ocserv/tests/pam-test

#!/bin/sh
#
# Copyright (C) 2014 Red Hat
#
# This file is part of ocserv.
#
# ocserv is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# ocserv is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ocserv; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

srcdir=${srcdir:-.}

PORT_OCSERV=443
#this test can only be run as root
id|grep root >/dev/null 2>&1
if [ $? != 0 ];then
	exit 77
fi

CONFIG="pam"
IMAGE=ocserv-pam-test
IMAGE_NAME=test_ocserv_pam
TMP=$IMAGE_NAME.tmp
. ./docker-common.sh

$DOCKER run -e OCCTL_PAGER=cat -P --privileged=true --tty=false -d --name $IMAGE_NAME $IMAGE
if test $? != 0;then
	echo "Cannot run docker image"
	exit 1
fi

echo "ocserv image was run"
#wait for ocserv to server
sleep 5

IP=`$DOCKER inspect $IMAGE_NAME | grep IPAddress | cut -d '"' -f 4`
if test -z "$IP";then
	echo "Detected IP is null!"
	stop
fi
echo "Detected IP: $IP"

if test ! -z "$QUIT_ON_INIT";then
	exit 0
fi

echo ""
echo "Trying with wrong password and OTP"
echo -e "testuser\n999999\n" >pass-pam.tmp
$OPENCONNECT $IP:$PORT_OCSERV -q -u testuser --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-pam.tmp
if test $? = 0;then
	echo "Authentication with wrong password succeeded!"
	stop
fi

echo ""
echo "Trying with wrong username"
echo -e "testuser123\n328482\n" >pass-pam.tmp
$OPENCONNECT $IP:$PORT_OCSERV -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-pam.tmp
if test $? = 0;then
	echo "Authentication with wrong username succeeded!"
	stop
fi

echo ""
echo "Trying with wrong OTP"
echo -e "testuser123\n99999\n" >pass-pam.tmp
$OPENCONNECT $IP:$PORT_OCSERV -q -u testuser --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly < pass-pam.tmp
if test $? = 0;then
	echo "Authentication with wrong OTP succeeded!"
	stop
fi

echo ""
echo "Trying with correct password"
#oathtool -w 0 00
echo -e "testuser123\n328482\n" >pass-pam.tmp
cat pass-pam.tmp
$OPENCONNECT $IP:$PORT_OCSERV -u testuser --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass-pam.tmp &
PID=$!


#wait for openconnect
sleep 5

rm -f pass-pam.tmp

# The client IP depends on the username so it shouldn't change.
ping -w 5 192.168.56.1
if test $? != 0;then
	kill $PID
	echo "Cannot ping ocserv"
	stop
fi

ping -w 5 192.168.56.1 -s 1500
if test $? != 0;then
	kill $PID
	echo "Cannot ping ocserv"
	stop
fi

ping6 -w 5 fd91:6d87:7341:dc6b:0:6:173c:7901
if test $? != 0;then
	kill $PID
	echo "Cannot ping the IPv6 of ocserv"
	stop
fi

retrieve_user_info testuser

# There is an issue in nuttcp that makes it crash under docker if
# /proc/sys/net/ipv4/tcp_adv_win_scale does not exist.
if test "$FEDORA" = 1;then
nuttcp -T 10 -t 192.168.56.1
if test $? != 0;then
	kill $PID
	echo "Cannot send to ocserv"
	stop
fi

nuttcp -T 10 -r 192.168.56.1
if test $? != 0;then
	kill $PID
	echo "Cannot recv from ocserv"
	stop
fi
fi

sleep 2

kill $PID

sleep 4

check_for_file /tmp/disconnect/not-ok
if test $? = 0;then
	echo "There was an issue"
	stop
fi

check_for_file /tmp/disconnect/ok
if test $? != 0;then
	echo "There was an issue getting stats"
	ret=77
fi

$DOCKER stop $IMAGE_NAME
$DOCKER rm $IMAGE_NAME

exit $ret