1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#!/bin/bash
#
# Copyright 2020 Nikos Mavrogiannopoulos
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
builddir=${builddir:-.}
srcdir=${srcdir:-.}
OPENCONNECT=${OPENCONNECT:-$(type -P openconnect)}
OCCTL=${OCCTL:-$(type -P occtl)}
OCSERV=${OCSERV:-$(type -P ocserv)}
IP=${IP:-$(type -P ip)}
if test -z "${OPENCONNECT}" || ! test -x ${OPENCONNECT};then
echo "You need openconnect to run this test"
exit 1
fi
if test -z "${OCSERV}" || ! test -x ${OCSERV};then
echo "You need ocserv to run this test"
exit 1
fi
if test -z "$NO_NEED_ROOT";then
if test "$(id -u)" != "0";then
echo "You need to run this script as root"
exit 77
fi
fi
update_config() {
file=$1
username=$(whoami)
group=$(groups|cut -f 1 -d ' ')
if test -z "${ISOLATE_WORKERS}";then
if test "${COVERAGE}" = "1";then
ISOLATE_WORKERS=false
else
ISOLATE_WORKERS=true
fi
fi
cp "${srcdir}/data/${file}" "$file.$$.tmp"
sed -i -e 's|@USERNAME@|'${username}'|g' "$file.$$.tmp" \
-e 's|@GROUP@|'${group}'|g' "$file.$$.tmp" \
-e 's|@SRCDIR@|'${srcdir}'|g' "$file.$$.tmp" \
-e 's|@ISOLATE_WORKERS@|'${ISOLATE_WORKERS}'|g' "$file.$$.tmp" \
-e 's|@OTP_FILE@|'${OTP_FILE}'|g' "$file.$$.tmp" \
-e 's|@CRLNAME@|'${CRLNAME}'|g' "$file.$$.tmp" \
-e 's|@PORT@|'${PORT}'|g' "$file.$$.tmp" \
-e 's|@DNS@|'${DNS}'|g' "$file.$$.tmp" \
-e 's|@ADDRESS@|'${ADDRESS}'|g' "$file.$$.tmp" \
-e 's|@VPNNET@|'${VPNNET}'|g' "$file.$$.tmp" \
-e 's|@VPNNET6@|'${VPNNET6}'|g' "$file.$$.tmp" \
-e 's|@ROUTE1@|'${ROUTE1}'|g' "$file.$$.tmp" \
-e 's|@ROUTE2@|'${ROUTE2}'|g' "$file.$$.tmp" \
-e 's|@NOROUTE1@|'${NOROUTE1}'|g' "$file.$$.tmp" \
-e 's|@NOROUTE2@|'${NOROUTE2}'|g' "$file.$$.tmp" \
-e 's|@MATCH_CIPHERS@|'${MATCH_CIPHERS}'|g' "$file.$$.tmp" \
-e 's|@OCCTL_SOCKET@|'${OCCTL_SOCKET}'|g' "$file.$$.tmp" \
-e 's|@LISTEN_NS@|'${LISTEN_NS}'|g' "$file.$$.tmp"
CONFIG="$file.$$.tmp"
}
# Check for a utility to list ports. Both ss and netstat will list
# ports for normal users, and have similar semantics, so put the
# command in the caller's PFCMD, or exit, indicating an unsupported
# test. Prefer ss from iproute2 over the older netstat.
have_port_finder() {
for file in $(type -P ss) /*bin/ss /usr/*bin/ss /usr/local/*bin/ss;do
if test -x "$file";then
PFCMD="$file";return 0
fi
done
if test -z "$PFCMD";then
for file in $(type -P netstat) /bin/netstat /usr/bin/netstat /usr/local/bin/netstat;do
if test -x "$file";then
PFCMD="$file";return 0
fi
done
fi
if test -z "$PFCMD";then
echo "neither ss nor netstat found"
exit 1
fi
}
check_if_port_in_use() {
local PORT="$1"
local PFCMD; have_port_finder
$PFCMD -an|grep "[\:\.]$PORT" >/dev/null 2>&1
}
# Find a port number not currently in use.
GETPORT='
rc=0
unset myrandom
while test $rc = 0; do
if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi
if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi
if test -z "$myrandom"; then myrandom=0; fi
PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))"
check_if_port_in_use $PORT;rc=$?
done
'
|
