#!/bin/sh # # Copyright (C) 2014 Red Hat # # This file is part of ocserv. # # ocserv is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at # your option) any later version. # # ocserv is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with ocserv; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir=${srcdir:-.} PORT=10500 PORT2=10501 PORT_OCSERV=10522 #this test can only be run as root id|grep root >/dev/null 2>&1 if [ $? != 0 ];then exit 77 fi CONFIG="radius" IMAGE=ocserv-radius-test IMAGE_NAME=test_ocserv_radius TMP=$IMAGE_NAME.tmp . ./docker-common.sh $DOCKER run -e OCCTL_PAGER=cat -P --privileged=true --tty=false -d --name $IMAGE_NAME $IMAGE if test $? != 0;then echo "Cannot run docker image" exit 1 fi echo "ocserv image was run" #wait for ocserv to server sleep 5 IP=`$DOCKER inspect $IMAGE_NAME | grep IPAddress | cut -d '"' -f 4` if test -z "$IP";then echo "Detected IP is null!" stop fi echo "Detected IP: $IP" if test ! -z "$QUIT_ON_INIT";then exit 0 fi $ECHO_E "testuser" >pass-radius$TMP $OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP if test $? = 0;then echo "Authentication with wrong password succeeded!" stop fi $ECHO_E "test" >pass-radius$TMP $OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-radius$TMP if test $? = 0;then echo "Authentication with wrong username succeeded!" stop fi echo "Trying with correct password" $ECHO_E "test" >pass-radius$TMP $OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin -v --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-radius$TMP & PID=$! #wait for openconnect sleep 5 rm -f pass-radius$TMP # The client IP depends on the username so it shouldn't change. ping -w 5 192.168.55.1 if test $? != 0;then kill $PID echo "Cannot ping ocserv" stop fi ping -w 5 192.168.55.1 -s 1500 if test $? != 0;then kill $PID echo "Cannot ping ocserv" stop fi ping6 -w 5 fd91:6d87:7341:dd6b:0:52:190c:be01 if test $? != 0;then kill $PID echo "Cannot ping the IPv6 of ocserv" stop fi retrieve_user_info test # There is an issue in nuttcp that makes it crash under docker if # /proc/sys/net/ipv4/tcp_adv_win_scale does not exist. if test "$FEDORA" = 1;then nuttcp -T 10 -t 192.168.55.1 if test $? != 0;then kill $PID echo "Cannot send to ocserv" stop fi nuttcp -T 10 -r 192.168.55.1 if test $? != 0;then kill $PID echo "Cannot recv from ocserv" stop fi fi echo "Waiting for accounting report" sleep 70 kill -INT $PID sleep 4 check_for_file /tmp/disconnect/not-ok if test $? = 0;then echo "There was an issue" stop fi FILE=`$DOCKER exec $IMAGE_NAME ls /var/log/radius/radacct/127.0.0.1/` OCTETS=`$DOCKER exec $IMAGE_NAME cat "/var/log/radius/radacct/127.0.0.1/$FILE"|grep Acct-Input-Octets|tail -1|sed 's/Acct-Input-Octets = //g'` if test -z "$OCTETS" || test "$OCTETS" = 0;then $DOCKER exec $IMAGE_NAME cat "/var/log/radius/radacct/127.0.0.1/$FILE" echo "Interim update showed no data!" stop fi check_for_file /tmp/disconnect/ok if test $? != 0;then $DOCKER exec $IMAGE_NAME cat "/var/log/radius/radacct/127.0.0.1/$FILE" echo "There was an issue getting stats" stop fi ret=0 #wait until sec-mod has cleaned up its entries echo "Waiting for disconnection report" sleep 10 DISC=`$DOCKER exec $IMAGE_NAME cat "/var/log/radius/radacct/127.0.0.1/$FILE"|grep "Acct-Terminate-Cause = User-Request"|tail -1` if test -z "$DISC";then $DOCKER exec $IMAGE_NAME cat "/var/log/radius/radacct/127.0.0.1/$FILE" echo "No disconnect was detected!" stop fi # do the same with a certificate - test radius accounting with certificate auth echo "Trying with certificate" rm -f out$TMP.pid $DOCKER exec $IMAGE_NAME truncate --size=0 /var/log/radius/radacct/127.0.0.1/$FILE $OPENCONNECT $IP:$PORT_OCSERV -b --sslkey ./user-key.pem -c ./user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --pid-file=out$TMP.pid sleep 10 if test -f out$TMP.pid;then PID=`cat out$TMP.pid` else echo "Cannot determine PID of client" stop fi ping -w 5 192.168.55.1 if test $? != 0;then kill $PID echo "Cannot ping ocserv" stop fi sleep 4 echo "Waiting for accounting report" sleep 70 kill -INT $PID sleep 10 FILE=`$DOCKER exec $IMAGE_NAME ls /var/log/radius/radacct/127.0.0.1/|tail -1` $DOCKER exec $IMAGE_NAME cat "/var/log/radius/radacct/127.0.0.1/$FILE" >out$TMP cat out$TMP OCTETS=`cat out$TMP|grep Acct-Input-Octets|tail -1|sed 's/Acct-Input-Octets = //g'` if test -z "$OCTETS" || test "$OCTETS" = 0;then echo "Interim update showed no data!" stop fi DISC=`cat out$TMP|grep "Acct-Status-Type = Start"|tail -1` if test -z "$DISC";then cat out$TMP echo "No connect status was detected!" stop fi DISC=`cat out$TMP|grep "Acct-Terminate-Cause = User-Request"|tail -1` if test -z "$DISC";then cat out$TMP echo "No disconnect was detected!" stop fi DISC=`cat out$TMP|grep "NAS-IP-Address = 127.0.0.1"|tail -1` if test -n "$DISC";then cat out$TMP echo "NAS-IP-Address has invalid value!" stop fi $DOCKER stop $IMAGE_NAME $DOCKER rm $IMAGE_NAME rm -f out$TMP exit $ret