#!/bin/sh
BOOT_WAIT_DEFAULT=25
# set GO_PLAY_KIDS to no to perform all tests.
GO_PLAY_KIDS=yes
YESCOUNT=0
NOCOUNT=0
WHISPERSSOCK=/run/whispers/unix-sockets/whispers.sock
VPNSOCK=/run/whispers/vpn/unix-sockets/vpn.sock
REGISTERSLEEP=10
TESTREGISTERSLEEP=4
CONNECTSLEEP=20
TESTCONNECTSLEEP=10
function testcount()
{
test $1 = $2 && echo SUCCESS || echo FAILED
test $1 = $2 && YESCOUNT=$(($YESCOUNT + 1)) || NOCOUNT=$(($NOCOUNT + 1))
}
function dirtyssh()
{
ssh -q \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
-p $1 \
root@localhost \
"$2"
}
function herd_service_status()
{
echo "herd status of $2 on ${VM[$1]}:"
dirtyssh ${PORT[$1]} "herd status $2"
echo
}
function herd_test_service_status()
{
echo "Test if the $2 service is $3 on ${VM[$1]}."
RESULT=$(herd_service_status $1 $2 | awk -- 'BEGIN{FS="[. ]"} ; /It is '$3'/ {print $5}')
testcount ${RESULT} $3
}
function whispers_service_status()
{
echo "herd status of $3/$2 on ${VM[$1]}:"
dirtyssh ${PORT[$1]} "herd -s \\
/run/whispers/$3/unix-sockets/*.sock status $2"
echo
}
function whispers_test_service_status()
{
echo "Test if the $3/$2 service is $4 on ${VM[$1]}."
RESULT=$(whispers_service_status $1 $2 $3 | awk -- 'BEGIN{FS="[. ]"} ; /It is '$4'/ {print $5}')
testcount ${RESULT} $4
}
function test_forward()
{
echo "From ${VM[$1]}, take forward opened by
${VM[$2]} to connect to ${VM[$3]} through
sshd of ${VM[$4]}."
EXITHOST=reset
EXITHOST=$(dirtyssh \
${PORT[$1]} \
"ssh -q \\
-o UserKnownHostsFile=/dev/null \\
-o StrictHostKeyChecking=no \\
-p $5 \\
root@$6 \\
hostname")
echo "Host name at forward exit: ${EXITHOST}, expected: ${VM[$3]}"
testcount ${EXITHOST} ${VM[$3]}
}
function test_forwards()
{
# echo "*** REVERSE PORT FORWARD TESTS"
# echo
# test_forward $WILD01 \
# $CLIENT01 \
# $CLIENT01 \
# $SOCKS \
# ${EXTRAPORT_HOST[$SOCKS]} \
# 10.0.2.2
# echo
# echo
echo "*** PORT FORWARD TESTS"
echo
test_forward $CLIENT02 \
$CLIENT02 \
$VPN_SERVER \
$VPN_SERVER \
36492 \
localhost
echo
echo
}
function test_book_dummy_user()
{
echo "Book a hostname $2 in the network state of ${VM[$1]}, test
that hostnme $2 has booked one and one one voucher."
dirtyssh ${PORT[$1]} "herd -s $VPNSOCK book-client network-rw $2"
COUNT=reset
COUNT=$(dirtyssh \
${PORT[$1]} \
"herd -s $VPNSOCK display-network-state network-rw \\
| grep -c \"client-hostname $2\"")
echo "Number of booked vouchers for $2: ${COUNT}, expected: 1"
testcount ${COUNT} 1
echo
}
function tests_book_free_dummy_users()
{
echo "*** TEST DUMMY VOUCHER BOOKING BY ${VM[$VPN_SERVER]}"
echo
test_book_dummy_user $1 $2
test_book_dummy_user $1 $2
test_book_dummy_user $1 $3
test_book_dummy_user $1 $2
test_book_dummy_user $1 $3
test_book_dummy_user $1 $2
test_book_dummy_user $1 $4
test_book_dummy_user $1 $2
test_book_dummy_user $1 $4
test_free_dummy_user $1 $3
test_free_dummy_user $1 $2
test_book_dummy_user $1 $3
test_book_dummy_user $1 $3
test_free_dummy_user $1 $2
test_free_dummy_user $1 $3
test_book_dummy_user $1 $4
test_free_dummy_user $1 $4
test_free_dummy_user $1 $2
test_free_dummy_user $1 $2
test_book_dummy_user $1 $2
test_free_dummy_user $1 $2
test_free_dummy_user $1 $3
test_free_dummy_user $1 $4
echo
}
function test_free_dummy_user()
{
echo "Free a hostname $2 in the network state of ${VM[$1]}, test
that hostnme $2 has no booked voucher."
