mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 08:46:58 +08:00
137 lines
3.0 KiB
Bash
Executable File
137 lines
3.0 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# Copyright (C) 2014 Red Hat
|
|
#
|
|
# This file is part of ocserv.
|
|
#
|
|
# ocserv is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by the
|
|
# Free Software Foundation; either version 2 of the License, or (at
|
|
# your option) any later version.
|
|
#
|
|
# ocserv is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with ocserv; if not, write to the Free Software Foundation,
|
|
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
srcdir=${srcdir:-.}
|
|
|
|
PORT_OCSERV=443
|
|
#this test can only be run as root
|
|
id|grep root >/dev/null 2>&1
|
|
if [ $? != 0 ];then
|
|
exit 77
|
|
fi
|
|
|
|
CONFIG="pam-noauth"
|
|
IMAGE=ocserv-pam-noauth-test
|
|
IMAGE_NAME=test_ocserv_pam_noauth
|
|
TMP=$IMAGE_NAME.tmp
|
|
. ./docker-common.sh
|
|
|
|
$DOCKER run -e OCCTL_PAGER=cat -P --privileged=true --tty=false -d --name $IMAGE_NAME $IMAGE
|
|
if test $? != 0;then
|
|
echo "Cannot run docker image"
|
|
exit 1
|
|
fi
|
|
|
|
echo "ocserv image was run"
|
|
#wait for ocserv to server
|
|
sleep 5
|
|
|
|
IP=`$DOCKER inspect $IMAGE_NAME | grep IPAddress | cut -d '"' -f 4`
|
|
if test -z "$IP";then
|
|
echo "Detected IP is null!"
|
|
stop
|
|
fi
|
|
echo "Detected IP: $IP"
|
|
|
|
if test ! -z "$QUIT_ON_INIT";then
|
|
exit 0
|
|
fi
|
|
|
|
echo ""
|
|
echo "Trying with wrong username"
|
|
echo -e "testuser123\n328482\n" >$TMP
|
|
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin --sslkey ./user-key.pem -c ./user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < $TMP
|
|
if test $? = 0;then
|
|
echo "Authentication with wrong username succeeded! WTF!"
|
|
stop
|
|
fi
|
|
|
|
echo ""
|
|
echo "Trying with wrong password"
|
|
#oathtool -w 0 00
|
|
echo -e "xxxxxxxx\n328482\n" >$TMP
|
|
cat $TMP
|
|
$OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin --sslkey ./user-key.pem -c ./user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < $TMP &
|
|
PID=$!
|
|
|
|
|
|
#wait for openconnect
|
|
sleep 5
|
|
|
|
rm -f $TMP
|
|
|
|
# The client IP depends on the username so it shouldn't change.
|
|
ping -w 5 192.168.76.1
|
|
if test $? != 0;then
|
|
kill $PID
|
|
echo "Cannot ping ocserv"
|
|
stop
|
|
fi
|
|
|
|
ping -w 5 192.168.76.1 -s 1500
|
|
if test $? != 0;then
|
|
kill $PID
|
|
echo "Cannot ping ocserv"
|
|
stop
|
|
fi
|
|
|
|
retrieve_user_info test
|
|
|
|
# There is an issue in nuttcp that makes it crash under docker if
|
|
# /proc/sys/net/ipv4/tcp_adv_win_scale does not exist.
|
|
if test "$FEDORA" = 1;then
|
|
nuttcp -T 10 -t 192.168.76.1
|
|
if test $? != 0;then
|
|
kill $PID
|
|
echo "Cannot send to ocserv"
|
|
stop
|
|
fi
|
|
|
|
nuttcp -T 10 -r 192.168.76.1
|
|
if test $? != 0;then
|
|
kill $PID
|
|
echo "Cannot recv from ocserv"
|
|
stop
|
|
fi
|
|
fi
|
|
|
|
sleep 2
|
|
|
|
kill $PID
|
|
|
|
sleep 4
|
|
|
|
check_for_file /tmp/disconnect/not-ok
|
|
if test $? = 0;then
|
|
echo "There was an issue"
|
|
stop
|
|
fi
|
|
|
|
check_for_file /tmp/disconnect/ok
|
|
if test $? != 0;then
|
|
echo "There was an issue getting stats"
|
|
ret=77
|
|
fi
|
|
|
|
$DOCKER stop $IMAGE_NAME
|
|
$DOCKER rm $IMAGE_NAME
|
|
|
|
exit $ret
|