mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2024-09-21 10:27:19 +00:00
ignore querystring while dispatching
Signed-off-by: johnson <10619522-OnFIs@users.noreply.gitlab.com>
This commit is contained in:
parent
d98a06e143
commit
eadebbbd71
@ -71,6 +71,8 @@ Ubuntu16.04:
|
||||
- autoreconf -fvi
|
||||
- ./configure --without-nuttcp-tests
|
||||
- make -j$JOBS
|
||||
# ubuntu16.04 openconnect doesn't support pin-sha256
|
||||
- find ./tests/ -maxdepth 1 -type f -exec sed -i 's@pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=@2c46d7319df419c92ad59e38f0bb9681c088f1dc@g' '{}' ';'
|
||||
# this version of openconnect doesn't work with IPv6 only
|
||||
- make check -j$JOBS XFAIL_TESTS="ipv6-iface ipv6-small-net"
|
||||
tags:
|
||||
|
4
NEWS
4
NEWS
@ -1,3 +1,7 @@
|
||||
* Version 1.1.8 (unreleased)
|
||||
- Added "Camouflage" functionality that makes ocserv look
|
||||
like a web server to unauthorized parties.
|
||||
|
||||
* Version 1.1.7 (released 2023-05-07)
|
||||
- Emit a LOG_ERR error message with plain authentication fails
|
||||
- The bundled inih was updated to r56.
|
||||
|
16
README.md
16
README.md
@ -33,11 +33,11 @@ configuration while ocserv-main will use the previous configuration.
|
||||
# Required
|
||||
apt-get install -y libgnutls28-dev libev-dev
|
||||
# Optional functionality and testing
|
||||
apt get install -y libpam0g-dev liblz4-dev libseccomp-dev \
|
||||
apt-get install -y libpam0g-dev liblz4-dev libseccomp-dev \
|
||||
libreadline-dev libnl-route-3-dev libkrb5-dev libradcli-dev \
|
||||
libcurl4-gnutls-dev libcjose-dev libjansson-dev libprotobuf-c-dev \
|
||||
libtalloc-dev libhttp-parser-dev protobuf-c-compiler gperf \
|
||||
nuttcp lcov libuid-wrapper libpam-wrapper libnss-wrapper \
|
||||
libcurl4-gnutls-dev libcjose-dev libjansson-dev liboath-dev \
|
||||
libprotobuf-c-dev libtalloc-dev libhttp-parser-dev protobuf-c-compiler \
|
||||
gperf nuttcp lcov libuid-wrapper libpam-wrapper libnss-wrapper \
|
||||
libsocket-wrapper gss-ntlmssp haproxy iputils-ping freeradius \
|
||||
gawk gnutls-bin iproute2 yajl-tools tcpdump
|
||||
```
|
||||
@ -49,10 +49,10 @@ yum install -y gnutls-devel libev-devel
|
||||
# Optional functionality and testing
|
||||
yum install -y pam-devel lz4-devel libseccomp-devel readline-devel \
|
||||
libnl3-devel krb5-devel radcli-devel libcurl-devel cjose-devel \
|
||||
jansson-devel protobuf-c-devel libtalloc-devel http-parser-devel \
|
||||
protobuf-c gperf nuttcp lcov uid_wrapper pam_wrapper nss_wrapper \
|
||||
socket_wrapper gssntlmssp haproxy iputils freeradius gawk \
|
||||
gnutls-utils iproute yajl tcpdump
|
||||
jansson-devel liboath-devel protobuf-c-devel libtalloc-devel \
|
||||
http-parser-devel protobuf-c gperf nuttcp lcov uid_wrapper \
|
||||
pam_wrapper nss_wrapper socket_wrapper gssntlmssp haproxy iputils \
|
||||
freeradius gawk gnutls-utils iproute yajl tcpdump
|
||||
```
|
||||
|
||||
See [README-radius](doc/README-radius.md) for more information on Radius
|
||||
|
@ -10,7 +10,8 @@ is used by several CISCO routers.
|
||||
|
||||
## DESCRIPTION
|
||||
This a standalone server that reads a configuration file (see below for more details),
|
||||
and waits for client connections. Log messages are redirected to daemon facility.
|
||||
and waits for client connections. Log messages are directed to the syslog daemon
|
||||
facility.
|
||||
|
||||
The server maintains two connections/channels with the client. The main VPN
|
||||
channel is established over TCP, HTTP and TLS. This is the control channel as well
|
||||
|
@ -704,6 +704,24 @@ dtls-legacy = true
|
||||
# currently only understood by Anyconnect clients.
|
||||
client-bypass-protocol = false
|
||||
|
||||
# The following options are related to server camouflage (hidden service)
|
||||
|
||||
# This option allows you to enable the camouflage feature of ocserv that makes it look
|
||||
# like a web server to unauthorized parties.
|
||||
# With "camouflage" enabled, connection to the VPN can be established only if the client provided a specific
|
||||
# "secret string" in the connection URL, e.g. "https://example.com/?mysecretkey",
|
||||
# otherwise the server will return HTTP error for all requests.
|
||||
camouflage = false
|
||||
|
||||
# The URL prefix that should be set on the client (after '?' sign) to pass through the camouflage check,
|
||||
# e.g. in case of 'mysecretkey', the server URL on the client should be like "https://example.com/?mysecretkey".
|
||||
camouflage_secret = "mysecretkey"
|
||||
|
||||
# Defines the realm (browser prompt) for HTTP authentication.
|
||||
# If no realm is set, the server will return 404 Not found error instead of 401 Unauthorized.
|
||||
# Better change it from the default value to avoid fingerprinting.
|
||||
camouflage_realm = "Restricted Content"
|
||||
|
||||
#Advanced options
|
||||
|
||||
# Option to allow sending arbitrary custom headers to the client after
|
||||
|
@ -81,7 +81,6 @@ fail1:
|
||||
|
||||
static void pam_acct_close_session(void *vctx, unsigned auth_method, const struct common_acct_info_st *ai, stats_st *stats, unsigned status)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
const struct acct_mod_st pam_acct_funcs = {
|
||||
|
@ -105,8 +105,6 @@ static void append_stats(rc_handle *rh, VALUE_PAIR **send, stats_st *stats)
|
||||
|
||||
uout = stats->bytes_out / 4294967296;
|
||||
rc_avpair_add(rh, send, PW_ACCT_OUTPUT_GIGAWORDS, &uout, -1, 0);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void append_acct_standard(struct radius_vhost_ctx *vctx, rc_handle *rh, const common_acct_info_st *ai, VALUE_PAIR **send)
|
||||
@ -163,8 +161,6 @@ static void append_acct_standard(struct radius_vhost_ctx *vctx, rc_handle *rh, c
|
||||
|
||||
i = PW_RADIUS;
|
||||
rc_avpair_add(rh, send, PW_ACCT_AUTHENTIC, &i, -1, 0);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void radius_acct_session_stats(void *_vctx, unsigned auth_method, const common_acct_info_st *ai, stats_st *stats)
|
||||
@ -197,7 +193,6 @@ static void radius_acct_session_stats(void *_vctx, unsigned auth_method, const c
|
||||
|
||||
cleanup:
|
||||
rc_avpair_free(send);
|
||||
return;
|
||||
}
|
||||
|
||||
static int radius_acct_open_session(void *_vctx, unsigned auth_method, const common_acct_info_st *ai, const void *sid, unsigned sid_size)
|
||||
@ -287,7 +282,6 @@ static void radius_acct_close_session(void *_vctx, unsigned auth_method, const c
|
||||
|
||||
cleanup:
|
||||
rc_avpair_free(send);
|
||||
return;
|
||||
}
|
||||
|
||||
const struct acct_mod_st radius_acct_funcs = {
|
||||
|
@ -102,7 +102,6 @@ void unix_group_list(void *pool, unsigned gid_min, char ***groupname, unsigned *
|
||||
|
||||
exit:
|
||||
endgrent();
|
||||
return;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -137,7 +137,6 @@ static void gssapi_vhost_init(void **_vctx, void *pool, void *additional)
|
||||
}
|
||||
|
||||
*_vctx = vctx;
|
||||
return;
|
||||
}
|
||||
|
||||
static void gssapi_vhost_deinit(void *_vctx)
|
||||
|
@ -112,8 +112,6 @@ static void oidc_vhost_init(void **vctx, void *pool, void *additional)
|
||||
}
|
||||
|
||||
*vctx = (void *)vc;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void oidc_vhost_deinit(void *ctx)
|
||||
|
@ -76,56 +76,56 @@ static int ocserv_conv(int msg_size, const struct pam_message **msg,
|
||||
|
||||
for (i=0;i<msg_size;i++) {
|
||||
switch (msg[i]->msg_style) {
|
||||
case PAM_ERROR_MSG:
|
||||
case PAM_TEXT_INFO:
|
||||
syslog(LOG_DEBUG, "PAM-auth conv info: %s", msg[i]->msg);
|
||||
case PAM_ERROR_MSG:
|
||||
case PAM_TEXT_INFO:
|
||||
syslog(LOG_DEBUG, "PAM-auth conv info: %s", msg[i]->msg);
|
||||
|
||||
// That should never happen, but also not a big deal if we fail to add message here.
|
||||
// coverity[check_return : FALSE]
|
||||
// That should never happen, but also not a big deal if we fail to add message here.
|
||||
// coverity[check_return : FALSE]
|
||||
ret = str_append_str(&pctx->msg, msg[i]->msg);
|
||||
if (ret >= 0)
|
||||
ret = str_append_data(&pctx->msg, " ", 1);
|
||||
|
||||
if (ret < 0) {
|
||||
syslog(LOG_ERR, "Error in memory allocation in PAM");
|
||||
return PAM_BUF_ERR;
|
||||
}
|
||||
|
||||
pctx->sent_msg = 1;
|
||||
break;
|
||||
case PAM_PROMPT_ECHO_OFF:
|
||||
case PAM_PROMPT_ECHO_ON:
|
||||
if (pctx->sent_msg == 0) {
|
||||
/* no message, just asking for password */
|
||||
str_reset(&pctx->msg);
|
||||
pctx->sent_msg = 1;
|
||||
|
||||
}
|
||||
|
||||
if (msg[i]->msg) {
|
||||
ret = str_append_str(&pctx->msg, msg[i]->msg);
|
||||
if (ret >= 0)
|
||||
ret = str_append_data(&pctx->msg, " ", 1);
|
||||
|
||||
if (ret < 0) {
|
||||
syslog(LOG_ERR, "Error in memory allocation in PAM");
|
||||
return PAM_BUF_ERR;
|
||||
}
|
||||
}
|
||||
|
||||
pctx->sent_msg = 1;
|
||||
break;
|
||||
case PAM_PROMPT_ECHO_OFF:
|
||||
case PAM_PROMPT_ECHO_ON:
|
||||
if (pctx->sent_msg == 0) {
|
||||
/* no message, just asking for password */
|
||||
str_reset(&pctx->msg);
|
||||
pctx->sent_msg = 1;
|
||||
syslog(LOG_DEBUG, "PAM-auth conv: echo-%s, msg: '%s'", (msg[i]->msg_style==PAM_PROMPT_ECHO_ON)?"on":"off", msg[i]->msg!=NULL?msg[i]->msg:"");
|
||||
|
||||
pctx->state = PAM_S_WAIT_FOR_PASS;
|
||||
pctx->cr_ret = PAM_SUCCESS;
|
||||
co_resume();
|
||||
pctx->state = PAM_S_INIT;
|
||||
|
||||
if (pctx->password[0] != 0) {
|
||||
pctx->replies[i].resp = strdup(pctx->password);
|
||||
if (pctx->replies[i].resp == NULL) {
|
||||
syslog(LOG_ERR, "Error in memory allocation in PAM");
|
||||
return PAM_BUF_ERR;
|
||||
}
|
||||
|
||||
if (msg[i]->msg) {
|
||||
ret = str_append_str(&pctx->msg, msg[i]->msg);
|
||||
if (ret < 0) {
|
||||
syslog(LOG_ERR, "Error in memory allocation in PAM");
|
||||
return PAM_BUF_ERR;
|
||||
}
|
||||
}
|
||||
|
||||
syslog(LOG_DEBUG, "PAM-auth conv: echo-%s, msg: '%s'", (msg[i]->msg_style==PAM_PROMPT_ECHO_ON)?"on":"off", msg[i]->msg!=NULL?msg[i]->msg:"");
|
||||
|
||||
pctx->state = PAM_S_WAIT_FOR_PASS;
|
||||
pctx->cr_ret = PAM_SUCCESS;
|
||||
co_resume();
|
||||
pctx->state = PAM_S_INIT;
|
||||
|
||||
if (pctx->password[0] != 0) {
|
||||
pctx->replies[i].resp = strdup(pctx->password);
|
||||
if (pctx->replies[i].resp == NULL) {
|
||||
syslog(LOG_ERR, "Error in memory allocation in PAM");
|
||||
return PAM_BUF_ERR;
|
||||
}
|
||||
}
|
||||
pctx->sent_msg = 0;
|
||||
break;
|
||||
}
|
||||
pctx->sent_msg = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -76,7 +76,6 @@ static void plain_vhost_init(void **vctx, void *pool, void *additional)
|
||||
#ifdef HAVE_LIBOATH
|
||||
oath_init();
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
||||
/* Breaks a list of "xxx", "yyy", to a character array, of
|
||||
@ -483,7 +482,6 @@ static void plain_group_list(void *pool, void *additional, char ***groupname, un
|
||||
htable_clear(&hash);
|
||||
safe_memset(line, 0, sizeof(line));
|
||||
fclose(fp);
|
||||
return;
|
||||
}
|
||||
|
||||
const struct auth_mod_st plain_auth_funcs = {
|
||||
|
@ -32,7 +32,6 @@ void oc_base64_encode (const char *restrict in, size_t inlen,
|
||||
}
|
||||
base64_encode_raw((void*)out, inlen, (uint8_t*)in);
|
||||
out[raw] = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -76,20 +76,20 @@ char *calc_safe_id(const uint8_t *data, unsigned size, char *output, unsigned ou
|
||||
const char *ps_status_to_str(int status, unsigned cookie)
|
||||
{
|
||||
switch (status) {
|
||||
case PS_AUTH_COMPLETED:
|
||||
if (cookie)
|
||||
return "authenticated";
|
||||
else
|
||||
return "connected";
|
||||
case PS_AUTH_INIT:
|
||||
case PS_AUTH_CONT:
|
||||
return "authenticating";
|
||||
case PS_AUTH_INACTIVE:
|
||||
return "pre-auth";
|
||||
case PS_AUTH_FAILED:
|
||||
return "auth failed";
|
||||
default:
|
||||
return "unknown";
|
||||
case PS_AUTH_COMPLETED:
|
||||
if (cookie)
|
||||
return "authenticated";
|
||||
else
|
||||
return "connected";
|
||||
case PS_AUTH_INIT:
|
||||
case PS_AUTH_CONT:
|
||||
return "authenticating";
|
||||
case PS_AUTH_INACTIVE:
|
||||
return "pre-auth";
|
||||
case PS_AUTH_FAILED:
|
||||
return "auth failed";
|
||||
default:
|
||||
return "unknown";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -103,7 +103,7 @@ int check_upeer_id(const char *mod, int debug, int cfd, uid_t uid, uid_t gid, ui
|
||||
syslog(LOG_ERR,
|
||||
"%s: received unauthorized request from pid %u and uid %u",
|
||||
mod, (unsigned)cr.pid, (unsigned)cr.uid);
|
||||
return -1;
|
||||
return -1;
|
||||
}
|
||||
#elif defined(HAVE_GETPEEREID)
|
||||
uid_t euid;
|
||||
|
@ -102,8 +102,6 @@ void parse_kkdcp_string(char *str, int *socktype, char **_port, char **_server,
|
||||
*_realm = realm;
|
||||
*_path = path;
|
||||
*_server = server;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
149
src/config.c
149
src/config.c
@ -75,31 +75,35 @@ static void check_cfg(vhost_cfg_st *vhost, vhost_cfg_st *defvhost, unsigned sile
|
||||
#define WARNSTR "warning: "
|
||||
#define NOTESTR "note: "
|
||||
|
||||
#define READ_MULTI_LINE(varname, num) { \
|
||||
if (_add_multi_line_val(pool, &varname, &num, value) < 0) { \
|
||||
fprintf(stderr, ERRSTR"memory\n"); \
|
||||
exit(EXIT_FAILURE); \
|
||||
}}
|
||||
|
||||
#define READ_MULTI_BRACKET_LINE(varname, varname2, num) { \
|
||||
if (varname == NULL || varname2 == NULL) { \
|
||||
num = 0; \
|
||||
varname = talloc_size(pool, sizeof(char*)*DEFAULT_CONFIG_ENTRIES); \
|
||||
varname2 = talloc_size(pool, sizeof(char*)*DEFAULT_CONFIG_ENTRIES); \
|
||||
if (varname == NULL || varname2 == NULL) { \
|
||||
#define READ_MULTI_LINE(varname, num) \
|
||||
do { \
|
||||
if (_add_multi_line_val(pool, &varname, &num, value) < 0) { \
|
||||
fprintf(stderr, ERRSTR"memory\n"); \
|
||||
exit(EXIT_FAILURE); \
|
||||
} \
|
||||
} \
|
||||
if (num < DEFAULT_CONFIG_ENTRIES) { \
|
||||
char *xp; \
|
||||
varname[num] = talloc_strdup(pool, value); \
|
||||
xp = strchr(varname[num], '['); if (xp != NULL) *xp = 0; \
|
||||
varname2[num] = get_brackets_string1(pool, value); \
|
||||
num++; \
|
||||
varname[num] = NULL; \
|
||||
varname2[num] = NULL; \
|
||||
}}
|
||||
} while (0)
|
||||
|
||||
#define READ_MULTI_BRACKET_LINE(varname, varname2, num) \
|
||||
do { \
|
||||
if (varname == NULL || varname2 == NULL) { \
|
||||
num = 0; \
|
||||
varname = talloc_size(pool, sizeof(char*)*DEFAULT_CONFIG_ENTRIES); \
|
||||
varname2 = talloc_size(pool, sizeof(char*)*DEFAULT_CONFIG_ENTRIES); \
|
||||
if (varname == NULL || varname2 == NULL) { \
|
||||
fprintf(stderr, ERRSTR"memory\n"); \
|
||||
exit(EXIT_FAILURE); \
|
||||
} \
|
||||
} \
|
||||
if (num < DEFAULT_CONFIG_ENTRIES) { \
|
||||
char *xp; \
|
||||
varname[num] = talloc_strdup(pool, value); \
|
||||
xp = strchr(varname[num], '['); if (xp != NULL) *xp = 0; \
|
||||
varname2[num] = get_brackets_string1(pool, value); \
|
||||
num++; \
|
||||
varname[num] = NULL; \
|
||||
varname2[num] = NULL; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
#define PREAD_STRING(pool, varname) { \
|
||||
unsigned len = strlen(value); \
|
||||
@ -115,25 +119,28 @@ static void check_cfg(vhost_cfg_st *vhost, vhost_cfg_st *defvhost, unsigned sile
|
||||
strlcpy(varname, value, sizeof(varname)); \
|
||||
}
|
||||
|
||||
#define READ_TF(varname) {\
|
||||
if (c_strcasecmp(value, "true") == 0 || c_strcasecmp(value, "yes") == 0) \
|
||||
varname = 1; \
|
||||
else \
|
||||
varname = 0; \
|
||||
}
|
||||
#define READ_TF(varname) \
|
||||
do { \
|
||||
if (c_strcasecmp(value, "true") == 0 || c_strcasecmp(value, "yes") == 0) \
|
||||
varname = 1; \
|
||||
else \
|
||||
varname = 0; \
|
||||
} while (0)
|
||||
|
||||
#define READ_NUMERIC(varname) { \
|
||||
varname = strtol(value, NULL, 10); \
|
||||
}
|
||||
|
||||
#define READ_PRIO_TOS(varname) \
|
||||
if (strncmp(value, "0x", 2) == 0) { \
|
||||
varname = strtol(value, NULL, 16); \
|
||||
varname = TOS_PACK(varname); \
|
||||
} else { \
|
||||
varname = strtol(value, NULL, 10); \
|
||||
varname++; \
|
||||
}
|
||||
do { \
|
||||
if (strncmp(value, "0x", 2) == 0) { \