dirtyssh ${PORT[$1]} "herd -s $VPNSOCK free-client-booking network-rw $2"
COUNT=reset
COUNT=$(dirtyssh \
${PORT[$1]} \
"herd -s $VPNSOCK display-network-state network-rw \\
| grep -c \"client-hostname $2\"")
echo "Number of booked vouchers for $2: ${COUNT}, expected: 0"
testcount ${COUNT} 0
echo
}
function tests_register()
{
echo "Register ${VM[$1]} as a prospective client in its configured
VPN network."
dirtyssh ${PORT[$1]} "herd -s $WHISPERSSOCK register vpn"
sleep $REGISTERSLEEP
echo "Test that hostname ${VM[$1]} has booked one and
only one voucher."
COUNT=reset
COUNT=$(dirtyssh \
${PORT[$1]} \
"herd -s $VPNSOCK display-network-state network-rw \\
| grep -c \"client-hostname ${VM[$1]}\"")
echo "Number of booked vouchers for ${VM[$1]}: ${COUNT}, expected: 1"
testcount ${COUNT} 1
sleep $TESTREGISTERSLEEP
whispers_test_service_status $1 registered vpn running
whispers_test_service_status $1 unregistered vpn stopped
whispers_test_service_status $1 connecting vpn stopped
whispers_test_service_status $1 disconnecting vpn stopped
whispers_test_service_status $1 registering vpn stopped
whispers_test_service_status $1 unregistering vpn stopped
echo
}
function tests_unregister()
{
echo "Unregister ${VM[$1]} from its configured VPN network."
dirtyssh ${PORT[$1]} "herd -s $WHISPERSSOCK unregister vpn"
sleep $REGISTERSLEEP
echo "Test that hostname ${VM[$1]} has no booked voucher."
COUNT=reset
COUNT=$(dirtyssh \
${PORT[$1]} \
"herd -s $VPNSOCK display-network-state network-rw \\
| grep -c \"client-hostname ${VM[$1]}\"")
echo "Number of booked vouchers for ${VM[$1]}: ${COUNT}, expected: 0"
testcount ${COUNT} 0
sleep $TESTREGISTERSLEEP
whispers_test_service_status $1 registered vpn stopped
whispers_test_service_status $1 unregistered vpn running
whispers_test_service_status $1 connecting vpn stopped
whispers_test_service_status $1 disconnecting vpn stopped
whispers_test_service_status $1 registering vpn stopped
whispers_test_service_status $1 unregistering vpn stopped
echo
}
function tests_register_unregister()
{
echo "*** REGISTRATION AND UNREGISTRATION TESTS"
echo
tests_register $1
tests_register $1
tests_register $2
tests_register $1
tests_unregister $1
tests_unregister $1
tests_unregister $2
tests_unregister $1
tests_register $1
tests_register $1
tests_register $2
tests_register $1
tests_unregister $1
tests_unregister $1
tests_unregister $2
tests_unregister $1
echo
}
function test_connect_propagate()
{
if dirtyssh \
${PORT[$2]} \
"herd -s $VPNSOCK display-network-state network-rw \\
| grep ${VM[$2]} \\
| grep \"connected. #t\"" > /dev/null
then
AUX=${VM[$2]}
else
AUX=${VM[$1]}
fi
echo "Test that ${VM[$1]} is connected in ${AUX}'s network state."
