首页 发现 帮助
登录
vimacs
/
openconnect
关注 1
点赞 0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: h3cssl
分支列表 标签列表
openconnect
/
tests
/
f5-auth-and-config

f5-auth-and-config 2.5 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # Copyright © 2021 Daniel Lenski
    4. 

  4. #
    5. 

  5. # This file is part of openconnect.
    6. 

  6. #
    7. 

  7. # This is free software; you can redistribute it and/or
    8. 

  8. # modify it under the terms of the GNU Lesser General Public License
    9. 

  9. # as published by the Free Software Foundation; either version 2.1 of
    10. 

  10. # the License, or (at your option) any later version.
    11. 

  11. #
    12. 

  12. # This library is distributed in the hope that it will be useful, but
    13. 

  13. # WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    15. 

  15. # Lesser General Public License for more details.
    16. 

  16. #
    17. 

  17. # You should have received a copy of the GNU Lesser General Public License
    18. 

  18. # along with this program.  If not, see <http://www.gnu.org/licenses/>
    19. 

  19. 

  20. # This test uses LD_PRELOAD
    21. 

  21. PRELOAD=1
    22. 

  22. srcdir=${srcdir:-.}
    23. 

  23. top_builddir=${top_builddir:-..}
    24. 

  24. 

  25. . `dirname $0`/common.sh
    26. 

  26. 

  27. FINGERPRINT="--servercert=d66b507ae074d03b02eafca40d35f87dd81049d3"
    28. 

  28. CERT=$certdir/server-cert.pem
    29. 

  29. KEY=$certdir/server-key.pem
    30. 

  30. 

  31. echo "Testing F5 auth against fake server ..."
    32. 

  32. 

  33. OCSERV=${srcdir}/fake-f5-server.py
    34. 

  34. launch_simple_sr_server $ADDRESS 443 $CERT $KEY > /dev/null 2>&1
    35. 

  35. PID=$!
    36. 

  36. wait_server $PID
    37. 

  37. 

  38. echo -n "Authenticating with username/password in the absence of an HTML login form... "
    39. 

  39. ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=f5 -q $ADDRESS:443/?no_html_login_form=1 -u test $FINGERPRINT --cookieonly >/dev/null 2>&1) ||
    40. 

  40.     fail $PID "Could not receive cookie from fake F5 server"
    41. 

  41. 

  42. echo ok
    43. 

  43. 

  44. echo -n "Authenticating with username/password... "
    45. 

  45. ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=f5 -q $ADDRESS:443 -u test $FINGERPRINT --cookieonly >/dev/null 2>&1) ||
    46. 

  46.     fail $PID "Could not receive cookie from fake F5 server"
    47. 

  47. 

  48. echo ok
    49. 

  49. 

  50. echo -n "Authenticating with username/password/authgroup... "
    51. 

  51. ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=f5 -q $ADDRESS:443/?domains=xyz,abc,def --authgroup=abc -u test $FINGERPRINT --cookieonly >/dev/null 2>&1) ||
    52. 

  52.     fail $PID "Could not receive cookie from fake F5 server"
    53. 

  53. 

  54. echo ok
    55. 

  55. 

  56. echo -n "Authenticating with username/password, then proceeding to tunnel stage... "
    57. 

  57. echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=f5 -q $ADDRESS:443 -u test $FINGERPRINT >/dev/null 2>&1
    58. 

  58. test $? = 2 || # what OpenConnect returns when server rejects cookie upon tunnel connection, as the fake server does
    59. 

  59.     fail $PID "Something went wrong in fake F5 server (other than the expected rejection of cookie)"
    60. 

  60. 

  61. echo ok
    62. 

  62. 

  63. cleanup
    64. 

  64. 

  65. exit 0
    66. 

  66.