|
||||
varname = strtol(value, NULL, 16); \
|
||||
varname = TOS_PACK(varname); \
|
||||
} else { \
|
||||
varname = strtol(value, NULL, 10); \
|
||||
varname++; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
struct snapshot_t * config_snapshot = NULL;
|
||||
|
||||
@ -440,7 +447,7 @@ char *sanitize_config_value(void *pool, const char *value)
|
||||
if (len < 0)
|
||||
return NULL;
|
||||
|
||||
return talloc_strndup(pool, &value[i], len); \
|
||||
return talloc_strndup(pool, &value[i], len);
|
||||
|
||||
}
|
||||
|
||||
@ -489,8 +496,6 @@ static void append_iroutes_from_file(struct cfg_st *config, const char *file)
|
||||
if (ip_route_sanity_check(config->known_iroutes, &config->known_iroutes[j]) != 0)
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void load_iroutes(struct cfg_st *config)
|
||||
@ -1124,6 +1129,12 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, co
|
||||
READ_STRING(config->default_user_conf);
|
||||
} else if (strcmp(name, "default-group-config") == 0) {
|
||||
READ_STRING(config->default_group_conf);
|
||||
} else if (strcmp(name, "camouflage") == 0) {
|
||||
READ_TF(config->camouflage);
|
||||
} else if (strcmp(name, "camouflage_secret") == 0) {
|
||||
READ_STRING(config->camouflage_secret);
|
||||
} else if (strcmp(name, "camouflage_realm") == 0) {
|
||||
READ_STRING(config->camouflage_realm);
|
||||
} else {
|
||||
if (reload == 0)
|
||||
fprintf(stderr, WARNSTR"skipping unknown option '%s'\n", name);
|
||||
@ -1610,33 +1621,33 @@ int cmd_parser (void *pool, int argc, char **argv, struct list_head *head, bool
|
||||
break;
|
||||
|
||||
switch(c) {
|
||||
case 'f':
|
||||
vhost->perm_config.foreground = 1;
|
||||
break;
|
||||
case 'p':
|
||||
strlcpy(pid_file, optarg, sizeof(pid_file));
|
||||
break;
|
||||
case 'c':
|
||||
strlcpy(cfg_file, optarg, sizeof(cfg_file));
|
||||
break;
|
||||
case 'd':
|
||||
vhost->perm_config.debug = atoi(optarg);
|
||||
break;
|
||||
case 't':
|
||||
test_only = 1;
|
||||
break;
|
||||
case OPT_NO_CHDIR:
|
||||
vhost->perm_config.no_chdir = 1;
|
||||
break;
|
||||
case 'h':
|
||||
usage();
|
||||
exit(EXIT_SUCCESS);
|
||||
case 'v':
|
||||
print_version();
|
||||
exit(EXIT_SUCCESS);
|
||||
case 'x':
|
||||
vhost->perm_config.pr_dumpable = 1;
|
||||
break;
|
||||
case 'f':
|
||||
vhost->perm_config.foreground = 1;
|
||||
break;
|
||||
case 'p':
|
||||
strlcpy(pid_file, optarg, sizeof(pid_file));
|
||||
break;
|
||||
case 'c':
|
||||
strlcpy(cfg_file, optarg, sizeof(cfg_file));
|
||||
break;
|
||||
case 'd':
|
||||
vhost->perm_config.debug = atoi(optarg);
|
||||
break;
|
||||
case 't':
|
||||
test_only = 1;
|
||||
break;
|
||||
case OPT_NO_CHDIR:
|
||||
vhost->perm_config.no_chdir = 1;
|
||||
break;
|
||||
case 'h':
|
||||
usage();
|
||||
exit(EXIT_SUCCESS);
|
||||
case 'v':
|
||||
print_version();
|
||||
exit(EXIT_SUCCESS);
|
||||
case 'x':
|
||||
vhost->perm_config.pr_dumpable = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1688,8 +1699,6 @@ static void archive_cfg(struct list_head *head)
|
||||
list_add(&vhost->perm_config.attic, &e->list);
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void clear_cfg(struct list_head *head)
|
||||
@ -1701,8 +1710,6 @@ static void clear_cfg(struct list_head *head)
|
||||
talloc_free(cpos->perm_config.config);
|
||||
cpos->perm_config.config = NULL;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void clear_vhosts(struct list_head *head)
|
||||
@ -1715,8 +1722,6 @@ void clear_vhosts(struct list_head *head)
|
||||
talloc_free(vhost->perm_config.config);
|
||||
vhost->perm_config.config = NULL;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void append(const char *option)
|
||||
@ -1795,8 +1800,6 @@ void reload_cfg_file(void *pool, struct list_head *configs, unsigned sec_mod)
|
||||
|
||||
/* parse the config again */
|
||||
parse_cfg_file(pool, cfg_file, configs, flags);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void write_pid_file(void)
|
||||
|
@ -1298,7 +1298,7 @@ reexecute:
|
||||
}
|
||||
break;
|
||||
|
||||
/* Connection */
|
||||
/* connection */
|
||||
|
||||
case h_matching_connection:
|
||||
parser->index++;
|
||||
@ -1310,7 +1310,7 @@ reexecute:
|
||||
}
|
||||
break;
|
||||
|
||||
/* Proxy-Connection */
|
||||
/* proxy-connection */
|
||||
|
||||
case h_matching_proxy_connection:
|
||||
parser->index++;
|
||||
@ -1322,7 +1322,7 @@ reexecute:
|
||||
}
|
||||
break;
|
||||
|
||||
/* Content-Length */
|
||||
/* content-length */
|
||||
|
||||
case h_matching_content_length:
|
||||
parser->index++;
|
||||
@ -1334,7 +1334,7 @@ reexecute:
|
||||
}
|
||||
break;
|
||||
|
||||
/* Transfer-Encoding */
|
||||
/* transfer-encoding */
|
||||
|
||||
case h_matching_transfer_encoding:
|
||||
parser->index++;
|
||||
@ -1347,7 +1347,7 @@ reexecute:
|
||||
}
|
||||
break;
|
||||
|
||||
/* Upgrade */
|
||||
/* upgrade */
|
||||
|
||||
case h_matching_upgrade:
|
||||
parser->index++;
|
||||
@ -1803,7 +1803,7 @@ reexecute:
|
||||
REEXECUTE();
|
||||
}
|
||||
|
||||
/* Cannot use Transfer-Encoding and Content-Length headers together
|
||||
/* Cannot use transfer-encoding and a content-length header together
|
||||
per the HTTP specification. (RFC 7230 Section 3.3.3) */
|
||||
if ((parser->uses_transfer_encoding == 1) &&
|
||||
(parser->flags & F_CONTENTLENGTH)) {
|
||||
@ -1928,7 +1928,7 @@ reexecute:
|
||||
UPDATE_STATE(s_body_identity);
|
||||
} else {
|
||||
if (!http_message_needs_eof(parser)) {
|
||||
/* Assume Content-Length 0 - read the next */
|
||||
/* Assume content-length 0 - read the next */
|
||||
UPDATE_STATE(NEW_MESSAGE());
|
||||
CALLBACK_NOTIFY(message_complete);
|
||||
} else {
|
||||
|
@ -62,8 +62,6 @@ struct htable_iter iter;
|
||||
cache = htable_next(&db->ht, &iter);
|
||||
}
|
||||
htable_clear(&db->ht);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static size_t rehash(const void* _e, void* unused)
|
||||
@ -168,9 +166,9 @@ static int is_ipv4_ok(main_server_st *s, struct sockaddr_storage *ip, struct soc
|
||||
}
|
||||
|
||||
if (ip_lease_exists(s, ip, sizeof(struct sockaddr_in)) != 0 ||
|
||||
ip_cmp(ip, net) == 0 ||
|
||||
ip_cmp(ip, &broadcast) == 0) {
|
||||
return 0;
|
||||
ip_cmp(ip, net) == 0 ||
|
||||
ip_cmp(ip, &broadcast) == 0) {
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
68
src/log.c
68
src/log.c
@ -35,35 +35,35 @@
|
||||
static unsigned check_priority(int *priority, int debug_prio)
|
||||
{
|
||||
switch(*priority) {
|
||||
case LOG_ERR:
|
||||
case LOG_WARNING:
|
||||
case LOG_NOTICE:
|
||||
break;
|
||||
case LOG_DEBUG:
|
||||
if (debug_prio < DEBUG_DEBUG)
|
||||
return 0;
|
||||
break;
|
||||
case LOG_INFO:
|
||||
if (debug_prio < DEBUG_INFO)
|
||||
return 0;
|
||||
break;
|
||||
case LOG_HTTP_DEBUG:
|
||||
if (debug_prio < DEBUG_HTTP)
|
||||
return 0;
|
||||
*priority = LOG_INFO;
|
||||
break;
|
||||
case LOG_TRANSFER_DEBUG:
|
||||
if (debug_prio < DEBUG_TRANSFERRED)
|
||||
return 0;
|
||||
*priority = LOG_DEBUG;
|
||||
break;
|
||||
case LOG_SENSITIVE:
|
||||
if (debug_prio < DEBUG_SENSITIVE)
|
||||
return 0;
|
||||
*priority = LOG_DEBUG;
|
||||
break;
|
||||
default:
|
||||
syslog(LOG_DEBUG, "unknown log level %d", *priority);
|
||||
case LOG_ERR:
|
||||
case LOG_WARNING:
|
||||
case LOG_NOTICE:
|
||||
break;
|
||||
case LOG_DEBUG:
|
||||
if (debug_prio < DEBUG_DEBUG)
|
||||
return 0;
|
||||
break;
|
||||
case LOG_INFO:
|
||||
if (debug_prio < DEBUG_INFO)
|
||||
return 0;
|
||||
break;
|
||||
case LOG_HTTP_DEBUG:
|
||||
if (debug_prio < DEBUG_HTTP)
|
||||
return 0;
|
||||
*priority = LOG_INFO;
|
||||
break;
|
||||
case LOG_TRANSFER_DEBUG:
|
||||
if (debug_prio < DEBUG_TRANSFERRED)
|
||||
return 0;
|
||||
*priority = LOG_DEBUG;
|
||||
break;
|
||||
case LOG_SENSITIVE:
|
||||
if (debug_prio < DEBUG_SENSITIVE)
|
||||
return 0;
|
||||
*priority = LOG_DEBUG;
|
||||
break;
|
||||
default:
|
||||
syslog(LOG_DEBUG, "unknown log level %d", *priority);
|
||||
}
|
||||
|
||||
return 1;
|
||||
@ -105,8 +105,6 @@ void __attribute__ ((format(printf, 3, 4)))
|
||||
name[0] = 0;
|
||||
|
||||
syslog(priority, "worker%s: %s %s", name, ip?ip:"[unknown]", buf);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/* proc is optional */
|
||||
@ -151,8 +149,6 @@ void __attribute__ ((format(printf, 4, 5)))
|
||||
name[0] = 0;
|
||||
|
||||
syslog(priority, "main%s:%s %s", name, ip?ip:"[unknown]", buf);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void mslog_hex(const main_server_st * s, const struct proc_st* proc,
|
||||
@ -182,8 +178,6 @@ void mslog_hex(const main_server_st * s, const struct proc_st* proc,
|
||||
}
|
||||
|
||||
_mslog(s, proc, priority, "%s %s", prefix, buf);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void oclog_hex(const worker_st* ws, int priority,
|
||||
@ -213,8 +207,6 @@ void oclog_hex(const worker_st* ws, int priority,
|
||||
}
|
||||
|
||||
_oclog(ws, priority, "%s %s", prefix, buf);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void seclog_hex(const struct sec_mod_st* sec, int priority,
|
||||
@ -238,6 +230,4 @@ void seclog_hex(const struct sec_mod_st* sec, int priority,
|
||||
}
|
||||
|
||||
seclog(sec, priority, "%s %s", prefix, buf);
|
||||
|
||||
return;
|
||||
}
|
||||
|
@ -241,8 +241,6 @@ static void method_status(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending ctl reply");
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_reload(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
@ -263,8 +261,6 @@ static void method_reload(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending ctl reply");
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_stop(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
@ -285,8 +281,6 @@ static void method_stop(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending ctl reply");
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#define IPBUF_SIZE 64
|
||||
@ -479,7 +473,7 @@ static void method_list_users(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR,
|
||||
"error appending user info to reply");
|
||||
goto error;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -489,9 +483,6 @@ static void method_list_users(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending ctl reply");
|
||||
}
|
||||
|
||||
error:
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_top(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
@ -557,7 +548,7 @@ static void method_list_banned(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR,
|
||||
"error appending ban info to reply");
|
||||
goto error;
|
||||
return;
|
||||
}
|
||||
e = htable_next(db, &iter);
|
||||
}
|
||||
@ -568,9 +559,6 @@ static void method_list_banned(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending ban list reply");
|
||||
}
|
||||
|
||||
error:
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_list_cookies(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
@ -655,7 +643,6 @@ reply_and_exit:
|
||||
if (cookies) {
|
||||
talloc_free(cookies);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
static void single_info_common(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
@ -686,7 +673,7 @@ static void single_info_common(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR,
|
||||
"error appending user info to reply");
|
||||
goto error;
|
||||
return;
|
||||
}
|
||||
|
||||
found_user = 1;
|
||||
@ -709,9 +696,6 @@ static void single_info_common(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending ctl reply");
|
||||
}
|
||||
|
||||
error:
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_user_info(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
@ -729,8 +713,6 @@ static void method_user_info(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
|
||||
single_info_common(ctx, cfd, msg, msg_size, req->username, 0);
|
||||
username_req__free_unpacked(req, NULL);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_id_info(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
@ -748,8 +730,6 @@ static void method_id_info(method_ctx *ctx, int cfd, uint8_t * msg,
|
||||
|
||||
single_info_common(ctx, cfd, msg, msg_size, NULL, req->id);
|
||||
id_req__free_unpacked(req, NULL);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_unban_ip(method_ctx *ctx,
|
||||
@ -781,8 +761,6 @@ static void method_unban_ip(method_ctx *ctx,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending unban IP ctl reply");
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_disconnect_user_name(method_ctx *ctx,
|
||||
@ -820,8 +798,6 @@ static void method_disconnect_user_name(method_ctx *ctx,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending ctl reply");
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void method_disconnect_user_id(method_ctx *ctx, int cfd,
|
||||
@ -861,8 +837,6 @@ static void method_disconnect_user_id(method_ctx *ctx, int cfd,
|
||||
if (ret < 0) {
|
||||
mslog(ctx->s, NULL, LOG_ERR, "error sending ctl reply");
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
struct ctl_watcher_st {
|
||||
@ -919,7 +893,6 @@ static void ctl_cmd_wacher_cb(EV_P_ ev_io *w, int revents)
|
||||
close(wst->fd);
|
||||
ev_io_stop(EV_A_ w);
|
||||
talloc_free(wst);
|
||||
return;
|
||||
}
|
||||
|
||||
static void ctl_handle_commands(main_server_st * s)
|
||||
|
@ -50,11 +50,13 @@
|
||||
#define OCSERV_FW_SCRIPT "/usr/bin/ocserv-fw"
|
||||
|
||||
#define APPEND_TO_STR(str, val) \
|
||||
ret = str_append_str(str, val); \
|
||||
if (ret < 0) { \
|
||||
mslog(s, proc, LOG_ERR, "could not append value to environment\n"); \
|
||||
exit(EXIT_FAILURE); \
|
||||
}
|
||||
do { \
|
||||
ret = str_append_str(str, val); \
|
||||
if (ret < 0) { \
|
||||
mslog(s, proc, LOG_ERR, "could not append value to environment\n"); \
|
||||
exit(EXIT_FAILURE); \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
typedef enum script_type_t {
|
||||
SCRIPT_CONNECT,
|
||||
@ -199,26 +201,26 @@ static void export_fw_info(main_server_st *s, struct proc_st* proc)
|
||||
negate = 1;
|
||||
|
||||
switch(proc->config->fw_ports[i]->proto) {
|
||||
case PROTO_UDP:
|
||||
ret = str_append_printf(&str_common, "udp %u ", proc->config->fw_ports[i]->port);
|
||||
break;
|
||||
case PROTO_TCP:
|
||||
ret = str_append_printf(&str_common, "tcp %u ", proc->config->fw_ports[i]->port);
|
||||
break;
|
||||
case PROTO_SCTP:
|
||||
ret = str_append_printf(&str_common, "sctp %u ", proc->config->fw_ports[i]->port);
|
||||
break;
|
||||
case PROTO_ICMP:
|
||||
ret = str_append_printf(&str_common, "icmp all ");
|
||||
break;
|
||||
case PROTO_ESP:
|
||||
ret = str_append_printf(&str_common, "esp all ");
|
||||
break;
|
||||
case PROTO_ICMPv6:
|
||||
ret = str_append_printf(&str_common, "icmpv6 all ");
|
||||
break;
|
||||
default:
|
||||
ret = -1;
|
||||
case PROTO_UDP:
|
||||
ret = str_append_printf(&str_common, "udp %u ", proc->config->fw_ports[i]->port);
|
||||
break;
|
||||
case PROTO_TCP:
|
||||
ret = str_append_printf(&str_common, "tcp %u ", proc->config->fw_ports[i]->port);
|
||||
break;
|
||||
case PROTO_SCTP:
|
||||
ret = str_append_printf(&str_common, "sctp %u ", proc->config->fw_ports[i]->port);
|
||||
break;
|
||||
case PROTO_ICMP:
|
||||
ret = str_append_printf(&str_common, "icmp all ");
|
||||
break;
|
||||
case PROTO_ESP:
|
||||
ret = str_append_printf(&str_common, "esp all ");
|
||||
break;
|
||||
case PROTO_ICMPv6:
|
||||
ret = str_append_printf(&str_common, "icmpv6 all ");
|
||||
break;
|
||||
default:
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
|
@ -72,7 +72,7 @@
|
||||
#ifdef HAVE_GSSAPI
|
||||
# include <libtasn1.h>
|
||||
|
||||
extern const ASN1_ARRAY_TYPE kkdcp_asn1_tab[];
|
||||
extern const asn1_static_node kkdcp_asn1_tab[];
|
||||
asn1_node _kkdcp_pkix1_asn = NULL;
|
||||
#endif
|
||||
|
||||
@ -431,8 +431,6 @@ int y;
|
||||
set_mtu_disc(fd, family, 1);
|
||||
}
|
||||
set_cloexec_flag (fd, 1);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/* clears the server listen_list and proc_list. To be used after fork().
