DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

[test suite] UDP server command execution tests, run configure arg recompile tests after gcov profiling stuff

Browse Source
This commit is contained in:
Michael Rash 2014-10-20 22:23:46 -04:00
parent 15f73c7f9e
commit 6945e23bc9
6 changed files with 228 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -292,6 +292,7 @@ EXTRA_DIST = \
test/conf/subnet_source_match_access.conf \
test/conf/tcp_pcap_filter_fwknopd.conf \
test/conf/tcp_server_fwknopd.conf \
test/conf/udp_server_fwknopd.conf \
test/conf/spa_over_http_fwknopd.conf \
test/conf/spa_over_http.pcap \
test/conf/snat_fwknopd.conf \

222
test/test-fwknop.pl
View File

@ -253,6 +253,7 @@ my $default_key = 'fwknoptest';
my $tests_dir = 'tests';
my @test_files = (
"$tests_dir/configure_args.pl",
"$tests_dir/build_security.pl",
"$tests_dir/preliminaries.pl",
"$tests_dir/code_structure.pl",
@ -273,7 +274,6 @@ my @test_files = (
"$tests_dir/gpg_no_pw_hmac.pl",
"$tests_dir/gpg.pl",
"$tests_dir/gpg_hmac.pl",
"$tests_dir/configure_args.pl",
);
#================== end config ===================
@ -319,6 +319,7 @@ my $diff_dir1 = '';
my $diff_dir2 = '';
my $loopback_intf = '';
my $anonymize_results = 0;
my $orig_config_args = '';
my $curr_test_file = 'init';
my $init_file = $curr_test_file;
my $tarfile = 'test_fwknop.tar.gz';
@ -692,12 +693,6 @@ $ENV{'DYLD_LIBRARY_PATH'} = $lib_dir if $lib_view_cmd =~ /otool/;
### main array that defines the tests we will run
###
my @tests = (
{
'category' => 'max coverage',
'detail' => 'interact with terminal for pw - TYPE ANY KEY HERE:',
'cmdline' => "$fwknopCmd -A tcp/22 -a 1.1.1.1 -D $loopback_ip -v -v -v ",
'function' => \&use_terminal_run_client,
},
{
'category' => 'recompilation',
'detail' => 'recompile and look for compilation warnings',
@ -713,7 +708,12 @@ my @tests = (
'detail' => 'test suite conf/ files included',
'function' => \&test_suite_conf_files,
},
{
'category' => 'max coverage',
'detail' => 'interact with terminal for pw - TYPE ANY KEY HERE:',
'cmdline' => "$fwknopCmd -A tcp/22 -a 1.1.1.1 -D $loopback_ip -v -v -v ",
'function' => \&use_terminal_run_client,
},
@build_security_client,
@build_security_server,
@build_security_libfko,
@ -736,9 +736,41 @@ my @tests = (
@gpg_no_pw_hmac,
@gpg,
@gpg_hmac,
@configure_args,
);
if ($enable_profile_coverage_check) {
push @tests,
{
'category' => 'profile coverage',
'detail' => 'gcov profile coverage',
'function' => \&profile_coverage
};
}
### the configure args tests recompile fwknop, so only do this
### after the profile coverage stats have been created for the main
### test run
push @tests, @configure_args;
if ($enable_valgrind) {
push @tests,
{
'category' => 'valgrind output',
'subcategory' => 'flagged functions',
'detail' => '',
'function' => \&parse_valgrind_flagged_functions
};
}
if ($do_crash_check) {
push @tests,
{
'category' => 'Look for crashes',
'detail' => 'checking for segfault/core dump messages',
'function' => \&look_for_crashes
};
}
my %test_keys = (
'category' => $REQUIRED,
'subcategory' => $OPTIONAL,
@ -862,31 +894,6 @@ for my $test_hr (@tests) {
}
}
if ($enable_profile_coverage_check) {
&run_test({
'category' => 'profile coverage',
'detail' => 'gcov profile coverage',
'function' => \&profile_coverage}
);
}
if ($enable_valgrind) {
&run_test({
'category' => 'valgrind output',
'subcategory' => 'flagged functions',
'detail' => '',
'function' => \&parse_valgrind_flagged_functions}
);
}
if ($do_crash_check) {
&run_test({
'category' => 'Look for crashes',
'detail' => 'checking for segfault/core dump messages',
'function' => \&look_for_crashes}
);
}
&logr("\n");
unless ($list_mode) {
@ -1237,43 +1244,9 @@ sub build_results_hash() {
sub compile_warnings() {
my $curr_pwd = cwd() or die $!;
if ($enable_profile_coverage_check) {
