[test suite] additional --save-rc-stanza tests for vars not printed in fwknop client...
authorMichael Rash <mbr@cipherdyne.org>
Tue, 11 Jun 2013 01:18:37 +0000 (21:18 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Tue, 11 Jun 2013 01:18:37 +0000 (21:18 -0400)
test/test-fwknop.pl
test/tests/basic_operations.pl

index 86f0594..5a18a3d 100755 (executable)
@@ -405,12 +405,19 @@ our $default_client_args_no_get_key = "LD_LIBRARY_PATH=$lib_dir " .
     "$valgrind_str $fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip " .
     "--no-save-args --verbose --verbose";
 
+our $default_client_args_no_verbose = "LD_LIBRARY_PATH=$lib_dir " .
+    "$valgrind_str $fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip " .
+    '--no-save-args ';
+
 our $client_rewrite_rc_args = "$default_client_args_no_get_key " .
     "--rc-file $rewrite_rc_file --test";
 
 our $client_save_rc_args = "$default_client_args_no_get_key " .
     "--rc-file $save_rc_file --save-rc-stanza --force-stanza --test";
 
+our $client_save_rc_args_no_verbose = "$default_client_args_no_verbose " .
+    "--rc-file $save_rc_file --save-rc-stanza --force-stanza --test";
+
 our $default_client_hmac_args = "$default_client_args_no_get_key " .
     "--rc-file $cf{'rc_hmac_b64_key'}";
 
@@ -1075,31 +1082,34 @@ sub expected_code_version() {
     return 0;
 }
 
+sub write_rc_file() {
+    my ($rc_hr, $rc_file) = @_;
+
+    open RC, "> $rc_file"
+        or die "[*] Could not open $rc_file: $!";
+    for my $hr (@$rc_hr) {
+        print RC "[$hr->{'name'}]\n";
+        for my $var (keys %{$hr->{'vars'}}) {
+            print RC "$var      $hr->{'vars'}->{$var}\n";
+        }
+    }
+    close RC;
+
+    return;
+}
+
 sub client_rc_file() {
     my $test_hr = shift;
 
     my $rv = 1;
+    my $rc_file = '';
 
     if ($test_hr->{'write_rc_file'}) {
-        open RC, "> $rewrite_rc_file"
-            or die "[*] Could not open $rewrite_rc_file: $!";
-        for my $hr (@{$test_hr->{'write_rc_file'}}) {
-            print RC "[$hr->{'name'}]\n";
-            for my $var (keys %{$hr->{'vars'}}) {
-                print RC "$var      $hr->{'vars'}->{$var}\n";
-            }
-        }
-        close RC;
+        &write_rc_file($test_hr->{'write_rc_file'}, $rewrite_rc_file);
+        $rc_file = $rewrite_rc_file;
     } elsif ($test_hr->{'save_rc_stanza'}) {
-        open RC, "> $save_rc_file"
-            or die "[*] Could not open $save_rc_file: $!";
-        for my $hr (@{$test_hr->{'save_rc_stanza'}}) {
-            print RC "[$hr->{'name'}]\n";
-            for my $var (keys %{$hr->{'vars'}}) {
-                print RC "$var      $hr->{'vars'}->{$var}\n";
-            }
-        }
-        close RC;
+        &write_rc_file($test_hr->{'save_rc_stanza'}, $save_rc_file);
+        $rc_file = $save_rc_file;
     } else {
         &write_test_file(
             "[-] test hash does not include 'write_rc_file' or 'save_rc_stanza'\n",
@@ -1109,8 +1119,11 @@ sub client_rc_file() {
 
     $rv = 0 unless &run_cmd($test_hr->{'cmdline'},
             $cmd_out_tmp, $curr_test_file);
-    $rv = 0 unless &file_find_regex([qr/final\spacked/i],
-        $MATCH_ALL, $NO_APPEND_RESULTS, $curr_test_file);
+
+    unless ($test_hr->{'cmdline'} =~ /key\-gen/ or $test_hr->{'cmdline'} =~ /\-k/) {
+        $rv = 0 unless &file_find_regex([qr/final\spacked/i],
+            $MATCH_ALL, $NO_APPEND_RESULTS, $curr_test_file);
+    }
 
     if ($test_hr->{'positive_output_matches'}) {
         unless (&file_find_regex(
@@ -1141,6 +1154,28 @@ sub client_rc_file() {
         $rv = 0;
     }
 