COUNT=reset
COUNT=$(dirtyssh \
${PORT[$1]} \
"herd -s $VPNSOCK display-network-state network-rw \\
| grep ${AUX} \\
| grep -c \"connected. #t\"")
echo "Number of connected vouchers for ${AUX}: ${COUNT}, expected: 1"
testcount ${COUNT} 1
sleep $TESTCONNECTSLEEP
}
function server_tun()
{
dirtyssh \
${PORT[$VPN_SERVER]}
"herd -s $VPNSOCK display-network-state network-rw" \
| grep ${VM[$1]} \
| sed 's/.*tun-edvice-number ([0-9]*)/tun\1/'
}
function tests_connect()
{
echo "Connect ${VM[$1]} as a VPN client of the VPN network."
dirtyssh ${PORT[$1]} "herd -s $WHISPERSSOCK connect vpn"
sleep $CONNECTSLEEP
echo "Test that ${VM[$1]} has a tun interface."
COUNT=reset
COUNT=$(dirtyssh \
${PORT[$1]} \
"ip addr \\
| grep -c \": tun\"")
echo "Number of tun interfaces for ${VM[$1]}: ${COUNT}, expected: 1"
testcount ${COUNT} 1
sleep $TESTCONNECTSLEEP
test_connect_propagate $1 $1
test_connect_propagate $1 $2
whispers_test_service_status $1 connected vpn running
whispers_test_service_status $1 disconnected vpn stopped
whispers_test_service_status $1 registered vpn running
whispers_test_service_status $1 unregistered vpn stopped
whispers_test_service_status $1 connecting vpn stopped
whispers_test_service_status $1 disconnecting vpn stopped
whispers_test_service_status $1 registering vpn stopped
whispers_test_service_status $1 unregistering vpn stopped
echo
}
function tests_manual_register_connect
{
echo "*** REGISTER THEN CONNECT CLIENTS TESTS"
echo
tests_register $1
tests_connect $1 $2
tests_register $1
tests_connect $1 $2
tests_register $2
tests_connect $2 $1
tests_register $2
tests_connect $2 $1
tests_register $2
tests_connect $2 $1
tests_register $1
tests_connect $1 $2
echo
}
function tests_disconnect()
{
echo "Disconnect ${VM[$1]} as a VPN client of the VPN network."
dirtyssh ${PORT[$1]} "herd -s $WHISPERSSOCK disconnect vpn"
sleep $CONNECTSLEEP
whispers_test_service_status $1 connected vpn stopped
whispers_test_service_status $1 disconnected vpn running
whispers_test_service_status $1 registered vpn running
whispers_test_service_status $1 unregistered vpn stopped
whispers_test_service_status $1 connecting vpn stopped
whispers_test_service_status $1 disconnecting vpn stopped
whispers_test_service_status $1 registering vpn stopped
whispers_test_service_status $1 unregistering vpn stopped
echo
}
function tests_disconnects_connects
{
echo "*** DISCONNECT THEN RECONNECT CLIENTS TESTS"
echo
tests_disconnect $1
tests_disconnect $1
tests_connect $1 $2
tests_connect $1 $2
tests_disconnect $2
tests_disconnect $2
tests_disconnect $2
tests_connect $2 $1
tests_connect $2 $1
tests_disconnect $2
tests_disconnect $2
echo
}
function tests_direct_connects
{
echo "*** DIRECT CONNECT CLIENTS TESTS"
echo
tests_unregister $1
tests_unregister $2
tests_connect $1 $2
tests_connect $2 $1
echo
}
function tests_disconnects_unregisters
{
echo "*** DISCONNECT THEN UNREGISTER CLIENTS TESTS"
echo
tests_disconnect $1
tests_disconnect $1
tests_unregister $1
tests_unregister $1
tests_disconnect $2
tests_disconnect $2
tests_disconnect $2
tests_unregister $2
tests_unregister $2
echo
}
echo "*** DEFINING VM INSTANCIATION ARRAYS"
echo
I=0
WILD=$I
VM[$I]=wild
echo "* VM: ${VM[$I]}"
EXTRA_SERVICES[$I]=""
PORT[$I]=$((10022+$I))
EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000))
EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000))
ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000))
ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000))
EXTRA_PACKAGES[$I]=" iproute
iptables"
echo
I=$(($I+1))
VPN_SERVER=$I
VM[$I]=vpn
echo "* VM: ${VM[$I]}"
ALLOW_GATEWAY[$I]="yes"
EXTRA_SERVICES[$I]=""
PORT[$I]=$((10022+$I))
EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000))
EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000))
ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000))
ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000))
ALLOW_TUNDEV[$I]=yes
EXTRA_PACKAGES[$I]=" iproute
iptables"
EXTRA_SERVICES[$I]="
(service whispers-vpn-service-type)"
echo
I=$(($I+1))
SOCKS=$I
VM[$I]=socks
echo "* VM: ${VM[$I]}"
ALLOW_GATEWAY[$I]="yes"
BOOT_WAIT[$I]=25
EXTRA_SERVICES[$I]=""
PORT[$I]=$((10022+$I))
EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000))
EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000))
ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000))
ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000))
EXTRA_PACKAGES[$I]=" iproute
iptables"
echo
I=$(($I+1))
CLIENT01=$I
VM[$I]=client01
echo "* VM: ${VM[$I]}"
PORT[$I]=$((10022+$I))
EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000))
EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000))
ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000))
ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000))
EXTRA_PACKAGES[$I]=" iproute
iptables"
EXTRA_SERVICES[$I]="
(service elogind-service-type)
(service whispers-vpn-service-type
(whispers-vpn-configuration
(client? #t)
(server-sshd-host \"10.0.2.2\")
(server-sshd-port ${PORT[$VPN_SERVER]})
(forward-exit-port 22)
(%auto-register? #f)))"
echo
I=$(($I+1))
CLIENT02=$I
VM[$I]=client02
echo "* VM: ${VM[$I]}"
PORT[$I]=$((10022+$I))
EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000))
EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000))
ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000))
ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000))
EXTRA_PACKAGES[$I]=" iproute
iptables"
EXTRA_SERVICES[$I]="
(service whispers-vpn-service-type
(whispers-vpn-configuration
(client? #t)
(stealth? #t)
(server-sshd-host \"10.0.2.2\")
(server-sshd-port ${PORT[$VPN_SERVER]})
(forward-exit-port 22)
(proxy-sshd-host \"10.0.2.2\")
(proxy-sshd-port ${PORT[$VPN_SERVER]})
(%auto-register? #f)))"
echo
for I in ${!PORT[@]}
do
EXTRACONTENT[$I]=""
if [ -v ALLOW_TUNDEV[$I] ]
then
EXTRACONTENT[$I]="
(extra-content \"
PermitTunnel=point-to-point\")"
fi
GATEWAY[$I]=""
if [ -v ALLOW_GATEWAY[$I] ]
then
GATEWAY[$I]="
(gateway-ports? #t)"
fi
WAIT[$I]=$BOOT_WAIT_DEFAULT
if [ -v BOOT_WAIT[$I] ]
then
WAIT[$I]=${BOOT_WAIT[$I]}
fi
done
echo
echo "*** CONCATENATING SYSTEM CONFIGURATIONS"
echo
for I in ${!PORT[@]}
do
echo "* VM: ${VM[$I]}"
echo "(use-modules (guix records)
(gnu)
(whispers services whispers vpn)
(whispers services ssh-tunneler)
(whispers services whispers)
(whispers services ssh)
(whispers services whispers ssh))
(use-service-modules networking desktop)
(use-package-modules ssh networking linux scm-runciter)
(operating-system
(host-name \"${VM[$I]}\")
(timezone \"Asia/Shanghai\")
(locale \"en_US.utf8\")
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(targets '(\"/dev/sda\"))))
(file-systems (cons (file-system
(device (file-system-label \"root\"))
(mount-point \"/\")
(type \"ext4\"))
%base-file-systems))
(users %base-user-accounts)
(packages (append %base-packages
(list${EXTRA_PACKAGES[$I]})))
(services
(append
(list (service dhcp-client-service-type)
(service openssh-service-type
(openssh-configuration
(permit-root-login #t)
(allow-empty-passwords? #t)
(openssh openssh-sans-x)
(port-number 22)${GATEWAY[$I]}${EXTRACONTENT[$I]}))
(service whispers-service-type)
(service
whispers-ssh-service-type
(whispers-ssh-configuration
(users-groups-keys-forwards
(append
(list
(ssh-user-group-keys-forwards
(user-and-group (whispers-user-group
(user \"root\")
(group \"root\")))
(keys '(\"root/.ssh/id_rsa\"))))))))${EXTRA_SERVICES[$I]})
%base-services)))" > /tmp/${VM[$I]}.scm
echo
done
echo
echo "*** INSTANCIATING VMs"
echo
for I in ${!PORT[@]}
do
echo "* VM: ${VM[$I]}"
VMRUN[$I]=$(guix system vm /tmp/${VM[$I]}.scm)
echo
done
echo
echo "*** SILENTLY BOOTING VMs..."
