From d852195e64d3f779bef2cc403f7f7203720ed925 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 7 Feb 2020 17:12:38 +0100 Subject: [PATCH] tests: reproduce #231 This modifies test-pass-script to force a DPD timeout to verify whether ${IP_REMOTE} is set on the disconnect script. Signed-off-by: Nikos Mavrogiannopoulos --- tests/connect-script | 18 +++-- tests/data/test-pass-script.config | 6 +- tests/test-pass-script | 108 +++++++++++++++++++++++++---- 3 files changed, 109 insertions(+), 23 deletions(-) diff --git a/tests/connect-script b/tests/connect-script index 92d34cd3..b3b246be 100755 --- a/tests/connect-script +++ b/tests/connect-script @@ -2,28 +2,32 @@ #echo $USERNAME : $REASON : $DEVICE +env >/tmp/out.$REASON.tmp + +if test -z "${IP_REMOTE}";then + echo "Remote IP environment variable was not set" + exit 1 +fi + case "$REASON" in connect) test "${OCSERV_DNS}" = "192.168.1.1 192.168.5.1 " && \ test "${OCSERV_DNS4}" = "192.168.1.1 192.168.5.1 " && \ test "${OCSERV_ROUTES}" = "192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0 " && \ test "${OCSERV_ROUTES4}" = "192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0 " && \ - echo > connect.ok + echo "${IP_REMOTE}" > connect.ok ;; disconnect) - if ! test -z "$DEVICE";then - #ifconfig $DEVICE - #if test "$?" = "0";then + if ! test -z "$DEVICE";then test "${OCSERV_DNS}" = "192.168.1.1 192.168.5.1 " && \ test "${OCSERV_DNS4}" = "192.168.1.1 192.168.5.1 " && \ test "${OCSERV_ROUTES}" = "192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0 " && \ test "${OCSERV_ROUTES4}" = "192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0 " && \ - echo > disconnect.ok - #fi + echo "${IP_REMOTE}" > disconnect.ok fi ;; "host-update") - echo > host-update.ok + echo > host-update.ok ;; esac diff --git a/tests/data/test-pass-script.config b/tests/data/test-pass-script.config index b7d44653..af0b104f 100644 --- a/tests/data/test-pass-script.config +++ b/tests/data/test-pass-script.config @@ -35,7 +35,7 @@ udp-port = 4448 keepalive = 32400 # Dead peer detection in seconds -dpd = 440 +dpd = 5 # MTU discovery (DPD must be enabled) try-mtu-discovery = false @@ -101,6 +101,10 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT" # to authentication auth-timeout = 40 +# The time (in seconds) that a client is allowed to stay idle (no traffic) +# before being disconnected. Unset to disable. +#idle-timeout = 5 + # The time (in seconds) that a client is not allowed to reconnect after # a failed authentication attempt. #min-reauth-time = 2 diff --git a/tests/test-pass-script b/tests/test-pass-script index 3f6d421e..299f9910 100755 --- a/tests/test-pass-script +++ b/tests/test-pass-script @@ -1,6 +1,6 @@ -#!/bin/sh +#!/bin/bash # -# Copyright (C) 2013-2016 Nikos Mavrogiannopoulos +# Copyright (C) 2013-2020 Nikos Mavrogiannopoulos # # This file is part of ocserv. # @@ -22,24 +22,41 @@ SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} builddir=${builddir:-.} PORT=4448 +OPIDFILE=pass-script.$$.tmp +PARAMSFILE=pass-script.params.