|
||||
|
@ -62,8 +62,6 @@ void entries_add(void *pool, const char* user, unsigned user_size, unsigned id)
|
||||
snprintf(entries[entries_size].id, sizeof(entries[entries_size].id), "%u", id);
|
||||
|
||||
entries_size++;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
char* search_for_user(unsigned idx, const char* match, int match_size)
|
||||
|
@ -113,8 +113,6 @@ void geo_ipv4_lookup(struct in_addr ip, char **country, char **city, char **coor
|
||||
pGeoIP_delete(gi);
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void geo_ipv6_lookup(struct in6_addr *ip, char **country, char **city, char **coord)
|
||||
@ -171,8 +169,6 @@ void geo_ipv6_lookup(struct in6_addr *ip, char **country, char **city, char **co
|
||||
pGeoIP_delete(gi);
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
char *geo_lookup(const char *ip, char *buf, unsigned buf_size)
|
||||
|
@ -57,8 +57,6 @@ void ip_entries_add(void *pool, const char* ip, unsigned ip_size)
|
||||
strlcpy(ip_entries[ip_entries_size].ip, ip, sizeof(ip_entries[ip_entries_size].ip));
|
||||
ip_entries[ip_entries_size].ip_size = ip_size;
|
||||
ip_entries_size++;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
char* search_for_ip(unsigned idx, const char* match, int match_size)
|
||||
|
@ -117,13 +117,10 @@ void print_iface_stats(const char *iface, time_t since, FILE * out, cmd_params_s
|
||||
fprintf(out, " \"Average RX\": \"%s\",\n \"Average TX\": \"%s\"%s\n", buf1, buf2, have_more?",":"");
|
||||
else
|
||||
fprintf(out, "\tAverage bandwidth RX: %s TX: %s\n", buf1, buf2);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#else
|
||||
void print_iface_stats(const char *iface, time_t since, FILE * out, cmd_params_st *params, unsigned have_more)
|
||||
{
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
@ -211,7 +211,7 @@ static char *rl_gets(char *line_read)
|
||||
if (line_read && *line_read)
|
||||
add_history(line_read);
|
||||
|
||||
return (line_read);
|
||||
return line_read;
|
||||
}
|
||||
|
||||
void
|
||||
@ -225,18 +225,14 @@ double data;
|
||||
if (bytes > 1000 && bytes < 1000 * 1000) {
|
||||
data = ((double) bytes) / 1000;
|
||||
snprintf(output, output_size, "%.1f KB%s", data, suffix);
|
||||
return;
|
||||
} else if (bytes >= 1000 * 1000 && bytes < 1000 * 1000 * 1000) {
|
||||
data = ((double) bytes) / (1000 * 1000);
|
||||
snprintf(output, output_size, "%.1f MB%s", data, suffix);
|
||||
return;
|
||||
} else if (bytes >= 1000 * 1000 * 1000) {
|
||||
data = ((double) bytes) / (1000 * 1000 * 1000);
|
||||
snprintf(output, output_size, "%.1f GB%s", data, suffix);
|
||||
return;
|
||||
} else {
|
||||
snprintf(output, output_size, "%lu bytes%s", bytes, suffix);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -245,13 +241,10 @@ time2human(uint64_t microseconds, char* output, unsigned output_size)
|
||||
{
|
||||
if (microseconds < 1000) {
|
||||
snprintf(output, output_size, "<1ms");
|
||||
return;
|
||||
} else if (microseconds < 1000000) {
|
||||
snprintf(output, output_size, "%ldms", microseconds / 1000);
|
||||
return;
|
||||
} else {
|
||||
snprintf(output, output_size, "%lds", microseconds / 1000000);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -499,7 +492,7 @@ static char *command_generator(const char *text, int state)
|
||||
|
||||
name += cmd_start;
|
||||
if (c_strncasecmp(name, text, len) == 0) {
|
||||
return (strdup(name));
|
||||
return strdup(name);
|
||||
}
|
||||
}
|
||||
|
||||
@ -520,7 +513,6 @@ void handle_sigint(int signo)
|
||||
rl_crlf();
|
||||
#endif
|
||||
rl_redisplay();
|
||||
return;
|
||||
}
|
||||
|
||||
void initialize_readline(void)
|
||||
|
@ -50,8 +50,6 @@ void session_entries_add(void *pool, const char* session)
|
||||
|
||||
strlcpy(session_entries[session_entries_size].session, session, sizeof(session_entries[session_entries_size].session));
|
||||
session_entries_size++;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
char* search_for_session(unsigned idx, const char* match, int match_size)
|
||||
|
@ -36,7 +36,7 @@ void print_time_ival7(char output[MAX_TMPSTR_SIZE], time_t t1, time_t t2)
|
||||
{
|
||||
time_t t = t1 - t2;
|
||||
|
||||
if ((long)t < (long)0) {
|
||||
if ((long)t < 0) {
|
||||
/* system clock changed? */
|
||||
snprintf(output, MAX_TMPSTR_SIZE, " ? ");
|
||||
return;
|
||||
|
@ -1426,7 +1426,6 @@ int handle_show_user_cmd(struct unix_ctx *ctx, const char *arg, cmd_params_st *p
|
||||
|
||||
static void dummy_sighandler(int signo)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
|
@ -429,47 +429,47 @@ int main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
switch(c) {
|
||||
case 'c':
|
||||
if (fpasswd) {
|
||||
fprintf(stderr, "-c option cannot be specified multiple time\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
fpasswd = strdup(optarg);
|
||||
break;
|
||||
case 'g':
|
||||
if (groupname) {
|
||||
fprintf(stderr, "-g option cannot be specified multiple time\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
groupname = strdup(optarg);
|
||||
break;
|
||||
case 'd':
|
||||
if (flags) {
|
||||
usage();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
flags |= FLAG_DELETE;
|
||||
break;
|
||||
case 'u':
|
||||
if (flags) {
|
||||
usage();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
flags |= FLAG_UNLOCK;
|
||||
break;
|
||||
case 'l':
|
||||
if (flags) {
|
||||
usage();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
flags |= FLAG_LOCK;
|
||||
break;
|
||||
case 'h':
|
||||
case 'c':
|
||||
if (fpasswd) {
|
||||
fprintf(stderr, "-c option cannot be specified multiple time\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
fpasswd = strdup(optarg);
|
||||
break;
|
||||
case 'g':
|
||||
if (groupname) {
|
||||
fprintf(stderr, "-g option cannot be specified multiple time\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
groupname = strdup(optarg);
|
||||
break;
|
||||
case 'd':
|
||||
if (flags) {
|
||||
usage();
|
||||
exit(EXIT_SUCCESS);
|
||||
case 'v':
|
||||
version();
|
||||
exit(EXIT_SUCCESS);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
flags |= FLAG_DELETE;
|
||||
break;
|
||||
case 'u':
|
||||
if (flags) {
|
||||
usage();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
flags |= FLAG_UNLOCK;
|
||||
break;
|
||||
case 'l':
|
||||
if (flags) {
|
||||
usage();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
flags |= FLAG_LOCK;
|
||||
break;
|
||||
case 'h':
|
||||
usage();
|
||||
exit(EXIT_SUCCESS);
|
||||
case 'v':
|
||||
version();
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -93,7 +93,7 @@ static void co_switch_context(co_ctx_t *octx, co_ctx_t *nctx)
|
||||
if (swapcontext(&octx->cc, &nctx->cc) < 0) {
|
||||
fprintf(stderr, "[PCL] Context switch failed: curr=%p\n",
|
||||
tctx->co_curr);
|
||||
exit(EXIT_FAILURE);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
@ -150,7 +150,7 @@ static void co_ctx_bootstrap(void)
|
||||
|
||||
fprintf(stderr, "[PCL] Hmm, you really shouldn't reach this point: curr=%p\n",
|
||||
tctx->co_curr);
|
||||
exit(EXIT_FAILURE);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
static void co_ctx_trampoline(int sig)
|
||||
@ -418,7 +418,7 @@ void co_delete(coroutine_t coro)
|
||||
if (co == tctx->co_curr) {
|
||||
fprintf(stderr, "[PCL] Cannot delete itself: curr=%p\n",
|
||||
tctx->co_curr);
|
||||
exit(EXIT_FAILURE);
|
||||
exit(1);
|
||||
}
|
||||
if (co->alloc)
|
||||
free(co);
|
||||
@ -455,7 +455,7 @@ static void co_del_helper(void *data)
|
||||
co_delete(tctx->co_curr->caller);
|
||||
co_call((coroutine_t) cdh);
|
||||
if (tctx->co_dhelper == NULL) {
|
||||
exit(EXIT_FAILURE);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -470,7 +470,7 @@ void co_exit_to(coroutine_t coro)
|
||||
tctx->stk, sizeof(tctx->stk))) == NULL) {
|
||||
fprintf(stderr, "[PCL] Unable to create delete helper coroutine: curr=%p\n",
|
||||
tctx->co_curr);
|
||||
exit(EXIT_FAILURE);
|
||||
exit(1);
|
||||
}
|
||||
tctx->co_dhelper = co;
|
||||
|
||||
@ -478,7 +478,7 @@ void co_exit_to(coroutine_t coro)
|
||||
|
||||
fprintf(stderr, "[PCL] Stale coroutine called: curr=%p exitto=%p caller=%p\n",
|
||||
tctx->co_curr, co, tctx->co_curr->caller);
|
||||
exit(EXIT_FAILURE);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
void co_exit(void)
|
||||
|
@ -196,6 +196,4 @@ unsigned i;
|
||||
route_del(s, proc, proc->config->iroutes[i], proc->tun_lease.name);
|
||||
}
|
||||
proc->applied_iroutes = 0;
|
||||
|
||||
return;
|
||||
}
|
||||
|
@ -113,8 +113,6 @@ void sec_mod_add_score_to_ip(sec_mod_st *sec, client_entry_st *e, const char *ip
|
||||
|
||||
fail:
|
||||
talloc_free(lpool);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void update_auth_time_stats(sec_mod_st * sec, time_t secs)
|
||||
@ -629,8 +627,6 @@ void handle_sec_auth_ban_ip_reply(sec_mod_st *sec, const BanIpReplyMsg *msg)
|
||||
if (msg->reply != AUTH__REP__OK) {
|
||||
e->status = PS_AUTH_FAILED;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
int handle_sec_auth_stats_cmd(sec_mod_st * sec, const CliStatsMsg * req, pid_t pid)
|
||||
|
@ -208,6 +208,4 @@ void expire_tls_sessions(sec_mod_st *sec)
|
||||
}
|
||||
cache = htable_next(sec->tls_db.ht, &iter);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
@ -30,12 +30,12 @@ inline static
|
||||
const char *sup_config_name(unsigned s)
|
||||
{
|
||||
switch(s) {
|
||||
case SUP_CONFIG_FILE:
|
||||
return "file";
|
||||
case SUP_CONFIG_RADIUS:
|
||||
return "radius";
|
||||
default:
|
||||
return "unknown";
|
||||
case SUP_CONFIG_FILE:
|
||||
return "file";
|
||||
case SUP_CONFIG_RADIUS:
|
||||
return "radius";
|
||||
default:
|
||||
return "unknown";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -609,8 +609,6 @@ static void send_stats_to_main(sec_mod_st *sec)
|
||||
seclog(sec, LOG_ERR, "error in sending statistics to main");
|
||||
return;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void reload_server(sec_mod_st *sec)
|
||||
@ -760,11 +758,13 @@ int serve_request_worker(sec_mod_st *sec, int cfd, pid_t pid, uint8_t *buffer, u
|
||||
}
|
||||
|
||||
#define CHECK_LOOP_ERR(x) \
|
||||
if (force != 0) { GNUTLS_FATAL_ERR(x); } \
|
||||
else { if (ret < 0) { \
|
||||
seclog(sec, LOG_ERR, "could not reload key %s", vhost->perm_config.key[i]); \
|
||||
continue; } \
|
||||
}
|
||||
do { \
|
||||
if (force != 0) { GNUTLS_FATAL_ERR(x); } \
|
||||
else { if (ret < 0) { \
|
||||
seclog(sec, LOG_ERR, "could not reload key %s", vhost->perm_config.key[i]); \
|
||||
continue; } \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
static int load_keys(sec_mod_st *sec, unsigned force)
|
||||
{
|
||||
|
@ -143,14 +143,18 @@ void cleanup_client_entries(sec_mod_st *sec);
|
||||
|
||||
#ifdef __GNUC__
|
||||
# define seclog(sec, prio, fmt, ...) \
|
||||
if (prio != LOG_DEBUG || GETPCONFIG(sec)->debug >= 3) { \
|
||||
syslog(prio, "sec-mod: "fmt, ##__VA_ARGS__); \
|
||||
}
|
||||
do { \
|
||||
if (prio != LOG_DEBUG || GETPCONFIG(sec)->debug >= 3) { \
|
||||
syslog(prio, "sec-mod: "fmt, ##__VA_ARGS__); \
|
||||
} \
|
||||
} while (0)
|
||||
#else
|
||||
# define seclog(sec,prio,...) \
|
||||
if (prio != LOG_DEBUG || GETPCONFIG(sec)->debug >= 3) { \
|
||||
syslog(prio, __VA_ARGS__); \
|
||||
}
|
||||
do { \
|
||||
if (prio != LOG_DEBUG || GETPCONFIG(sec)->debug >= 3) { \
|
||||
syslog(prio, __VA_ARGS__); \
|
||||
} \
|
||||
} while (0)
|
||||
#endif
|
||||
|
||||
void seclog_hex(const struct sec_mod_st* sec, int priority,
|
||||
|
@ -60,7 +60,6 @@ void setproctitle (const char *fmt, ...)
