#!/bin/sh # # Copyright (C) 2014 Red Hat # # This file is part of ocserv. # # ocserv is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at # your option) any later version. # # ocserv is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with ocserv; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir=${srcdir:-.} #this test can only be run as root id|grep root >/dev/null 2>&1 if [ $? != 0 ];then exit 77 fi PORT_OCSERV=443 CONFIG="otp" IMAGE=ocserv-otp IMAGE_NAME=otp_ocserv TMP=$IMAGE_NAME.tmp . ./docker-common.sh $DOCKER run -e OCCTL_PAGER=cat -P --privileged=true -p 22 --tty=false -d --name $IMAGE_NAME $IMAGE if test $? != 0;then echo "Cannot run docker image" exit 1 fi echo "ocserv image was run" #wait for ocserv to server sleep 5 get_ip if test -z "$IP";then echo "Detected IP is null!" stop fi echo "Detected IP: $IP" if test ! -z "$QUIT_ON_INIT";then exit 0 fi echo "" echo "Trying with wrong username" echo -e "test\n328482\n" >pass-${TMP}.tmp $OPENCONNECT $IP:$PORT_OCSERV -u falseuser --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-${TMP}.tmp if test $? = 0;then echo "Authentication with wrong username succeeded!" stop fi echo "" echo "Trying with wrong OTP" echo -e "test\n99999\n" >pass-${TMP}.tmp $OPENCONNECT $IP:$PORT_OCSERV -q -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-${TMP}.tmp if test $? = 0;then echo "Authentication with wrong OTP succeeded!" stop fi echo "" echo "Trying with correct password" #oathtool -w 0 00 echo -e "test\n328482\n" >pass-${TMP}.tmp cat pass-${TMP}.tmp $OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-${TMP}.tmp & PID=$! #wait for openconnect sleep 5 rm -f pass-${TMP}.tmp # The client IP depends on the username so it shouldn't change. ping -w 5 192.168.237.1 if test $? != 0;then kill -INT $PID echo "Cannot ping ocserv" stop fi retrieve_user_info test kill -INT $PID $DOCKER stop $IMAGE_NAME $DOCKER rm $IMAGE_NAME exit $ret