$$.tmp . `dirname $0`/common.sh +echo "Testing script behavior" + +function finish { + echo " * Cleaning up..." + rm -f ${builddir}/connect.ok + rm -f ${builddir}/disconnect.ok + rm -f ${builddir}/host-update.ok + test -n "${PID}" && kill ${PID} >/dev/null 2>&1 + test -f ${OPIDFILE} && kill $(cat ${OPIDFILE}) >/dev/null 2>&1 + rm -f ${OPIDFILE} + rm -f ${TMPFILE} + rm -f ${PARAMSFILE} +} +trap finish EXIT + rm -f ${builddir}/connect.ok rm -f ${builddir}/disconnect.ok -$OPENCONNECT --help|grep local-hostname +$OPENCONNECT --help|grep local-hostname >/dev/null if test $? != 0;then echo "Openconnect doesn't support --local-hostname" exit 77 fi -echo "Testing local backend with username-password... " +echo " * Testing local backend with username-password... " launch_server -d 1 -f -c "${srcdir}/data/test-pass-script.config" & PID=$! wait_server $PID -echo "Connecting to obtain cookie with wrong username... " +echo " * Connecting to obtain cookie with wrong username... " ( echo "tost" | $OPENCONNECT -q localhost:$PORT -u tost --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) && fail $PID "Received cookie when we shouldn't" @@ -48,15 +65,12 @@ rm -f ${builddir}/disconnect.ok rm -f ${builddir}/host-update.ok #test special characters -echo "Connecting to obtain cookie... " +echo " * Connecting to obtain cookie... " ( echo "!@#$%^&*()<>" | $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) || fail $PID "Could not receive cookie from server" -echo "Re-connecting to force script run... " -echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true #>/dev/null 2>&1 - -kill $PID -wait +echo " * Re-connecting to force script run... " +echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true sleep 5 @@ -66,18 +80,82 @@ if ! test -f ${builddir}/connect.ok;then fi if ! test -f ${builddir}/host-update.ok;then - echo "Host-update script was not run" + echo "Host-update script was not run (1)" exit 1 fi if ! test -f ${builddir}/disconnect.ok;then - echo "Disconnect script was not run properly" + echo "Disconnect script was not run properly (1)" exit 1 fi rm -f ${builddir}/connect.ok rm -f ${builddir}/disconnect.ok rm -f ${builddir}/host-update.ok -rm -f $TMPFILE -exit 0 +echo " * Re-connecting to get cookie... " +echo "test2" | $OPENCONNECT -q localhost:$PORT -u "test2" --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${PARAMSFILE} +if test $? != 0;then + echo "Could not connect" + cat ${PARAMSFILE} + exit 1 +fi + +grep COOKIE ${PARAMSFILE} +if test $? != 0;then + echo "Did not get cookie" + exit 1 +fi + +echo " * Re-connecting to force timeout disconnect... " +eval "$(grep COOKIE ${PARAMSFILE})" +echo ${COOKIE}| $OPENCONNECT localhost:$PORT -u "test2" --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b + +sleep 4 +echo " - Pausing client" +if ! test -f ${OPIDFILE};then + echo "Could not find pid file" + exit 1 +fi +kill -s STOP $(cat ${OPIDFILE}) +sleep 50 +echo " - Resuming client" + +ret=0 +if ! test -f ${builddir}/connect.ok;then + echo "Connect script was not run (2)" + ret=1 +fi + +if ! test -f ${builddir}/disconnect.ok;then + echo "Disconnect script was not run properly (2)" + ret=1 +fi + +rm -f ${builddir}/connect.ok +rm -f ${builddir}/disconnect.ok + +kill -s CONT $(cat ${OPIDFILE}) +test -f ${OPIDFILE} && kill $(cat ${OPIDFILE}) + +echo " * Re-connecting to check whether resumption results to IP address... " +echo ${COOKIE} | $OPENCONNECT -q localhost:$PORT -u "test2" --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b +sleep 5 +test -f ${OPIDFILE} && kill $(cat ${OPIDFILE}) +sleep 6 +kill $PID +wait + +if ! test -f ${builddir}/connect.ok;then + echo "Connect script was not run (3)" + ret=1 +fi + +if ! test -f ${builddir}/disconnect.ok;then + echo "Disconnect script was not run properly (3)" + ret=1 +fi + +echo "Script tests were successful" + +exit $ret