Individual tests can define a script to run to test
whether they should be skipped.
Included in this commit is an example check which
checks whether we can do NTLM checks. This fails
e.g. on recent versions of Fedora with mbedTLS
(tested with Fedora 39) or when NTLM support is not
compiled in.
v2:
- ntlm_support:
- support OpenSSL 3
- allow to build without cmocka
v3:
- add example to t_client.rc-sample
- t_client.sh code style
- use syshead.h in error.h
v5:
- rename SKIP_x to CHECK_SKIP_x
Change-Id: I13ea6752c8d102eabcc579e391828c05d5322899
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
20240308102818.9249-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/search?l=mid&q=
20240308102818.9249-1-gert@greenie.muc.de
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit
0c7cf0694ee6f878168330e9a084c255c51a9e8b)
#define ERROR_H
#include "basic.h"
-
-#include <errno.h>
-#include <stdbool.h>
+#include "syshead.h"
#include <assert.h>
-#if _WIN32
-#include <windows.h>
-#endif
-
/* #define ABORT_ON_ERROR */
#if defined(ENABLE_PKCS11) || defined(ENABLE_MANAGEMENT)
if !WIN32
test_scripts = t_client.sh t_lpback.sh t_cltsrv.sh
+
+check_PROGRAMS = ntlm_support
if HAVE_SITNL
test_scripts += t_net.sh
endif
dist_noinst_DATA = \
t_client.rc-sample
+
+ntlm_support_CFLAGS = -I$(top_srcdir)/src/openvpn -I$(top_srcdir)/src/compat -I$(top_srcdir)/tests/unit_tests/openvpn -DNO_CMOCKA @TEST_CFLAGS@
+ntlm_support_LDFLAGS = @TEST_LDFLAGS@ -L$(top_srcdir)/src/openvpn $(OPTIONAL_CRYPTO_LIBS)
+ntlm_support_SOURCES = ntlm_support.c \
+ unit_tests/openvpn/mock_msg.c unit_tests/openvpn/mock_msg.h \
+ $(top_srcdir)/src/openvpn/buffer.c \
+ $(top_srcdir)/src/openvpn/crypto.c \
+ $(top_srcdir)/src/openvpn/crypto_openssl.c \
+ $(top_srcdir)/src/openvpn/crypto_mbedtls.c \
+ $(top_srcdir)/src/openvpn/otime.c \
+ $(top_srcdir)/src/openvpn/packet_id.c \
+ $(top_srcdir)/src/openvpn/platform.c
--- /dev/null
+/*
+ * OpenVPN -- An application to securely tunnel IP networks
+ * over a single UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ * Copyright (C) 2023 OpenVPN Inc <sales@openvpn.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "syshead.h"
+
+#include "crypto.h"
+#include "error.h"
+
+int
+main(void)
+{
+#if defined(ENABLE_CRYPTO_OPENSSL)
+ crypto_load_provider("legacy");
+ crypto_load_provider("default");
+#endif
+#ifdef NTLM
+ if (!md_valid("MD4"))
+ {
+ msg(M_FATAL, "MD4 not supported");
+ }
+ if (!md_valid("MD5"))
+ {
+ msg(M_FATAL, "MD5 not supported");
+ }
+#else /* ifdef NTLM */
+ msg(M_FATAL, "NTLM support not compiled in");
+#endif
+}
#
# tests to run (list suffixes for config stanzas below)
#
-TEST_RUN_LIST="1 2"
+TEST_RUN_LIST="1 2 2n"
#
# use "sudo" (etc) to give openvpn the necessary privileges
#
# if something is not defined here, the corresponding test is not run
#
-# possible test options:
+# common test options:
#
-# RUN_TITLE_x="what is being tested on here" (purely informational)
-# OPENVPN_CONF_x = "how to call ./openvpn" [mandatory]
+# RUN_TITLE_x = "what is being tested on here" (purely informational)
+# OPENVPN_CONF_x = "how to call ./openvpn" [mandatory]
# EXPECT_IFCONFIG4_x = "this IPv4 address needs to show up in ifconfig"
# EXPECT_IFCONFIG6_x = "this IPv6 address needs to show up in ifconfig"
-# PING4_HOSTS_x = "these hosts musts ping when openvpn is up (IPv4 fping)"
-# PING6_HOSTS_x = "these hosts musts ping when openvpn is up (IPv6 fping6)"
+# PING4_HOSTS_x = "these hosts musts ping when openvpn is up (IPv4 fping)"
+# PING6_HOSTS_x = "these hosts musts ping when openvpn is up (IPv6 fping6)"
+#
+# hook test options:
+#
+# CHECK_SKIP_x = "commands to execute before openvpn, skip test on failure"
+# PREPARE_x = "commands to execute before openvpn"
+# POSTINIT_CMD_x = "commands to execute after openvpn but before ping"
+# CLEANUP_x = "commands to execute after the test"
+#
+# Note: all hooks are "eval"ed, so run in the original shell of the t_client.sh
+# script, not a child process.
