diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl index 5d8cb6ee..e55eaa99 100755 --- a/test/test-fwknop.pl +++ b/test/test-fwknop.pl @@ -306,6 +306,7 @@ my $fuzzing_failure_ctr = 0; my $fuzzing_ctr = 0; my $include_permissions_warnings = 0; my $lib_view_cmd = ''; +my $lib_view_str = "LD_LIBRARY_PATH=$lib_dir"; our $valgrind_path = ''; our $sudo_path = ''; our $gcov_path = ''; @@ -428,15 +429,15 @@ $valgrind_str = "$valgrind_path --leak-check=full " . our $intf_str = "-i $loopback_intf --foreground --verbose --verbose"; -our $default_client_args = "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . +our $default_client_args = "$lib_view_str $valgrind_str " . "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --no-save-args --verbose --verbose"; -our $default_client_args_no_get_key = "LD_LIBRARY_PATH=$lib_dir " . +our $default_client_args_no_get_key = "$lib_view_str " . "$valgrind_str $fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip " . "--no-save-args --verbose --verbose"; -our $default_client_args_no_verbose = "LD_LIBRARY_PATH=$lib_dir " . +our $default_client_args_no_verbose = "$lib_view_str " . "$valgrind_str $fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip " . '--no-save-args '; @@ -452,11 +453,11 @@ our $client_save_rc_args_no_verbose = "$default_client_args_no_verbose " . our $default_client_hmac_args = "$default_client_args_no_get_key " . "--rc-file $cf{'rc_hmac_b64_key'}"; -our $client_ip_resolve_args = "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . +our $client_ip_resolve_args = "$lib_view_str $valgrind_str " . "$fwknopCmd -A tcp/22 -R -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose"; -our $client_ip_resolve_hmac_args = "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . +our $client_ip_resolve_hmac_args = "$lib_view_str $valgrind_str " . "$fwknopCmd -A tcp/22 -R -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose"; @@ -486,22 +487,22 @@ our $default_server_conf_args = "-c $cf{'def'} -a $cf{'def_access'} " . our $default_server_hmac_conf_args = "-c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file"; -our $default_server_gpg_args = "LD_LIBRARY_PATH=$lib_dir " . +our $default_server_gpg_args = "$lib_view_str " . "$valgrind_str $fwknopdCmd -c $cf{'def'} " . "-a $cf{'gpg_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file"; -our $default_server_gpg_args_no_pw = "LD_LIBRARY_PATH=$lib_dir " . +our $default_server_gpg_args_no_pw = "$lib_view_str " . "$valgrind_str $fwknopdCmd -c $cf{'def'} " . "-a $cf{'gpg_no_pw_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file"; -our $default_server_gpg_args_hmac = "LD_LIBRARY_PATH=$lib_dir " . +our $default_server_gpg_args_hmac = "$lib_view_str " . "$valgrind_str $fwknopdCmd -c $cf{'def'} " . "-a $cf{'gpg_hmac_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file"; -our $default_server_gpg_args_no_pw_hmac = "LD_LIBRARY_PATH=$lib_dir " . +our $default_server_gpg_args_no_pw_hmac = "$lib_view_str " . "$valgrind_str $fwknopdCmd -c $cf{'def'} " . "-a $cf{'gpg_no_pw_hmac_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file"; @@ -509,7 +510,7 @@ our $default_server_gpg_args_no_pw_hmac = "LD_LIBRARY_PATH=$lib_dir " . ### point the compiled binaries at the local libary path ### instead of any installed libfko instance $ENV{'LD_LIBRARY_PATH'} = $lib_dir; -$ENV{'DYLD_LIBRARY_PATH'} = $lib_dir; +$ENV{'DYLD_LIBRARY_PATH'} = $lib_dir if $lib_view_cmd =~ /otool/; ### import the tests from the various tests/ files &import_test_files(); @@ -1522,7 +1523,7 @@ sub iptables_no_flush_init_exit() { my $rv = 1; - &run_cmd("LD_LIBRARY_PATH=$lib_dir $valgrind_str $fwknopdCmd " . + &run_cmd("$lib_view_str $valgrind_str $fwknopdCmd " . "$default_server_conf_args --fw-flush --verbose --verbose", $cmd_out_tmp, $curr_test_file); @@ -1537,7 +1538,7 @@ sub iptables_no_flush_init_exit() { $rv = &spa_cycle($test_hr); if ($test_hr->{'search_for_rule_after_exit'}) { - &run_cmd("LD_LIBRARY_PATH=$lib_dir $valgrind_str $fwknopdCmd " . + &run_cmd("$lib_view_str $valgrind_str $fwknopdCmd " . "$default_server_conf_args --fw-list --verbose --verbose", $cmd_out_tmp, $curr_test_file); $rv = 0 unless &file_find_regex([qr/ACCEPT.*$fake_ip\s.*dpt\:1234/], @@ -1616,7 +1617,7 @@ sub python_fko_basic_exec() { return 0; } - $rv = &run_cmd("LD_LIBRARY_PATH=$lib_dir " . + $rv = &run_cmd("$lib_view_str " . "PYTHONPATH=$site_dir $python_path ./$python_script", $cmd_out_tmp, $curr_test_file); @@ -4957,7 +4958,7 @@ sub openssl_enc_verification() { sub specs() { - &run_cmd("LD_LIBRARY_PATH=$lib_dir $valgrind_str $fwknopdCmd " . + &run_cmd("$lib_view_str $valgrind_str $fwknopdCmd " . "$default_server_conf_args --fw-list-all", $cmd_out_tmp, $curr_test_file); @@ -5235,6 +5236,7 @@ sub validate_test_hashes() { 'set_legacy_iv' => $OPTIONAL, 'write_rc_file' => $OPTIONAL, 'save_rc_stanza' => $OPTIONAL, + 'disable_valgrind' => $OPTIONAL, 'positive_output_matches' => $OPTIONAL, 'negative_output_matches' => $OPTIONAL, 'insert_rule_before_exec' => $OPTIONAL, @@ -5294,6 +5296,32 @@ sub validate_test_hashes() { } } + ### for fwknop/fwknopd commands, prepend LD_LIBRARY_PATH and valgrind args + for my $test_hr (@tests) { + next if $test_hr->{'disable_valgrind'} eq $YES; + if ($test_hr->{'cmdline'} =~ /^$fwknopCmd/) { + my $str = $lib_view_str; + unless ($test_hr->{'disable_valgrind'} eq $YES) { + $str .= " $valgrind_str"; + } + $test_hr->{'cmdline'} = "$str $test_hr->{'cmdline'}"; + } elsif ($test_hr->{'cmdline'} =~ /LD_LIBRARY_PATH/) { + if ($lib_view_cmd =~ /otool/) { + if ($test_hr->{'cmdline'} !~ /DYLD_LIBRARY_PATH/) { + $test_hr->{'cmdline'} + =~ s/(LD_LIBRARY_PATH=\S+)/$1 DYLD_LIBRARY_PATH=$lib_dir/; + } + } + } + if ($test_hr->{'fwknopd_cmdline'} =~ /^$fwknopdCmd/) { + my $str = $lib_view_str; + unless ($test_hr->{'disable_valgrind'} eq $YES) { + $str .= " $valgrind_str"; + } + $test_hr->{'fwknopd_cmdline'} = "$str $test_hr->{'fwknopd_cmdline'}"; + } + } + return; } @@ -5429,6 +5457,7 @@ sub init() { unless ($lib_view_cmd) { $lib_view_cmd = &find_command('otool'); if ($lib_view_cmd) { + $lib_view_str .= " DYLD_LIBRARY_PATH=$lib_dir"; $lib_view_cmd .= ' -L'; } else { $lib_view_cmd = '#'; ### comment out subsequent shell commands @@ -5864,11 +5893,11 @@ sub is_fw_rule_active() { } if ($test_hr->{'no_ip_check'}) { - return 1 if &run_cmd("LD_LIBRARY_PATH=$lib_dir $fwknopdCmd " . + return 1 if &run_cmd("$lib_view_str $fwknopdCmd " . qq{$conf_args --fw-list | grep -v "# DISABLED" |grep _exp_}, $cmd_out_tmp, $curr_test_file); } else { - return 1 if &run_cmd("LD_LIBRARY_PATH=$lib_dir $fwknopdCmd " . + return 1 if &run_cmd("$lib_view_str $fwknopdCmd " . qq{$conf_args --fw-list | grep -v "# DISABLED" |grep $fake_ip |grep _exp_}, $cmd_out_tmp, $curr_test_file); } @@ -5878,7 +5907,7 @@ sub is_fw_rule_active() { sub is_fwknopd_running() { - &run_cmd("LD_LIBRARY_PATH=$lib_dir $fwknopdCmd $default_server_conf_args " . + &run_cmd("$lib_view_str $fwknopdCmd $default_server_conf_args " . "--status", $cmd_out_tmp, $curr_test_file); return 1 if &file_find_regex([qr/Detected\sfwknopd\sis\srunning/i], @@ -5900,7 +5929,7 @@ sub stop_fwknopd() { return; } - &run_cmd("LD_LIBRARY_PATH=$lib_dir $fwknopdCmd " . + &run_cmd("$lib_view_str $fwknopdCmd " . "$default_server_conf_args -K", $cmd_out_tmp, $curr_test_file); ### look for SIGTERM receipt @@ -5915,7 +5944,7 @@ sub stop_fwknopd() { [qr/Got\sSIGTERM/], $MATCH_ALL, $NO_APPEND_RESULTS, $server_cmd_tmp)) { - &run_cmd("LD_LIBRARY_PATH=$lib_dir $fwknopdCmd " . + &run_cmd("$lib_view_str $fwknopdCmd " . "$default_server_conf_args -K", $cmd_out_tmp, $curr_test_file); &write_test_file("[.] stop_fwknopd() looking for fwknopd receiving " . diff --git a/test/tests/basic_operations.pl b/test/tests/basic_operations.pl index f3fda89f..af889636 100644 --- a/test/tests/basic_operations.pl +++ b/test/tests/basic_operations.pl @@ -5,8 +5,7 @@ 'function' => \&generic_exec, 'positive_output_matches' => [qr/SYSLOG_IDENTITY/], 'exec_err' => $NO, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'def'} " . "-a $cf{'def_access'} --dump-config", }, { @@ -15,8 +14,7 @@ 'function' => \&generic_exec, 'positive_output_matches' => [qr/ENABLE_PCAP_PROMISC.