Browse files

Added a test for a dual-usage key in access.conf

  • Loading branch information...
1 parent ba3b7d1 commit 6b3e5ef3c235e4c4721ca0d6b5f9861489cc3e5c @mrash committed Jul 8, 2012
Showing with 29 additions and 0 deletions.
  1. +9 −0 test/conf/dual_key_usage_access.conf
  2. +20 −0 test/test-fwknop.pl
View
9 test/conf/dual_key_usage_access.conf
@@ -0,0 +1,9 @@
+SOURCE: ANY;
+KEY: fwknoptest;
+OPEN_PORTS: tcp/22;
+FW_ACCESS_TIMEOUT: 2;
+
+SOURCE: ANY;
+KEY: fwknoptest;
+OPEN_PORTS: tcp/80;
+FW_ACCESS_TIMEOUT: 3;
View
20 test/test-fwknop.pl
@@ -27,6 +27,7 @@
my $expired_epoch_access_conf = "$conf_dir/expired_epoch_stanza_access.conf";
my $invalid_expire_access_conf = "$conf_dir/invalid_expire_access.conf";
my $force_nat_access_conf = "$conf_dir/force_nat_access.conf";
+my $dual_key_usage_access_conf = "$conf_dir/dual_key_usage_access.conf";
my $gpg_access_conf = "$conf_dir/gpg_access.conf";
my $default_digest_file = "$run_dir/digest.cache";
my $default_pid_file = "$run_dir/fwknopd.pid";
@@ -593,6 +594,25 @@
{
'category' => 'Rijndael SPA',
'subcategory' => 'client+server',
+ 'detail' => 'dual usage access key (tcp/80 http)',
+ 'err_msg' => 'could not complete SPA cycle',
+ 'function' => \&spa_cycle,
+ 'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+ "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --get-key " .
+ "$local_key_file --verbose --verbose",
+ 'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+ "$fwknopdCmd -c $default_conf -a $dual_key_usage_access_conf " .
+ "-d $default_digest_file -p $default_pid_file $intf_str",
+ ### check for the first stanza that does not allow tcp/80 - the
+ ### second stanza allows this
+ 'server_positive_output_matches' => [qr/stanza #1\)\sOne\sor\smore\srequested\sprotocol\/ports\swas\sdenied/],
+ 'fw_rule_created' => $NEW_RULE_REQUIRED,
+ 'fw_rule_removed' => $NEW_RULE_REMOVED,
+ 'fatal' => $NO
+ },
+ {
+ 'category' => 'Rijndael SPA',
+ 'subcategory' => 'client+server',
'detail' => 'packet aging (past) (tcp/22 ssh)',
'err_msg' => 'old SPA packet accepted',
'function' => \&spa_cycle,

0 comments on commit 6b3e5ef

Please sign in to comment.