diff options
author | Runciter | 2024-10-24 21:36:24 +0800 |
---|---|---|
committer | Runciter | 2024-10-24 21:36:24 +0800 |
commit | 4aadbabc923505d54d70449940d863fe0443f046 (patch) | |
tree | f52becb24598edfd63ca610f2e0328bf6db302d0 /whispers-vpn-tests | |
download | whispers-tests-4aadbabc923505d54d70449940d863fe0443f046.tar.gz |
Initial.v0.1
A AUTHORS
A COPYING
A ChangeLog
A INSTALL
A Makefile.am
A Makefile.in
A NEWS
A README
A aclocal.m4
A configure
A configure.ac
A install-sh
A missing
A whispers-tree-tests
A whispers-vpn-tests
Diffstat (limited to 'whispers-vpn-tests')
-rwxr-xr-x | whispers-vpn-tests | 698 |
1 files changed, 698 insertions, 0 deletions
diff --git a/whispers-vpn-tests b/whispers-vpn-tests new file mode 100755 index 0000000..5ecb93f --- /dev/null +++ b/whispers-vpn-tests @@ -0,0 +1,698 @@ +#!/bin/sh + +BOOT_WAIT_DEFAULT=25 +# set GO_PLAY_KIDS to no to perform all tests. +GO_PLAY_KIDS=no + +YESCOUNT=0 +NOCOUNT=0 + +WHISPERSSOCK=/run/whispers/unix-sockets/whispers.sock +VPNSOCK=/run/whispers/vpn/unix-sockets/vpn.sock + +REGISTERSLEEP=10 +TESTREGISTERSLEEP=4 +CONNECTSLEEP=20 +TESTCONNECTSLEEP=10 + +function testcount() +{ + test $1 = $2 && echo SUCCESS || echo FAILED + test $1 = $2 && YESCOUNT=$(($YESCOUNT + 1)) || NOCOUNT=$(($NOCOUNT + 1)) +} + +function dirtyssh() +{ + ssh -q \ + -o UserKnownHostsFile=/dev/null \ + -o StrictHostKeyChecking=no \ + -p $1 \ + root@localhost \ + "$2" +} + +function herd_service_status() +{ + echo "herd status of $2 on ${VM[$1]}:" + dirtyssh ${PORT[$1]} "herd status $2" + echo +} + +function herd_test_service_status() +{ + echo "Test if the $2 service is $3 on ${VM[$1]}." + RESULT=$(herd_service_status $1 $2 | awk -- 'BEGIN{FS="[. ]"} ; /It is '$3'/ {print $5}') + testcount ${RESULT} $3 +} + +function whispers_service_status() +{ + echo "herd status of $3/$2 on ${VM[$1]}:" + dirtyssh ${PORT[$1]} "herd -s \\ + /run/whispers/$3/unix-sockets/*.sock status $2" + echo +} + +function whispers_test_service_status() +{ + echo "Test if the $3/$2 service is $4 on ${VM[$1]}." + RESULT=$(whispers_service_status $1 $2 $3 | awk -- 'BEGIN{FS="[. ]"} ; /It is '$4'/ {print $5}') + testcount ${RESULT} $4 +} + +function test_forward() +{ + echo "From ${VM[$1]}, take forward opened by +${VM[$2]} to connect to ${VM[$3]} through +sshd of ${VM[$4]}." + EXITHOST=reset + EXITHOST=$(dirtyssh \ + ${PORT[$1]} \ + "ssh -q \\ + -o UserKnownHostsFile=/dev/null \\ + -o StrictHostKeyChecking=no \\ + -p $5 \\ + root@$6 \\ + hostname") + echo "Host name at forward exit: ${EXITHOST}, expected: ${VM[$3]}" + testcount ${EXITHOST} ${VM[$3]} +} + +function test_forwards() +{ + # echo "*** REVERSE PORT FORWARD TESTS" + # echo + # test_forward $WILD01 \ + # $CLIENT01 \ + # $CLIENT01 \ + # $SOCKS \ + # ${EXTRAPORT_HOST[$SOCKS]} \ + # 10.0.2.2 + # echo + # echo + echo "*** PORT FORWARD TESTS" + echo + test_forward $CLIENT02 \ + $CLIENT02 \ + $VPN_SERVER \ + $VPN_SERVER \ + 36492 \ + localhost + echo + echo +} + +function test_book_dummy_user() +{ + echo "Book a hostname $2 in the network state of ${VM[$1]}, test +that hostnme $2 has booked one and one one voucher." + dirtyssh ${PORT[$1]} "herd -s $VPNSOCK book-client network-rw $2" + COUNT=reset + COUNT=$(dirtyssh \ + ${PORT[$1]} \ + "herd -s $VPNSOCK display-network-state network-rw \\ + | grep -c \"client-hostname $2\"") + echo "Number of booked vouchers for $2: ${COUNT}, expected: 1" + testcount ${COUNT} 1 + echo +} + +function tests_book_free_dummy_users() +{ + echo "*** TEST DUMMY VOUCHER BOOKING BY ${VM[$VPN_SERVER]}" + echo + test_book_dummy_user $1 $2 + test_book_dummy_user $1 $2 + test_book_dummy_user $1 $3 + test_book_dummy_user $1 $2 + test_book_dummy_user $1 $3 + test_book_dummy_user $1 $2 + test_book_dummy_user $1 $4 + test_book_dummy_user $1 $2 + test_book_dummy_user $1 $4 + test_free_dummy_user $1 $3 + test_free_dummy_user $1 $2 + test_book_dummy_user $1 $3 + test_book_dummy_user $1 $3 + test_free_dummy_user $1 $2 + test_free_dummy_user $1 $3 + test_book_dummy_user $1 $4 + test_free_dummy_user $1 $4 + test_free_dummy_user $1 $2 + test_free_dummy_user $1 $2 + test_book_dummy_user $1 $2 + test_free_dummy_user $1 $2 + test_free_dummy_user $1 $3 + test_free_dummy_user $1 $4 + echo +} + +function test_free_dummy_user() +{ + echo "Free a hostname $2 in the network state of ${VM[$1]}, test +that hostnme $2 has no booked voucher." + dirtyssh ${PORT[$1]} "herd -s $VPNSOCK free-client-booking network-rw $2" + COUNT=reset + COUNT=$(dirtyssh \ + ${PORT[$1]} \ + "herd -s $VPNSOCK display-network-state network-rw \\ + | grep -c \"client-hostname $2\"") + echo "Number of booked vouchers for $2: ${COUNT}, expected: 0" + testcount ${COUNT} 0 + echo +} + +function tests_register() +{ + echo "Register ${VM[$1]} as a prospective client in its configured +VPN network." + dirtyssh ${PORT[$1]} "herd -s $WHISPERSSOCK register vpn" + sleep $REGISTERSLEEP + echo "Test that hostname ${VM[$1]} has booked one and +only one voucher." + COUNT=reset + COUNT=$(dirtyssh \ + ${PORT[$1]} \ + "herd -s $VPNSOCK display-network-state network-rw \\ + | grep -c \"client-hostname ${VM[$1]}\"") + echo "Number of booked vouchers for ${VM[$1]}: ${COUNT}, expected: 1" + testcount ${COUNT} 1 + sleep $TESTREGISTERSLEEP + whispers_test_service_status $1 registered vpn running + whispers_test_service_status $1 unregistered vpn stopped + whispers_test_service_status $1 connecting vpn stopped + whispers_test_service_status $1 disconnecting vpn stopped + whispers_test_service_status $1 registering vpn stopped + whispers_test_service_status $1 unregistering vpn stopped + echo +} + +function tests_unregister() +{ + echo "Unregister ${VM[$1]} from its configured VPN network." + dirtyssh ${PORT[$1]} "herd -s $WHISPERSSOCK unregister vpn" + sleep $REGISTERSLEEP + echo "Test that hostname ${VM[$1]} has no booked voucher." + COUNT=reset + COUNT=$(dirtyssh \ + ${PORT[$1]} \ + "herd -s $VPNSOCK display-network-state network-rw \\ + | grep -c \"client-hostname ${VM[$1]}\"") + echo "Number of booked vouchers for ${VM[$1]}: ${COUNT}, expected: 0" + testcount ${COUNT} 0 + sleep $TESTREGISTERSLEEP + whispers_test_service_status $1 registered vpn stopped + whispers_test_service_status $1 unregistered vpn running + whispers_test_service_status $1 connecting vpn stopped + whispers_test_service_status $1 disconnecting vpn stopped + whispers_test_service_status $1 registering vpn stopped + whispers_test_service_status $1 unregistering vpn stopped + echo +} + +function tests_register_unregister() +{ + echo "*** REGISTRATION AND UNREGISTRATION TESTS" + echo + tests_register $1 + tests_register $1 + tests_register $2 + tests_register $1 + tests_unregister $1 + tests_unregister $1 + tests_unregister $2 + tests_unregister $1 + tests_register $1 + tests_register $1 + tests_register $2 + tests_register $1 + tests_unregister $1 + tests_unregister $1 + tests_unregister $2 + tests_unregister $1 + echo +} + +function test_connect_propagate() +{ + if dirtyssh \ + ${PORT[$2]} \ + "herd -s $VPNSOCK display-network-state network-rw \\ + | grep ${VM[$2]} \\ + | grep \"connected. #t\"" > /dev/null + then + AUX=${VM[$2]} + else + AUX=${VM[$1]} + fi + echo "Test that ${VM[$1]} is connected in ${AUX}'s network state." + COUNT=reset + COUNT=$(dirtyssh \ + ${PORT[$1]} \ + "herd -s $VPNSOCK display-network-state network-rw \\ + | grep ${AUX} \\ + | grep -c \"connected. #t\"") + echo "Number of connected vouchers for ${AUX}: ${COUNT}, expected: 1" + testcount ${COUNT} 1 + sleep $TESTCONNECTSLEEP +} + +function server_tun() +{ + dirtyssh \ + ${PORT[$VPN_SERVER]} + "herd -s $VPNSOCK display-network-state network-rw" \ + | grep ${VM[$1]} \ + | sed 's/.