|
||||
|
||||
void setproctitle (const char *fmt, ...)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
# endif /* __linux__ */
|
||||
|
19
src/tlslib.c
19
src/tlslib.c
@ -53,7 +53,7 @@
|
||||
|
||||
#ifndef UNDER_TEST
|
||||
static void tls_reload_ocsp(main_server_st* s, struct vhost_cfg_st *vhost);
|
||||
#endif
|
||||
#endif /* UNDER_TEST */
|
||||
|
||||
void cstp_cork(worker_st *ws)
|
||||
{
|
||||
@ -433,14 +433,14 @@ void tls_cache_deinit(tls_sess_db_st* db)
|
||||
htable_clear(db->ht);
|
||||
db->entries = 0;
|
||||
talloc_free(db->ht);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#ifndef UNDER_TEST
|
||||
static void tls_log_func(int level, const char *str)
|
||||
{
|
||||
syslog(LOG_DEBUG, "TLS[<%d>]: %s", level, str);
|
||||
}
|
||||
#endif /* UNDER_TEST */
|
||||
|
||||
static void tls_audit_log_func(gnutls_session_t session, const char *str)
|
||||
{
|
||||
@ -457,6 +457,7 @@ static void tls_audit_log_func(gnutls_session_t session, const char *str)
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef UNDER_TEST
|
||||
static int verify_certificate_cb(gnutls_session_t session)
|
||||
{
|
||||
unsigned int status;
|
||||
@ -540,6 +541,7 @@ no_cert:
|
||||
fail:
|
||||
return GNUTLS_E_CERTIFICATE_ERROR;
|
||||
}
|
||||
#endif /* UNDER_TEST */
|
||||
|
||||
void tls_global_init(void)
|
||||
{
|
||||
@ -571,10 +573,9 @@ void tls_vhost_deinit(struct vhost_cfg_st *vhost)
|
||||
vhost->creds.xcred = NULL;
|
||||
vhost->creds.pskcred = NULL;
|
||||
vhost->creds.cprio = NULL;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#ifndef UNDER_TEST
|
||||
/* Checks, if there is a single certificate specified, whether it
|
||||
* is compatible with all ciphersuites */
|
||||
static void certificate_check(main_server_st *s, const char *vhostname, gnutls_pcert_st *pcert)
|
||||
@ -640,7 +641,6 @@ cleanup:
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_free(data.data);
|
||||
gnutls_free(dn.data);
|
||||
return;
|
||||
}
|
||||
|
||||
static void set_dh_params(main_server_st* s, struct vhost_cfg_st *vhost)
|
||||
@ -669,7 +669,6 @@ static void set_dh_params(main_server_st* s, struct vhost_cfg_st *vhost)
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef UNDER_TEST
|
||||
struct key_cb_data {
|
||||
unsigned pk;
|
||||
unsigned bits;
|
||||
@ -1016,8 +1015,6 @@ void tls_load_files(main_server_st *s, struct vhost_cfg_st *vhost)
|
||||
}
|
||||
|
||||
tls_reload_ocsp(s, vhost);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static int ocsp_get_func(gnutls_session_t session, void *ptr, gnutls_datum_t *response)
|
||||
@ -1071,8 +1068,6 @@ void tls_load_prio(main_server_st *s, struct vhost_cfg_st *vhost)
|
||||
if (ret == GNUTLS_E_PARSING_ERROR)
|
||||
mslog(s, NULL, LOG_ERR, "error in TLS priority string: %s", perr);
|
||||
GNUTLS_FATAL_ERR(ret);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1117,7 +1112,7 @@ void tls_reload_crl(main_server_st* s, struct vhost_cfg_st *vhost, unsigned forc
|
||||
mslog(s, NULL, LOG_INFO, "loaded CRL: %s", vhost->perm_config.config->crl);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif /* UNDER_TEST */
|
||||
|
||||
void tls_cork(gnutls_session_t session)
|
||||
{
|
||||
|
38
src/tlslib.h
38
src/tlslib.h
@ -73,28 +73,32 @@ size_t tls_get_overhead(gnutls_protocol_t, gnutls_cipher_algorithm_t, gnutls_mac
|
||||
#endif
|
||||
|
||||
#define DTLS_FATAL_ERR_CMD(x, CMD) \
|
||||
if (x < 0 && gnutls_error_is_fatal (x) != 0) { \
|
||||
if (syslog_open) \
|
||||
syslog(LOG_WARNING, "GnuTLS error (at %s:%d): %s", __FILE__, __LINE__, gnutls_strerror(x)); \
|
||||
else \
|
||||
fprintf(stderr, "GnuTLS error (at %s:%d): %s\n", __FILE__, __LINE__, gnutls_strerror(x)); \
|
||||
CMD; \
|
||||
}
|
||||
do { \
|
||||
if (x < 0 && gnutls_error_is_fatal (x) != 0) { \
|
||||
if (syslog_open) \
|
||||
syslog(LOG_WARNING, "GnuTLS error (at %s:%d): %s", __FILE__, __LINE__, gnutls_strerror(x)); \
|
||||
else \
|
||||
fprintf(stderr, "GnuTLS error (at %s:%d): %s\n", __FILE__, __LINE__, gnutls_strerror(x)); \
|
||||
CMD; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
#define DTLS_FATAL_ERR(x) DTLS_FATAL_ERR_CMD(x, exit(EXIT_FAILURE))
|
||||
|
||||
#define CSTP_FATAL_ERR_CMD(ws, x, CMD) \
|
||||
if (ws->session != NULL) { \
|
||||
if (x < 0 && gnutls_error_is_fatal (x) != 0) { \
|
||||
oclog(ws, LOG_WARNING, "GnuTLS error (at %s:%d): %s", __FILE__, __LINE__, gnutls_strerror(x)); \
|
||||
CMD; \
|
||||
do { \
|
||||
if (ws->session != NULL) { \
|
||||
if (x < 0 && gnutls_error_is_fatal (x) != 0) { \
|
||||
oclog(ws, LOG_WARNING, "GnuTLS error (at %s:%d): %s", __FILE__, __LINE__, gnutls_strerror(x)); \
|
||||
CMD; \
|
||||
} \
|
||||
} else { \
|
||||
if (x < 0 && errno != EINTR && errno != EAGAIN) { \
|
||||
oclog(ws, LOG_WARNING, "socket error (at %s:%d): %s", __FILE__, __LINE__, strerror(errno)); \
|
||||
CMD; \
|
||||
} \
|
||||
} \
|
||||
} else { \
|
||||
if (x < 0 && errno != EINTR && errno != EAGAIN) { \
|
||||
oclog(ws, LOG_WARNING, "socket error (at %s:%d): %s", __FILE__, __LINE__, strerror(errno)); \
|
||||
CMD; \
|
||||
} \
|
||||
}
|
||||
} while (0)
|
||||
|
||||
#define CSTP_FATAL_ERR(ws, x) CSTP_FATAL_ERR_CMD(ws, x, exit(EXIT_FAILURE))
|
||||
|
||||
|
@ -320,7 +320,6 @@ static int os_set_ipv6_addr(main_server_st * s, struct proc_st *proc)
|
||||
|
||||
static void os_reset_ipv6_addr(struct proc_st *proc)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
#endif
|
||||
@ -785,8 +784,6 @@ void close_tun(main_server_st * s, struct proc_st *proc)
|
||||
if (fd != -1)
|
||||
close(fd);
|
||||
#endif
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void reset_ipv4_addr(struct proc_st *proc)
|
||||
@ -906,8 +903,7 @@ ssize_t tun_read(int sockfd, void *buf, size_t len)
|
||||
#ifndef __FreeBSD__
|
||||
int tun_claim(int sockfd)
|
||||
{
|
||||
|
||||
return (0);
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
/*
|
||||
@ -917,7 +913,6 @@ int tun_claim(int sockfd)
|
||||
*/
|
||||
int tun_claim(int sockfd)
|
||||
{
|
||||
|
||||
return (ioctl(sockfd, TUNSIFPID, 0));
|
||||
return ioctl(sockfd, TUNSIFPID, 0);
|
||||
}
|
||||
#endif /* !__FreeBSD__ */
|
||||
|
@ -358,6 +358,10 @@ struct cfg_st {
|
||||
|
||||
/* holds a usage count of holders of pointers in this struct */
|
||||
int *usage_count;
|
||||
|
||||
bool camouflage;
|
||||
char *camouflage_secret;
|
||||
char *camouflage_realm;
|
||||
};
|
||||
|
||||
struct perm_cfg_st {
|
||||
|
@ -618,7 +618,7 @@ unsigned check_if_default_route(char **routes, unsigned routes_size)
|
||||
for (i=0;i<routes_size;i++) {
|
||||
if (strcmp(routes[i], "default") == 0 ||
|
||||
strcmp(routes[i], "0.0.0.0/0") == 0)
|
||||
return 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -919,6 +919,12 @@ void cookie_authenticate_or_exit(worker_st *ws)
|
||||
ret = auth_cookie(ws, ws->cookie, sizeof(ws->cookie));
|
||||
if (ret < 0) {
|
||||
oclog(ws, LOG_WARNING, "failed cookie authentication attempt");
|
||||
if (WSCONFIG(ws)->camouflage && ws->camouflage_check_passed == 0)
|
||||
{
|
||||
cstp_puts(ws,
|
||||
"HTTP/1.1 405 Method Not Allowed\r\n\r\n");
|
||||
}
|
||||
else
|
||||
if (ret == ERR_AUTH_FAIL) {
|
||||
cstp_puts(ws,
|
||||
"HTTP/1.1 401 Cookie is not acceptable\r\n\r\n");
|
||||
|
@ -39,6 +39,7 @@
|
||||
#include <tlslib.h>
|
||||
|
||||
#define HTML_404 "<html><body><h1>404 Not Found</h1></body></html>\r\n"
|
||||
#define HTML_401 "<html><body><h1>401 Unauthorized</h1></body></html>\r\n"
|
||||
|
||||
int response_404(worker_st *ws, unsigned http_ver)
|
||||
{
|
||||
@ -50,6 +51,17 @@ int response_404(worker_st *ws, unsigned http_ver)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int response_401(worker_st *ws, unsigned http_ver, char* realm)
|
||||
{
|
||||
if (cstp_printf(ws, "HTTP/1.%u 401 Unauthorized\r\n", http_ver) < 0 ||
|
||||
cstp_printf(ws, "WWW-Authenticate: Basic realm=\"%s\"\r\n", realm) < 0 ||
|
||||
cstp_printf(ws, "Content-Length: %u\r\n", (unsigned)(sizeof(HTML_401) - 1)) < 0 ||
|
||||
cstp_puts (ws, "Connection: close\r\n\r\n") < 0 ||
|
||||
cstp_puts (ws, HTML_401) < 0)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int send_headers(worker_st *ws, unsigned http_ver, const char *content_type,
|
||||
unsigned content_length)
|
||||
{
|
||||
|
@ -104,7 +104,8 @@ static const dtls_ciphersuite_st ciphersuites[] = {
|
||||
.gnutls_mac = GNUTLS_MAC_AEAD,
|
||||
.gnutls_kx = GNUTLS_KX_RSA,
|
||||
.gnutls_cipher = GNUTLS_CIPHER_AES_128_GCM,
|
||||
.server_prio = 80},
|
||||
.server_prio = 80,
|
||||
},
|
||||
{
|
||||
.oc_name = CS_AES256_GCM,
|
||||
.gnutls_name =
|
||||
@ -114,7 +115,7 @@ static const dtls_ciphersuite_st ciphersuites[] = {
|
||||
.gnutls_kx = GNUTLS_KX_RSA,
|
||||
.gnutls_cipher = GNUTLS_CIPHER_AES_256_GCM,
|
||||
.server_prio = 90,
|
||||
},
|
||||
},
|
||||
{
|
||||
.oc_name = "AES256-SHA",
|
||||
.gnutls_name =
|
||||
@ -124,7 +125,7 @@ static const dtls_ciphersuite_st ciphersuites[] = {
|
||||
.gnutls_kx = GNUTLS_KX_RSA,
|
||||
.gnutls_cipher = GNUTLS_CIPHER_AES_256_CBC,
|
||||
.server_prio = 60,
|
||||
},
|
||||
},
|
||||
{
|
||||
.oc_name = "AES128-SHA",
|
||||
.gnutls_name =
|
||||
@ -134,7 +135,7 @@ static const dtls_ciphersuite_st ciphersuites[] = {
|
||||
.gnutls_kx = GNUTLS_KX_RSA,
|
||||
.gnutls_cipher = GNUTLS_CIPHER_AES_128_CBC,
|
||||
.server_prio = 50,
|
||||
},
|
||||
},
|
||||
{
|
||||
.oc_name = "DES-CBC3-SHA",
|
||||
.gnutls_name =
|
||||
@ -144,7 +145,7 @@ static const dtls_ciphersuite_st ciphersuites[] = {
|
||||
.gnutls_kx = GNUTLS_KX_RSA,
|
||||
.gnutls_cipher = GNUTLS_CIPHER_3DES_CBC,
|
||||
.server_prio = 1,
|
||||
}
|
||||
},
|
||||
};
|
||||
|
||||
static const dtls_ciphersuite_st ciphersuites12[] = {
|
||||
@ -471,7 +472,7 @@ void header_value_check(struct worker_st *ws, struct http_req_st *req)
|
||||
if (want_cipher != -1) {
|
||||
if (want_cipher == cand->gnutls_cipher &&
|
||||
want_mac == cand->gnutls_mac)
|
||||
goto ciphersuite_finish;
|
||||
goto ciphersuite_finish;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -536,7 +537,7 @@ void header_value_check(struct worker_st *ws, struct http_req_st *req)
|
||||
if (want_cipher != -1) {
|
||||
if (want_cipher == cand->gnutls_cipher &&
|
||||
want_mac == cand->gnutls_mac)
|
||||
goto ciphersuite12_finish;
|
||||
goto ciphersuite12_finish;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -698,12 +699,17 @@ url_handler_fn http_get_url_handler(const char *url)
|
||||
url_handler_fn http_post_url_handler(struct worker_st *ws, const char *url)
|
||||
{
|
||||
const struct known_urls_st *p;
|
||||
unsigned len = strlen(url);
|
||||
unsigned i;
|
||||
|
||||
p = known_urls;
|
||||
do {
|
||||
if (p->url != NULL && strcmp(p->url, url) == 0)
|
||||
return p->post_handler;
|
||||
if (p->url != NULL) {
|
||||
if ((len == p->url_size && strcmp(p->url, url) == 0) ||
|
||||
(len > p->url_size && strncmp(p->url, url, p->url_size) == 0
|
||||
&& p->partial_match == 0 && url[p->url_size] == '?'))
|
||||
return p->post_handler;
|
||||
}
|
||||
p++;
|
||||
} while (p->url != NULL);
|
||||
|
||||
|
@ -109,70 +109,70 @@ int handle_commands_from_main(struct worker_st *ws)
|
||||
/*cmd_data_len = ret - 1;*/
|
||||
|
||||
switch(cmd) {
|
||||
case CMD_TERMINATE:
|
||||
exit_worker_reason(ws, REASON_SERVER_DISCONNECT);
|
||||
case CMD_UDP_FD: {
|
||||
unsigned has_hello = 1;
|
||||
case CMD_TERMINATE:
|
||||
exit_worker_reason(ws, REASON_SERVER_DISCONNECT);
|
||||
case CMD_UDP_FD: {
|
||||
unsigned has_hello = 1;
|
||||
|
||||
if (DTLS_ACTIVE(ws)->udp_state != UP_WAIT_FD) {
|
||||
oclog(ws, LOG_DEBUG, "received another a UDP fd!");
|
||||
}
|
||||
if (DTLS_ACTIVE(ws)->udp_state != UP_WAIT_FD) {
|
||||
oclog(ws, LOG_DEBUG, "received another a UDP fd!");
|
||||
}
|
||||
|
||||
tmsg = udp_fd_msg__unpack(NULL, length, ws->buffer);
|
||||
if (tmsg) {
|
||||
has_hello = tmsg->hello;
|
||||
}
|
||||
tmsg = udp_fd_msg__unpack(NULL, length, ws->buffer);
|
||||
if (tmsg) {
|
||||
has_hello = tmsg->hello;
|
||||
}
|
||||
|
||||
if (fd == -1) {
|
||||
oclog(ws, LOG_ERR, "received UDP fd message of wrong type");
|
||||
if (fd == -1) {
|
||||
oclog(ws, LOG_ERR, "received UDP fd message of wrong type");
|
||||
|
||||
if (tmsg)
|
||||
udp_fd_msg__free_unpacked(tmsg, NULL);
|
||||
|
||||
if (DTLS_ACTIVE(ws)->udp_state == UP_WAIT_FD)
|
||||
DTLS_ACTIVE(ws)->udp_state = UP_DISABLED;
|
||||
return -1;
|
||||
}
|
||||
|
||||
set_non_block(fd);
|
||||
if (has_hello == 0) {
|
||||
/* check if the first packet received is a valid one -
|
||||
* if not discard the new fd */
|
||||
if (!recv_from_new_fd(ws, DTLS_ACTIVE(ws), fd, &tmsg)) {
|
||||
oclog(ws, LOG_INFO, "received UDP fd message but its session has invalid data!");
|
||||
if (tmsg)
|
||||
udp_fd_msg__free_unpacked(tmsg, NULL);
|
||||
|
||||
if (DTLS_ACTIVE(ws)->udp_state == UP_WAIT_FD)
|
||||
DTLS_ACTIVE(ws)->udp_state = UP_DISABLED;
|
||||
return -1;
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
dtls = DTLS_ACTIVE(ws);
|
||||
} else { /* received client hello */
|
||||
dtls = DTLS_INACTIVE(ws);
|
||||
dtls->udp_state = UP_SETUP;
|
||||
oclog(ws, LOG_DEBUG, "Starting DTLS session %d", ws->dtls_active_session ^ 1);
|
||||
}
|
||||
|
||||
set_non_block(fd);
|
||||
if (has_hello == 0) {
|
||||
/* check if the first packet received is a valid one -
|
||||
* if not discard the new fd */
|
||||
if (!recv_from_new_fd(ws, DTLS_ACTIVE(ws), fd, &tmsg)) {
|
||||
oclog(ws, LOG_INFO, "received UDP fd message but its session has invalid data!");
|
||||
if (tmsg)
|
||||
udp_fd_msg__free_unpacked(tmsg, NULL);
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
dtls = DTLS_ACTIVE(ws);
|
||||
} else { /* received client hello */
|
||||
dtls = DTLS_INACTIVE(ws);
|
||||
dtls->udp_state = UP_SETUP;
|
||||
oclog(ws, LOG_DEBUG, "Starting DTLS session %d", ws->dtls_active_session ^ 1);
|
||||
}
|
||||
if (dtls->dtls_tptr.fd != -1)
|
||||
close(dtls->dtls_tptr.fd);
|
||||
if (dtls->dtls_tptr.msg != NULL)
|
||||
udp_fd_msg__free_unpacked(dtls->dtls_tptr.msg, NULL);
|
||||
|
||||
if (dtls->dtls_tptr.fd != -1)
|
||||
close(dtls->dtls_tptr.fd);
|
||||
if (dtls->dtls_tptr.msg != NULL)
|
||||
udp_fd_msg__free_unpacked(dtls->dtls_tptr.msg, NULL);
|
||||
dtls->dtls_tptr.msg = tmsg;
|
||||
dtls->dtls_tptr.fd = fd;
|
||||
|
||||
dtls->dtls_tptr.msg = tmsg;
|
||||
dtls->dtls_tptr.fd = fd;
|
||||