+    if ($test_hr->{'rc_positive_output_matches'}) {
+        unless (&file_find_regex(
+                $test_hr->{'rc_positive_output_matches'},
+                $MATCH_ALL, $NO_APPEND_RESULTS, $rc_file)) {
+            &write_test_file(
+                "[-] rc_positive_output_matches not met, setting rv=0\n",
+                $curr_test_file);
+            $rv = 0;
+        }
+    }
+
+    if ($test_hr->{'rc_negative_output_matches'}) {
+        if (&file_find_regex(
+                $test_hr->{'rc_negative_output_matches'},
+                $MATCH_ANY, $NO_APPEND_RESULTS, $rc_file)) {
+            &write_test_file(
+                "[-] rc_negative_output_matches not met, setting rv=0\n",
+                $curr_test_file);
+            $rv = 0;
+        }
+    }
+
     return $rv;
 }
 
@@ -5008,7 +5043,9 @@ sub validate_test_hashes() {
         'insert_rule_before_exec'    => $OPTIONAL,
         'insert_rule_while_running'  => $OPTIONAL,
         'search_for_rule_after_exit' => $OPTIONAL,
-        'mv_and_restore_replay_cache'  => $OPTIONAL,
+        'rc_positive_output_matches' => $OPTIONAL,
+        'rc_negative_output_matches' => $OPTIONAL,
+        'mv_and_restore_replay_cache' => $OPTIONAL,
         'server_positive_output_matches' => $OPTIONAL,
         'server_negative_output_matches' => $OPTIONAL,
         'replay_positive_output_matches' => $OPTIONAL,
index 2f0a3ad..e7b9535 100644 (file)
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA1'}}],
         'positive_output_matches' => [qr/Digest\sType\:\s.*MD5/],
+        'rc_positive_output_matches' => [qr/DIGEST_TYPE.*MD5/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
         'positive_output_matches' => [qr/Digest\sType\:\s.*SHA1/],
+        'rc_positive_output_matches' => [qr/DIGEST_TYPE.*SHA1/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
         'positive_output_matches' => [qr/Digest\sType\:\s.*SHA256/],
+        'rc_positive_output_matches' => [qr/DIGEST_TYPE.*SHA256/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
         'positive_output_matches' => [qr/Digest\sType\:\s.*SHA384/],
+        'rc_positive_output_matches' => [qr/DIGEST_TYPE.*SHA384/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
         'positive_output_matches' => [qr/Digest\sType\:\s.*SHA512/],
+        'rc_positive_output_matches' => [qr/DIGEST_TYPE.*SHA512/],
         'fatal'    => $NO
     },
     {
                 'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
                     'HMAC_DIGEST_TYPE' => 'SHA1'}}],
         'positive_output_matches' => [qr/HMAC\sType\:\s.*MD5/],
+        'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*MD5/, qw/USE_HMAC.*Y/],
         'fatal'    => $NO
     },
     {
                 'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
                     'HMAC_DIGEST_TYPE' => 'MD5'}}],
         'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA1/],
+        'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*SHA1/],
         'fatal'    => $NO
     },
     {
                 'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
                     'HMAC_DIGEST_TYPE' => 'MD5'}}],
         'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA256/],
+        'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*SHA256/],
         'fatal'    => $NO
     },
     {
                 'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
                     'HMAC_DIGEST_TYPE' => 'MD5'}}],
         'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA384/],
+        'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*SHA384/],
         'fatal'    => $NO
     },
     {
                 'vars' => {'KEY' => 'testtest', 'HMAC_KEY' => 'hmactest',
                     'HMAC_DIGEST_TYPE' => 'MD5'}}],
         'positive_output_matches' => [qr/HMAC\sType\:\s.*SHA512/],
+        'rc_positive_output_matches' => [qr/HMAC_DIGEST_TYPE.*SHA512/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'TCP'}}],
         'positive_output_matches' => [qr/protocol:\sudp/],
+        'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*udp/],
