tests: removed legacy tests and added missing ones

Added test-group-cert and test-fork tests that were
present but were never included in the CI test suite.

Removed unix-test which was an obsolete test present
in tests/.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

tests/Makefile.am

@@ -98,7 +98,8 @@ dist_check_SCRIPTS += test-pass test-pass-cert test-cert test-group-pass \
 	test-gssapi test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \
 	test-gssapi-opt-cert haproxy-auth test-maintenance resumption \
 	test-group-name flowcontrol banner invalid-configs haproxy-proxyproto \
-	haproxy-proxyproto-v1 drain-server drain-server-fail test-ignore-querystring-of-post
+	haproxy-proxyproto-v1 drain-server drain-server-fail test-ignore-querystring-of-post \
+	test-group-cert test-fork
 
 if HAVE_CWRAP_PAM
 dist_check_SCRIPTS += test-pam test-pam-noauth

tests/data/test-group-cert.config

@@ -54,8 +54,8 @@ try-mtu-discovery = false
 #
 # There may be multiple certificate and key pairs and each key
 # should correspond to the preceding certificate.
-server-cert = ./certs/server-cert.pem
-server-key = ./certs/server-key.pem
+server-cert = @SRCDIR@/certs/server-cert.pem
+server-key = @SRCDIR@/certs/server-key.pem
 
 # Diffie-Hellman parameters. Only needed if you require support
 # for the DHE ciphersuites (by default this server supports ECDHE).
@@ -81,7 +81,7 @@ server-key = ./certs/server-key.pem
 # The Certificate Authority that will be used
 # to verify clients if certificate authentication
 # is set.
-ca-cert = ./certs/ca.pem
+ca-cert = @SRCDIR@/certs/ca.pem
 
 # The object identifier that will be used to read the user ID in the client certificate.
 # The object identifier should be part of the certificate's DN
@@ -136,8 +136,8 @@ socket-file = ./ocserv-socket
 
 # The user the worker processes will be run as. It should be
 # unique (no other services run as this user).
-run-as-user = nobody
-run-as-group = daemon
+run-as-user = @USERNAME@
+run-as-group = @GROUP@
 
 # Network settings
 

tests/test-group-cert

@@ -28,7 +28,10 @@ eval "${GETPORT}"
 
 echo "Testing local backend with certificate... "
 
-launch_sr_server -d 1 -f -c data/test-group-cert.config & PID=$!
+update_config test-group-cert.config
+launch_simple_sr_server -d 1 -f -c ${CONFIG}
+PID=$!
+
 wait_server $PID
 
 echo -n "Connecting to obtain cookie (without certificate)... "
@@ -38,25 +41,25 @@ echo -n "Connecting to obtain cookie (without certificate)... "
 echo ok
 
 echo -n "Connecting to obtain cookie - group1 (with certificate)... "
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
 	fail $PID "Could not connect with certificate!"
 
 echo ok
 
 echo -n "Connecting to obtain cookie - group2 (with certificate)... "
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
 	fail $PID "Could not connect with certificate!"
 
 echo ok
 
 echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
 	fail $PID "Could not connect with certificate!"
 
 echo ok
 
 echo -n "Connecting to obtain cookie - group4 (with certificate)... "
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
 	fail $PID "Could not connect with certificate!"
 
 echo ok

tests/unix-test

@@ -1,120 +0,0 @@
-#!/bin/sh
-#
-# Copyright (C) 2014 Red Hat
-#
-# This file is part of ocserv.
-#
-# ocserv is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at
-# your option) any later version.
-#
-# ocserv is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with ocserv; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-srcdir=${srcdir:-.}
-
-#this test can only be run as root
-id|grep root >/dev/null 2>&1
-if [ $? != 0 ];then
-	exit 77
-fi
-
-UNIX=1
-CONFIG="unix"
-IMAGE=ocserv-test2
-IMAGE_NAME=test_unix
-TMP=$IMAGE_NAME.tmp
-. ./docker-common.sh
-
-$DOCKER run -e OCCTL_PAGER=cat -P --privileged=true --tty=false -d --name test_unix $IMAGE
-if test $? != 0;then
-	echo "Cannot run docker image"
-	exit 1
-fi
-
-#wait for ocserv to server
-sleep 5
-
-get_ip
-if test -z "$IP";then
-	echo "Detected IP is null!"
-	stop
-fi
-echo "Detected IP: $IP"
-
-if test ! -z "$QUIT_ON_INIT";then
-	exit 0
-fi
-
-$ECHO_E "test\ntest" >pass$TMP
-$OPENCONNECT $IP:6551 -u test --passwd-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= < pass$TMP &
-PID=$!
-
-
-#wait for openconnect
-sleep 5
-rm -f pass$TMP
-
-# The client IP depends on the username so it shouldn't change.
-ping -w 5 192.168.99.1
-if test $? != 0;then
-	kill -INT $PID
-	echo "Cannot ping ocserv"
-	stop
-fi
-
-ping -w 5 192.168.99.1 -s 1500
-if test $? != 0;then
-	kill -INT $PID
-	echo "Cannot ping ocserv"
-	stop
-fi
-
-retrieve_user_info test
-
-# There is an issue in nuttcp that makes it crash under docker if
-# /proc/sys/net/ipv4/tcp_adv_win_scale does not exist.
-
-#nuttcp -T 10 -t 192.168.99.1
-#if test $? != 0;then
-#	kill -INT $PID
-#	echo "Cannot send to ocserv"
-#	stop
-#fi
-
-#nuttcp -T 10 -r 192.168.99.1
-#if test $? != 0;then
-#	kill -INT $PID
-#	echo "Cannot recv from ocserv"
-#	stop
-#fi
-sleep 2
-
-kill -INT $PID
-
-sleep 4
-
-#check whether /tmp/disconnect/ok was created
-check_for_file /tmp/disconnect/not-ok
-if test $? = 0;then
-	echo "There was an issue"
-	stop
-fi
-
-check_for_file /tmp/disconnect/ok
-if test $? != 0;then
-	echo "There was an issue getting stats"
-	ret=77
-fi
-
-$DOCKER stop test_unix
-$DOCKER rm test_unix
-
-exit $ret