if (WSCONFIG(ws)->try_mtu == 0)
|
||||
set_mtu_disc(fd, ws->proto, 0);
|
||||
|
||||
if (WSCONFIG(ws)->try_mtu == 0)
|
||||
set_mtu_disc(fd, ws->proto, 0);
|
||||
oclog(ws, LOG_DEBUG, "received new UDP fd and connected to peer");
|
||||
ws->udp_recv_time = time(NULL);
|
||||
|
||||
oclog(ws, LOG_DEBUG, "received new UDP fd and connected to peer");
|
||||
ws->udp_recv_time = time(NULL);
|
||||
return 0;
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
break;
|
||||
default:
|
||||
oclog(ws, LOG_ERR, "unknown CMD 0x%x", (unsigned)cmd);
|
||||
exit_worker_reason(ws, REASON_ERROR);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
oclog(ws, LOG_ERR, "unknown CMD 0x%x", (unsigned)cmd);
|
||||
exit_worker_reason(ws, REASON_ERROR);
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -92,13 +92,15 @@ int disable_system_calls(struct worker_st *ws)
|
||||
}
|
||||
|
||||
#define ADD_SYSCALL(name, ...) \
|
||||
ret = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(name), __VA_ARGS__); \
|
||||
/* libseccomp returns EDOM for pseudo-syscalls due to a bug */ \
|
||||
if (ret < 0 && ret != -EDOM) { \
|
||||
oclog(ws, LOG_DEBUG, "could not add " #name " to seccomp filter: %s", strerror(-ret)); \
|
||||
ret = -1; \
|
||||
goto fail; \
|
||||
}
|
||||
do { \
|
||||
ret = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(name), __VA_ARGS__); \
|
||||
/* libseccomp returns EDOM for pseudo-syscalls due to a bug */ \
|
||||
if (ret < 0 && ret != -EDOM) { \
|
||||
oclog(ws, LOG_DEBUG, "could not add " #name " to seccomp filter: %s", strerror(-ret)); \
|
||||
ret = -1; \
|
||||
goto fail; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
/* These seem to be called by libc or some other dependent library;
|
||||
* they are not necessary for functioning, but we must allow them in order
|
||||
|
117
src/worker-vpn.c
117
src/worker-vpn.c
@ -490,8 +490,6 @@ void ws_add_score_to_ip(worker_st *ws, unsigned points, unsigned final, unsigned
|
||||
}
|
||||
|
||||
ban_ip_reply_msg__free_unpacked(reply, &pa);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void send_stats_to_secmod(worker_st * ws, time_t now, unsigned discon_reason)
|
||||
@ -575,38 +573,46 @@ void exit_worker_reason(worker_st * ws, unsigned reason)
|
||||
|
||||
#define HANDSHAKE_SESSION_ID_POS (34)
|
||||
#define SKIP_V16(pos, total) \
|
||||
{ uint16_t _s; \
|
||||
if (pos+2 > total) goto finish; \
|
||||
_s = (msg->data[pos] << 8) | msg->data[pos+1]; \
|
||||
if (pos+2+_s > total) goto finish; \
|
||||
pos += 2+_s; \
|
||||
{ \
|
||||
uint16_t _s; \
|
||||
if (pos+2 > total) goto finish; \
|
||||
_s = (msg->data[pos] << 8) | msg->data[pos+1]; \
|
||||
if (pos+2+_s > total) goto finish; \
|
||||
pos += 2+_s; \
|
||||
}
|
||||
|
||||
#define SKIP16(pos, total) \
|
||||
if (pos+2 > total) goto finish; \
|
||||
pos += 2
|
||||
do { \
|
||||
if (pos+2 > total) goto finish; \
|
||||
pos += 2; \
|
||||
} while (0)
|
||||
|
||||
#define SKIP8(pos, total) \
|
||||
if (pos+1 > total) goto finish; \
|
||||
pos++
|
||||
do { \
|
||||
if (pos+1 > total) goto finish; \
|
||||
pos++; \
|
||||
} while (0)
|
||||
|
||||
#define SKIP_V8(pos, total) \
|
||||
{ uint8_t _s; \
|
||||
if (pos+1 > total) goto finish; \
|
||||
_s = msg->data[pos]; \
|
||||
if (pos+1+_s > total) goto finish; \
|
||||
pos += 1+_s; \
|
||||
{ \
|
||||
uint8_t _s; \
|
||||
if (pos+1 > total) goto finish; \
|
||||
_s = msg->data[pos]; \
|
||||
if (pos+1+_s > total) goto finish; \
|
||||
pos += 1+_s; \
|
||||
}
|
||||
|
||||
#define SET_VHOST_CREDS \
|
||||
ret = \
|
||||
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, \
|
||||
WSCREDS(ws)->xcred); \
|
||||
GNUTLS_FATAL_ERR(ret); \
|
||||
gnutls_certificate_server_set_request(session, WSCONFIG(ws)->cert_req); \
|
||||
ret = gnutls_priority_set(session, WSCREDS(ws)->cprio); \
|
||||
GNUTLS_FATAL_ERR(ret); \
|
||||
gnutls_db_set_cache_expiration(session, TLS_SESSION_EXPIRATION_TIME(WSCONFIG(ws)))
|
||||
do { \
|
||||
ret = \
|
||||
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, \
|
||||
WSCREDS(ws)->xcred); \
|
||||
GNUTLS_FATAL_ERR(ret); \
|
||||
gnutls_certificate_server_set_request(session, WSCONFIG(ws)->cert_req); \
|
||||
ret = gnutls_priority_set(session, WSCREDS(ws)->cprio); \
|
||||
GNUTLS_FATAL_ERR(ret); \
|
||||
gnutls_db_set_cache_expiration(session, TLS_SESSION_EXPIRATION_TIME(WSCONFIG(ws))); \
|
||||
} while (0)
|
||||
|
||||
/* Parse the TLS client hello to figure vhost */
|
||||
static int hello_hook_func(gnutls_session_t session, unsigned int htype,
|
||||
@ -750,6 +756,20 @@ static void peek_client_hello(struct worker_st *ws, gnutls_session_t session, in
|
||||
}
|
||||
#endif
|
||||
|
||||
void check_camouflage_url(struct worker_st *ws)
|
||||
{
|
||||
if (WSCONFIG(ws)->camouflage_secret == NULL)
|
||||
return;
|
||||
|
||||
char* url_camouflage_part = strchr(ws->req.url, '?');
|
||||
if (url_camouflage_part
|
||||
&& !strcmp(url_camouflage_part + 1, WSCONFIG(ws)->camouflage_secret))
|
||||
{
|
||||
*url_camouflage_part = '\0';
|
||||
ws->camouflage_check_passed = 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* vpn_server:
|
||||
* @ws: an initialized worker structure
|
||||
*
|
||||
@ -921,6 +941,21 @@ void vpn_server(struct worker_st *ws)
|
||||
}
|
||||
} while (ws->req.headers_complete == 0);
|
||||
|
||||
if ((parser.method == HTTP_GET || parser.method == HTTP_POST) &&
|
||||
(WSCONFIG(ws)->camouflage && ws->camouflage_check_passed == 0))
|
||||
{
|
||||
check_camouflage_url(ws);
|
||||
if (ws->camouflage_check_passed == 0)
|
||||
{
|
||||
oclog(ws, LOG_INFO, "Secret not found in URL, declining...");
|
||||
if (WSCONFIG(ws)->camouflage_realm)
|
||||
response_401(ws, parser.http_minor, WSCONFIG(ws)->camouflage_realm);
|
||||
else
|
||||
response_404(ws, parser.http_minor);
|
||||
goto finish;
|
||||
}
|
||||
}
|
||||
|
||||
if (parser.method == HTTP_GET) {
|
||||
oclog(ws, LOG_HTTP_DEBUG, "HTTP GET %s", ws->req.url);
|
||||
fn = http_get_url_handler(ws->req.url);
|
||||
@ -1182,14 +1217,15 @@ void mtu_ok(worker_st * ws, struct dtls_st * dtls)
|
||||
c = (ws->link_mtu + ws->last_bad_mtu) / 2;
|
||||
|
||||
link_mtu_set(ws, dtls, c);
|
||||
return;
|
||||
}
|
||||
|
||||
#define FUZZ(x, diff, rnd) \
|
||||
do { \
|
||||
if (x > diff) { \
|
||||
int16_t r = rnd; \
|
||||
x += r % diff; \
|
||||
}
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
int get_pmtu_approx(worker_st *ws)
|
||||
{
|
||||
@ -1349,11 +1385,9 @@ static void set_no_delay(worker_st * ws, int fd)
|
||||
int ret;
|
||||
|
||||
ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &flag, sizeof(flag));
|
||||
if (ret == -1) {
|
||||
if (ret == -1)
|
||||
oclog(ws, LOG_DEBUG,
|
||||
"setsockopt(TCP_NODELAY) to %x, failed.", (unsigned)flag);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
#define TOSCLASS(x) (IPTOS_CLASS_CS##x)
|
||||
@ -1374,7 +1408,7 @@ static void set_net_priority(worker_st * ws, int fd, int priority)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef SO_PRIORITY
|
||||
#if defined(SO_PRIORITY)
|
||||
if (priority != 0 && priority <= 7) {
|
||||
t = ws->user_config->net_priority - 1;
|
||||
ret = setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &t, sizeof(t));
|
||||
@ -1385,10 +1419,9 @@ static void set_net_priority(worker_st * ws, int fd, int priority)
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
||||
#define SEND_ERR(x) if (x<0) goto send_error
|
||||
#define SEND_ERR(x) do { if (x<0) goto send_error; } while (0)
|
||||
|
||||
static int dtls_mainloop(worker_st * ws, struct dtls_st * dtls, struct timespec *tnow)
|
||||
{
|
||||
@ -2062,16 +2095,16 @@ static int connect_handler(worker_st * ws)
|
||||
oclog(ws, LOG_INFO, "IPv6 routes/DNS disabled because IPv6 support was not requested.");
|
||||
} else {
|
||||
switch (req->user_agent_type) {
|
||||
case AGENT_OPENCONNECT:
|
||||
case AGENT_ANYCONNECT:
|
||||
case AGENT_OPENCONNECT_CLAVISTER:
|
||||
case AGENT_ANYLINK:
|
||||
break;
|
||||
case AGENT_OPENCONNECT_V3:
|
||||
case AGENT_UNKNOWN:
|
||||
default:
|
||||
req->no_ipv6 = 1;
|
||||
oclog(ws, LOG_INFO, "IPv6 routes/DNS disabled because the agent is not known.");
|
||||
case AGENT_OPENCONNECT:
|
||||
case AGENT_ANYCONNECT:
|
||||
case AGENT_OPENCONNECT_CLAVISTER:
|
||||
case AGENT_ANYLINK:
|
||||
break;
|
||||
case AGENT_OPENCONNECT_V3:
|
||||
case AGENT_UNKNOWN:
|
||||
default:
|
||||
req->no_ipv6 = 1;
|
||||
oclog(ws, LOG_INFO, "IPv6 routes/DNS disabled because the agent is not known.");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -38,7 +38,7 @@
|
||||
#ifdef HAVE_GSSAPI
|
||||
#include <libtasn1.h>
|
||||
|
||||
extern const ASN1_ARRAY_TYPE kkdcp_asn1_tab[];
|
||||
extern const asn1_static_node kkdcp_asn1_tab[];
|
||||
asn1_node _kkdcp_pkix1_asn = NULL;
|
||||
#endif
|
||||
|
||||
|
@ -325,6 +325,7 @@ typedef struct worker_st {
|
||||
uint32_t samples[LATENCY_SAMPLE_SIZE];
|
||||
} latency;
|
||||
#endif
|
||||
bool camouflage_check_passed;
|
||||
} worker_st;
|
||||
|
||||
void vpn_server(struct worker_st* ws);
|
||||
@ -341,6 +342,7 @@ int get_ca_handler(worker_st * ws, unsigned http_ver);
|
||||
int get_ca_der_handler(worker_st * ws, unsigned http_ver);
|
||||
|
||||
int response_404(worker_st *ws, unsigned http_ver);
|
||||
int response_401(worker_st *ws, unsigned http_ver, char* realm);
|
||||
int get_empty_handler(worker_st *server, unsigned http_ver);
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
int get_config_handler(worker_st *ws, unsigned http_ver);
|
||||
|
@ -44,7 +44,8 @@ EXTRA_DIST = certs/ca-key.pem certs/ca.pem ns.sh common.sh certs/server-cert.pem
|
||||
data/disconnect-user2.config data/ping-leases.config data/haproxy-proxyproto.config \
|
||||
data/haproxy-proxyproto.cfg scripts/proxy-connectscript data/haproxy-proxyproto-v1.config \
|
||||
data/haproxy-proxyproto-v1.cfg scripts/proxy-connectscript-v1 data/test-multiple-client-ip.config \
|
||||
data/test-client-bypass-protocol.config asan.supp
|
||||
data/test-client-bypass-protocol.config asan.supp certs/ca.tmpl certs/server-cert.tmpl \
|
||||
certs/user-cert.tmpl data/test-camouflage.config data/test-camouflage-norealm.config
|
||||
|
||||
xfail_scripts =
|
||||
dist_check_SCRIPTS = ocpasswd-test
|
||||
@ -61,7 +62,8 @@ dist_check_SCRIPTS += haproxy-connect test-iroute test-multi-cookie test-pass-sc
|
||||
test-cookie-invalidation test-user-config test-append-routes test-ban \
|
||||
multiple-routes json test-udp-listen-host test-max-same-1 test-script-multi-user \
|
||||
apple-ios ipv6-iface test-namespace-listen disconnect-user disconnect-user2 \
|
||||
ping-leases test-ban-local test-client-bypass-protocol ipv6-small-net
|
||||
ping-leases test-ban-local test-client-bypass-protocol ipv6-small-net test-camouflage \
|
||||
test-camouflage-norealm
|
||||
|
||||
if RADIUS_ENABLED
|
||||
dist_check_SCRIPTS += radius-group radius-otp
|
||||
@ -92,7 +94,7 @@ dist_check_SCRIPTS += test-pass test-pass-cert test-cert test-group-pass \
|
||||
test-gssapi test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \
|
||||
test-gssapi-opt-cert haproxy-auth test-maintenance resumption \
|
||||
test-group-name flowcontrol banner invalid-configs haproxy-proxyproto \
|
||||
haproxy-proxyproto-v1 drain-server drain-server-fail
|
||||
haproxy-proxyproto-v1 drain-server drain-server-fail test-ignore-querystring-of-post
|
||||
|
||||
if HAVE_CWRAP_PAM
|
||||
dist_check_SCRIPTS += test-pam test-pam-noauth
|
||||
@ -176,6 +178,25 @@ gen_oidc_test_data_CPPFLAGS = $(AM_CPPFLAGS)
|
||||
gen_oidc_test_data_SOURCES = generate_oidc_test_data.c
|
||||
gen_oidc_test_data_LDADD = $(LDADD) $(CJOSE_LIBS) $(JANSSON_LIBS)
|
||||
|
||||
certs/ca.pem: certs/ca-key.pem certs/ca.tmpl
|
||||
certtool --generate-self-signed --template certs/ca.tmpl --load-privkey certs/ca-key.pem --outfile certs/ca.pem
|
||||
|
||||
certs/server-cert-ca.pem: certs/ca.pem certs/server-cert.pem
|
||||
cat certs/server-cert.pem certs/ca.pem > certs/server-cert-ca.pem
|
||||
|
||||
certs/server-cert.pem: certs/server-cert.tmpl certs/ca.pem certs/server-key.pem certs/ca-key.pem
|
||||
certtool --generate-certificate --template certs/server-cert.tmpl --load-privkey certs/server-key.pem --load-ca-certificate certs/ca.pem --load-ca-privkey certs/ca-key.pem --outfile certs/server-cert.pem
|
||||
|
||||
certs/user-cert.pem: certs/user-cert.tmpl certs/ca.pem certs/user-key.pem certs/ca-key.pem
|
||||
certtool --generate-certificate --template certs/user-cert.tmpl --load-privkey certs/user-key.pem --load-ca-certificate certs/ca.pem --load-ca-privkey certs/ca-key.pem --outfile certs/user-cert.pem
|
||||
|
||||
# make the user certificate invalid by signing it with another CA
|
||||
certs/user-cert-invalid.pem: certs/user-cert.tmpl
|
||||
certtool --generate-privkey --outfile ca-key.tmp
|
||||
certtool --generate-self-signed --template certs/ca.tmpl --load-privkey ca-key.tmp --outfile ca.tmp
|
||||
certtool --generate-certificate --template certs/user-cert.tmpl --load-privkey certs/user-key.pem --load-ca-certificate ca.tmp --load-ca-privkey ca-key.tmp --outfile certs/user-cert-invalid.pem
|
||||
rm -f ca-key.tmp ca.tmp
|
||||
|
||||
if ENABLE_OIDC_AUTH_TESTS
|
||||
check_PROGRAMS += gen_oidc_test_data
|
||||
dist_check_SCRIPTS += test-oidc
|
||||
|
@ -54,11 +54,11 @@ wait_server $PID
|
||||
sleep 2
|
||||
|
||||
echo " * Connecting to obtain cookie... "
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null ) ||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo " * Re-connect to force script run with platform... "
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
||||
|
||||
sleep 5
|
||||
|
||||
@ -87,7 +87,7 @@ fi
|
||||
rm -f ${TMPFILE}
|
||||
|
||||
echo " * Re-connecting to force script run with user agent... "
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose --useragent="Cisco AnyConnect VPN Agent for Apple" localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose --useragent="Cisco AnyConnect VPN Agent for Apple" localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
||||
|
||||
sleep 5
|
||||
|
||||
@ -114,7 +114,7 @@ fi
|
||||
sleep 5
|
||||
echo " - Check server status"
|
||||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo " - Killing server"
|
||||
|
@ -52,7 +52,7 @@ unsigned check_if_banned_str(main_server_st *s, const char *ip)
|
||||
