#!/bin/bash # # Copyright (C) 2015 Red Hat, Inc. # # This file is part of ocserv. # # ocserv is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at # your option) any later version. # # ocserv is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. SERV="${SERV:-../src/ocserv}" srcdir=${srcdir:-.} # Test whether DPD, keepalive per user are actually set, and whether # the expose-iroutes option has an effect to other users. . `dirname $0`/common.sh eval "${GETPORT}" echo "Testing ocserv and user route application... " TMPFILE1=${srcdir}/test-user-config.tmp TMPFILE2=${srcdir}/test-user-config-2.tmp rm -f ${TMPFILE1} rm -f ${TMPFILE2} update_config test-user-config.config launch_simple_server -d 1 -f -c "${CONFIG}" PID=$! wait_server $PID echo -n "Connecting to obtain cookie (with certificate)... " ( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null ) || fail $PID "Could not connect with certificate!" echo ok echo -n "Re-connecting to force script run... " $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true /dev/null & kpid1=$! echo ok sleep 2 echo -n "Re-connecting to check the iroutes... " $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true ${TMPFILE1} 2>&1 & kpid2=$! echo ok sleep 3 echo -n "Checking if max-same-clients is considered... " timeout 15s $OPENCONNECT localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true ${TMPFILE2} 2>&1 if test $? = 124;then fail $PID "Max-same-clients directive was ignored" fi CONTENTS=`cat ${TMPFILE2}|grep "HTTP/1.1 401"` if test -z "$CONTENTS";then cat ${TMPFILE2} fail $PID "Max-same-clients directive was ignored" fi echo ok sleep 2 kill $kpid1 kill $kpid2 echo -n "Checking if proper dns was sent... " CONTENTS=`cat ${TMPFILE1}|grep "X-CSTP-DNS: 8.8.8.8"` if test -z "$CONTENTS";then cat ${TMPFILE1}|grep X-CSTP-DNS fail $PID "Expected DNS was not sent" fi echo ok echo -n "Checking if routes have been sent... " CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Split-Include|grep 192.168.1.0` if test -z "$CONTENTS";then cat ${TMPFILE1}|grep X-CSTP-Split-Include fail $PID "Temporary file contents are not correct; iroute was not found" fi echo ok echo -n "Checking if split-dns has been sent... " CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example6.com` if test -z "$CONTENTS";then cat ${TMPFILE1}|grep X-CSTP-Split-DNS fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS was not found" fi echo ok echo -n "Checking if split-dns has not been sent... " cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example.com >/dev/null if test $? = 0;then cat ${TMPFILE1}|grep X-CSTP-Split-DNS fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS contained main config value" fi echo ok echo -n "Checking if user-specific DPD has been sent... " CONTENTS=`cat ${TMPFILE1}|grep X-DTLS-DPD|grep 880` if test -z "$CONTENTS";then cat ${TMPFILE1}|grep X-DTLS-DPD fail $PID "Temporary file contents are not correct; dpd was not the expected (880)" fi echo ok echo -n "Checking if user-specific Keep alive has been sent... " CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Keep|grep 14400` if test -z "$CONTENTS";then cat ${TMPFILE1}|grep X-CSTP-Keep fail $PID "Temporary file contents are not correct; keepalive was not the expected (14400)" fi echo ok echo -n "Checking if user-specific hostname has been sent... " CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Hostname|grep xxxx` if test -z "$CONTENTS";then cat ${TMPFILE1}|grep X-CSTP-Hostname fail $PID "Temporary file contents are not correct; hostname was not the expected (xxxx)" fi echo ok rm -f ${TMPFILE1} rm -f ${TMPFILE2} echo -n "Re-connecting to check the ipv4-network... " $OPENCONNECT -v localhost:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-testipnet.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true ${TMPFILE1} 2>&1 & kpid3=$! echo ok sleep 3 CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Netmask|grep '255.255.0.0'` if test -z "$CONTENTS";then cat ${TMPFILE1}|grep X-CSTP-Netmask fail $PID "Temporary file contents are not correct; netmask was not the expected (255.255.0.0)" fi CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Address|grep ' 10.9.'` if test -z "$CONTENTS";then cat ${TMPFILE1}|grep X-CSTP-Address fail $PID "Temporary file contents are not correct; address was not the expected (10.9.)" fi echo -n "Checking if main config split-dns has been sent... " cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example.com >/dev/null if test $? != 0;then cat ${TMPFILE1}|grep X-CSTP-Split-DNS fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS did not contain main config value" fi echo ok kill $kpid3 rm -f ${TMPFILE1} ${CONFIG} rm -f ${TMPFILE2} kill $PID wait exit 0