From 3456c89ac26872f4befa2bdf7c260529932e3909 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 Feb 2024 15:08:22 +0100
Subject: [PATCH] test: add a simple test for MaxConnectionsPerSocket=

---
 test/units/testsuite-74.socket.sh | 75 +++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100755 test/units/testsuite-74.socket.sh

diff --git a/test/units/testsuite-74.socket.sh b/test/units/testsuite-74.socket.sh
new file mode 100755
index 00000000000..b9f0e828997
--- /dev/null
+++ b/test/units/testsuite-74.socket.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# shellcheck disable=SC2016
+set -eux
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+at_exit() {
+    systemctl stop per-source-limit.socket
+    rm -f /run/systemd/system/per-source-limit.socket /run/systemd/system/per-source-limit@.service
+    rm -f /tmp/foo.conn1 /tmp/foo.conn2 /tmp/foo.conn3 /tmp/foo.conn4
+    systemctl daemon-reload
+}
+
+trap at_exit EXIT
+
+cat > /run/systemd/system/per-source-limit.socket <<EOF
+[Socket]
+ListenStream=/run/per-source-limit.sk
+MaxConnectionsPerSource=2
+Accept=yes
+EOF
+
+cat > /run/systemd/system/per-source-limit@.service <<EOF
+[Unit]
+BindsTo=per-source-limit.socket
+After=per-source-limit.socket
+
+[Service]
+ExecStartPre=echo waldo
+ExecStart=sleep infinity
+StandardOutput=socket
+EOF
+
+systemctl daemon-reload
+systemctl start per-source-limit.socket
+
+# So these two should take up the first two connection slots
+socat - UNIX-CONNECT:/run/per-source-limit.sk > /tmp/foo.conn1 &
+J1="$!"
+socat - UNIX-CONNECT:/run/per-source-limit.sk > /tmp/foo.conn2 &
+J2="$!"
+
+waitfor() {
+    while ! grep -q "waldo" "$1" ; do
+        sleep .2
+    done
+}
+
+# Wait until the word "waldo" shows in the output files
+waitfor /tmp/foo.conn1
+waitfor /tmp/foo.conn2
+
+# The next connection should fail, because the limit is hit
+socat - UNIX-CONNECT:/run/per-source-limit.sk > /tmp/foo.conn3 &
+J3="$!"
+
+# But this one should work, because done under a differen UID
+setpriv --reuid=1 socat - UNIX-CONNECT:/run/per-source-limit.sk > /tmp/foo.conn4 &
+J4="$!"
+
+waitfor /tmp/foo.conn4
+
+# The third job should fail quickly, wait for it
+wait "$J3"
+
+# The other jobs will hang forever, since we run "sleep infinity" on the server side. Let's kill the jobs now.
+kill "$J1"
+kill "$J2"
+kill "$J4"
+
+# The 3rd connection should not have seen "waldo", since it should have been refused too early
+(! grep -q "waldo" /tmp/foo.conn3 )
-- 
2.47.3