return check_if_banned(s, &addr, addr.ss_family==AF_INET?sizeof(struct sockaddr_in):sizeof(struct sockaddr_in6));
|
||||
}
|
||||
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
main_server_st *s = talloc(NULL, struct main_server_st);
|
||||
vhost_cfg_st *vhost;
|
||||
|
@ -50,7 +50,7 @@ wait_server $PID
|
||||
sleep 3
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >${TMPFILE} 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >${TMPFILE} 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
grep "${BANNER}" ${TMPFILE} >/dev/null
|
||||
@ -61,7 +61,7 @@ if test $? != 0;then
|
||||
fi
|
||||
|
||||
echo "Connecting to obtain cookie with wrong password... "
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >${TMPFILE} 2>&1 ) &&
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >${TMPFILE} 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
grep "${BANNER}" ${TMPFILE} >/dev/null
|
||||
|
@ -31,25 +31,3 @@ y1hvTfWRAoGZALNT3AbF9EDnJmZlS30MWtBggw83UhszC8XN2tY30AsvsDOS6a0F
|
||||
UVhyNvBTKo6lPqXqUsVxp16TKeeQKF+DuYuuNZN3pXXsHTiHkRMDCRVEqz7UnZEc
|
||||
/Bq/Kh2aOkelkX2S27QzTZGL
|
||||
-----END RSA PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H
|
||||
bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x
|
||||
LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC
|
||||
AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D
|
||||
hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh
|
||||
ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq
|
||||
58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB
|
||||
VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03
|
||||
U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L
|
||||
xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC
|
||||
AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT
|
||||
BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2
|
||||
B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T
|
||||
AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH
|
||||
gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3
|
||||
LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE
|
||||
/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD
|
||||
5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h
|
||||
h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc
|
||||
w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg==
|
||||
-----END CERTIFICATE-----
|
||||
|
@ -1,20 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD
|
||||
EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw
|
||||
fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ
|
||||
l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW
|
||||
DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh
|
||||
zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt
|
||||
c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b
|
||||
7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep
|
||||
n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
|
||||
MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC
|
||||
ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT
|
||||
z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP
|
||||
g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX
|
||||
ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk
|
||||
x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH
|
||||
yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg
|
||||
fJbi9Ui2FmXEeKkX34f1ONNj9Q==
|
||||
MIIDPDCCAfSgAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzAyMTMxNTMyMTJaGA85OTk5MTIzMTIzNTk1OVowDTELMAkGA1UEAxMC
|
||||
Q0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7KsH70
|
||||
2LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8WyZdV
|
||||
NRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITclg6y
|
||||
bBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7oc0l
|
||||
YpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLyrXPl
|
||||
GQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+G+3r
|
||||
o22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjehKZ+A
|
||||
eap1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0G
|
||||
A1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOCATEA
|
||||
foqPGdiyJYHih4J5YHwFPQxmkOzPHSa13K/q8sDvobE+HFTzrlTbAFC8bS38Bv2f
|
||||
9ZrPME4JvnsGdRGYwxS3LUmNdHHWR8LkvGXBE3u/TZsJfPtOR8JwdulQXpRw7hhL
|
||||
ew/mR5IEHZrUZgnnI4dg1kJhE1JPTvmtgqcE1CsikVQ14NvG/ehJbJyPgKTq/Zxm
|
||||
Ru4B5N+Jef/LaOqZvK4xK8x2ZaZ/L/ANou+7EY4DoWAkOEEoCU8DQHLAFgf6B7La
|
||||
oemLQGNHcBpba81jlS5EXXGJccOvfbw0MJTP3ZvyVIlEYu/X4roC7EJP/UkCZUJG
|
||||
f79Nc28q2/2D8tuFOqG7UbP7r2cWSa8OO3cI/V1W1k3iWZ63WltqDwFC0c8iqYFL
|
||||
9xKfQ96Q7wrYOCjmuaCLbw==
|
||||
-----END CERTIFICATE-----
|
||||
|
6
tests/certs/ca.tmpl
Normal file
6
tests/certs/ca.tmpl
Normal file
@ -0,0 +1,6 @@
|
||||
cn = CA
|
||||
ca
|
||||
cert_signing_key
|
||||
expiration_days = -1
|
||||
activation_date = "2013-02-13 16:32:12"
|
||||
serial = 0x51d82ecc
|
@ -1,42 +1,42 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD
|
||||
Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs
|
||||
PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8
|
||||
u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd
|
||||
YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ
|
||||
IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759
|
||||
KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5
|
||||
7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU
|
||||
yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL
|
||||
gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg
|
||||
ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0
|
||||
UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s
|
||||
9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9
|
||||
GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C
|
||||
zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/
|
||||
eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF
|
||||
FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j
|
||||
LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM
|
||||
zzJKdNg=
|
||||
MIIDjjCCAkagAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJ
|
||||
bG9jYWxob3N0MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEApzor7D8U
|
||||
sCwZ9vFukB2/jqn26XCECYfzUPNfw5RQ+ixk1leAWOGW/O7QvQQVfl9/pTP4/LuR
|
||||
7zd5w1rb+BntA68i1uk3LOhTwreLKxHwpIeZeeC6zJlm4RYJFZTeX06qGNJZ3WCc
|
||||
dl/FlpXUY3i/vBO5xVHBUrVq4IvQM4DBa47C+Kapfe2AGUV3DKEF1Y20Zs1S2SFb
|
||||
pkMu3PrZexKs/Jcf8Uv+RcfbSEbp6jUuYxFLPDZ+ROhb62gHMvniNIF0xpO+fSjT
|
||||
2IrEqgLhQJprf1w0077zqOnaQLHl6rUdvy42SVjpV3Ymf8ox4OfkSkOXbd3ZOe5Q
|
||||
CFhEfXoCDqP/hgJMnpNGSeRllOlcU7BXCJeqMt0uxLQdDQiDO4b4ct9kKyeWVMjZ
|
||||
3E0n+qjFaHnYHQIDAQABo4GMMIGJMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ
|
||||
bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAd
|
||||
BgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0UwqJ
|
||||
MThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAGQoUMiZVg6+Ibj8kyfq
|
||||
l/vfu4QxlUlqAbm/b9PVdOLrhz+T986HMFhL0b2HUGg5Mb0NZcgHjH4VLkei4AIb
|
||||
g/1nGdJ2I6EcLiQOvO4h2F3CoU6HkEGVEUXFaBd19tSDm7aM+2h7oPb3Vs3YT9QE
|
||||
x7ejmVeA+Qr9+H9xHyModpA1PkKRW31TOYtjUXHdHObT1uar++C1JLHn49ooKDZM
|
||||
5p9a4ExQVYd6WMRXKC83py1V4Ne5kBxC/l+3QkVZnMwByChySP7SEMa9yGv4KFM9
|
||||
FT7XvxQsrkqPi5bCllUyGDrVeyTpyPDrb4BKgAu/Cy4tyDxLzBTZ5TXDH7E1IBps
|
||||
g1k5llFIyGdO5vQrX8vF61tqK5DBhgVvwu0k/m2lP9esLfaF7I5oGAbUKGhRr8mE
|
||||
xs8=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD
|
||||
EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw
|
||||
fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ
|
||||
l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW
|
||||
DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh
|
||||
zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt
|
||||
c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b
|
||||
7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep
|
||||
n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
|
||||
MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC
|
||||
ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT
|
||||
z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP
|
||||
g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX
|
||||
ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk
|
||||
x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH
|
||||
yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg
|
||||
fJbi9Ui2FmXEeKkX34f1ONNj9Q==
|
||||
MIIDPDCCAfSgAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzAyMTMxNTMyMTJaGA85OTk5MTIzMTIzNTk1OVowDTELMAkGA1UEAxMC
|
||||
Q0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7KsH70
|
||||
2LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8WyZdV
|
||||
NRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITclg6y
|
||||
bBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7oc0l
|
||||
YpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLyrXPl
|
||||
GQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+G+3r
|
||||
o22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjehKZ+A
|
||||
eap1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0G
|
||||
A1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOCATEA
|
||||
foqPGdiyJYHih4J5YHwFPQxmkOzPHSa13K/q8sDvobE+HFTzrlTbAFC8bS38Bv2f
|
||||
9ZrPME4JvnsGdRGYwxS3LUmNdHHWR8LkvGXBE3u/TZsJfPtOR8JwdulQXpRw7hhL
|
||||
ew/mR5IEHZrUZgnnI4dg1kJhE1JPTvmtgqcE1CsikVQ14NvG/ehJbJyPgKTq/Zxm
|
||||
Ru4B5N+Jef/LaOqZvK4xK8x2ZaZ/L/ANou+7EY4DoWAkOEEoCU8DQHLAFgf6B7La
|
||||
oemLQGNHcBpba81jlS5EXXGJccOvfbw0MJTP3ZvyVIlEYu/X4roC7EJP/UkCZUJG
|
||||
f79Nc28q2/2D8tuFOqG7UbP7r2cWSa8OO3cI/V1W1k3iWZ63WltqDwFC0c8iqYFL
|
||||
9xKfQ96Q7wrYOCjmuaCLbw==
|
||||
-----END CERTIFICATE-----
|
||||
|
@ -1,22 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD
|
||||
Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs
|
||||
PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8
|
||||
u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd
|
||||
YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ
|
||||
IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759
|
||||
KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5
|
||||
7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU
|
||||
yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL
|
||||
gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg
|
||||
ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0
|
||||
UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s
|
||||
9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9
|
||||
GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C
|
||||
zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/
|
||||
eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF
|
||||
FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j
|
||||
LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM
|
||||
zzJKdNg=
|
||||
MIIDjjCCAkagAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJ
|
||||
bG9jYWxob3N0MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEApzor7D8U
|
||||
sCwZ9vFukB2/jqn26XCECYfzUPNfw5RQ+ixk1leAWOGW/O7QvQQVfl9/pTP4/LuR
|
||||
7zd5w1rb+BntA68i1uk3LOhTwreLKxHwpIeZeeC6zJlm4RYJFZTeX06qGNJZ3WCc
|
||||
dl/FlpXUY3i/vBO5xVHBUrVq4IvQM4DBa47C+Kapfe2AGUV3DKEF1Y20Zs1S2SFb
|
||||
pkMu3PrZexKs/Jcf8Uv+RcfbSEbp6jUuYxFLPDZ+ROhb62gHMvniNIF0xpO+fSjT
|
||||
2IrEqgLhQJprf1w0077zqOnaQLHl6rUdvy42SVjpV3Ymf8ox4OfkSkOXbd3ZOe5Q
|
||||
CFhEfXoCDqP/hgJMnpNGSeRllOlcU7BXCJeqMt0uxLQdDQiDO4b4ct9kKyeWVMjZ
|
||||
3E0n+qjFaHnYHQIDAQABo4GMMIGJMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ
|
||||
bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAd
|
||||
BgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0UwqJ
|
||||
MThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAGQoUMiZVg6+Ibj8kyfq
|
||||
l/vfu4QxlUlqAbm/b9PVdOLrhz+T986HMFhL0b2HUGg5Mb0NZcgHjH4VLkei4AIb
|
||||
g/1nGdJ2I6EcLiQOvO4h2F3CoU6HkEGVEUXFaBd19tSDm7aM+2h7oPb3Vs3YT9QE
|
||||
x7ejmVeA+Qr9+H9xHyModpA1PkKRW31TOYtjUXHdHObT1uar++C1JLHn49ooKDZM
|
||||
5p9a4ExQVYd6WMRXKC83py1V4Ne5kBxC/l+3QkVZnMwByChySP7SEMa9yGv4KFM9
|
||||
FT7XvxQsrkqPi5bCllUyGDrVeyTpyPDrb4BKgAu/Cy4tyDxLzBTZ5TXDH7E1IBps
|
||||
g1k5llFIyGdO5vQrX8vF61tqK5DBhgVvwu0k/m2lP9esLfaF7I5oGAbUKGhRr8mE
|
||||
xs8=
|
||||
-----END CERTIFICATE-----
|
||||
|
8
tests/certs/server-cert.tmpl
Normal file
8
tests/certs/server-cert.tmpl
Normal file
@ -0,0 +1,8 @@
|
||||
cn = localhost
|
||||
dns_name = localhost
|
||||
tls_www_server
|
||||
signing_key
|
||||
encryption_key
|
||||
expiration_days = -1
|
||||
activation_date = "2013-06-06 14:51:29"
|
||||
serial = 0x51d82ef0
|
@ -1,107 +1,23 @@
|
||||
X.509 Certificate Information:
|
||||
Version: 3
|
||||
Serial Number (hex): 51d82f14
|
||||
Issuer: CN=CA
|
||||
Validity:
|
||||
Not Before: Sat Jul 06 14:52:05 UTC 2013
|
||||
Not After: Mon May 15 14:52:05 UTC 2023
|
||||
Subject: CN=A user,UID=test
|
||||
Subject Public Key Algorithm: RSA
|
||||
Algorithm Security Level: Medium (2432 bits)
|
||||
Modulus (bits 2432):
|
||||
00:ab:54:98:fc:a9:c6:15:95:9d:a6:c1:94:84:94:91
|
||||
79:1e:78:db:2d:48:51:99:65:01:02:c0:40:52:49:5d
|
||||
eb:70:bc:26:ef:68:39:1e:04:91:e2:db:cb:6f:93:40
|
||||
45:1e:22:8e:71:5a:58:89:28:79:5e:1a:32:25:3e:8b
|
||||
9d:3b:34:7f:19:f8:d0:2f:37:b7:62:32:b7:53:a5:43
|
||||
2c:c5:5d:ec:ac:f9:35:fa:14:2b:34:66:f1:d6:a7:a1
|
||||
d0:83:9a:56:f4:19:83:bc:bf:11:74:30:2d:a8:28:5b
|
||||
a2:ab:7a:c6:cd:9c:5c:f8:51:e9:a9:0c:48:db:71:bb
|
||||
b1:34:77:f7:ee:de:5d:78:c0:48:0a:37:0d:65:1e:3b
|
||||
2b:14:03:89:72:f2:52:ed:5f:00:c5:06:60:ea:80:20
|
||||
d0:43:ec:66:bc:d2:26:db:f0:29:3e:6a:f9:62:20:be
|
||||
58:26:44:ba:d7:8c:6f:76:a6:05:20:e4:98:b7:c4:72
|
||||
7a:5d:df:4f:0d:23:ec:2e:9c:71:ec:30:f9:14:5f:c8
|
||||
75:0b:ab:67:f6:7d:fb:4d:76:64:4a:a5:d5:fa:b4:08
|
||||
50:9d:13:c7:8f:c2:79:b0:b4:3e:2f:89:d3:33:27:4d
|
||||
9f:8b:d3:60:24:07:ab:b2:72:3d:29:a5:c4:4a:ec:3c
|
||||
04:d2:49:3e:26:1b:ec:7a:10:3d:ca:45:5a:80:8b:4d
|
||||
2a:96:63:4f:2d:63:28:0f:3b:47:47:ca:7c:2c:15:41
|
||||
32:d5:e0:c9:be:a5:55:2c:b3:6b:46:2a:56:b1:1b:ed
|
||||
29
|
||||
Exponent (bits 24):
|
||||
01:00:01
|
||||
Extensions:
|
||||
Basic Constraints (critical):
|
||||
Certificate Authority (CA): FALSE
|
||||
Key Purpose (not critical):
|
||||
TLS WWW Client.
|
||||
Key Usage (critical):
|
||||
Digital signature.
|
||||
Key encipherment.