*\'Y\'/], 'exec_err' => $NO, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args " . + 'cmdline' => "$fwknopdCmd $default_server_conf_args " . "-O $conf_dir/override_fwknopd.conf --dump-config", }, { @@ -26,8 +24,7 @@ 'function' => \&generic_exec, 'positive_output_matches' => [qr/Could\snot|Last\sfwknop/i], 'exec_err' => $IGNORE, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd --show-last", + 'cmdline' => "$fwknopCmd --show-last", }, { 'category' => 'basic operations', @@ -36,8 +33,7 @@ 'function' => \&generic_exec, 'positive_output_matches' => [qr/could\snot\sopen/i], 'exec_err' => $YES, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip " . "-D $loopback_ip --get-key not/there", 'fatal' => $YES }, @@ -48,8 +44,7 @@ 'function' => \&generic_exec, 'positive_output_matches' => [qr/must\suse\sone\sof/i], 'exec_err' => $YES, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -D $loopback_ip", + 'cmdline' => "$fwknopCmd -D $loopback_ip", }, { 'category' => 'basic operations', @@ -58,8 +53,7 @@ 'function' => \&generic_exec, 'positive_output_matches' => [qr/Invalid\sallow\sIP\saddress/i], 'exec_err' => $YES, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a invalidIP -D $loopback_ip", + 'cmdline' => "$fwknopCmd -A tcp/22 -a invalidIP -D $loopback_ip", }, { 'category' => 'basic operations', @@ -68,8 +62,7 @@ 'function' => \&generic_exec, 'positive_output_matches' => [qr/Invalid\sSPA\saccess\smessage/i], 'exec_err' => $YES, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A invalid/22 -a $fake_ip -D $loopback_ip", + 'cmdline' => "$fwknopCmd -A invalid/22 -a $fake_ip -D $loopback_ip", }, { 'category' => 'basic operations', @@ -78,8 +71,7 @@ 'function' => \&generic_exec, 'positive_output_matches' => [qr/Invalid\sSPA\saccess\smessage/i], 'exec_err' => $YES, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/600001 -a $fake_ip -D $loopback_ip", + 'cmdline' => "$fwknopCmd -A tcp/600001 -a $fake_ip -D $loopback_ip", }, { @@ -568,24 +560,21 @@ 'subcategory' => 'server', 'detail' => 'list current fwknopd fw rules', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args --fw-list", + 'cmdline' => "$fwknopdCmd $default_server_conf_args --fw-list", }, { 'category' => 'basic operations', 'subcategory' => 'server', 'detail' => 'list all current fw rules', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args --fw-list-all", + 'cmdline' => "$fwknopdCmd $default_server_conf_args --fw-list-all", }, { 'category' => 'basic operations', 'subcategory' => 'server', 'detail' => 'flush current firewall rules', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args --fw-flush", + 'cmdline' => "$fwknopdCmd $default_server_conf_args --fw-flush", }, { @@ -593,24 +582,21 @@ 'subcategory' => 'server', 'detail' => 'start', 'function' => \&server_start, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", }, { 'category' => 'basic operations', 'subcategory' => 'server', 'detail' => 'stop', 'function' => \&server_stop, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", }, { 'category' => 'basic operations', 'subcategory' => 'server', 'detail' => 'write PID', 'function' => \&write_pid, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", }, { @@ -618,16 +604,14 @@ 'subcategory' => 'server', 'detail' => '--packet-limit 1 exit', 'function' => \&server_packet_limit, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str", }, { 'category' => 'basic operations', 'subcategory' => 'server', 'detail' => 'ignore packets < min SPA len (140)', 'function' => \&server_ignore_small_packets, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str", }, { 'category' => 'basic operations', @@ -635,8 +619,7 @@ 'detail' => '-P bpf filter ignore packet', 'function' => \&server_bpf_ignore_packet, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str " . + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args --packet-limit 1 $intf_str " . qq|-P "udp port $non_std_spa_port"|, }, { @@ -644,8 +627,7 @@ 'subcategory' => 'server', 'detail' => 'invalid iptables INPUT spec', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'invalid_ipt_input_chain'} -a $cf{'def_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'function' => \&generic_exec, 'exec_err' => $YES, @@ -655,8 +637,7 @@ 'subcategory' => 'server', 'detail' => 'invalid iptables INPUT spec (2)', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'invalid_ipt_input_chain2'} -a $cf{'def_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain2'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'function' => \&generic_exec, 'exec_err' => $YES, @@ -666,8 +647,7 @@ 'subcategory' => 'server', 'detail' => 'invalid iptables INPUT spec (3)', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'invalid_ipt_input_chain3'} -a $cf{'def_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain3'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'function' => \&generic_exec, 'exec_err' => $YES, @@ -677,8 +657,7 @@ 'subcategory' => 'server', 'detail' => 'invalid iptables INPUT spec (4)', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'invalid_ipt_input_chain4'} -a $cf{'def_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain4'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'function' => \&generic_exec, 'exec_err' => $YES, @@ -688,8 +667,7 @@ 'subcategory' => 'server', 'detail' => 'invalid iptables INPUT spec (5)', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'invalid_ipt_input_chain5'} -a $cf{'def_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain5'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'function' => \&generic_exec, 'exec_err' => $YES, @@ -699,8 +677,7 @@ 'subcategory' => 'server', 'detail' => 'invalid iptables INPUT spec (6)', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'invalid_ipt_input_chain6'} -a $cf{'def_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'invalid_ipt_input_chain6'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'function' => \&generic_exec, 'exec_err' => $YES, diff --git a/test/tests/gpg.pl b/test/tests/gpg.pl index e4f05641..ec48fb30 100644 --- a/test/tests/gpg.pl +++ b/test/tests/gpg.pl @@ -73,7 +73,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_gpg_args_no_get_key " . "--rc-file $cf{'rc_gpg_named_signing_pw'} -n testssh2", - 'fwknopd_cmdline' => $default_server_gpg_args, + 'fwknopd_cmdline' => $default_server_gpg_args, 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, 'key_file' => $cf{'rc_gpg_named_signing_pw'}, @@ -85,8 +85,7 @@ 'detail' => 'multi gpg-IDs (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_gpg_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'def'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} " . "-a $cf{'multi_gpg_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -99,8 +98,7 @@ 'detail' => 'iptables - no flush at init', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_gpg_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'no_flush_init'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_init'} " . "-a $cf{'multi_gpg_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -112,8 +110,7 @@ 'detail' => 'iptables - no flush at exit', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_gpg_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'no_flush_exit'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_exit'} " . "-a $cf{'multi_gpg_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -125,8 +122,7 @@ 'detail' => 'iptables - no flush at init or exit', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_gpg_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'no_flush_init_or_exit'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_init_or_exit'} " . "-a $cf{'multi_gpg_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -138,8 +134,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/23 telnet)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -153,8 +148,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/9418 git)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -168,8 +162,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/60001)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -184,8 +177,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (udp/53 dns)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -211,8 +203,7 @@ 'function' => \&replay_detection, 'pkt_prefix' => 'U2FsdGVkX1', 'cmdline' => $default_client_gpg_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/], }, { @@ -222,8 +213,7 @@ 'function' => \&replay_detection, 'pkt_prefix' => 'hQ', 'cmdline' => $default_client_gpg_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/], }, diff --git a/test/tests/gpg_hmac.pl b/test/tests/gpg_hmac.pl index bd54bd09..f1b1862d 100644 --- a/test/tests/gpg_hmac.pl +++ b/test/tests/gpg_hmac.pl @@ -29,8 +29,7 @@ 'function' => \&spa_cycle, 'cmdline' => $default_client_gpg_args . " --rc-file $cf{'rc_gpg_hmac_sha512_b64_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'def'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} " . "-a $cf{'gpg_hmac_sha512_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -55,8 +54,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/23 telnet)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -72,8 +70,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/9418 git)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -89,8 +86,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/60001 git)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -106,8 +102,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (udp/53 dns)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . diff --git a/test/tests/gpg_no_pw.pl b/test/tests/gpg_no_pw.pl index 612d2db3..ebe4d4c2 100644 --- a/test/tests/gpg_no_pw.pl +++ b/test/tests/gpg_no_pw.pl @@ -16,8 +16,7 @@ 'detail' => 'multi gpg-IDs (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_gpg_args_no_pw, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'def'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} " . "-a $cf{'multi_gpg_no_pw_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -30,8 +29,7 @@ 'detail' => 'iptables - no flush at init', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_gpg_args_no_pw, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'no_flush_init'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_init'} " . "-a $cf{'multi_gpg_no_pw_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -43,8 +41,7 @@ 'detail' => 'iptables - no flush at exit', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_gpg_args_no_pw, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'no_flush_exit'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_exit'} " . "-a $cf{'multi_gpg_no_pw_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -56,8 +53,7 @@ 'detail' => 'iptables - no flush at init or exit', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_gpg_args_no_pw, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopdCmd -c $cf{'no_flush_init_or_exit'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_init_or_exit'} " . "-a $cf{'multi_gpg_no_pw_access'} $intf_str " . "-d $default_digest_file -p $default_pid_file", 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -69,8 +65,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/23 telnet)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip " . + 'cmdline' => "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip " . "--gpg-no-signing-pw --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -84,8 +79,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/9418 git)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip " . + 'cmdline' => "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip " . "--gpg-no-signing-pw --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -99,8 +93,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/60001)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip " . + 'cmdline' => "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip " . "--gpg-no-signing-pw --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -115,8 +108,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (udp/53 dns)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip " . + 'cmdline' => "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip " . "--gpg-no-signing-pw --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -144,8 +136,7 @@ 'pkt_prefix' => 'U2FsdGVkX1', 'cmdline' => "$default_client_gpg_args_no_homedir " . "--gpg-home-dir $gpg_client_home_dir_no_pw --gpg-no-signing-pw", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/], }, { @@ -156,8 +147,7 @@ 'pkt_prefix' => 'hQ', 'cmdline' => "$default_client_gpg_args_no_homedir " . "--gpg-home-dir $gpg_client_home_dir_no_pw --gpg-no-signing-pw", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/], }, diff --git a/test/tests/gpg_no_pw_hmac.pl b/test/tests/gpg_no_pw_hmac.pl index ec0a00d7..1952d0b2 100644 --- a/test/tests/gpg_no_pw_hmac.pl +++ b/test/tests/gpg_no_pw_hmac.pl @@ -48,8 +48,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/23 telnet)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -65,8 +64,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/9418 git)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -82,8 +80,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/60001 git)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . @@ -99,8 +96,7 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (udp/53 dns)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose " . "--gpg-recipient-key $gpg_server_key " . "--gpg-signer-key $gpg_client_key " . diff --git a/test/tests/os_compatibility.pl b/test/tests/os_compatibility.pl index ad09ab22..0704828a 100644 --- a/test/tests/os_compatibility.pl +++ b/test/tests/os_compatibility.pl @@ -11,8 +11,7 @@ 'lAZNE2O1w83mout+oyWSj4payd0yuWckikoZYjc7tSSgHIFikOhTm9CHi8ERe9' . 'jLEYw1wvqE2B7Vvz7XyefNILZdHa+Vx5zYM0o', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -28,8 +27,7 @@ 'GsZJPmv2e1U31SMrdgF+o7/f2qRDH2hwPU8XLKS73rXpAhZKVAF/crt00HDmaH0' . 'p+hc3ngPtmE/j0PKeUD+GM81YQPO9NdZu4s', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -45,8 +43,7 @@ '46kFmbdXHZCUx5iom9jOtpQnMvZJGex65vV4bSFdVwaoJ/ICkiRHbbzSTZo8qmp' . 'FTLSYWVhTWQddj4j80Ne6GH0h3zXomg9fJU', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -62,8 +59,7 @@ 'dejv3UxC/FRlHgJz4UeRkloFCQQ0tkQLx6MSoCQHKPlNxATKsfLL3UfHpKbhRG8' . 'a8S9q8lojKxiWuLZU64h5LXjhH7rR7riyds', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -79,8 +75,7 @@ '3P0/XwJqm6HsAyJrl7eafble0AR5T04PJPFF6ejWAKbTsCh5VYywQ+2W7eBOJuc' . '8tjjKuESWqOaodALS9PaxLrVIfm6dvmwtHU', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -98,8 +93,7 @@ 'GE3C9u943F+0csrZs+ysKKca+sVBcAKhsTNsMjT9HojVMdk+r9RhJqUa2JJz7f' . 'ZIZauvBrygBVg0yh6o', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -116,8 +110,7 @@ 'mknUjmg4+8maPhus2x7YhoPTMfMZijWKOaMWhX1G0khDqFfGU8GuehpQdwuGdX/' . 'oGZnheeQyczK4pY', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -134,8 +127,7 @@ 'BDo3d0K5I4mhwuWVHyTZUg441+kfm7O8TesDhUoy2ftqTGR3+GHi52/NIVctEAp' . 'WR6NZowCcHElB9E', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -152,8 +144,7 @@ 'YnywR5R9Drrw+hMxpl40HDb1O07xN7WBOSvNgU2vi8MHT7MSZVh02PKRF8aReL' . 'cQTD2sxRsn5tGfehC8', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -170,8 +161,7 @@ 'lc9tRToeAVdYyQfM87OgczI6OP9SgKoKfKA5ouI9eIxOlncDn+9TkShRy0+5G+' . 'xi2vuV4KU0DYxTRvV4', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, diff --git a/test/tests/perl_FKO_module.pl b/test/tests/perl_FKO_module.pl index 5359e5cf..76cbad14 100644 --- a/test/tests/perl_FKO_module.pl +++ b/test/tests/perl_FKO_module.pl @@ -183,8 +183,7 @@ 'subcategory' => 'compatibility', 'detail' => 'client FKO -> C server', 'function' => \&perl_fko_module_client_compatibility, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -193,8 +192,7 @@ 'subcategory' => 'compatibility', 'detail' => 'FKO -> C invalid legacy IV', 'function' => \&perl_fko_module_client_compatibility, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file " . "$intf_str", 'server_positive_output_matches' => [qr/Decryption failed/], @@ -205,8 +203,7 @@ 'subcategory' => 'compatibility', 'detail' => 'FKO -> C valid legacy IV', 'function' => \&perl_fko_module_client_compatibility, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file " . "$intf_str", 'set_legacy_iv' => $YES, diff --git a/test/tests/preliminaries.pl b/test/tests/preliminaries.pl index de80fd29..0c18c1ed 100644 --- a/test/tests/preliminaries.pl +++ b/test/tests/preliminaries.pl @@ -4,14 +4,14 @@ 'subcategory' => 'client', 'detail' => 'usage info', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str $fwknopCmd -h", + 'cmdline' => "$fwknopCmd -h", }, { 'category' => 'preliminaries', 'subcategory' => 'client', 'detail' => 'getopt() no such argument', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str $fwknopCmd --no-such-arg", + 'cmdline' => "$fwknopCmd --no-such-arg", 'exec_err' => $YES, }, { @@ -28,7 +28,7 @@ 'subcategory' => 'client', 'detail' => 'expected code version', 'function' => \&expected_code_version, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str $fwknopCmd --version", + 'cmdline' => "$fwknopCmd --version", }, { @@ -36,14 +36,14 @@ 'subcategory' => 'server', 'detail' => 'usage info', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str $fwknopdCmd -h", + 'cmdline' => "$fwknopdCmd -h", }, { 'category' => 'preliminaries', 'subcategory' => 'server', 'detail' => 'getopt() no such argument', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str $fwknopdCmd --no-such-arg", + 'cmdline' => "$fwknopdCmd --no-such-arg", 'exec_err' => $YES, }, @@ -52,8 +52,7 @@ 'subcategory' => 'server', 'detail' => 'expected code version', 'function' => \&expected_code_version, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a " . + 'cmdline' => "$fwknopdCmd -c $cf{'def'} -a " . "$cf{'def_access'} --version", }, { diff --git a/test/tests/python_fko.pl b/test/tests/python_fko.pl index 13231278..8c92ab34 100644 --- a/test/tests/python_fko.pl +++ b/test/tests/python_fko.pl @@ -16,8 +16,7 @@ 'subcategory' => 'compatibility', 'detail' => 'python->C', 'function' => \&python_fko_client_to_C_server, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha512_short_key2_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha512_short_key2_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, diff --git a/test/tests/rijndael.pl b/test/tests/rijndael.pl index 91a0ce44..0d5f9bb7 100644 --- a/test/tests/rijndael.pl +++ b/test/tests/rijndael.pl @@ -5,8 +5,7 @@ 'detail' => 'complete cycle (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -17,8 +16,7 @@ 'function' => \&spa_cycle, 'cmdline' => "echo $local_spa_key | $default_client_args_no_get_key " . "--fd 0", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -29,8 +27,7 @@ 'function' => \&spa_cycle, 'cmdline' => "echo $local_spa_key | $default_client_args_no_get_key " . "--stdin", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -39,11 +36,9 @@ 'subcategory' => 'client+server', 'detail' => 'localhost hostname->IP (tcp/22 ssh)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D localhost --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D localhost --get-key " . "$local_key_file --no-save-args --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -53,8 +48,7 @@ 'detail' => 'rotate digest file', 'function' => \&rotate_digest_file, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str --rotate-digest-cache", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str --rotate-digest-cache", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -63,8 +57,7 @@ 'subcategory' => 'client', 'detail' => "--save-packet $tmp_pkt_file", 'function' => \&client_save_spa_pkt, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --save-args-file $tmp_args_file --verbose " . "--verbose --save-packet $tmp_pkt_file", }, @@ -73,8 +66,7 @@ 'subcategory' => 'client', 'detail' => "--last-cmd", 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd --last-cmd --save-args-file $tmp_args_file " . + 'cmdline' => "$fwknopCmd --last-cmd --save-args-file $tmp_args_file " . "--verbose --verbose", }, @@ -84,8 +76,7 @@ 'detail' => 'permissions check cycle (tcp/22)', 'function' => \&permissions_check, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/permissions\sshould\sonly\sbe\suser/], 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -97,8 +88,7 @@ 'function' => \&spa_cycle, 'cmdline' => $client_ip_resolve_args, 'no_ip_check' => 1, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -109,8 +99,7 @@ 'detail' => 'complete cycle MD5 (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -m md5", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -121,8 +110,7 @@ 'detail' => 'complete cycle SHA1 (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -m sha1", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -132,8 +120,7 @@ 'detail' => 'complete cycle SHA256 (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -m sha256", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -143,8 +130,7 @@ 'detail' => 'complete cycle SHA384 (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -m sha384", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -154,8 +140,7 @@ 'detail' => 'complete cycle SHA512 (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -m sha512", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -170,8 +155,7 @@ '8GuHEQbyE4TuEbP7zL2DVsTbQv8x3jp8mdHFM0v+9ZUfgZMjuZLBvAa8NnmUdAb' . '/OUvCP5PFDVbLDnZ+JYUFMGexGRwlk5CEKX8KA8R1Xh5xIdbVxWzy1lY1imRQD5' . 