File: 713

package info (click to toggle)
pcp 7.1.0-1
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 252,748 kB
  • sloc: ansic: 1,483,656; sh: 182,366; xml: 160,462; cpp: 83,813; python: 24,980; perl: 18,327; yacc: 6,877; lex: 2,864; makefile: 2,738; awk: 165; fortran: 60; java: 52
file content (122 lines) | stat: -rwxr-xr-x 3,248 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
#!/bin/sh
# PCP QA Test No. 713
#
# Exercise encrypted communications between pmproxy/clients
# Copyright (c) 2013 Red Hat.
#

seq=`basename $0`
echo "QA output created by $seq"


. ./common.secure

_check_tls

_cleanup()
{
    _restore_config $PCP_TLSCONF_PATH
    unset PCP_SECURE_SOCKETS

    _service pmcd restart 2>&1 | _filter_pcp_restart
    _wait_for_pmcd
    _restore_auto_restart pmcd
    _service pmlogger restart 2>&1 | _filter_pcp_restart
    _wait_for_pmlogger

    _restore_auto_restart pmproxy
    $sudo $signal -a pmproxy >/dev/null 2>&1
    if $pmproxy_was_running
    then
	echo "Restart pmproxy ..." >>$seq_full
	_service pmproxy restart >>$seq_full 2>&1
	_wait_for_pmproxy
    else
	echo "Stopping pmproxy ..." >>$seq_full
	_service pmproxy stop >>$seq_full 2>&1
    fi

    $sudo rm -fr $tmp.* $tmp
}

status=1	# failure is the default!
username=`id -u -n`
signal=$PCP_BINADM_DIR/pmsignal
trap "_cleanup; exit \$status" 0 1 2 3 15

pmproxy_was_running=false
[ -f $PCP_RUN_DIR/pmproxy.pid ] && pmproxy_was_running=true
echo "pmproxy_was_running=$pmproxy_was_running" >>$seq_full

_save_config $PCP_TLSCONF_PATH
_stop_auto_restart pmcd
if ! _service pmlogger stop 2>&1; then _exit 1; fi \
| _filter_pcp_stop
_wait_pmlogger_end || _exit 1
if ! _service pmcd stop 2>&1; then _exit 1; fi \
| _filter_pcp_stop
_wait_pmcd_end || _exit 1

# pmcd is now secure.  next, pmproxy...
_stop_auto_restart pmproxy
if ! _service pmproxy stop >/dev/null 2>&1; then _exit 1; fi
$sudo $signal -a pmproxy >/dev/null 2>&1

_filter_tls()
{
    sed \
	-e 's/value [0-9][0-9]*/value NUMBER/' \
	-e '/pminfo([0-9][0-9]*)/s//pminfo(PID)/' \
	-e "s/host \"$hostname\"/host LOCALHOST/g" \
	-e 's/^\[[A-Z].. [A-Z]..  *[0-9][0-9]* ..:..:..]/[DATE]/' \
    #end
}

# real QA test starts here
_setup_tls

if ! _service pmcd start
then
    echo "--- cert & key files and sum by user $PCP_USER"
    for file in $tmp.tls/*
    do
	ls -l $file
	sudo -u $PCP_USER sum $file
    done
    echo "--- openssl.log from key & cert setup"
    cat $tmp.tls/openssl.log
    _exit 1
fi | _filter_pcp_start

if ! _service pmproxy start; then _exit 1; fi \
| _filter_pmproxy_start
_wait_for_pmcd || _exit 1
_wait_for_pmproxy || _exit 1

# verify that local clients are unable to establish a connection
# when valid server certificate exists but no client certificate
# and no requirement to verify client certificate.
echo
echo "checking client, server certificate only.  should pass..." | tee -a $seq_full
PMPROXY_HOST=$hostname; export PMPROXY_HOST
PCP_SECURE_SOCKETS=enforce; export PCP_SECURE_SOCKETS
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls
unset PMPROXY_HOST PCP_SECURE_SOCKETS

# make the new certificate visible to just this user
echo
echo "checking client, user certificate only.  should pass..."
PMPROXY_HOST=$hostname; export PMPROXY_HOST
PCP_SECURE_SOCKETS=enforce; export PCP_SECURE_SOCKETS
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

# Try a second connection
echo
echo "checking client, user certificate only, second time.  should pass..."
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

unset PMPROXY_HOST PCP_SECURE_SOCKETS

# success, all done
status=0
exit