Merge branch 'tmp-fix231' into 'master'

Ensure scripts have all the information on all disconnection types

Closes #231

See merge request openconnect/ocserv!137

NEWS

@@ -1,6 +1,7 @@
 * Version 1.0.0 (unreleased)
 - Avoid crash on invalid configuration values.
 - Updated manpage generation to work with newer versions of ronn.
+- Ensure scripts have all the information on all disconnection types (#231)
 
 
 * Version 0.12.6 (released 2019-12-28)

src/ip-lease.c

@@ -113,6 +113,30 @@ void steal_ip_leases(struct proc_st* proc, struct proc_st *thief)
 
 	thief->ipv4 = talloc_move(thief, &proc->ipv4);
 	thief->ipv6 = talloc_move(thief, &proc->ipv6);
+
+	/* we make sure that the original client has a copy so that during
+	 * disconnection the scripts will receive the right information */
+	if (thief->ipv4)
+		proc->ipv4 = talloc_zero(proc, struct ip_lease_st);
+	if (thief->ipv6)
+		proc->ipv6 = talloc_zero(proc, struct ip_lease_st);
+
+	if (proc->ipv4 != NULL) {
+		proc->ipv4->rip_len = thief->ipv4->rip_len;
+		proc->ipv4->lip_len = thief->ipv4->lip_len;
+		memcpy(&proc->ipv4->rip, &thief->ipv4->rip, thief->ipv4->rip_len);
+		memcpy(&proc->ipv4->lip, &thief->ipv4->lip, thief->ipv4->lip_len);
+		memcpy(&proc->ipv4->sig, &thief->ipv4->sig, thief->ipv4->sig_len);
+	}
+
+	if (proc->ipv6 != NULL) {
+		proc->ipv6->prefix = thief->ipv6->prefix;
+		proc->ipv6->rip_len = thief->ipv6->rip_len;
+		proc->ipv6->lip_len = thief->ipv6->lip_len;
+		memcpy(&proc->ipv6->rip, &thief->ipv6->rip, thief->ipv6->rip_len);
+		memcpy(&proc->ipv6->lip, &thief->ipv6->lip, thief->ipv6->lip_len);
+		memcpy(&proc->ipv6->sig, &thief->ipv6->sig, thief->ipv6->sig_len);
+	}
 }
 
 static int is_ipv6_ok(main_server_st *s, struct sockaddr_storage *ip, struct sockaddr_storage *net, struct sockaddr_storage *subnet)

tests/data/test-pass-script.config

@@ -25,7 +25,7 @@ max-clients = 16
 
 # Limit the number of identical clients (i.e., users connecting multiple times)
 # Unset or set to zero for unlimited.
-max-same-clients = 2
+max-same-clients = 4
 
 # TCP and UDP port number
 tcp-port = 4448
@@ -35,7 +35,7 @@ udp-port = 4448
 keepalive = 32400
 
 # Dead peer detection in seconds
-dpd = 5
+dpd = 20
 
 # MTU discovery (DPD must be enabled)
 try-mtu-discovery = false

tests/test-pass-script

@@ -23,11 +23,15 @@ srcdir=${srcdir:-.}
 builddir=${builddir:-.}
 PORT=4448
 OPIDFILE=pass-script.$$.tmp
+OPIDFILE2=pass-script2.$$.tmp
 PARAMSFILE=pass-script.params.$$.tmp
 
 . `dirname $0`/common.sh
 
-echo "Testing script behavior"
+echo "Testing connect and disconnect script behavior"
+
+rm -f ${OPIDFILE}
+rm -f ${OPIDFILE2}
 
 function finish {
   echo " * Cleaning up..."
@@ -37,8 +41,10 @@ function finish {
   test -n "${PID}" && kill ${PID} >/dev/null 2>&1
   test -f ${OPIDFILE} && kill $(cat ${OPIDFILE}) >/dev/null 2>&1
   rm -f ${OPIDFILE}
+  rm -f ${OPIDFILE2}
   rm -f ${TMPFILE}
   rm -f ${PARAMSFILE}
+  test -n "${PID}" && kill ${PID}
 }
 trap finish EXIT
 
@@ -107,9 +113,9 @@ if test $? != 0;then
 	exit 1
 fi
 
-echo " * Re-connecting to force timeout disconnect... "
+echo " * Re-connecting to force session stealing... "
 eval "$(grep COOKIE ${PARAMSFILE})"
-echo ${COOKIE}| $OPENCONNECT localhost:$PORT -u "test2" --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b
+echo ${COOKIE}| $OPENCONNECT localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b
 
 sleep 4
 echo " - Pausing client"
@@ -118,44 +124,59 @@ if ! test -f ${OPIDFILE};then
 	exit 1
 fi
 kill -s STOP $(cat ${OPIDFILE})
-sleep 50
-echo " - Resuming client"
+sleep 12
 
-ret=0
 if ! test -f ${builddir}/connect.ok;then
 	echo "Connect script was not run (2)"
-	ret=1
-fi
-
-if ! test -f ${builddir}/disconnect.ok;then
-	echo "Disconnect script was not run properly (2)"
-	ret=1
+	exit 1
 fi
 
 rm -f ${builddir}/connect.ok
 rm -f ${builddir}/disconnect.ok
 
-kill -s CONT $(cat ${OPIDFILE})
-test -f ${OPIDFILE} && kill $(cat ${OPIDFILE})
+echo " * Re-connecting to steal previous IP address... "
+echo ${COOKIE} | $OPENCONNECT -q localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE2} -b
 
-echo " * Re-connecting to check whether resumption results to IP address... "
-echo ${COOKIE} | $OPENCONNECT -q localhost:$PORT -u "test2" --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b
-sleep 5
-test -f ${OPIDFILE} && kill $(cat ${OPIDFILE})
+echo " - Resuming (disconnected) client"
+kill -s CONT $(cat ${OPIDFILE})
 sleep 6
-kill $PID
-wait
 
 if ! test -f ${builddir}/connect.ok;then
 	echo "Connect script was not run (3)"
-	ret=1
+	exit 1
 fi
 
 if ! test -f ${builddir}/disconnect.ok;then
 	echo "Disconnect script was not run properly (3)"
-	ret=1
+	exit 1
 fi
 
+rm -f ${builddir}/connect.ok
+rm -f ${builddir}/disconnect.ok
+
+echo " - Killing all clients"
+sleep 2
+test -f ${OPIDFILE2} && kill $(cat ${OPIDFILE2})
+test -f ${OPIDFILE} && kill $(cat ${OPIDFILE})
+sleep 6
+
+echo " - Last check of files"
+if ! test -f ${builddir}/disconnect.ok;then
+	echo "Disconnect script was not run properly (4)"
+	exit 1
+fi
+
+sleep 5
+echo " - Check server status"
+
+( echo "!@#$%^&*()<>" | $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
+	fail $PID "Could not receive cookie from server"
+
+echo " - Killing server"
+kill $PID
+PID=""
+wait
+
 echo "Script tests were successful"
 
-exit $ret
+exit 0