|
||||
Subject Key Identifier (not critical):
|
||||
8b01094b3b91ece321b91dec8d6b4c5d9e40805e
|
||||
Authority Key Identifier (not critical):
|
||||
482334530a8931384a5aeacab6d2a6dece1d2b18
|
||||
Signature Algorithm: RSA-SHA256
|
||||
Signature:
|
||||
6b:bd:e2:90:d7:11:cf:6c:0d:e3:bd:f4:61:cd:57:83
|
||||
41:be:2a:92:46:dd:fa:44:6c:60:1c:ef:3e:1e:2f:e1
|
||||
e2:5b:45:88:6a:1e:50:2d:8d:96:c4:c7:80:75:59:7b
|
||||
54:6b:fb:86:b0:f1:6d:45:09:db:48:de:20:0a:87:60
|
||||
30:5e:35:f0:52:c4:55:44:c1:ff:e1:7c:3d:d6:6d:58
|
||||
ca:1c:fd:bf:04:9a:9b:10:35:05:fc:d1:01:3c:af:bb
|
||||
64:31:5e:59:8f:ef:6f:0d:35:e5:c0:07:77:0e:31:20
|
||||
8e:e3:2e:f1:a6:4d:f1:be:85:5b:df:04:48:9d:8c:c9
|
||||
c9:c1:b8:e3:e2:d2:4b:55:83:e9:d8:7b:71:2f:8e:89
|
||||
fc:4d:a7:f1:b0:bf:47:9b:97:c4:85:dd:c3:3d:38:15
|
||||
36:08:73:10:87:08:f6:e6:1c:4e:29:a8:a5:f5:24:b8
|
||||
0d:e9:d9:b8:19:27:1d:73:35:fe:7b:81:1f:4a:81:6a
|
||||
93:cd:a2:71:d7:60:0e:08:ee:ea:c8:2b:44:1b:e4:45
|
||||
6c:fe:44:68:d6:86:ad:89:4f:7e:9f:f9:1a:2a:97:0f
|
||||
6b:eb:5d:6e:38:b3:5b:13:b9:e3:4a:10:32:5b:dc:a9
|
||||
b4:a1:4e:b3:f9:4f:91:de:bc:cc:36:91:44:ba:e0:34
|
||||
74:f7:68:b4:7b:0e:db:4e:ec:28:03:01:cf:0a:63:c4
|
||||
23:75:0b:4b:41:9d:e0:68:b3:cb:bf:b5:5c:3d:52:93
|
||||
20:ba:ea:b8:f0:8c:f7:a6:ec:cd:a3:aa:4f:2a:ff:20
|
||||
Other Information:
|
||||
SHA1 fingerprint:
|
||||
5509a76b8738216938cdb3ec25048812737170de
|
||||
SHA256 fingerprint:
|
||||
c93e38ef35f1a9c485a27b161e708f2d45bf8768eb53a23fec841a8f35d6e478
|
||||
Public Key ID:
|
||||
8b01094b3b91ece321b91dec8d6b4c5d9e40805e
|
||||
Public key's random art:
|
||||
+--[ RSA 2432]----+
|
||||
| o=o |
|
||||
|..oE.. |
|
||||
|.+=.o |
|
||||
|o.*.... |
|
||||
| * B +..S |
|
||||
|. * o oo . |
|
||||
| o . . . |
|
||||
| + |
|
||||
| . |
|
||||
+-----------------+
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjDCCAkSgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTIwNVoYDzIwMjMwNTE1MTQ1MjA1WjAnMQ8wDQYDVQQD
|
||||
EwZBIHVzZXIxFDASBgoJkiaJk/IsZAEBEwR0ZXN0MIIBUjANBgkqhkiG9w0BAQEF
|
||||
AAOCAT8AMIIBOgKCATEAq1SY/KnGFZWdpsGUhJSReR542y1IUZllAQLAQFJJXetw
|
||||
vCbvaDkeBJHi28tvk0BFHiKOcVpYiSh5XhoyJT6LnTs0fxn40C83t2Iyt1OlQyzF
|
||||
Xeys+TX6FCs0ZvHWp6HQg5pW9BmDvL8RdDAtqChboqt6xs2cXPhR6akMSNtxu7E0
|
||||
d/fu3l14wEgKNw1lHjsrFAOJcvJS7V8AxQZg6oAg0EPsZrzSJtvwKT5q+WIgvlgm
|
||||
RLrXjG92pgUg5Ji3xHJ6Xd9PDSPsLpxx7DD5FF/IdQurZ/Z9+012ZEql1fq0CFCd
|
||||
E8ePwnmwtD4vidMzJ02fi9NgJAersnI9KaXESuw8BNJJPiYb7HoQPcpFWoCLTSqW
|
||||
Y08tYygPO0dHynwsFUEy1eDJvqVVLLNrRipWsRvtKQIDAQABo3YwdDAMBgNVHRMB
|
||||
Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYD
|
||||
VR0OBBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4
|
||||
SlrqyrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQBrveKQ1xHPbA3jvfRhzVeD
|
||||
Qb4qkkbd+kRsYBzvPh4v4eJbRYhqHlAtjZbEx4B1WXtUa/uGsPFtRQnbSN4gCodg
|
||||
MF418FLEVUTB/+F8PdZtWMoc/b8EmpsQNQX80QE8r7tkMV5Zj+9vDTXlwAd3DjEg
|
||||
juMu8aZN8b6FW98ESJ2MycnBuOPi0ktVg+nYe3Evjon8TafxsL9Hm5fEhd3DPTgV
|
||||
NghzEIcI9uYcTimopfUkuA3p2bgZJx1zNf57gR9KgWqTzaJx12AOCO7qyCtEG+RF
|
||||
bP5EaNaGrYlPfp/5GiqXD2vrXW44s1sTueNKEDJb3Km0oU6z+U+R3rzMNpFEuuA0
|
||||
dPdotHsO207sKAMBzwpjxCN1C0tBneBos8u/tVw9UpMguuq48Iz3puzNo6pPKv8g
|
||||
MIID2TCCAkGgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowJzEPMA0GA1UEAxMG
|
||||
QSB1c2VyMRQwEgYKCZImiZPyLGQBARMEdGVzdDCCAVIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggE/ADCCAToCggExAKtUmPypxhWVnabBlISUkXkeeNstSFGZZQECwEBSSV3rcLwm
|
||||
72g5HgSR4tvLb5NARR4ijnFaWIkoeV4aMiU+i507NH8Z+NAvN7diMrdTpUMsxV3s
|
||||
rPk1+hQrNGbx1qeh0IOaVvQZg7y/EXQwLagoW6KresbNnFz4UempDEjbcbuxNHf3
|
||||
7t5deMBICjcNZR47KxQDiXLyUu1fAMUGYOqAINBD7Ga80ibb8Ck+avliIL5YJkS6
|
||||
14xvdqYFIOSYt8Ryel3fTw0j7C6cceww+RRfyHULq2f2fftNdmRKpdX6tAhQnRPH
|
||||
j8J5sLQ+L4nTMydNn4vTYCQHq7JyPSmlxErsPATSST4mG+x6ED3KRVqAi00qlmNP
|
||||
LWMoDztHR8p8LBVBMtXgyb6lVSyza0YqVrEb7SkCAwEAAaN1MHMwDAYDVR0TAQH/
|
||||
BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0O
|
||||
BBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFAV+KcZC+G2nf/6V
|
||||
sElx119oZKWUMA0GCSqGSIb3DQEBCwUAA4IBgQCTOjwtK5sDPFdbWWlScDX9xfNf
|
||||
tnqRL22Id6VIRcAiuu6KVAYRNs3Pdv65H9orSaohrBRfWKEqAi51bhvDQvzhbw7u
|
||||
881txF+6s0fauArxAUai3e11eCil3gt0JOQVephmPKw6pVq9mMieho5I2SQ8CXoQ
|
||||
pSrselGaOTp8CK1r90pn8RGiJrZ3xJu5Yezb3AWCs3IOHhRT1Rc5mFnvs9VVR64h
|
||||
Pvlr9yBOf/pBEuylQr00plhsZdLra/nIspsGnOIiuM4eIliP6bQwE06u1LxlCbgB
|
||||
CAGTQ86vbO2xT1i8dZeq8TJ72OatmRboUBncaZNIT3rUTZxZYkYhkNtVTKnv/8qq
|
||||
LZI23qtcWLEAsc1O0Xva22wjkg5QE06AiWdcwK3f/Qpvj5yO9+PL7X4lP47n5D6m
|
||||
t1S6xisKgjo/IP9Wk3mPNaNDN3hZCaFRYEHn4CYrlXHqjg1w7quCKApYzrh5/L1Y
|
||||
b9U/qzwF7SatFovndYtf02bjcrHC/TA53IdiQPA=
|
||||
-----END CERTIFICATE-----
|
||||
|
@ -1,21 +1,21 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjDCCAkSgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTIwNVoYDzIwMjMwNTE1MTQ1MjA1WjAnMQ8wDQYDVQQD
|
||||
EwZBIHVzZXIxFDASBgoJkiaJk/IsZAEBEwR0ZXN0MIIBUjANBgkqhkiG9w0BAQEF
|
||||
AAOCAT8AMIIBOgKCATEAq1SY/KnGFZWdpsGUhJSReR542y1IUZllAQLAQFJJXetw
|
||||
vCbvaDkeBJHi28tvk0BFHiKOcVpYiSh5XhoyJT6LnTs0fxn40C83t2Iyt1OlQyzF
|
||||
Xeys+TX6FCs0ZvHWp6HQg5pW9BmDvL8RdDAtqChboqt6xs2cXPhR6akMSNtxu7E0
|
||||
d/fu3l14wEgKNw1lHjsrFAOJcvJS7V8AxQZg6oAg0EPsZrzSJtvwKT5q+WIgvlgm
|
||||
RLrXjG92pgUg5Ji3xHJ6Xd9PDSPsLpxx7DD5FF/IdQurZ/Z9+012ZEql1fq0CFCd
|
||||
E8ePwnmwtD4vidMzJ02fi9NgJAersnI9KaXESuw8BNJJPiYb7HoQPcpFWoCLTSqW
|
||||
Y08tYygPO0dHynwsFUEy1eDJvqVVLLNrRipWsRvtKQIDAQABo3YwdDAMBgNVHRMB
|
||||
Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYD
|
||||
VR0OBBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4
|
||||
SlrqyrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQBrveOQ1xHPbA3jvfRhzVeD
|
||||
Qb4qkkbd+kRsYBzvPh4v4eJbRYhqHlAtjZbEx4B1WXtUa/uGsPFtRQnbSN4gCodg
|
||||
MF418FLEVUTB/+F8PdZtWMoc/b8EmpsQNQX80QE8r7tkMV5Zj+9vDTXlwAd3DjEg
|
||||
juMu8aZN8b6FW98ESJ2MycnBuOPi0ktVg+nYe3Evjon8TafxsL9Hm5fEhd3DPTgV
|
||||
NghzEIcI9uYcTimopfUkuA3p2bgZJx1zNf57gR9KgWqTzaJx12AOCO7qyCtEG+RF
|
||||
bP5EaNaGrYlPfp/5GiqXD2vrXW44s1sTueNKEDJb3Km0oU6z+U+R3rzMNpFEuuA0
|
||||
dPdotHsO207sKAMBzwpjxCN1C0tBneBos8u/tVw9UpMguuq48Iz3puzNo6pPKv8g
|
||||
MIIDiTCCAkGgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowJzEPMA0GA1UEAxMG
|
||||
QSB1c2VyMRQwEgYKCZImiZPyLGQBARMEdGVzdDCCAVIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggE/ADCCAToCggExAKtUmPypxhWVnabBlISUkXkeeNstSFGZZQECwEBSSV3rcLwm
|
||||
72g5HgSR4tvLb5NARR4ijnFaWIkoeV4aMiU+i507NH8Z+NAvN7diMrdTpUMsxV3s
|
||||
rPk1+hQrNGbx1qeh0IOaVvQZg7y/EXQwLagoW6KresbNnFz4UempDEjbcbuxNHf3
|
||||
7t5deMBICjcNZR47KxQDiXLyUu1fAMUGYOqAINBD7Ga80ibb8Ck+avliIL5YJkS6
|
||||
14xvdqYFIOSYt8Ryel3fTw0j7C6cceww+RRfyHULq2f2fftNdmRKpdX6tAhQnRPH
|
||||
j8J5sLQ+L4nTMydNn4vTYCQHq7JyPSmlxErsPATSST4mG+x6ED3KRVqAi00qlmNP
|
||||
LWMoDztHR8p8LBVBMtXgyb6lVSyza0YqVrEb7SkCAwEAAaN1MHMwDAYDVR0TAQH/
|
||||
BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0O
|
||||
BBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4Slrq
|
||||
yrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQAp51Ks5DDWVlLB6fMM2NJV80sX
|
||||
Rx6U1g6ovA7N5BDQiF6FYzVZECMH3d9nyZssHbkzb6qyO1m58P0cNkVurEH27+Z2
|
||||
xdkNw5bbcvNDVhfVSjwa6nyTLfhf7vOTWaIxGGmffP72PIe87N6QmyCCGG0IXIkO
|
||||
kcTAE8IgX6k1mEr1Xy2ZtFVgKjPPLxsixIJ7TEktvJR1RqWQfbsOS8f13lvS1Vhh
|
||||
vc+UMbIQnz+jl4qNV/AX7GfpEYiBkbrgcjsggl/KMuwcauhEDdvfIQjcyRbQN36p
|
||||
KcVEXDpnG54sAfXAs9Z+adbvmu0ONAMCDuxKCT2eG1SGVrtiT5+7kCMso1eKz/5A
|
||||
r1XP0RgCKFExIRYb1elFpLc8wmJbN4qof2zisKG8UajFIHzIGateiu53enNn
|
||||
-----END CERTIFICATE-----
|
||||
|
7
tests/certs/user-cert.tmpl
Normal file
7
tests/certs/user-cert.tmpl
Normal file
@ -0,0 +1,7 @@
|
||||
dn = "uid=test,cn=A user"
|
||||
tls_www_client
|
||||
signing_key
|
||||
encryption_key
|
||||
expiration_days = -1
|
||||
activation_date = "2013-06-06 14:51:29"
|
||||
serial = 0x51d82f14
|
@ -91,14 +91,14 @@ fi
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= ${CSTR} --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= ${CSTR} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -68,7 +68,6 @@ void writer(int fd)
|
||||
assert(write(fd, buf+j, 1) == 1);
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
void receiver(int fd)
|
||||
@ -87,8 +86,6 @@ void receiver(int fd)
|
||||
fprintf(stderr, "received %d\n", ret);
|
||||
assert(ret > 0);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
|
191
tests/data/test-camouflage-norealm.config
Normal file
191
tests/data/test-camouflage-norealm.config
Normal file
@ -0,0 +1,191 @@
|
||||
# User authentication method. Could be set multiple times and in that case
|
||||
# all should succeed.
|
||||
# Options: certificate, pam.
|
||||
#auth = "certificate"
|
||||
auth = "plain[./data/test1.passwd]"
|
||||
#auth = "pam"
|
||||
|
||||
isolate-workers = @ISOLATE_WORKERS@
|
||||
|
||||
# A banner to be displayed on clients
|
||||
#banner = "Welcome"
|
||||
|
||||
# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
|
||||
#listen-host = [IP|HOSTNAME]
|
||||
|
||||
use-dbus = no
|
||||
|
||||
# Limit the number of clients. Unset or set to zero for unlimited.
|
||||
#max-clients = 1024
|
||||
max-clients = 16
|
||||
|
||||
# Limit the number of client connections to one every X milliseconds
|
||||
# (X is the provided value). Set to zero for no limit.
|
||||
#rate-limit-ms = 100
|
||||
|
||||
# Limit the number of identical clients (i.e., users connecting multiple times)
|
||||
# Unset or set to zero for unlimited.
|
||||
max-same-clients = 2
|
||||
|
||||
# TCP and UDP port number
|
||||
tcp-port = @PORT@
|
||||
udp-port = @PORT@
|
||||
|
||||
# Keepalive in seconds
|
||||
keepalive = 32400
|
||||
|
||||
# Dead peer detection in seconds
|
||||
dpd = 440
|
||||
|
||||
# MTU discovery (DPD must be enabled)
|
||||
try-mtu-discovery = false
|
||||
|
||||
# The key and the certificates of the server
|
||||
# The key may be a file, or any URL supported by GnuTLS (e.g.,
|
||||
# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
|
||||
# or pkcs11:object=my-vpn-key;object-type=private)
|
||||
#
|
||||
# There may be multiple certificate and key pairs and each key
|
||||
# should correspond to the preceding certificate.
|
||||
server-cert = ./certs/server-cert.pem
|
||||
server-key = ./certs/server-key.pem
|
||||
|
||||
# Diffie-Hellman parameters. Only needed if you require support
|
||||
# for the DHE ciphersuites (by default this server supports ECDHE).
|
||||
# Can be generated using:
|
||||
# certtool --generate-dh-params --outfile /path/to/dh.pem
|
||||
#dh-params = /path/to/dh.pem
|
||||
|
||||
# If you have a certificate from a CA that provides an OCSP
|
||||
# service you may provide a fresh OCSP status response within
|
||||
# the TLS handshake. That will prevent the client from connecting
|
||||
# independently on the OCSP server.
|
||||
# You can update this response periodically using:
|
||||
# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
|
||||
# Make sure that you replace the following file in an atomic way.
|
||||
#ocsp-response = /path/to/ocsp.der
|
||||
|
||||
# In case PKCS #11 or TPM keys are used the PINs should be available
|
||||
# in files. The srk-pin-file is applicable to TPM keys only (It's the storage
|
||||
# root key).
|
||||
#pin-file = /path/to/pin.txt
|
||||
#srk-pin-file = /path/to/srkpin.txt
|
||||
|
||||
# The Certificate Authority that will be used
|
||||
# to verify clients if certificate authentication
|
||||
# is set.
|
||||
#ca-cert = /path/to/ca.pem
|
||||
|
||||
# The object identifier that will be used to read the user ID in the client certificate.
|
||||
# The object identifier should be part of the certificate's DN
|
||||
# Useful OIDs are:
|
||||
# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
|
||||
#cert-user-oid = 0.9.2342.19200300.100.1.1
|
||||
|
||||
# The object identifier that will be used to read the user group in the client
|
||||
# certificate. The object identifier should be part of the certificate's DN
|
||||
# Useful OIDs are:
|
||||
# OU (organizational unit) = 2.5.4.11
|
||||
#cert-group-oid = 2.5.4.11
|
||||
|
||||
# A revocation list of ca-cert is set
|
||||
#crl = /path/to/crl.pem
|
||||
|
||||
# GnuTLS priority string
|
||||
tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
|
||||
|
||||
# To enforce perfect forward secrecy (PFS) on the main channel.
|
||||
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA"
|
||||
|
||||
# The time (in seconds) that a client is allowed to stay connected prior
|
||||
# to authentication
|
||||
auth-timeout = 40
|
||||
|
||||
# The time (in seconds) that a client is not allowed to reconnect after
|
||||
# a failed authentication attempt.
|
||||
#min-reauth-time = 2
|
||||
|
||||
# Cookie timeout (in seconds)
|
||||
# Once a client is authenticated he's provided a cookie with
|
||||
# which he can reconnect. That cookie will be invalided if not
|
||||
# used within this timeout value. On a user disconnection, that
|
||||
# cookie will also be active for this time amount prior to be
|
||||
# invalid. That should allow a reasonable amount of time for roaming
|
||||
# between different networks.
|
||||
cookie-timeout = 30
|
||||
|
||||
# Script to call when a client connects and obtains an IP
|
||||
# Parameters are passed on the environment.
|
||||
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
|
||||
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
|
||||
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
|
||||
# may be "connect" or "disconnect".
|
||||
#connect-script = /usr/bin/myscript
|
||||
#disconnect-script = /usr/bin/myscript
|
||||
|
||||
# UTMP
|
||||
use-utmp = true
|
||||
|
||||
# PID file
|
||||
pid-file = /var/run/ocserv.pid
|
||||
|
||||
# The default server directory. Does not require any devices present.
|
||||
#chroot-dir = /path/to/chroot
|
||||
|
||||
# socket file used for IPC, will be appended with .PID
|
||||
# It must be accessible within the chroot environment (if any)
|
||||
socket-file = /var/run/ocserv-socket
|
||||
|
||||
# The user the worker processes will be run as. It should be
|
||||
# unique (no other services run as this user).
|
||||
run-as-user = nobody
|
||||
run-as-group = daemon
|
||||
|
||||
# Network settings
|
||||
|
||||
device = vpns
|
||||
|
||||
# The default domain to be advertised
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
ipv6-network = fe80::