#
# Test 1: UDP / p2mp tun
# specify IPv4+IPv6 addresses expected from server and ping targets
OPENVPN_CONF_2="$OPENVPN_BASE_P2MP --dev tun --proto tcp --remote $REMOTE --port 51194"
PING4_HOSTS_2="10.100.51.1 10.100.0.1"
PING6_HOSTS_2="2001:db8::1 2001:db8:a051::1"
-#
# run command after openvpn initialization is done - here: delay 5 seconds
POSTINIT_CMD_2="sleep 5"
+# Test 2n: TCP / p2mp tun / via NTLM proxy
+RUN_TITLE_2n="testing tun/tcp/ntlm-proxy"
+OPENVPN_CONF_2n="$OPENVPN_BASE_P2MP --dev tun --proto tcp --remote $REMOTE --port 51194
+ --http-proxy 192.168.1.2 8080 $KEYBASE/t_client_auth.txt ntlm --http-proxy-option VERSION 1.1"
+PING4_HOSTS_2n="10.100.51.1 10.100.0.1"
+PING6_HOSTS_2n="2001:db8::1 2001:db8:a051::1"
+# skip test if NTLM support is not available
+CHECK_SKIP_2n="${top_builddir}/tests/ntlm_support"
+
# Test 3: UDP / p2p tun
# ...
# main test loop
# ----------------------------------------------------------
SUMMARY_OK=
+SUMMARY_SKIP=
SUMMARY_FAIL=
for SUF in $TEST_RUN_LIST
do
# get config variables
eval test_prep=\"\$PREPARE_$SUF\"
+ eval test_check_skip=\"\$CHECK_SKIP_$SUF\"
eval test_postinit=\"\$POSTINIT_CMD_$SUF\"
eval test_cleanup=\"\$CLEANUP_$SUF\"
eval test_run_title=\"\$RUN_TITLE_$SUF\"
output_start "### test run $SUF: '$test_run_title' ###"
fail_count=0
+ if [ -n "$test_check_skip" ]; then
+ output "check whether we need to skip: '$test_check_skip'"
+ if eval $test_check_skip; then :
+ else
+ output "skip check failed, SKIP test $SUF."
+ SUMMARY_SKIP="$SUMMARY_SKIP $SUF"
+ echo -e "$outbuf" ; continue
+ fi
+ fi
+
if [ -n "$test_prep" ]; then
output "running preparation: '$test_prep'"
eval $test_prep
done
if [ -z "$SUMMARY_OK" ] ; then SUMMARY_OK=" none"; fi
+if [ -z "$SUMMARY_SKIP" ] ; then SUMMARY_SKIP=" none"; fi
if [ -z "$SUMMARY_FAIL" ] ; then SUMMARY_FAIL=" none"; fi
echo "Test sets succeeded:$SUMMARY_OK."
+echo "Test sets skipped:$SUMMARY_SKIP."
echo "Test sets failed:$SUMMARY_FAIL."
# remove trap handler
#include <stdlib.h>
#include <setjmp.h>
#include <stdint.h>
+#ifndef NO_CMOCKA
#include <cmocka.h>
-
+#endif
#include "errlevel.h"
#include "error.h"
va_end(arglist);
}
+/* Allow to use mock_msg.c outside of UT */
+#ifndef NO_CMOCKA
void
assert_failed(const char *filename, int line, const char *condition)
{
/* Keep compiler happy. Should not happen, mock_assert() does not return */
exit(1);
}
+#else /* ifndef NO_CMOCKA */
+void
+assert_failed(const char *filename, int line, const char *condition)
+{
+ msg(M_FATAL, "Assertion failed at %s:%d (%s)", filename, line, condition ? condition : "");
+ _exit(1);
+}
+#endif
+
/*
* Fail memory allocation. Don't use msg() because it tries
projects / thirdparty / openvpn.git / commitdiff