'wpIBx/hGB4O2G3mdJSe3w5zxGjE2JNSFKCAZzvgDmfLQM9A+tjMKPk6x', - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/with expire time/], 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -184,8 +168,7 @@ 'detail' => 'iptables - no flush at init', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'no_flush_init'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_init'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/\'\schain exists/, @@ -201,8 +184,7 @@ 'detail' => 'iptables - no flush at exit', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'no_flush_exit'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_exit'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/\'\schain exists/, @@ -219,8 +201,7 @@ 'detail' => 'iptables - no flush at init or exit', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'no_flush_init_or_exit'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_init_or_exit'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/\'\schain exists/, @@ -247,11 +228,9 @@ 'subcategory' => 'client+server', 'detail' => 'dual usage access key (tcp/80 http)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'dual_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'dual_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", ### check for the first stanza that does not allow tcp/80 - the ### second stanza allows this @@ -265,8 +244,7 @@ 'detail' => 'create rc file (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args --rc-file $tmp_rc_file", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, 'key_file' => $tmp_rc_file, @@ -284,8 +262,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key " . "--rc-file $cf{'rc_def_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, 'key_file' => $cf{'rc_def_key'}, @@ -297,8 +274,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key " . "--rc-file $cf{'rc_def_b64_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'base64_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'base64_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -311,8 +287,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key " . "--rc-file $cf{'rc_named_key'} -n testssh", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, 'key_file' => $cf{'rc_named_key'}, @@ -324,8 +299,7 @@ 'subcategory' => 'client', 'detail' => '--key-gen', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopCmd --key-gen", + 'cmdline' => "$fwknopCmd --key-gen", 'positive_output_matches' => [qr/^KEY_BASE64\:?\s\S{10}/, qw/HMAC_KEY_BASE64\:?\s\S{10}/], }, @@ -334,16 +308,15 @@ 'subcategory' => 'client', 'detail' => "--key-gen $uniq_keys key uniqueness", 'function' => \&key_gen_uniqueness, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$fwknopCmd --key-gen", ### no valgrind string (too slow for 100 client exec's) + 'cmdline' => "$fwknopCmd --key-gen", ### no valgrind string (too slow for 100 client exec's) + 'disable_valgrind' => $YES, }, { 'category' => 'Rijndael', 'subcategory' => 'client', 'detail' => '--key-gen to file', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir " . - "$valgrind_str $fwknopCmd --key-gen --key-gen-file $key_gen_file", + 'cmdline' => "$fwknopCmd --key-gen --key-gen-file $key_gen_file", 'positive_output_matches' => [qr/Wrote.*\skeys/], }, @@ -375,8 +348,7 @@ 'detail' => 'packet aging (past) (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args --time-offset-minus 300s", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/SPA\sdata\stime\sdifference/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, }, @@ -386,8 +358,7 @@ 'detail' => 'packet aging (future) (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args --time-offset-plus 300s", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/SPA\sdata\stime\sdifference/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, }, @@ -397,8 +368,7 @@ 'detail' => 'invalid SOURCE (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'invalid_src_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'invalid_src_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/Fatal\serror\sparsing\sIP\sto\sint/], 'server_exec_err' => $YES, @@ -410,8 +380,7 @@ 'detail' => 'expired stanza (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'exp_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'exp_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/Access\sstanza\shas\sexpired/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -422,8 +391,7 @@ 'detail' => 'invalid expire date (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'invalid_exp_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'invalid_exp_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/invalid\sdate\svalue/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -435,8 +403,7 @@ 'detail' => 'expired epoch stanza (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'exp_epoch_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'exp_epoch_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/Access\sstanza\shas\sexpired/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -447,8 +414,7 @@ 'detail' => 'future expired stanza (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'future_exp_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'future_exp_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -460,8 +426,7 @@ 'detail' => 'OPEN_PORTS (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -472,8 +437,7 @@ 'detail' => 'OPEN_PORTS mismatch', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'open_ports_mismatch'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'open_ports_mismatch'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/One\s+or\s+more\s+requested/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -486,8 +450,7 @@ 'detail' => "udpraw spoof src IP (tcp/22 ssh)", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -P udpraw -Q $spoof_ip", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, 'server_positive_output_matches' => [qr/SPA\sPacket\sfrom\sIP\:\s$spoof_ip\s/], @@ -498,8 +461,7 @@ 'detail' => "tcpraw spoof src IP (tcp/22 ssh)", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -P tcpraw -Q $spoof_ip", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'tcp_pcap_filter'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'tcp_pcap_filter'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -511,8 +473,7 @@ 'detail' => "icmp spoof src IP (tcp/22 ssh)", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -P icmp -Q $spoof_ip", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'icmp_pcap_filter'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'icmp_pcap_filter'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -524,8 +485,7 @@ 'detail' => "icmp type/code 8/0 spoof src IP", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -P icmp --icmp-type 8 --icmp-code 0 -Q $spoof_ip", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'icmp_pcap_filter'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'icmp_pcap_filter'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -540,8 +500,7 @@ 'detail' => "SPA over TCP connection", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -P tcp", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'tcp_server'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'tcp_server'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -553,8 +512,7 @@ 'detail' => 'require user (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "SPOOF_USER=$spoof_user $default_client_args", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'require_user_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'require_user_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -566,8 +524,7 @@ 'function' => \&user_mismatch, 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'user_mismatch_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'user_mismatch_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/Username\s+in\s+SPA\s+data/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -578,8 +535,7 @@ 'detail' => 'require src (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'require_src_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'require_src_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -589,11 +545,9 @@ 'subcategory' => 'client+server', 'detail' => 'mismatch require src (tcp/22 ssh)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -s -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/22 -s -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'require_src_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'require_src_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/Got\s0.0.0.0\swhen\svalid\ssource\sIP/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -604,11 +558,9 @@ 'detail' => 'allow -s (tcp/22 ssh)', 'no_ip_check' => 1, 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -s -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/22 -s -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -619,8 +571,7 @@ 'detail' => 'IP filtering (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'no_src_match'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'no_src_match'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/No\saccess\sdata\sfound/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -631,8 +582,7 @@ 'detail' => 'subnet filtering (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'no_subnet_match'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'no_subnet_match'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/No\saccess\sdata\sfound/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -643,8 +593,7 @@ 'detail' => 'IP+subnet filtering (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'no_multi_src'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'no_multi_src'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/No\saccess\sdata\sfound/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -655,8 +604,7 @@ 'detail' => 'IP match (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'ip_src_match'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'ip_src_match'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -667,8 +615,7 @@ 'detail' => 'subnet match (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'subnet_src_match'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'subnet_src_match'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -679,8 +626,7 @@ 'detail' => 'multi IP/net match (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'multi_src_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'multi_src_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -691,8 +637,7 @@ 'detail' => 'multi access stanzas (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'multi_stanza_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'multi_stanza_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -703,8 +648,7 @@ 'detail' => 'bad/good key stanzas (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'broken_keys_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'broken_keys_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -716,8 +660,7 @@ 'detail' => "non-enabled NAT (tcp/22 ssh)", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/requested\sNAT\saccess.*not\senabled/i], 'server_conf' => $cf{'def'}, 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -728,8 +671,7 @@ 'detail' => "NAT to $internal_nat_host (tcp/22 ssh)", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -744,8 +686,7 @@ 'detail' => "SNAT $internal_nat_host", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'snat'} -a $cf{'open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'snat'} -a $cf{'open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -760,8 +701,7 @@ 'detail' => "SNAT MASQUERADE", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'snat_no_translate_ip'} -a $cf{'open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'snat_no_translate_ip'} -a $cf{'open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -779,8 +719,7 @@ 'detail' => "NAT hostname->IP (tcp/22 ssh)", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -N localhost:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -795,11 +734,9 @@ 'subcategory' => 'client+server', 'detail' => "NAT tcp/80 to $internal_nat_host tcp/22", 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -824,8 +761,7 @@ 'detail' => "force NAT $force_nat_host (tcp/22 ssh)", 'function' => \&spa_cycle, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'force_nat_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'force_nat_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/\sto\:$force_nat_host\:22/i], 'server_negative_output_matches' => [qr/\sto\:$internal_nat_host\:22/i], @@ -839,8 +775,7 @@ 'detail' => "local NAT $force_nat_host (tcp/22 ssh)", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args --nat-local", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'force_nat_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'force_nat_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/to\:$force_nat_host\:22/i, qr/FWKNOP_INPUT.*dport\s22.*\sACCEPT/], @@ -854,11 +789,9 @@ 'subcategory' => 'client+server', 'detail' => "local NAT hostname->IP (tcp/22 ssh)", 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D localhost --nat-local " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D localhost --nat-local " . "--get-key $local_key_file --no-save-args --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'force_nat_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'force_nat_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/to\:$force_nat_host\:22/i, qr/FWKNOP_INPUT.*dport\s22.*\sACCEPT/], @@ -874,8 +807,7 @@ 'detail' => "local NAT rand port to tcp/22", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args --nat-local --nat-rand-port", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/to\:$loopback_ip\:22/i, qr/FWKNOP_INPUT.*dport\s22.*\sACCEPT/], @@ -890,8 +822,7 @@ 'detail' => "NAT rand port to tcp/22", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args --nat-rand-port -N $internal_nat_host", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD.*dport\s22\s.*\sACCEPT/, @@ -907,8 +838,7 @@ 'detail' => "NAT rand port to -N :40001", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args --nat-rand-port -N $internal_nat_host:40001", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD.*dport\s40001\s.*\sACCEPT/, @@ -925,11 +855,9 @@ 'subcategory' => 'client+server', 'detail' => "local NAT non-FORCE_NAT (tcp/22)", 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose --nat-local --nat-port 80", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/to\:$loopback_ip\:22/i, qr/FWKNOP_INPUT.*dport\s22.*\sACCEPT/], @@ -944,8 +872,7 @@ 'detail' => 'ECB mode (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -M ecb", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'ecb_mode_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'ecb_mode_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_negative_output_matches' => [qr/Decryption\sfailed/i], 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -957,8 +884,7 @@ 'detail' => 'CFB mode (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -M cfb", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'cfb_mode_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'cfb_mode_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_negative_output_matches' => [qr/Decryption\sfailed/i], 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -970,8 +896,7 @@ 'detail' => 'CTR mode (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -M ctr", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'ctr_mode_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'ctr_mode_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_negative_output_matches' => [qr/Decryption\sfailed/i], 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -983,8 +908,7 @@ 'detail' => 'OFB mode (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -M ofb", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'ofb_mode_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'ofb_mode_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_negative_output_matches' => [qr/Decryption\sfailed/i], 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -997,8 +921,7 @@ 'detail' => 'mode mismatch (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -M ecb", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'def_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/Decryption\sfailed/i], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -1011,8 +934,7 @@ 'detail' => '--pcap-file processing', 'function' => \&process_pcap_file_directly, 'cmdline' => '', - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file " . "--pcap-file $replay_pcap_file --foreground --verbose --verbose " . "--verbose", @@ -1027,11 +949,9 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/23 telnet)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -1040,11 +960,9 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/9418 git)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -1053,11 +971,9 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/60001)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -1066,11 +982,9 @@ 'subcategory' => 'client+server', 'detail' => 'multi port (tcp/60001,udp/60001)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/60001,udp/60001 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/60001,udp/60001 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -1079,11 +993,9 @@ 'subcategory' => 'client+server', 'detail' => 'multi port (tcp/22,udp/53,tcp/1234)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22,udp/53,tcp/1234 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/22,udp/53,tcp/1234 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -1093,11 +1005,9 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (udp/53 dns)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip --get-key " . + 'cmdline' => "$fwknopCmd -A udp/53 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, @@ -1107,8 +1017,7 @@ 'detail' => "-P bpf SPA over port $non_std_spa_port", 'function' => \&spa_cycle, 'cmdline' => "$default_client_args --server-port $non_std_spa_port", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str " . + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str " . qq|-P "udp port $non_std_spa_port"|, 'server_positive_output_matches' => [qr/PCAP\sfilter.