### we're recompiling, so remove any existing profile coverage
### files since they will be invalidated by the recompile
for my $extension ('*.gcno', '*.gcda', '*.gcov') {
### remove profile output from any previous run
system qq{find .. -name $extension | xargs rm 2> /dev/null};
}
}
chdir '..' or die $!;
### 'make clean' as root
unless (&run_cmd('make clean', $cmd_out_tmp,
"test/$curr_test_file")) {
chdir $curr_pwd or die $!;
return 0;
}
if ($sudo_path) {
unless (&run_cmd("$sudo_path -u $username make",
$cmd_out_tmp, "test/$curr_test_file")) {
unless (&run_cmd('make', $cmd_out_tmp,
"test/$curr_test_file")) {
chdir $curr_pwd or die $!;
return 0;
}
}
} else {
unless (&run_cmd('make', $cmd_out_tmp,
"test/$curr_test_file")) {
chdir $curr_pwd or die $!;
return 0;
}
}
&config_recompile('');
### look for compilation warnings - something like:
### warning: test is used uninitialized in this function
@ -1586,6 +1559,76 @@ sub look_for_crashes() {
return $rv;
}
sub config_recompile() {
my $config_cmd = shift;
if ($enable_profile_coverage_check) {
### we're recompiling, so remove any existing profile coverage
### files since they will be invalidated by the recompile
for my $extension ('*.gcno', '*.gcda', '*.gcov') {
### remove profile output from any previous run
system qq{find . -name $extension | xargs rm 2> /dev/null};
}
}
&run_cmd('make clean', $cmd_out_tmp, "test/$curr_test_file");
if ($config_cmd) {
&run_cmd($config_cmd, $cmd_out_tmp, "test/$curr_test_file");
}
if ($sudo_path) {
unless (&run_cmd("$sudo_path -u $username make",
$cmd_out_tmp, "test/$curr_test_file")) {
return 0 unless &run_cmd('make', $cmd_out_tmp,
"test/$curr_test_file");
}
} else {
return 0 unless &run_cmd('make', $cmd_out_tmp,
"test/$curr_test_file");
}
return 1;
}
sub configure_args_restore_orig() {
my $rv = 1;
my $curr_pwd = cwd() or die $!;
chdir '..' or die $!;
unless (&config_recompile($orig_config_args)) {
&write_test_file("[-] configure/recompile failure.\n",
"test/$curr_test_file");
chdir $curr_pwd or die $!;
$rv = 0;
}
chdir $curr_pwd or die $!;
return $rv;
}
sub configure_args_disable_execvpe() {
my $rv = 1;
my $curr_pwd = cwd() or die $!;
chdir '..' or die $!;
unless (&config_recompile('./extras/apparmor/configure_args.sh --disable-execvpe')) {
&write_test_file("[-] configure/recompile failure.\n",
"test/$curr_test_file");
chdir $curr_pwd or die $!;
$rv = 0;
}
chdir $curr_pwd or die $!;
return $rv;
}
sub configure_args_udp_server_no_libpcap() {
my $rv = 1;
@ -1593,27 +1636,11 @@ sub configure_args_udp_server_no_libpcap() {
chdir '..' or die $!;
&run_cmd('make clean', $cmd_out_tmp, "test/$curr_test_file");
&run_cmd("./extras/apparmor/configure_args.sh --enable-udp-server",
$cmd_out_tmp, "test/$curr_test_file");
if ($sudo_path) {
unless (&run_cmd("$sudo_path -u $username make",
$cmd_out_tmp, "test/$curr_test_file")) {
unless (&run_cmd('make', $cmd_out_tmp,
"test/$curr_test_file")) {
chdir $curr_pwd or die $!;
return 0;
}
}
} else {
unless (&run_cmd('make', $cmd_out_tmp,
"test/$curr_test_file")) {
chdir $curr_pwd or die $!;
return 0;
}
unless (&config_recompile('./extras/apparmor/configure_args.sh --enable-udp-server')) {
&write_test_file("[-] configure/recompile failure.\n",
"test/$curr_test_file");
chdir $curr_pwd or die $!;
$rv = 0;
}
&run_cmd("$lib_view_cmd ./server/.libs/fwknopd", $cmd_out_tmp, "test/$curr_test_file");
@ -6406,6 +6433,21 @@ sub init() {
}
}
### cache the configure args that were used before running the
### test suite
my $config_log_file = '../config.log';
if (-e $config_log_file) {
open F, "< $config_log_file" or die $!;
while (<F>) {
### $ ./configure --prefix=/usr --sysconfdir=/etc ...
if (m/^\s+[\$#]\s+(\.\/configure.*)/) {
$orig_config_args = $1;
last;
}
}
close F;
}
if ($enable_openssl_compatibility_tests) {
$openssl_path = &find_command('openssl') unless $openssl_path;
if ($openssl_path) {

