1#!/bin/sh 2# 3# Copyright (C) 2015 Red Hat 4# 5# This file is part of ocserv. 6# 7# ocserv is free software; you can redistribute it and/or modify it 8# under the terms of the GNU General Public License as published by the 9# Free Software Foundation; either version 2 of the License, or (at 10# your option) any later version. 11# 12# ocserv is distributed in the hope that it will be useful, but 13# WITHOUT ANY WARRANTY; without even the implied warranty of 14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15# General Public License for more details. 16# 17# You should have received a copy of the GNU General Public License 18# along with GnuTLS; if not, write to the Free Software Foundation, 19# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 21SERV="${SERV:-../src/ocserv}" 22srcdir=${srcdir:-.} 23 24. `dirname $0`/common.sh 25 26eval "${GETPORT}" 27 28echo "Testing whether cookies will expire as expected... " 29 30PIDFILE="${srcdir}/ct$$.pid.tmp" 31 32update_config test-cookie-timeout.config 33launch_server -d 1 -f -c ${CONFIG} & PID=$! 34wait_server $PID 35 36echo "Connecting to obtain cookie... " 37eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3` 38 39if [ -z "$COOKIE" ];then 40 fail $PID "Could not obtain cookie" 41fi 42 43#echo "Cookie: $COOKIE" 44sleep 16 45echo "" 46echo "Connecting with cookie... " 47echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background 48 49sleep 4 50 51if [ ! -f "${PIDFILE}" ];then 52 fail $PID "It was not possible to establish session!" 53fi 54 55CPID=`cat "${PIDFILE}"` 56kill -9 $CPID 57rm -f "${PIDFILE}" 58 59sleep 16 60echo "" 61echo "Connecting again with cookie... " 62echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background 63 64sleep 4 65 66if [ ! -f "${PIDFILE}" ];then 67 fail $PID "It was not possible to establish second session!" 68fi 69 70CPID=`cat "${PIDFILE}"` 71kill -9 $CPID 72rm -f "${PIDFILE}" 73 74sleep 16 75echo "" 76echo "Connecting after forced kill with cookie... " 77echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background 78 79sleep 4 80 81if [ ! -f "${PIDFILE}" ];then 82 fail $PID "It was not possible to establish third session!" 83fi 84 85CPID=`cat "${PIDFILE}"` 86kill -9 $CPID 87rm -f "${PIDFILE}" 88 89 90sleep 45 91echo "" 92echo "Connecting with cookie after expiration... " 93echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background 94 95sleep 4 96 97if [ -f "${PIDFILE}" ];then 98 fail $PID "Session was established with expired cookie!" 99 CPID=`cat "${PIDFILE}"` 100 kill $CPID 101 rm -f "${PIDFILE}" 102fi 103 104# test cookie verification after cookie verification failure. That is to verify whether 105# the channel between main and sec-mod is in consistent state. 106echo "Connecting (again) to obtain cookie... " 107echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 108 109if test $? != 0;then 110 fail $PID "Could not obtain cookie" 111fi 112 113kill $PID 114wait 115 116rm -f "${PIDFILE}" ${CONFIG} 117 118exit 0 119