*\s$non_std_spa_port/], 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -1121,8 +1030,7 @@ 'detail' => 'random SPA port (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_args -r", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str " . + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str " . qq|-P "udp"|, 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -1136,8 +1044,7 @@ 'cmdline' => "SPOOF_USER=$spoof_user LD_LIBRARY_PATH=$lib_dir $valgrind_str " . "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --get-key " . "$local_key_file --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'positive_output_matches' => [qr/Username:\s*$spoof_user/], 'server_positive_output_matches' => [qr/Username:\s*$spoof_user/], }, @@ -1150,8 +1057,7 @@ 'detail' => 'iptables rules not duplicated', 'function' => \&iptables_rules_not_duplicated, 'cmdline' => "$default_client_args --test", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", }, { @@ -1167,8 +1073,7 @@ 'subcategory' => 'server', 'detail' => 'ipfw active/expire sets not equal', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'ipfw_active_expire'} -a $cf{'def_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'ipfw_active_expire'} -a $cf{'def_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'positive_output_matches' => [qr/Cannot\sset\sidentical\sipfw\sactive\sand\sexpire\ssets/], 'exec_err' => $YES, @@ -1178,11 +1083,9 @@ 'subcategory' => 'client+server', 'detail' => 'localhost hostname->IP spoofed', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D localhost --get-key " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D localhost --get-key " . "$local_key_file --no-save-args --verbose --verbose -Q $spoof_ip", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, }, diff --git a/test/tests/rijndael_backwards_compatibility.pl b/test/tests/rijndael_backwards_compatibility.pl index f647b387..92d9e402 100644 --- a/test/tests/rijndael_backwards_compatibility.pl +++ b/test/tests/rijndael_backwards_compatibility.pl @@ -11,8 +11,7 @@ 'KPDM+Bu9g0XwmCEVxxg+4jwBwtbCxVt9t5aSR29EVWZ6UAOwLkunK3t4FYBy1tL' . '55krFt+1B2TtNSAH005kyDEZEOIGoY9Q/iU', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -28,8 +27,7 @@ 'Voq3QvBbIwkXJ63/oU+XxvP5R+DBLEnh3e/NHPFK6NB0WT2dujVyVxwBfvvWjIqW' . 'Hhro2tH34nqfTRIpevfLTMx7r+N8ZQ4V8', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -45,8 +43,7 @@ 'Ksk30QvkwHtPhl7I0oDz1bO+2K2JbDbyc0KBBzVNMLgJcuYgEpOXPkX2XhcTsgQ' . 'Vw2/Va/aUjvEvNPtwuipQS6DLTzOw/qy+/g', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -61,8 +58,7 @@ 'Sop/Iy6v+BCn9D+QD7eT7JI6BIoKp14K+8iNgKaNw1BdfgF1XDulpkNEdyG0fXz5' . 'M+GledHfz2d49aYThoQ2Cr8Iw1ycViawY', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -77,8 +73,7 @@ 'Sop/Iy6v+BCn9D+QD7eT7JI6BIoKp14K+8iNgKaNw1BdfgF1XDulpkNEdyG0fXz5' . 'M+GledHfz2d49aYThoQ2Cr8Iw1ycViawY', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'dual_key_legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'dual_key_legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -95,8 +90,7 @@ 'vQznpnGb05Md4ZgexHZGzZdSwsP8iVtcZdsgCBfeO4Eqs8OaSMjJVF8SQ+Jmhu' . 'XZMcWgMsIzhpprJ7JX41DrWd0OtBnE3rVwsN0', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -111,8 +105,7 @@ 'vQznpnGb05Md4ZgexHZGzZdSwsP8iVtcZdsgCBfeO4Eqs8OaSMjJVF8SQ+Jmhu' . 'XZMcWgMsIzhpprJ7JX41DrWd0OtBnE3rVwsN0', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'dual_key_legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'dual_key_legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -131,8 +124,7 @@ 'bL7PclPqPaGOrDeUCyMERFAkO/InryQUYtNlwnjcQdo15+JewnPj8XMDEtmvM' . 'jBZ7GmmG3WabIHzHcIi1xsBvoAwYCtxOH+GivVA', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_long_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_long_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -148,8 +140,7 @@ 'T2HsgbcGzTHXZAV5kMVTLG0ZM', 'server_positive_output_matches' => [qr/with expire time/, qr/truncating\sencryption\skey/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_long_key2_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_long_key2_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -167,8 +158,7 @@ 'QFKZ8mmKwR/5DIO7k3qrXYGxYP0bnHYsih0HIE6CzSHlBGSf' . 'DJR92YhjYtL4Q', 'server_positive_output_matches' => [qr/with expire time/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'android_legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'android_legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, diff --git a/test/tests/rijndael_cmd_exec.pl b/test/tests/rijndael_cmd_exec.pl index 5a0dbccf..c8893d8b 100644 --- a/test/tests/rijndael_cmd_exec.pl +++ b/test/tests/rijndael_cmd_exec.pl @@ -8,12 +8,10 @@ 'subcategory' => 'client+server', 'detail' => 'command execution', 'function' => \&spa_cmd_exec_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - qq|$fwknopCmd --server-cmd "echo fwknoptest > $cmd_exec_test_file" | . + 'cmdline' => qq|$fwknopCmd --server-cmd "echo fwknoptest > $cmd_exec_test_file" | . "-a $fake_ip -D $loopback_ip --get-key $local_key_file " . "--verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'cmd_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'cmd_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, }, diff --git a/test/tests/rijndael_fuzzing.pl b/test/tests/rijndael_fuzzing.pl index 6c50b3d8..e3037d7d 100644 --- a/test/tests/rijndael_fuzzing.pl +++ b/test/tests/rijndael_fuzzing.pl @@ -22,8 +22,7 @@ 'ptSBJJUZi0tozpKHETp3AgqfzyOy5FNs38aZsV5/sDl3Pt+kF7fTZJ+YLbmYY4yCUz2' . 'ZUYoCaJ7X78ULyJTi5eT7nug', 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, { @@ -48,8 +47,7 @@ '5OD8KiV6qzqLOvN4ULJjvvJJWBZ9qvo/f2Q9Wf67g2KHiwS6EeCINAuMoUw/mNRQMa4' . 'oGnOXu3/DeWHJAwtSeh7EAr4', 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, { @@ -76,8 +74,7 @@ 'qUvY8lkymbwvjelVok7Lvlc06cRhN4zm32D4V05g0vQS3PlX9C+mgph9DeAPVX+D8iZ' . '8lGrxcPSfbCOW61k0MP+q1EhLZkc1qAm5g2+2cLNZcoBNEdh3yj8OTPZJyBVw', 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, { @@ -97,8 +94,7 @@ '8E4lMnq+EbM2XYdhs2alpZ5bovAFojMsYRWwr/BvRO4Um4Fmo9z9sY3DR477TXNYXBR' . 'iGXWxSL4u+AWSSePK3qiiYoRQVw', 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, { @@ -118,8 +114,7 @@ '07zvcT03keUhLE1Uo7Wme1nE7BfTOG5stmIK1UQI85sL52//lDHu+xCqNcL7GUKbVRz' . 'ekw+EUscVvUkrsRcVtSvOm+fCNo', 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, { @@ -149,8 +144,7 @@ 'F0NPQvOT3ZvpeIJnirKP1ZX9gDFinqhuzL7oqktW61e1iwe7KZEdrZV0k2KZwyb8qU5' . 'rPAEnw', 'server_positive_output_matches' => [qr/No\sstanza\sencryption\smode\smatch/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, { @@ -176,8 +170,7 @@ 'tE8QyuOXzOMftI11SUn/LwqD4RMdR21rvLrzR6ZB5eUX2UBpODyzX6n+PJJkTWCuFVT4z1' . 'MKY', 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, @@ -198,8 +191,7 @@ 'd/diWYKAUvdQ4DydPGlR7mwQa2W+obKpqrsTBz7D4054z6ATAOGpCtifakEVl1XRc2+' . 'hW04WpY8mdUNu9i+PrfPr7/KxqU', 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, { @@ -219,8 +211,7 @@ 'ATvSTpZ+qiaoN0PPfy0+7yM6KlaQIu7bfG5E2a6VJTqTZ1qYz3H7QaJfbAtOD8j' . 'yEkDgP5+f49xrRA', 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging_nat'} -a $cf{'legacy_iv_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging_nat'} -a $cf{'legacy_iv_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", }, @@ -229,8 +220,7 @@ 'subcategory' => 'FUZZING', 'detail' => 'invalid SOURCE access.conf', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_source'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_source'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'positive_output_matches' => [qr/Fatal\sinvalid/], 'exec_err' => $YES, @@ -240,8 +230,7 @@ 'subcategory' => 'FUZZING', 'detail' => 'invalid OPEN_PORTS access.conf', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_open_ports'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_open_ports'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'positive_output_matches' => [qr/Fatal\sinvalid/], 'exec_err' => $YES, @@ -251,8 +240,7 @@ 'subcategory' => 'FUZZING', 'detail' => 'invalid RESTRICT_PORTS access.conf', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_restrict_ports'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'fuzz_restrict_ports'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'positive_output_matches' => [qr/Fatal\sinvalid/], 'exec_err' => $YES, @@ -263,8 +251,7 @@ 'detail' => 'non-base64 altered SPA data', 'function' => \&altered_non_base64_spa_data, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", }, { 'category' => 'Rijndael', @@ -272,8 +259,7 @@ 'detail' => 'base64 altered SPA data', 'function' => \&altered_base64_spa_data, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", }, { 'category' => 'Rijndael', @@ -281,8 +267,7 @@ 'detail' => 'appended data to SPA pkt', 'function' => \&appended_spa_data, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", }, { 'category' => 'Rijndael', @@ -290,7 +275,6 @@ 'detail' => 'prepended data to SPA pkt', 'function' => \&prepended_spa_data, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", }, ); diff --git a/test/tests/rijndael_hmac.pl b/test/tests/rijndael_hmac.pl index 53424960..4090d3b6 100644 --- a/test/tests/rijndael_hmac.pl +++ b/test/tests/rijndael_hmac.pl @@ -41,8 +41,7 @@ 'subcategory' => 'server', 'detail' => 'rc file