificate's DN +# Useful OIDs are: +# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1 +#cert-user-oid = 0.9.2342.19200300.100.1.1 + +# The object identifier that will be used to read the user group in the client +# certificate. The object identifier should be part of the certificate's DN +# Useful OIDs are: +# OU (organizational unit) = 2.5.4.11 +#cert-group-oid = 2.5.4.11 + +# A revocation list of ca-cert is set +#crl = /path/to/crl.pem + +# GnuTLS priority string +tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT" + +# To enforce perfect forward secrecy (PFS) on the main channel. +#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA" + +# The time (in seconds) that a client is allowed to stay connected prior +# to authentication +auth-timeout = 40 + +# The time (in seconds) that a client is not allowed to reconnect after +# a failed authentication attempt. +#min-reauth-time = 2 + +# Script to call when a client connects and obtains an IP +# Parameters are passed on the environment. +# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client), +# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP +# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON +# may be "connect" or "disconnect". +#connect-script = /usr/bin/myscript +#disconnect-script = /usr/bin/myscript + +# The default server directory. Does not require any devices present. +#chroot-dir = /path/to/chroot + +# socket file used for IPC, will be appended with .PID +# It must be accessible within the chroot environment (if any) +socket-file = ./ocserv-socket + +# The user the worker processes will be run as. It should be +# unique (no other services run as this user). +run-as-user = @USERNAME@ +run-as-group = @GROUP@ + +# Network settings + +device = vpns + +# The default domain to be advertised +default-domain = example.com + +ipv4-network = 192.168.1.0 +ipv4-netmask = 255.255.255.0 +# Use the keywork local to advertize the local P-t-P address as DNS server +ipv4-dns = 192.168.1.1 + +# The NBNS server (if any) +#ipv4-nbns = 192.168.2.3 + +#ipv6-address = +#ipv6-mask = +#ipv6-dns = + +# Prior to leasing any IP from the pool ping it to verify that +# it is not in use by another (unrelated to this server) host. +ping-leases = true + +# Leave empty to assign the default MTU of the device +# mtu = + +route = 192.168.1.0/255.255.255.0 +#route = 192.168.5.0/255.255.255.0 + +# +# The following options are for (experimental) AnyConnect client +# compatibility. They are only available if the server is built +# with --enable-anyconnect +# + +# Client profile xml. A sample file exists in doc/profile.xml. +# This file must be accessible from inside the worker's chroot. +# The profile is ignored by the openconnect client. +#user-profile = profile.xml + +# Unless set to false it is required for clients to present their +# certificate even if they are authenticating via a previously granted +# cookie. Legacy CISCO clients do not do that, and thus this option +# should be set for them. +#always-require-cert = false + diff --git a/tests/ping-leases b/tests/ping-leases new file mode 100755 index 00000000..d97012e2 --- /dev/null +++ b/tests/ping-leases @@ -0,0 +1,68 @@ +#!/bin/bash +# +# Copyright (C) 2020 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +SERV="${SERV:-../src/ocserv}" +srcdir=${srcdir:-.} +PIDFILE=ocserv-pid.$$.tmp +OPIDFILE=oc-pid.$$.tmp +VERBOSE=1 + +. `dirname $0`/common.sh + +eval "${GETPORT}" + +echo "Testing connection with ping-leases=true..." + +function finish { + echo " * Cleaning up..." + test -f ${OPIDFILE} && kill $(cat ${OPIDFILE}) >/dev/null 2>&1 + test -f ${PIDFILE} && kill $(cat ${PIDFILE}) >/dev/null 2>&1 + rm -f ${OPIDFILE} + rm -f ${CONFIG} +} +trap finish EXIT + +update_config ping-leases.config +launch_simple_server -d 1 -p ${PIDFILE} --no-chdir -c ${CONFIG} + +sleep 3 + +PID=$(cat ${PIDFILE}) +if test -z "${PID}";then + echo "server did not start" + exit 1 +fi + +echo "Server started with PID $PID..." + +echo "Connecting to obtain cookie..." +( echo "test" | $OPENCONNECT -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) || + fail $PID "Could not receive cookie from server" + + +echo "Connecting to ping lease..." +echo "test" | timeout 10 $OPENCONNECT localhost:$PORT -u "test" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true + +if test $? != 124;then + fail $PID "Could not connect to server" +fi + +cleanup + +exit 0