echo
for I in ${!PORT[@]}
do
NICSTANCE=-"nic user,model=virtio-net-pci,hostfwd=tcp::${PORT[$I]}-:22,hostfwd=tcp::${EXTRAPORT_HOST[$I]}-:${EXTRAPORT_VM[$I]},hostfwd=tcp::${ULTIMAPORT_HOST[$I]}-:${ULTIMAPORT_VM[$I]}"
if [ $I = $VPN_SERVER ]
then
for CURPORT in $VPNPORTS
do
NICSTANCE=${NICSTANCE},hostfwd=tcp::${CURPORT}-:${CURPORT}
done
fi
echo "* VM: ${VM[$I]}"
${VMRUN[$I]} \
$NICSTANCE \
-display none &
sleep ${WAIT[$I]}
echo
done
echo
echo "*** SETTING PASSWORDLESS LOGIN FOR WHISPERS USERS"
echo
echo "* VM: ${VM[$VPN_SERVER]}"
dirtyssh ${PORT[$VPN_SERVER]} 'passwd -d whispers'
echo
echo "* VM: ${VM[$CLIENT01]}"
dirtyssh ${PORT[$CLIENT01]} 'passwd -d whispers'
echo
echo "* VM: ${VM[$CLIENT02]}"
dirtyssh ${PORT[$CLIENT02]} 'passwd -d whispers'
echo
echo
function full_sshagent_reports_tests()
{
echo "*** GENERATING AND ADDING ROOT SSH PRIVATE KEYS"
echo
for I in ${!PORT[@]}
do
echo "* VM: ${VM[$I]}"
dirtyssh ${PORT[$I]} 'ssh-keygen -t rsa -N "" -f /root/.ssh/id_rsa'
dirtyssh ${PORT[$I]} \
'herd -s '$WHISPERSSOCK' restart ssh'
echo
done
echo
echo "*** REPORTING SHEPHERD STATUS"
echo
for I in ${!PORT[@]}
do
echo "* VM: ${VM[$I]}"
dirtyssh ${PORT[$I]} 'herd status'
echo
done
echo
echo "*** REPORTING NETWORK INTERFACES"
echo
for I in ${!PORT[@]}
do
echo "* VM: ${VM[$I]}"
dirtyssh ${PORT[$I]} 'ip addr show'
echo
done
echo
echo "*** REPORTING ROUTES"
echo
for I in ${!PORT[@]}
do
echo "* VM: ${VM[$I]}"
dirtyssh ${PORT[$I]} 'ip route'
echo
done
echo
tests_book_free_dummy_users $VPN_SERVER dummy dump-dumb dumber
tests_register_unregister $CLIENT02 $CLIENT01
tests_manual_register_connect $CLIENT01 $CLIENT02
tests_disconnects_connects $CLIENT01 $CLIENT02
tests_disconnects_unregisters $CLIENT01 $CLIENT02
tests_direct_connects $CLIENT01 $CLIENT02
}
if [[ foo$GO_PLAY_KIDS == foono ]]
then
full_sshagent_reports_tests
echo
fi
echo "*** CONNECTING CLIENTS"
echo
dirtyssh ${PORT[$CLIENT01]} "herd -s $WHISPERSSOCK connect vpn"
sleep $CONNECTSLEEP
echo
dirtyssh ${PORT[$CLIENT02]} "herd -s $WHISPERSSOCK connect vpn"
sleep $CONNECTSLEEP
echo
echo
echo "*** TESTS SUMMARRY"
echo
echo Successes: $YESCOUNT
echo Failures: $NOCOUNT
echo
echo
echo "You can ssh into the VMs from another terminal of this host"
for I in ${!PORT[@]}
do
echo "* VM: ${VM[$I]}, port: ${PORT[$I]}"
done
echo
read -n 1 -r -s -p "When done playing, press any key to halt the VMs..."
echo
echo
echo "*** HALTING VMs"
echo
for I in ${!PORT[@]}
do
echo "* VM: ${VM[$I]}"
dirtyssh ${PORT[$I]} halt
echo
done