HMAC+encryption keys not equal', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_equal_keys_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_equal_keys_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'positive_output_matches' => [qr/should\snot\sbe\sidentical/i], 'exec_err' => $YES, @@ -53,8 +52,7 @@ 'subcategory' => 'server', 'detail' => 'access file invalid HMAC type arg', 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_invalid_type_access'} " . + 'cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_invalid_type_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'positive_output_matches' => [qr/must\sbe\sone\sof/i], 'exec_err' => $YES, @@ -66,8 +64,7 @@ 'detail' => 'complete cycle (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => $default_client_hmac_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -79,8 +76,7 @@ 'detail' => 'replay attack detection', 'function' => \&replay_detection, 'cmdline' => $default_client_hmac_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'key_file' => $cf{'rc_hmac_b64_key'}, 'server_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/], @@ -92,8 +88,7 @@ 'function' => \&replay_detection, 'cmdline' => $default_client_hmac_args, 'pkt_prefix' => 'U2FsdGVkX1', - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'key_file' => $cf{'rc_hmac_b64_key'}, 'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/], @@ -105,8 +100,7 @@ 'function' => \&replay_detection, 'cmdline' => $default_client_hmac_args, 'pkt_prefix' => 'hQ', - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'key_file' => $cf{'rc_hmac_b64_key'}, 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], @@ -118,8 +112,7 @@ 'detail' => 'iptables custom input chain', 'function' => \&spa_cycle, 'cmdline' => $default_client_hmac_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'custom_input_chain'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'custom_input_chain'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/FWKNOP_INPUT_TEST\s\(1\sreferences/], 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -135,8 +128,7 @@ 'function' => \&spa_cycle, 'cmdline' => $default_client_args . " --get-hmac-key $local_hmac_key_file", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_get_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_get_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'get_key' => {'file' => $local_key_file, 'key' => 'rijndaelkey'}, @@ -152,8 +144,7 @@ 'detail' => 'iptables - no flush at init', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_hmac_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'no_flush_init'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_init'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -165,8 +156,7 @@ 'detail' => 'iptables - no flush at exit', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_hmac_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'no_flush_exit'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_exit'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -178,8 +168,7 @@ 'detail' => 'iptables - no flush at init or exit', 'function' => \&iptables_no_flush_init_exit, 'cmdline' => $default_client_hmac_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'no_flush_init_or_exit'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'no_flush_init_or_exit'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -192,8 +181,7 @@ 'detail' => '-f client timeout', 'function' => \&spa_cycle, 'cmdline' => "$default_client_hmac_args -f 2", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -220,8 +208,7 @@ '1Lwzpt5/vYMkmzCr1aXdgBPJVkqMQQZppjkxMApQGbX0MXLPG+aqP9MGWr' . 'mpOVjSY8vW5uc8wOhnNJFtu77jvR7MIDFOkNO16LbLV+IxQOmoJHE2+lUH' . '1nvudMWCORI/tzK/QU5YWFAXbbjFhR6RgvdWfzDhwxAEpNfd5gE', - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_cygwin_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_cygwin_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/with expire time/], 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -234,11 +221,9 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/23)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/23 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -249,11 +234,9 @@ 'subcategory' => 'client+server', 'detail' => 'non-b64 HMAC key (tcp/22 ssh)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key2'} --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_no_b64_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_no_b64_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -265,11 +248,9 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/9418)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/9418 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -280,11 +261,9 @@ 'subcategory' => 'client+server', 'detail' => 'complete cycle (tcp/60001)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/60001 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -295,11 +274,9 @@ 'subcategory' => 'client+server', 'detail' => 'multi port (tcp/60001,udp/60001)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/60001,udp/60001 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/60001,udp/60001 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -311,8 +288,7 @@ 'detail' => 'random SPA port (tcp/22)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_hmac_args -r", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str " . qq|-P "udp"|, 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -324,11 +300,9 @@ 'subcategory' => 'client+server', 'detail' => 'random SPA port (via rc RAND_PORT)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_rand_port_hmac_b64_key'} --verbose --verbose -r", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str " . qq|-P "udp"|, 'fw_rule_created' => $NEW_RULE_REQUIRED, @@ -343,8 +317,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key " . "--rc-file $cf{'rc_hmac_simple_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_simple_keys_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_simple_keys_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -359,8 +332,7 @@ 'cmdline' => "SPOOF_USER=$spoof_user LD_LIBRARY_PATH=$lib_dir $valgrind_str " . "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -373,8 +345,7 @@ 'detail' => 'rotate digest file', 'function' => \&rotate_digest_file, 'cmdline' => $default_client_hmac_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str --rotate-digest-cache", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -395,8 +366,7 @@ 'subcategory' => 'client', 'detail' => "--last-cmd", 'function' => \&generic_exec, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd --last-cmd --save-args-file $tmp_args_file " . + 'cmdline' => "$fwknopCmd --last-cmd --save-args-file $tmp_args_file " . "--verbose --verbose", }, { @@ -405,8 +375,7 @@ 'detail' => 'permissions check cycle (tcp/22)', 'function' => \&permissions_check, 'cmdline' => $default_client_hmac_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_hmac_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_hmac_conf_args $intf_str", 'server_positive_output_matches' => [qr/permissions\sshould\sonly\sbe\suser/], 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -419,8 +388,7 @@ 'function' => \&spa_cycle, 'cmdline' => $client_ip_resolve_hmac_args, 'no_ip_check' => 1, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_hmac_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_hmac_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, 'key_file' => $cf{'rc_hmac_b64_key'}, @@ -432,8 +400,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_md5_key'} --hmac-digest-type md5", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_md5_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_md5_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -446,8 +413,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_md5_short_key'} --hmac-digest-type md5", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_md5_short_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_md5_short_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -460,8 +426,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_md5_long_key'} --hmac-digest-type md5", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_md5_long_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_md5_long_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -474,8 +439,7 @@ 'detail' => 'complete cycle SHA1 (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_hmac_args --hmac-digest-type sha1", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha1_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha1_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -488,8 +452,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha1_short_key'} --hmac-digest-type sha1", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha1_short_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha1_short_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -502,8 +465,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha1_long_key'} --hmac-digest-type sha1", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha1_long_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha1_long_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -516,8 +478,7 @@ 'detail' => 'complete cycle SHA256 (tcp/22 ssh)', 'function' => \&spa_cycle, 'cmdline' => "$default_client_hmac_args --hmac-digest-type sha256", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_hmac_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_hmac_conf_args $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, 