1#!/bin/sh 2# 3# Copyright (C) 2013 Red Hat 4# 5# This file is part of ocserv. 6# 7# ocserv is free software; you can redistribute it and/or modify it 8# under the terms of the GNU General Public License as published by the 9# Free Software Foundation; either version 2 of the License, or (at 10# your option) any later version. 11# 12# ocserv is distributed in the hope that it will be useful, but 13# WITHOUT ANY WARRANTY; without even the implied warranty of 14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15# General Public License for more details. 16# 17# You should have received a copy of the GNU General Public License 18# along with GnuTLS; if not, write to the Free Software Foundation, 19# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 21SERV="${SERV:-../src/ocserv}" 22srcdir=${srcdir:-.} 23 24. `dirname $0`/common.sh 25 26eval "${GETPORT}" 27 28PIDFILE1="${srcdir}/ci$$-1.pid.tmp" 29PIDFILE2="${srcdir}/ci$$-2.pid.tmp" 30echo "Testing whether cookies are being correctly invalidated... " 31rm -f "${PIDFILE1}" "${PIDFILE2}" 32 33update_config test-cookie-invalidation.config 34launch_server -d 1 -f -c ${CONFIG} & PID=$! 35wait_server $PID 36 37echo "Connecting to obtain cookie... " 38eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3` 39 40if [ -z "$COOKIE" ];then 41 fail $PID "Could not obtain cookie" 42fi 43 44#echo "Cookie: $COOKIE" 45 46echo "Connecting with cookie... " 47echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background >/dev/null 2>&1 48 49sleep 4 50 51if [ ! -f "${PIDFILE1}" ];then 52 fail $PID "It was not possible to establish session!" 53fi 54 55kill -USR1 `cat "${PIDFILE1}"` 56if test $? != 0;then 57 fail $PID "Process could not be killed" 58fi 59 60echo "Terminating and connecting again with same cookie... " 61#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) || 62# fail $PID "Could not connect to server" 63echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1 64 65sleep 4 66 67if [ ! -f "${PIDFILE2}" ];then 68 fail $PID "It was not possible to establish session!" 69fi 70 71kill -INT `cat "${PIDFILE2}"` 72 73if test $? != 0;then 74 fail $PID "Process could not be killed" 75fi 76 77rm -f "${PIDFILE2}" 78# We give the server few seconds to cleanup before we retry the cookie. 79# In 0.11.10 the server behavior changed to allow immediate reconnection, 80# with a cookie that was explicitly terminated by the user, as anyconnect 81# clients follow that behavioral pattern. 82sleep 18 83 84echo "Proper termination and connecting again with same (invalidated) cookie... " 85#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) || 86# fail $PID "Could not connect to server" 87echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1 88 89sleep 4 90 91if [ -f "${PIDFILE2}" ];then 92 fail $PID "It was possible to establish session!!" 93fi 94 95rm -f "${PIDFILE1}" "${PIDFILE2}" 96rm -f ${CONFIG} 97 98kill $PID 99wait 100 101exit 0 102