DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

[test suite] additional code coverage for a few areas

Browse Source
This commit is contained in:
Michael Rash 2014-10-24 20:39:40 -04:00
parent 7b70ed08d2
commit 58d47cb385
5 changed files with 40 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -168,6 +168,7 @@ EXTRA_DIST = \
test/conf/gpg_no_pw_fpr_access.conf \
test/conf/gpg_no_pw_bad_fpr_access.conf \
test/conf/gpg_no_pw_no_fpr_access.conf \
test/conf/gpg_no_sig_no_fpr_access.conf \
test/conf/gpg_no_sig_verify_access.conf \
test/conf/gpg_invalid_sig_id_access.conf \
test/conf/fwknoprc_gpg_invalid_exe \

13
server/access.c
View File

@ -1119,19 +1119,10 @@ acc_data_is_valid(struct passwd *user_pw, acc_stanza_t * const acc)
}
}
if(acc->force_snat == 1 && acc->force_nat == 0)
if((acc->force_snat == 1 || acc->force_masquerade == 1) && acc->force_nat == 0)
{
log_msg(LOG_ERR,
"[*] FORCE_SNAT implies FORCE_NAT must also be used for access stanza source: '%s'",
acc->source
);
return(0);
}
if(acc->force_masquerade == 1 && acc->force_nat == 0)
{
log_msg(LOG_ERR,
"[*] FORCE_MASQUERADE implies FORCE_NAT must also be used for access stanza source: '%s'",
"[*] FORCE_SNAT/FORCE_MASQUERADE implies FORCE_NAT must also be used for access stanza source: '%s'",
acc->source
);
return(0);

8
test/conf/gpg_no_sig_no_fpr_access.conf Normal file
View File

@ -0,0 +1,8 @@
SOURCE ANY
FW_ACCESS_TIMEOUT 3
#GPG_HOME_DIR conf/server-gpg-no-pw ### for code coverage
GPG_DECRYPT_ID 361BBAD4
GPG_DISABLE_SIG Y
GPG_REQUIRE_SIG Y
GPG_ALLOW_NO_PW Y
GPG_FINGERPRINT_ID 00CC95F05BC146B6AC4038C9E36F443C6A3FAD56

1
test/test-fwknop.pl
View File

@ -426,6 +426,7 @@ our %cf = (
'gpg_no_pw_fpr_access' => "$conf_dir/gpg_no_pw_fpr_access.conf",
'gpg_no_pw_bad_fpr_access' => "$conf_dir/gpg_no_pw_bad_fpr_access.conf",
'gpg_no_pw_no_fpr_access' => "$conf_dir/gpg_no_pw_no_fpr_access.conf",
'gpg_no_sig_no_fpr_access' => "$conf_dir/gpg_no_sig_no_fpr_access.conf",
'gpg_no_pw_hmac_access' => "$conf_dir/gpg_no_pw_hmac_access.conf",
'gpg_no_pw_hmac_clientdir_access' => "$conf_dir/gpg_no_pw_hmac_clientdir_access.conf",
'gpg_no_pw_hmac_serverdir_access' => "$conf_dir/gpg_no_pw_hmac_serverdir_access.conf",

29
test/tests/basic_operations.pl
View File

@ -2435,7 +2435,7 @@
'detail' => 'invalid access.conf file path',
'function' => \&generic_exec,
'exec_err' => $YES,
'cmdline' => "$fwknopdCmd -f -a invalid --exit-parse-config",
'cmdline' => "$fwknopdCmd -f -c $cf{'def'} -a invalid --exit-parse-config",
},
{
@ -2464,6 +2464,15 @@
"-d $default_digest_file -p $default_pid_file -f --exit-parse-config",
'positive_output_matches' => [qr/Must have either sig/],
},
{
'category' => 'basic operations',
'subcategory' => 'server',
'detail' => 'GPG require sig and disable sig set',
'function' => \&generic_exec,
'cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'gpg_no_sig_no_fpr_access'} " .
"-d $default_digest_file -p $default_pid_file -f --exit-parse-config",
'positive_output_matches' => [qr/GPG_REQUIRE_SIG and GPG_DISABLE_SIG are both set/],
},
{
'category' => 'basic operations',
@ -2843,6 +2852,24 @@
],
'positive_output_matches' => [qr/encryption\spassphrase/],
},
{
'category' => 'basic operations',
'subcategory' => 'server',
'detail' => 'GPG invalid home dir path',
'function' => \&server_conf_files,
'fwknopd_cmdline' => $server_rewrite_conf_files,
'exec_err' => $YES,
'server_access_file' => [
'SOURCE any',
'HMAC_KEY hmactest',
'GPG_DECRYPT_PW testtest',
'GPG_HOME_DIR somedir'
],
'server_conf_file' => [
'### comment'
],
'positive_output_matches' => [qr/unable to stat/],
},
{
'category' => 'basic operations',