'key_file' => $cf{'rc_hmac_b64_key'}, @@ -529,8 +490,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha256_short_key'} --hmac-digest-type sha256", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_short_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_short_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -543,8 +503,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha256_long_key'} --hmac-digest-type sha256", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_long_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_long_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -558,8 +517,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha384_key'} --hmac-digest-type sha384", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha384_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha384_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -573,8 +531,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha384_short_key'} --hmac-digest-type sha384", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha384_short_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha384_short_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -587,8 +544,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha384_long_key'} --hmac-digest-type sha384", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha384_long_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha384_long_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -614,8 +570,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha512_key'} --hmac-digest-type sha512", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha512_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha512_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -628,8 +583,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha512_short_key'} --hmac-digest-type sha512", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha512_short_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha512_short_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'fw_rule_created' => $NEW_RULE_REQUIRED, 'fw_rule_removed' => $NEW_RULE_REMOVED, @@ -653,8 +607,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha256_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest1_mismatch_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest1_mismatch_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/stanza #1\).*\sArgs\scontain\sinvalid\sdata/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -667,8 +620,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha256_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest2_mismatch_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest2_mismatch_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/stanza #1\).*\sArgs\scontain\sinvalid\sdata/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -681,8 +633,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha256_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest3_mismatch_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest3_mismatch_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/stanza #1\).*\sArgs\scontain\sinvalid\sdata/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -695,8 +646,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_sha256_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest4_mismatch_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest4_mismatch_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/stanza #1\).*\sArgs\scontain\sinvalid\sdata/], 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, @@ -708,11 +658,9 @@ 'subcategory' => 'client+server', 'detail' => 'dual usage access key (tcp/80 http)', 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_dual_key_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_dual_key_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", ### check for the first stanza that does not allow tcp/80 - the ### second stanza allows this @@ -729,8 +677,7 @@ 'function' => \&altered_hmac_spa_data, ### alter HMAC itself 'cmdline' => "$default_client_args_no_get_key " . "--rc-file $cf{'rc_hmac_b64_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'key_file' => $cf{'rc_hmac_b64_key'}, }, @@ -741,8 +688,7 @@ 'function' => \&altered_pkt_hmac_spa_data, ### alter SPA payload 'cmdline' => "$default_client_args_no_get_key " . "--rc-file $cf{'rc_hmac_b64_key'}", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'key_file' => $cf{'rc_hmac_b64_key'}, }, @@ -753,8 +699,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_b64_key'} -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/requested\sNAT\saccess.*not\senabled/i], 'server_conf' => $cf{'def'}, @@ -768,8 +713,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_b64_key'} -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -786,8 +730,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_b64_key'} -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'snat'} -a $cf{'hmac_open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'snat'} -a $cf{'hmac_open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -804,8 +747,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_b64_key'} -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'snat_no_translate_ip'} -a $cf{'hmac_open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'snat_no_translate_ip'} -a $cf{'hmac_open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -824,8 +766,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_b64_key'} -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'custom_nat_chain'} -a $cf{'hmac_open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'custom_nat_chain'} -a $cf{'hmac_open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD_TEST\s.*dport\s22\s/, @@ -841,11 +782,9 @@ 'subcategory' => 'client+server', 'detail' => "NAT tcp/80 to $internal_nat_host tcp/22", 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose -N $internal_nat_host:22", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_open_ports_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_open_ports_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD\s.*dport\s22\s/, @@ -873,8 +812,7 @@ 'cmdline' => $default_client_args, 'cmdline' => "$default_client_args_no_get_key --rc-file " . $cf{'rc_hmac_b64_key'}, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_force_nat_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_force_nat_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/\sto\:$force_nat_host\:22/i], 'server_negative_output_matches' => [qr/\sto\:$internal_nat_host\:22/i], @@ -890,8 +828,7 @@ 'function' => \&spa_cycle, 'cmdline' => "$default_client_args_no_get_key --rc-file " . "$cf{'rc_hmac_b64_key'} --nat-local", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'hmac_force_nat_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'hmac_force_nat_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/to\:$force_nat_host\:22/i, qr/FWKNOP_INPUT.*dport\s22.*\sACCEPT/], @@ -906,11 +843,9 @@ 'subcategory' => 'client+server', 'detail' => "local NAT non-FORCE_NAT", 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose --nat-local --nat-port 80", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/to\:$loopback_ip\:22/i, qr/FWKNOP_INPUT.*dport\s22.*\sACCEPT/], @@ -926,11 +861,9 @@ 'subcategory' => 'client+server', 'detail' => "local NAT rand port to tcp/22", 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose --nat-local --nat-rand-port", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'local_nat'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [qr/to\:$loopback_ip\:22/i, qr/FWKNOP_INPUT.*dport\s22.*\sACCEPT/], @@ -944,11 +877,9 @@ 'subcategory' => 'client+server', 'detail' => "NAT rand port to tcp/22", 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose --nat-rand-port -N $internal_nat_host", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD.*dport\s22\s.*\sACCEPT/, @@ -963,11 +894,9 @@ 'subcategory' => 'client+server', 'detail' => "NAT rand port to -N :40001", 'function' => \&spa_cycle, - 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . + 'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " . "$cf{'rc_hmac_b64_key'} --verbose --verbose --nat-rand-port -N $internal_nat_host:40001", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'server_positive_output_matches' => [ qr/FWKNOP_FORWARD.*dport\s40001\s.*\sACCEPT/, @@ -984,8 +913,7 @@ 'detail' => 'iptables rules not duplicated', 'function' => \&iptables_rules_not_duplicated, 'cmdline' => "$default_client_hmac_args --test", - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " . "-d $default_digest_file -p $default_pid_file $intf_str", 'key_file' => $cf{'rc_hmac_b64_key'}, }, diff --git a/test/tests/rijndael_replay_attacks.pl b/test/tests/rijndael_replay_attacks.pl index e9ba8301..ad156f6b 100644 --- a/test/tests/rijndael_replay_attacks.pl +++ b/test/tests/rijndael_replay_attacks.pl @@ -5,8 +5,7 @@ 'detail' => 'replay attack detection', 'function' => \&replay_detection, 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/], }, { @@ -16,8 +15,7 @@ 'function' => \&replay_detection, 'pkt_prefix' => 'U2FsdGVkX1', 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/], }, @@ -28,8 +26,7 @@ 'function' => \&replay_detection, 'pkt_prefix' => 'hQ', 'cmdline' => $default_client_args, - 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " . - "$fwknopdCmd $default_server_conf_args $intf_str", + 'fwknopd_cmdline' => "$fwknopdCmd $default_server_conf_args $intf_str", 'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/], }, );