mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2024-09-21 10:27:19 +00:00
tests: removed legacy tests and added missing ones
Added test-group-cert and test-fork tests that were present but were never included in the CI test suite. Removed unix-test which was an obsolete test present in tests/. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This commit is contained in:
parent
354e13f7c1
commit
e547733d61
@ -98,7 +98,8 @@ dist_check_SCRIPTS += test-pass test-pass-cert test-cert test-group-pass \
|
||||
test-gssapi test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \
|
||||
test-gssapi-opt-cert haproxy-auth test-maintenance resumption \
|
||||
test-group-name flowcontrol banner invalid-configs haproxy-proxyproto \
|
||||
haproxy-proxyproto-v1 drain-server drain-server-fail test-ignore-querystring-of-post
|
||||
haproxy-proxyproto-v1 drain-server drain-server-fail test-ignore-querystring-of-post \
|
||||
test-group-cert test-fork
|
||||
|
||||
if HAVE_CWRAP_PAM
|
||||
dist_check_SCRIPTS += test-pam test-pam-noauth
|
||||
|
@ -54,8 +54,8 @@ try-mtu-discovery = false
|
||||
#
|
||||
# There may be multiple certificate and key pairs and each key
|
||||
# should correspond to the preceding certificate.
|
||||
server-cert = ./certs/server-cert.pem
|
||||
server-key = ./certs/server-key.pem
|
||||
server-cert = @SRCDIR@/certs/server-cert.pem
|
||||
server-key = @SRCDIR@/certs/server-key.pem
|
||||
|
||||
# Diffie-Hellman parameters. Only needed if you require support
|
||||
# for the DHE ciphersuites (by default this server supports ECDHE).
|
||||
@ -81,7 +81,7 @@ server-key = ./certs/server-key.pem
|
||||
# The Certificate Authority that will be used
|
||||
# to verify clients if certificate authentication
|
||||
# is set.
|
||||
ca-cert = ./certs/ca.pem
|
||||
ca-cert = @SRCDIR@/certs/ca.pem
|
||||
|
||||
# The object identifier that will be used to read the user ID in the client certificate.
|
||||
# The object identifier should be part of the certificate's DN
|
||||
@ -136,8 +136,8 @@ socket-file = ./ocserv-socket
|
||||
|
||||
# The user the worker processes will be run as. It should be
|
||||
# unique (no other services run as this user).
|
||||
run-as-user = nobody
|
||||
run-as-group = daemon
|
||||
run-as-user = @USERNAME@
|
||||
run-as-group = @GROUP@
|
||||
|
||||
# Network settings
|
||||
|
||||
|
@ -28,7 +28,10 @@ eval "${GETPORT}"
|
||||
|
||||
echo "Testing local backend with certificate... "
|
||||
|
||||
launch_sr_server -d 1 -f -c data/test-group-cert.config & PID=$!
|
||||
update_config test-group-cert.config
|
||||
launch_simple_sr_server -d 1 -f -c ${CONFIG}
|
||||
PID=$!
|
||||
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
@ -38,25 +41,25 @@ echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group1 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group2 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group4 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
120
tests/unix-test
120
tests/unix-test
@ -1,120 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2014 Red Hat
|
||||
#
|
||||
# This file is part of ocserv.
|
||||
#
|
||||
# ocserv is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by the
|
||||
# Free Software Foundation; either version 2 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# ocserv is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with ocserv; if not, write to the Free Software Foundation,
|
||||
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
srcdir=${srcdir:-.}
|
||||
|
||||
#this test can only be run as root
|
||||
id|grep root >/dev/null 2>&1
|
||||
if [ $? != 0 ];then
|
||||
exit 77
|
||||
fi
|
||||
|
||||
UNIX=1
|
||||
CONFIG="unix"
|
||||
IMAGE=ocserv-test2
|
||||
IMAGE_NAME=test_unix
|
||||
TMP=$IMAGE_NAME.tmp
|
||||
. ./docker-common.sh
|
||||
|
||||
$DOCKER run -e OCCTL_PAGER=cat -P --privileged=true --tty=false -d --name test_unix $IMAGE
|
||||
if test $? != 0;then
|
||||
echo "Cannot run docker image"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#wait for ocserv to server
|
||||
sleep 5
|
||||
|
||||
get_ip
|
||||
if test -z "$IP";then
|
||||
echo "Detected IP is null!"
|
||||
stop
|
||||
fi
|
||||
echo "Detected IP: $IP"
|
||||
|
||||
if test ! -z "$QUIT_ON_INIT";then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
$ECHO_E "test\ntest" >pass$TMP
|
||||
$OPENCONNECT $IP:6551 -u test --passwd-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= < pass$TMP &
|
||||
PID=$!
|
||||
|
||||
|
||||
#wait for openconnect
|
||||
sleep 5
|
||||
rm -f pass$TMP
|
||||
|
||||
# The client IP depends on the username so it shouldn't change.
|
||||
ping -w 5 192.168.99.1
|
||||
if test $? != 0;then
|
||||
kill -INT $PID
|
||||
echo "Cannot ping ocserv"
|
||||
stop
|
||||
fi
|
||||
|
||||
ping -w 5 192.168.99.1 -s 1500
|
||||
if test $? != 0;then
|
||||
kill -INT $PID
|
||||
echo "Cannot ping ocserv"
|
||||
stop
|
||||
fi
|
||||
|
||||
retrieve_user_info test
|
||||
|
||||
# There is an issue in nuttcp that makes it crash under docker if
|
||||
# /proc/sys/net/ipv4/tcp_adv_win_scale does not exist.
|
||||
|
||||
#nuttcp -T 10 -t 192.168.99.1
|
||||
#if test $? != 0;then
|
||||
# kill -INT $PID
|
||||
# echo "Cannot send to ocserv"
|
||||
# stop
|
||||
#fi
|
||||
|
||||
#nuttcp -T 10 -r 192.168.99.1
|
||||
#if test $? != 0;then
|
||||
# kill -INT $PID
|
||||
# echo "Cannot recv from ocserv"
|
||||
# stop
|
||||
#fi
|
||||
sleep 2
|
||||
|
||||
kill -INT $PID
|
||||
|
||||
sleep 4
|
||||
|
||||
#check whether /tmp/disconnect/ok was created
|
||||
check_for_file /tmp/disconnect/not-ok
|
||||
if test $? = 0;then
|
||||
echo "There was an issue"
|
||||
stop
|
||||
fi
|
||||
|
||||
check_for_file /tmp/disconnect/ok
|
||||
if test $? != 0;then
|
||||
echo "There was an issue getting stats"
|
||||
ret=77
|
||||
fi
|
||||
|
||||
$DOCKER stop test_unix
|
||||
$DOCKER rm test_unix
|
||||
|
||||
exit $ret
|
Loading…
Reference in New Issue
Block a user