test: add 105-nts system test

diff --git a/test/system/105-nts b/test/system/105-nts
new file mode 100755 (executable)
index 0000000..5833b2f
--- /dev/null
+++ b/test/system/105-nts
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+
+. ./test.common
+
+server_name="chrony-nts-test"
+
+check_chronyd_features NTS || test_skip "NTS support disabled"
+certtool --help &> /dev/null || test_skip "certtool missing"
+sed -i "/ $server_name\$/d" /etc/hosts && echo "$server $server_name" >> /etc/hosts || \
+       test_skip "Cannot modify /etc/hosts"
+
+check_chronyd_features PRIVDROP && user="nobody"
+
+test_start "NTS authentication"
+
+cat > $TEST_DIR/cert.cfg <<EOF
+cn = "$server_name"
+serial = 001
+activation_date = "$(date -d '1 year ago' +'%Y-%m-%d') 00:00:00 UTC"
+expiration_date = "$(date -d '1 year' +'%Y-%m-%d') 00:00:00 UTC"
+signing_key
+encryption_key
+EOF
+
+certtool --generate-privkey --key-type=ed25519 --outfile $TEST_DIR/server.key \
+       &> $TEST_DIR/certtool.log
+certtool --generate-self-signed --load-privkey $TEST_DIR/server.key \
+       --template $TEST_DIR/cert.cfg --outfile $TEST_DIR/server.crt &>> $TEST_DIR/certtool.log
+chown $user $TEST_DIR/server.*
+
+ntpport=$(get_free_port)
+ntsport=$(get_free_port)
+
+server_options="port $ntpport nts ntsport $ntsport"
+extra_chronyd_directives="
+port $ntpport
+ntsport $ntsport
+ntsserverkey $TEST_DIR/server.key
+ntsservercert $TEST_DIR/server.crt
+ntstrustedcerts $TEST_DIR/server.crt
+ntsdumpdir $TEST_LIBDIR
+ntsprocesses 3"
+
+start_chronyd || test_fail
+sleep 3
+
+run_chronyc "authdata" || test_fail
+check_chronyc_output "^Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
+=========================================================================
+127\.0\.0\.1                    NTS     1   15  256    [0-9]    0    0    [78]  100$" || test_fail
+
+stop_chronyd || test_fail
+check_chronyd_messages || test_fail
+check_chronyd_files || test_fail
+
+rm -f $TEST_LOGDIR/measurements.log
+
+server_options="port $ntpport nts ntsport $((ntsport + 1))"
+
+start_chronyd || test_fail
+sleep 2
+
+run_chronyc "authdata" || test_fail
+check_chronyc_output "^Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
+=========================================================================
+127\.0\.0\.1                    NTS     1   15  256    [0-9]    0    0    [78]  100$" || test_fail
+
+stop_chronyd || test_fail
+check_chronyd_messages || test_fail
+check_chronyd_files || test_fail
+
+test_pass

diff --git a/test/system/test.common b/test/system/test.common
index cf49bef37eb4e337646d6c455f6edfab2e357824..1e488195408052386e0b5253bd94fcce420b4cf1 100644 (file)
--- a/test/system/test.common
+++ b/test/system/test.common
@@ -97,6 +97,8 @@ default_extra_chronyd_directives=""
 default_extra_chronyd_options=""
 default_clock_control=0
 default_server=127.0.0.1
+default_server_name=127.0.0.1
+default_server_options=""
 default_user=root
 
 # Initialize test settings from their defaults
@@ -178,7 +180,7 @@ get_free_port() {
 
        while true; do
                port=$((RANDOM % 10000 + 10000))
-               netstat -aln | grep '^udp.*:'$port && continue
+               netstat -aln | grep '^\(tcp\|udp\).*[:.]'"$port " && continue
                break
        done
 
@@ -210,7 +212,7 @@ generate_chrony_conf() {
                echo "cmdallow"
                echo "local"
 
-               echo "server $server port $ntpport minpoll -6 maxpoll -6"
+               echo "server $server_name port $ntpport minpoll -6 maxpoll -6 $server_options"
 
                [ "$server" = "127.0.0.1" ] && echo "bindacqaddress $server"
                echo "bindaddress 127.0.0.1"