+        'rc_negative_output_matches' => [qr/USE_HMAC/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
         'positive_output_matches' => [qr/protocol:\stcp/],
+        'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*tcp/],
+        'rc_negative_output_matches' => [qr/USE_HMAC/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
         'positive_output_matches' => [qr/protocol:\shttp/],
+        'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*http/],
+        'rc_negative_output_matches' => [qr/USE_HMAC/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
         'positive_output_matches' => [qr/protocol:\stcpraw/],
+        'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*tcpraw/],
+        'rc_negative_output_matches' => [qr/USE_HMAC/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PROTO' => 'UDP'}}],
         'positive_output_matches' => [qr/protocol:\sicmp/],
+        'rc_positive_output_matches' => [qr/SPA_SERVER_PROTO.*icmp/],
+        'rc_negative_output_matches' => [qr/USE_HMAC/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'SPA_SOURCE_PORT' => '65531'}}],
         'positive_output_matches' => [qr/source\sport:\s65421/],
+        'rc_positive_output_matches' => [qr/SPA_SOURCE_PORT.*65421/],
+        'rc_negative_output_matches' => [qr/USE_HMAC/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'SPA_SERVER_PORT' => '65531'}}],
         'positive_output_matches' => [qr/destination\sport:\s65421/],
+        'rc_positive_output_matches' => [qr/SPA_SERVER_PORT.*65421/],
+        'rc_negative_output_matches' => [qr/USE_HMAC/],
         'fatal'    => $NO
     },
     {
         'save_rc_stanza' => [{'name' => 'default',
                 'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
         'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
+        'rc_positive_output_matches' => [qr/FW_TIMEOUT.*1234/],
+        'rc_negative_output_matches' => [qr/USE_HMAC/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'client save rc file',
+        'detail'   => '--verbose',
+        'function' => \&client_rc_file,
+        'cmdline'  => "$client_save_rc_args_no_verbose -n default --fw-timeout 1234 --verbose",
+        'save_rc_stanza' => [{'name' => 'default',
+                'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
+        'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
+        'rc_positive_output_matches' => [qr/VERBOSE.*Y/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'client save rc file',
+        'detail'   => '--verbose --verbose',
+        'function' => \&client_rc_file,
+        'cmdline'  => "$client_save_rc_args_no_verbose -n default " .
+            "--fw-timeout 1234 --verbose --verbose",
+        'save_rc_stanza' => [{'name' => 'default',
+                'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
+        'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
+        'rc_positive_output_matches' => [qr/VERBOSE.*2/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'client save rc file',
+        'detail'   => 'no --verbose',
+        'function' => \&client_rc_file,
+        'cmdline'  => "$client_save_rc_args_no_verbose -n default " .
+            "--fw-timeout 1234",
+        'save_rc_stanza' => [{'name' => 'default',
+                'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
+        'positive_output_matches' => [qr/Client\sTimeout:\s1234/],
+        'rc_negative_output_matches' => [qr/VERBOSE/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'client save rc file',
+        'detail'   => '--use-hmac --key-gen',
+        'function' => \&client_rc_file,
+        'cmdline'  => "$client_save_rc_args_no_verbose -n default " .
+            "--fw-timeout 1234 --verbose --use-hmac --key-gen",
+        'save_rc_stanza' => [{'name' => 'default',
+                'vars' => {'KEY' => 'testtest', 'FW_TIMEOUT' => '30'}}],
+        'positive_output_matches' => [qr/Wrote.*HMAC.*keys/],
+        'rc_positive_output_matches' => [qr/VERBOSE.*Y/,
+            qr/USE_HMAC.*Y/, qr/KEY_BASE64/, qr/HMAC_KEY_BASE64/],
         'fatal'    => $NO
     },