mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-09 16:26:59 +08:00
97 lines
2.9 KiB
Bash
Executable File
97 lines
2.9 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2020 Nikos Mavrogiannopoulos
|
|
#
|
|
# This file is part of ocserv.
|
|
#
|
|
# ocserv is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by the
|
|
# Free Software Foundation; either version 2 of the License, or (at
|
|
# your option) any later version.
|
|
#
|
|
# ocserv is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with GnuTLS; if not, write to the Free Software Foundation,
|
|
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
SERV="${SERV:-../src/ocserv}"
|
|
srcdir=${srcdir:-.}
|
|
NO_NEED_ROOT=1
|
|
HEAD=$(mktemp)
|
|
POST=$(mktemp)
|
|
COOKIES=$(mktemp)
|
|
OUTFILE=$(mktemp)
|
|
|
|
. `dirname $0`/common.sh
|
|
|
|
eval "${GETPORT}"
|
|
|
|
echo "Testing whether group labels are translated to groups... "
|
|
|
|
# This is a necessary condition for some anyconnect clients
|
|
|
|
function finish {
|
|
set +e
|
|
echo " * Cleaning up..."
|
|
test -n "${CONFIG}" && rm -f ${CONFIG} >/dev/null 2>&1
|
|
rm -f $HEAD $POST $COOKIES #$OUTFILE 2>&1
|
|
cleanup
|
|
}
|
|
trap finish EXIT
|
|
|
|
update_config test-group-name.config
|
|
launch_simple_sr_server -d 1 -f -c ${CONFIG}
|
|
PID=$!
|
|
wait_server $PID
|
|
|
|
TARGET=https://$ADDRESS:$PORT
|
|
|
|
cat >$HEAD <<_EOF
|
|
Accept-Encoding:identity
|
|
X-Transcend-Version:1
|
|
X-AnyConnect-STRAP-Pubkey:MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ZzFevkIYwkFXw9Q1u1W9H5NX6sLhU+IC19UWkXAjBljNxbBFK2/GoIgwPtbE7hDgWkTkQ1J4wPRlnBfCL4hzA==
|
|
X-Aggregate-Auth:1
|
|
Connection:close
|
|
_EOF
|
|
|
|
cat >$POST <<_EOF
|
|
<?xml version: "1.0" encoding="UTF-8"?>
|
|
<config-auth client="vpn" type="init" aggregate-auth-version="2">
|
|
<version who="vpn">4.8.03036</version>
|
|
<device-id computer-name="node.some.domain" device-type="MacBookPro11,1" platform-version="10.15.4" unique-id="1234567890123456789012345678901234567890123456789012345678901234"
|
|
unique-id-global="1234567890123456789012345678901234567890">mac-intel</device-id>
|
|
<mac-address-list>
|
|
<mac-address public-interface="true">aa-bb-cc-dd-ee-ff</mac-address></mac-address-list>
|
|
<group-select>Do not tunnel access LAN subnet</group-select>
|
|
<group-access>'$TARGET'</group-access>
|
|
<capabilities>
|
|
<auth-method>multiple-cert</auth-method>
|
|
<auth-method>single-sign-on</auth-method>
|
|
<auth-method>single-sign-on-v2</auth-method></capabilities>
|
|
</config-auth>
|
|
_EOF
|
|
|
|
LD_PRELOAD=libsocket_wrapper.so curl -A 'AnyConnect Darwin_i386 4.8.03036' -H @$HEAD -k -d@$POST $TARGET >$OUTFILE
|
|
|
|
grep "value=\"Do not tunnel access LAN subnet\">Do not tunnel access LAN subnet" $OUTFILE >/dev/null
|
|
if test $? = 0;then
|
|
echo "Name was not translated"
|
|
echo "======================="
|
|
cat $OUTFILE
|
|
exit 1
|
|
fi
|
|
|
|
grep "value=\"group3\">Do not tunnel access LAN subnet" $OUTFILE >/dev/null
|
|
if test $? != 0;then
|
|
echo "Unknown state ($NR)"
|
|
echo "==================="
|
|
cat $OUTFILE
|
|
exit 1
|
|
fi
|
|
|
|
exit 0
|