71
test/tests/configure_args.pl
View File

@ -1,9 +1,78 @@
@configure_args = (
### UDP server mode only - make sure fwknopd does not link
### against libpcap
{
'category' => 'configure args',
'subcategory' => 'compile',
'detail' => '--enable-udp-server no libpcap usage',
'detail' => '--enable-udp-server no libpcap linkage',
'function' => \&configure_args_udp_server_no_libpcap,
},
{
'category' => 'configure args',
'subcategory' => 'Rijndael+HMAC',
'detail' => "UDP server --udp-server / tcp/22",
'function' => \&spa_cycle,
'cmdline' => $default_client_hmac_args,
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str --udp-server",
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
},
{
'category' => 'configure args',
'subcategory' => 'Rijndael+HMAC',
'detail' => 'command execution (UDP server)',
'function' => \&spa_cmd_exec_cycle,
'cmdline' => qq|$fwknopCmd --server-cmd "touch $cmd_exec_test_file" | .
"-a $fake_ip -D $loopback_ip --rc-file $cf{'rc_hmac_b64_key'} ".
"$verbose_str",
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_cmd_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str --udp-server",
'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
},
### disable execvpe() usage
{
'category' => 'configure args',
'subcategory' => 'compile',
'detail' => '--disable-execvpe check',
'function' => \&configure_args_disable_execvpe,
},
{
'category' => 'configure args',
'subcategory' => 'Rijndael+HMAC',
'detail' => 'complete cycle (tcp/22 ssh)',
'function' => \&spa_cycle,
'cmdline' => $default_client_hmac_args,
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str",
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
'key_file' => $cf{'rc_hmac_b64_key'},
'server_positive_output_matches' => [qr/without execvpe/],
},
{
'category' => 'configure args',
'subcategory' => 'Rijndael+HMAC',
'detail' => 'command execution',
'function' => \&spa_cmd_exec_cycle,
'cmdline' => qq|$fwknopCmd --server-cmd "touch $cmd_exec_test_file" | .
"-a $fake_ip -D $loopback_ip --rc-file $cf{'rc_hmac_b64_key'} ".
"$verbose_str",
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_cmd_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str",
'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
'server_positive_output_matches' => [qr/without execvpe/],
},
### restore original ./configure args to be prepared to run
### through the remainder of the tests
{
'category' => 'configure args',
'subcategory' => 'compile',
'detail' => 'restore previous config args',
'function' => \&configure_args_restore_orig,
}
);

12
test/tests/rijndael_cmd_exec.pl
View File

@ -15,6 +15,18 @@
"-d $default_digest_file -p $default_pid_file $intf_str",
'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
},
{
'category' => 'Rijndael',
'subcategory' => 'client+server',
'detail' => 'command execution (UDP server)',
'function' => \&spa_cmd_exec_cycle,
'cmdline' => qq|$fwknopCmd --server-cmd "touch $cmd_exec_test_file" | .
"-a $fake_ip -D $loopback_ip --get-key $local_key_file " .
"$verbose_str",
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'cmd_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str --udp-server",
'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
},
{
'category' => 'Rijndael',
'subcategory' => 'client+server',

3
test/tests/rijndael_hmac.pl
View File

@ -977,7 +977,7 @@
'function' => \&spa_cycle,
'cmdline' => $default_client_hmac_args,
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str --udp-server",
"-d $default_digest_file -p $default_pid_file $intf_str --udp-server -vvv",
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
},
@ -993,7 +993,6 @@
'fw_rule_removed' => $NEW_RULE_REMOVED,
},
{
'category' => 'Rijndael+HMAC',
'subcategory' => 'client',

12
test/tests/rijndael_hmac_cmd_exec.pl
View File

@ -15,6 +15,18 @@
"-d $default_digest_file -p $default_pid_file $intf_str",
'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
},
{
'category' => 'Rijndael+HMAC',
'subcategory' => 'client+server',
'detail' => 'command execution (UDP server)',
'function' => \&spa_cmd_exec_cycle,
'cmdline' => qq|$fwknopCmd --server-cmd "touch $cmd_exec_test_file" | .
"-a $fake_ip -D $loopback_ip --rc-file $cf{'rc_hmac_b64_key'} ".
"$verbose_str",
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_cmd_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str --udp-server",
'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
},
{
'category' => 'Rijndael+HMAC',
'subcategory' => 'client+server',