|
||||
ipv6-prefix = 16
|
||||
#ipv6-dns =
|
||||
|
||||
# Prior to leasing any IP from the pool ping it to verify that
|
||||
# it is not in use by another (unrelated to this server) host.
|
||||
ping-leases = false
|
||||
|
||||
# Leave empty to assign the default MTU of the device
|
||||
# mtu =
|
||||
|
||||
route = 192.168.1.0/255.255.255.0
|
||||
#route = 192.168.5.0/255.255.255.0
|
||||
|
||||
#
|
||||
# The following options are for (experimental) AnyConnect client
|
||||
# compatibility. They are only available if the server is built
|
||||
# with --enable-anyconnect
|
||||
#
|
||||
|
||||
# Client profile xml. A sample file exists in doc/profile.xml.
|
||||
# This file must be accessible from inside the worker's chroot.
|
||||
# The profile is ignored by the openconnect client.
|
||||
#user-profile = profile.xml
|
||||
|
||||
# Unless set to false it is required for clients to present their
|
||||
# certificate even if they are authenticating via a previously granted
|
||||
# cookie. Legacy CISCO clients do not do that, and thus this option
|
||||
# should be set for them.
|
||||
#always-require-cert = false
|
||||
|
||||
camouflage = true
|
||||
camouflage_secret = "mysecretkey"
|
192
tests/data/test-camouflage.config
Normal file
192
tests/data/test-camouflage.config
Normal file
@ -0,0 +1,192 @@
|
||||
# User authentication method. Could be set multiple times and in that case
|
||||
# all should succeed.
|
||||
# Options: certificate, pam.
|
||||
#auth = "certificate"
|
||||
auth = "plain[./data/test1.passwd]"
|
||||
#auth = "pam"
|
||||
|
||||
isolate-workers = @ISOLATE_WORKERS@
|
||||
|
||||
# A banner to be displayed on clients
|
||||
#banner = "Welcome"
|
||||
|
||||
# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
|
||||
#listen-host = [IP|HOSTNAME]
|
||||
|
||||
use-dbus = no
|
||||
|
||||
# Limit the number of clients. Unset or set to zero for unlimited.
|
||||
#max-clients = 1024
|
||||
max-clients = 16
|
||||
|
||||
# Limit the number of client connections to one every X milliseconds
|
||||
# (X is the provided value). Set to zero for no limit.
|
||||
#rate-limit-ms = 100
|
||||
|
||||
# Limit the number of identical clients (i.e., users connecting multiple times)
|
||||
# Unset or set to zero for unlimited.
|
||||
max-same-clients = 2
|
||||
|
||||
# TCP and UDP port number
|
||||
tcp-port = @PORT@
|
||||
udp-port = @PORT@
|
||||
|
||||
# Keepalive in seconds
|
||||
keepalive = 32400
|
||||
|
||||
# Dead peer detection in seconds
|
||||
dpd = 440
|
||||
|
||||
# MTU discovery (DPD must be enabled)
|
||||
try-mtu-discovery = false
|
||||
|
||||
# The key and the certificates of the server
|
||||
# The key may be a file, or any URL supported by GnuTLS (e.g.,
|
||||
# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
|
||||
# or pkcs11:object=my-vpn-key;object-type=private)
|
||||
#
|
||||
# There may be multiple certificate and key pairs and each key
|
||||
# should correspond to the preceding certificate.
|
||||
server-cert = ./certs/server-cert.pem
|
||||
server-key = ./certs/server-key.pem
|
||||
|
||||
# Diffie-Hellman parameters. Only needed if you require support
|
||||
# for the DHE ciphersuites (by default this server supports ECDHE).
|
||||
# Can be generated using:
|
||||
# certtool --generate-dh-params --outfile /path/to/dh.pem
|
||||
#dh-params = /path/to/dh.pem
|
||||
|
||||
# If you have a certificate from a CA that provides an OCSP
|
||||
# service you may provide a fresh OCSP status response within
|
||||
# the TLS handshake. That will prevent the client from connecting
|
||||
# independently on the OCSP server.
|
||||
# You can update this response periodically using:
|
||||
# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
|
||||
# Make sure that you replace the following file in an atomic way.
|
||||
#ocsp-response = /path/to/ocsp.der
|
||||
|
||||
# In case PKCS #11 or TPM keys are used the PINs should be available
|
||||
# in files. The srk-pin-file is applicable to TPM keys only (It's the storage
|
||||
# root key).
|
||||
#pin-file = /path/to/pin.txt
|
||||
#srk-pin-file = /path/to/srkpin.txt
|
||||
|
||||
# The Certificate Authority that will be used
|
||||
# to verify clients if certificate authentication
|
||||
# is set.
|
||||
#ca-cert = /path/to/ca.pem
|
||||
|
||||
# The object identifier that will be used to read the user ID in the client certificate.
|
||||
# The object identifier should be part of the certificate's DN
|
||||
# Useful OIDs are:
|
||||
# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
|
||||
#cert-user-oid = 0.9.2342.19200300.100.1.1
|
||||
|
||||
# The object identifier that will be used to read the user group in the client
|
||||
# certificate. The object identifier should be part of the certificate's DN
|
||||
# Useful OIDs are:
|
||||
# OU (organizational unit) = 2.5.4.11
|
||||
#cert-group-oid = 2.5.4.11
|
||||
|
||||
# A revocation list of ca-cert is set
|
||||
#crl = /path/to/crl.pem
|
||||
|
||||
# GnuTLS priority string
|
||||
tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
|
||||
|
||||
# To enforce perfect forward secrecy (PFS) on the main channel.
|
||||
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA"
|
||||
|
||||
# The time (in seconds) that a client is allowed to stay connected prior
|
||||
# to authentication
|
||||
auth-timeout = 40
|
||||
|
||||
# The time (in seconds) that a client is not allowed to reconnect after
|
||||
# a failed authentication attempt.
|
||||
#min-reauth-time = 2
|
||||
|
||||
# Cookie timeout (in seconds)
|
||||
# Once a client is authenticated he's provided a cookie with
|
||||
# which he can reconnect. That cookie will be invalided if not
|
||||
# used within this timeout value. On a user disconnection, that
|
||||
# cookie will also be active for this time amount prior to be
|
||||
# invalid. That should allow a reasonable amount of time for roaming
|
||||
# between different networks.
|
||||
cookie-timeout = 30
|
||||
|
||||
# Script to call when a client connects and obtains an IP
|
||||
# Parameters are passed on the environment.
|
||||
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
|
||||
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
|
||||
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
|
||||
# may be "connect" or "disconnect".
|
||||
#connect-script = /usr/bin/myscript
|
||||
#disconnect-script = /usr/bin/myscript
|
||||
|
||||
# UTMP
|
||||
use-utmp = true
|
||||
|
||||
# PID file
|
||||
pid-file = /var/run/ocserv.pid
|
||||
|
||||
# The default server directory. Does not require any devices present.
|
||||
#chroot-dir = /path/to/chroot
|
||||
|
||||
# socket file used for IPC, will be appended with .PID
|
||||
# It must be accessible within the chroot environment (if any)
|
||||
socket-file = /var/run/ocserv-socket
|
||||
|
||||
# The user the worker processes will be run as. It should be
|
||||
# unique (no other services run as this user).
|
||||
run-as-user = nobody
|
||||
run-as-group = daemon
|
||||
|
||||
# Network settings
|
||||
|
||||
device = vpns
|
||||
|
||||
# The default domain to be advertised
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
ipv6-network = fe80::
|
||||
ipv6-prefix = 16
|
||||
#ipv6-dns =
|
||||
|
||||
# Prior to leasing any IP from the pool ping it to verify that
|
||||
# it is not in use by another (unrelated to this server) host.
|
||||
ping-leases = false
|
||||
|
||||
# Leave empty to assign the default MTU of the device
|
||||
# mtu =
|
||||
|
||||
route = 192.168.1.0/255.255.255.0
|
||||
#route = 192.168.5.0/255.255.255.0
|
||||
|
||||
#
|
||||
# The following options are for (experimental) AnyConnect client
|
||||
# compatibility. They are only available if the server is built
|
||||
# with --enable-anyconnect
|
||||
#
|
||||
|
||||
# Client profile xml. A sample file exists in doc/profile.xml.
|
||||
# This file must be accessible from inside the worker's chroot.
|
||||
# The profile is ignored by the openconnect client.
|
||||
#user-profile = profile.xml
|
||||
|
||||
# Unless set to false it is required for clients to present their
|
||||
# certificate even if they are authenticating via a previously granted
|
||||
# cookie. Legacy CISCO clients do not do that, and thus this option
|
||||
# should be set for them.
|
||||
#always-require-cert = false
|
||||
|
||||
camouflage = true
|
||||
camouflage_secret = "mysecretkey"
|
||||
camouflage_realm = "Please enter password"
|
@ -77,7 +77,7 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${TMPFILE} )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${TMPFILE} )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
@ -85,7 +85,7 @@ fi
|
||||
|
||||
eval $(cat ${TMPFILE})
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@ -105,7 +105,7 @@ if test $? != 0;then
|
||||
fi
|
||||
|
||||
echo " * Re-connecting to obtain cookie after disconnect... "
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
if test $? = 0;then
|
||||
echo "Succeeded using the cookie to connect"
|
||||
exit 1
|
||||
|
@ -75,7 +75,7 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${TMPFILE} )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${TMPFILE} )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
@ -83,7 +83,7 @@ fi
|
||||
|
||||
eval $(cat ${TMPFILE})
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@ -103,7 +103,7 @@ if test $? != 0;then
|
||||
fi
|
||||
|
||||
echo " * Re-connecting to obtain cookie after disconnect... "
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
if test $? = 0;then
|
||||
echo "Succeeded using the cookie to connect"
|
||||
exit 1
|
||||
|
@ -35,7 +35,7 @@ launch_sr_server -d 1 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
if ! test -f ${PIDFILE};then
|
||||
@ -48,7 +48,7 @@ kill -15 $(cat $PIDFILE)
|
||||
sleep 1
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) &&
|
||||
fail $PID "Server is still listening"
|
||||
|
||||
wait
|
||||
|
@ -48,7 +48,7 @@ launch_simple_sr_server -d 3 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
if ! test -f ${PIDFILE};then
|
||||
|
@ -37,39 +37,39 @@ launch_sr_server -d 1 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie with wrong password... "
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
echo "Connecting to obtain cookie with empty password... "
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
echo "Connecting to obtain cookie with wrong username... "
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
# test locked account
|
||||
|
||||
echo "Connecting to obtain cookie with locked account... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
#test special characters
|
||||
|
||||
echo "Connecting to obtain cookie with special password... "
|
||||
( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie with empty password... "
|
||||
( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
#echo "Normal connection... "
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
||||
# fail $PID "Could not connect to server"
|
||||
|
||||
if ! test -f ${PIDFILE};then
|
||||
|
@ -51,7 +51,7 @@ LD_PRELOAD=libsocket_wrapper.so:libuid_wrapper.so UID_WRAPPER=1 UID_WRAPPER_ROOT
|
||||
wait_server ${HAPID}
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
kill ${HAPID}
|
||||
fail ${PID} "Could not receive cookie from server"
|
||||
@ -66,7 +66,7 @@ LD_PRELOAD=libsocket_wrapper.so:libuid_wrapper.so UID_WRAPPER=1 UID_WRAPPER_ROOT
|
||||
wait_server ${HAPID}
|
||||
|
||||
echo "Re-connecting to obtain cookie after haproxy restart... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
kill ${HAPID}
|
||||
fail ${PID} "Could not receive cookie from server"
|
||||
|
@ -91,14 +91,14 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@ -135,7 +135,7 @@ set +e
|
||||
sleep 3
|
||||
|
||||
echo " * Re-connecting to obtain cookie after haproxy restart... "
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not receive cookie from server on reconnection"
|
||||
exit 1
|
||||
|
@ -94,14 +94,14 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -94,14 +94,14 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -25,6 +25,7 @@
|
||||
#include <netdb.h>
|
||||
#include "../src/html.h"
|
||||
#include "../src/html.c"
|
||||
#include "../src/common/common.h"
|
||||
|
||||
static char *strings[] =
|
||||
{
|
||||
@ -54,13 +55,13 @@ static char *encoded_strings[] =
|
||||
"Ahoy matey!"
|
||||
};
|
||||
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
char *dec;
|
||||
unsigned i;
|
||||
unsigned len;
|
||||
|
||||
for (i=0;i<sizeof(encoded_strings)/sizeof(encoded_strings[0]);i++) {
|
||||
for (i=0;i<ARRAY_SIZE(encoded_strings);i++) {
|
||||
dec = unescape_html(NULL, encoded_strings[i], strlen(encoded_strings[i]), &len);
|
||||
if (dec == NULL) {
|
||||
fprintf(stderr, "failed to unescape %s\n", encoded_strings[i]);
|
||||
|
@ -76,7 +76,6 @@ static void check(const char *ip)
|
||||
exit(1);
|
||||
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
static void check_port(const char *ip, unsigned port)
|
||||
@ -105,10 +104,9 @@ static void check_port(const char *ip, unsigned port)
|
||||
exit(1);
|
||||
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
check("172.18.52.43");
|
||||
check("192.168.1.1");
|
||||
|
@ -23,7 +23,7 @@
|
||||
#include "../src/ip-util.h"
|
||||
#include "../src/ip-util.c"
|
||||
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
char *p;
|
||||
|
||||
|
@ -70,7 +70,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to setup interface... "
|
||||
echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
||||
echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -36,7 +36,7 @@ static char* my_ipv6_prefix_to_mask(char str[MAX_IP_STR], unsigned prefix)
|
||||
return str;
|
||||
}
|
||||
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
char *p;
|
||||
char str[MAX_IP_STR];
|
||||
|
@ -70,7 +70,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to setup interface... "
|
||||
echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
||||
echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -78,7 +78,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
sleep 4
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -25,6 +25,7 @@
|
||||
#include <netdb.h>
|
||||
#include "../src/occtl/json.h"
|
||||
#include "../src/occtl/json.c"
|
||||
#include "../src/common/common.h"
|
||||
|
||||
static char *strings[] =
|
||||
{
|
||||
@ -46,13 +47,13 @@ static char *encoded_strings[] =
|
||||
"\\u0009big pile \\u0008\\u0008 of stuff\\u000d\\u000a"
|
||||
};
|
||||
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
char tmp[512];
|
||||
char *p;
|
||||
unsigned i;
|
||||
|
||||
for (i=0;i<sizeof(strings)/sizeof(strings[0]);i++) {
|
||||
for (i=0;i<ARRAY_SIZE(strings);i++) {
|
||||
tmp[0] = 0;
|
||||
p = json_escape_val(tmp, sizeof(tmp), strings[i]);
|
||||
if (strcmp(p, encoded_strings[i]) != 0) {
|
||||
|
@ -27,7 +27,7 @@
|
||||
#include "../src/common-config.h"
|
||||
#include "../src/config-kkdcp.c"
|
||||
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
#ifndef HAVE_GSSAPI
|
||||
exit(77);
|
||||
|
@ -81,14 +81,14 @@ sleep 4
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -81,14 +81,14 @@ sleep 4
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -39,13 +39,13 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null ) ||
|
||||
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Re-connecting to get routes... "
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
|
@ -43,7 +43,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to get routes... "
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
@ -68,7 +68,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to get routes... "
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
|
@ -43,7 +43,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to get routes... "
|
||||
echo "test" | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
||||
echo "test" | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 -u test --passwd-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
@ -68,7 +68,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to get routes... "
|
||||
echo test | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 --passwd-on-stdin -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
||||
echo test | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 --passwd-on-stdin -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
|
@ -52,12 +52,12 @@ fi
|
||||
echo "Server started with PID $PID..."
|
||||
|
||||
echo "Connecting to obtain cookie..."
|
||||
( echo "test" | $OPENCONNECT -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | $OPENCONNECT -q localhost:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
|
||||
echo "Connecting to ping lease..."
|
||||
echo "test" | timeout 10 $OPENCONNECT localhost:$PORT -u "test" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true
|
||||
echo "test" | timeout 10 $OPENCONNECT localhost:$PORT -u "test" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true
|
||||
|
||||
if test $? != 124;then
|
||||
fail $PID "Could not connect to server"
|
||||
|
@ -35,7 +35,6 @@
|
||||
|
||||
void fw_port_st__init(FwPortSt *message)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
void check_vals(FwPortSt **fw_ports, size_t n_fw_ports) {
|
||||
@ -61,7 +60,7 @@ void check_vals(FwPortSt **fw_ports, size_t n_fw_ports) {
|
||||
}
|
||||
}
|
||||
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
char p[256];
|
||||
int ret;
|
||||
|
10
tests/radius
10
tests/radius
@ -98,21 +98,21 @@ sleep 4
|
||||
|
||||
# Run clients
|
||||
echo " * Testing wrong username at ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u xxx --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u xxx --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? = 0;then
|
||||
echo "Connected with incorrect username"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Testing wrong password at ${ADDRESS}:${PORT}..."
|
||||
( echo "xxx" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "xxx" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? = 0;then
|
||||
echo "Connected with incorrect password"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
@ -120,7 +120,7 @@ fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT} with special IP..."
|
||||
USERNAME=test-arb
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@ -148,7 +148,7 @@ sleep 3
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
USERNAME=test
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -123,7 +123,7 @@ sleep 4
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
USERNAME=testtime
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -100,7 +100,7 @@ sleep 4
|
||||
|
||||
echo " * Tests the radius group functionality"
|
||||
USERNAME=test-class
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group2 -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group2 -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@ -137,7 +137,7 @@ sleep 4
|
||||
|
||||
echo " * Tests the alt radius group functionality"
|
||||
USERNAME=test-class
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group1 -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group1 -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
@ -111,7 +111,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
sleep 0.5
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b >/dev/null 2>&1)
|
||||
if test $? != 0; then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@ -151,7 +151,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
sleep 0.5
|
||||
echo "$USERNAME-stage"
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected with wrong username"
|
||||
exit 1
|
||||
@ -173,7 +173,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
fi
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected with wrong OTP"
|
||||
exit 1
|
||||
@ -197,7 +197,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
fi
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected with wrong OTP"
|
||||
exit 1
|
||||
@ -218,7 +218,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
fi
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected with blank OTP"
|
||||
exit 1
|
||||
@ -247,7 +247,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
fi
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Successful connection with the number of OTP retries greater than allowed by the ban system (default 30)."
|
||||
${OCCTL} -s ${OCCTL_SOCKET} show ip ban points
|
||||
@ -265,7 +265,7 @@ for (( COUNT=1; COUNT <= 17; COUNT++ )); do
|
||||
sleep 0.5
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected to server - MAX_CHALLENGES test failed"
|
||||
exit 1
|
||||
|
@ -30,7 +30,7 @@ static char *myfunc(void *pool, const char *str)
|
||||
}
|
||||
|
||||
#define STR1 "hi there people. How are you?"
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
str_st str;
|
||||
str_rep_tab tab[16];
|
||||
|
@ -25,7 +25,7 @@
|
||||
#include "../src/str.c"
|
||||
|
||||
#define STR1 " hi there people. How are you?"
|
||||
int main()
|
||||
int main(void)
|
||||
{
|
||||
char str[64];
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user