*tun-edvice-number ([0-9]*)/tun\1/' +} + +function tests_connect() +{ + echo "Connect ${VM[$1]} as a VPN client of the VPN network." + dirtyssh ${PORT[$1]} "herd -s $WHISPERSSOCK connect vpn" + sleep $CONNECTSLEEP + echo "Test that ${VM[$1]} has a tun interface." + COUNT=reset + COUNT=$(dirtyssh \ + ${PORT[$1]} \ + "ip addr \\ + | grep -c \": tun\"") + echo "Number of tun interfaces for ${VM[$1]}: ${COUNT}, expected: 1" + testcount ${COUNT} 1 + sleep $TESTCONNECTSLEEP + test_connect_propagate $1 $1 + test_connect_propagate $1 $2 + whispers_test_service_status $1 connected vpn running + whispers_test_service_status $1 disconnected vpn stopped + whispers_test_service_status $1 registered vpn running + whispers_test_service_status $1 unregistered vpn stopped + whispers_test_service_status $1 connecting vpn stopped + whispers_test_service_status $1 disconnecting vpn stopped + whispers_test_service_status $1 registering vpn stopped + whispers_test_service_status $1 unregistering vpn stopped + echo +} + +function tests_manual_register_connect +{ + echo "*** REGISTER THEN CONNECT CLIENTS TESTS" + echo + tests_register $1 + tests_connect $1 $2 + tests_register $1 + tests_connect $1 $2 + tests_register $2 + tests_connect $2 $1 + tests_register $2 + tests_connect $2 $1 + tests_register $2 + tests_connect $2 $1 + tests_register $1 + tests_connect $1 $2 + echo +} + +function tests_disconnect() +{ + echo "Disconnect ${VM[$1]} as a VPN client of the VPN network." + dirtyssh ${PORT[$1]} "herd -s $WHISPERSSOCK disconnect vpn" + sleep $CONNECTSLEEP + whispers_test_service_status $1 connected vpn stopped + whispers_test_service_status $1 disconnected vpn running + whispers_test_service_status $1 registered vpn running + whispers_test_service_status $1 unregistered vpn stopped + whispers_test_service_status $1 connecting vpn stopped + whispers_test_service_status $1 disconnecting vpn stopped + whispers_test_service_status $1 registering vpn stopped + whispers_test_service_status $1 unregistering vpn stopped + echo +} + +function tests_disconnects_connects +{ + echo "*** DISCONNECT THEN RECONNECT CLIENTS TESTS" + echo + tests_disconnect $1 + tests_disconnect $1 + tests_connect $1 $2 + tests_connect $1 $2 + tests_disconnect $2 + tests_disconnect $2 + tests_disconnect $2 + tests_connect $2 $1 + tests_connect $2 $1 + tests_disconnect $2 + tests_disconnect $2 + echo +} + +function tests_direct_connects +{ + echo "*** DIRECT CONNECT CLIENTS TESTS" + echo + tests_unregister $1 + tests_unregister $2 + tests_connect $1 $2 + tests_connect $2 $1 + echo +} + +function tests_disconnects_unregisters +{ + echo "*** DISCONNECT THEN UNREGISTER CLIENTS TESTS" + echo + tests_disconnect $1 + tests_disconnect $1 + tests_unregister $1 + tests_unregister $1 + tests_disconnect $2 + tests_disconnect $2 + tests_disconnect $2 + tests_unregister $2 + tests_unregister $2 + echo +} + +echo "*** DEFINING VM INSTANCIATION ARRAYS" +echo + +I=0 +WILD=$I + +VM[$I]=wild +echo "* VM: ${VM[$I]}" +EXTRA_SERVICES[$I]="" +PORT[$I]=$((10022+$I)) +EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000)) +EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000)) +ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000)) +ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000)) +EXTRA_PACKAGES[$I]=" iproute + iptables" +echo + +I=$(($I+1)) +VPN_SERVER=$I + +VM[$I]=vpn +echo "* VM: ${VM[$I]}" +ALLOW_GATEWAY[$I]="yes" +EXTRA_SERVICES[$I]="" +PORT[$I]=$((10022+$I)) +EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000)) +EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000)) +ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000)) +ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000)) +ALLOW_TUNDEV[$I]=yes +EXTRA_PACKAGES[$I]=" iproute + iptables" +EXTRA_SERVICES[$I]=" + (service whispers-vpn-service-type)" +echo + +I=$(($I+1)) +SOCKS=$I + +VM[$I]=socks +echo "* VM: ${VM[$I]}" +ALLOW_GATEWAY[$I]="yes" +BOOT_WAIT[$I]=25 +EXTRA_SERVICES[$I]="" +PORT[$I]=$((10022+$I)) +EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000)) +EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000)) +ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000)) +ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000)) +EXTRA_PACKAGES[$I]=" iproute + iptables" +echo + +I=$(($I+1)) +CLIENT01=$I + +VM[$I]=client01 +echo "* VM: ${VM[$I]}" +PORT[$I]=$((10022+$I)) +EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000)) +EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000)) +ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000)) +ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000)) +EXTRA_PACKAGES[$I]=" iproute + iptables" +EXTRA_SERVICES[$I]=" + (service elogind-service-type) + (service whispers-vpn-service-type + (whispers-vpn-configuration + (client? #t) + (server-sshd-host \"10.0.2.2\") + (server-sshd-port ${PORT[$VPN_SERVER]}) + (forward-exit-port 22) + (%auto-register? #f)))" +echo + +I=$(($I+1)) +CLIENT02=$I + +VM[$I]=client02 +echo "* VM: ${VM[$I]}" +PORT[$I]=$((10022+$I)) +EXTRAPORT_HOST[$I]=$((${PORT[$I]}+1000)) +EXTRAPORT_VM[$I]=$((${PORT[$I]}+2000)) +ULTIMAPORT_HOST[$I]=$((${PORT[$I]}+3000)) +ULTIMAPORT_VM[$I]=$((${PORT[$I]}+4000)) +EXTRA_PACKAGES[$I]=" iproute + iptables" +EXTRA_SERVICES[$I]=" + (service whispers-vpn-service-type + (whispers-vpn-configuration + (client? #t) + (stealth? #t) + (server-sshd-host \"10.0.2.2\") + (server-sshd-port ${PORT[$VPN_SERVER]}) + (forward-exit-port 22) + (proxy-sshd-host \"10.0.2.2\") + (proxy-sshd-port ${PORT[$VPN_SERVER]}) + (%auto-register? #f)))" +echo + +for I in ${!PORT[@]} +do + EXTRACONTENT[$I]="" + if [ -v ALLOW_TUNDEV[$I] ] + then + EXTRACONTENT[$I]=" + (extra-content \" +PermitTunnel=point-to-point\")" + fi + GATEWAY[$I]="" + if [ -v ALLOW_GATEWAY[$I] ] + then + GATEWAY[$I]=" + (gateway-ports? #t)" + fi + WAIT[$I]=$BOOT_WAIT_DEFAULT + if [ -v BOOT_WAIT[$I] ] + then + WAIT[$I]=${BOOT_WAIT[$I]} + fi +done +echo + +echo "*** CONCATENATING SYSTEM CONFIGURATIONS" +echo +for I in ${!PORT[@]} +do + echo "* VM: ${VM[$I]}" + echo "(use-modules (guix records) + (gnu) + (whispers services whispers vpn) + (whispers services ssh-tunneler) + (whispers services whispers) + (whispers services ssh) + (whispers services whispers ssh)) +(use-service-modules networking desktop) +(use-package-modules ssh networking linux scm-runciter) + +(operating-system + (host-name \"${VM[$I]}\") + (timezone \"Asia/Shanghai\") + (locale \"en_US.utf8\") + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '(\"/dev/sda\")))) + + (file-systems (cons (file-system + (device (file-system-label \"root\")) + (mount-point \"/\") + (type \"ext4\")) + %base-file-systems)) + + (users %base-user-accounts) + + (packages (append %base-packages + (list${EXTRA_PACKAGES[$I]}))) + + (services + (append + (list (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (permit-root-login #t) + (allow-empty-passwords? #t) + (openssh openssh-sans-x) + (port-number 22)${GATEWAY[$I]}${EXTRACONTENT[$I]})) + (service whispers-service-type) + (service + whispers-ssh-service-type + (whispers-ssh-configuration + (users-groups-keys-forwards + (append + (list + (ssh-user-group-keys-forwards + (user-and-group (whispers-user-group + (user \"root\") + (group \"root\"))) + (keys '(\"root/.ssh/id_rsa\"))))))))${EXTRA_SERVICES[$I]}) + %base-services)))" > /tmp/${VM[$I]}.scm + echo +done +echo + +echo "*** INSTANCIATING VMs" +echo +for I in ${!PORT[@]} +do + echo "* VM: ${VM[$I]}" + VMRUN[$I]=$(guix system vm /tmp/${VM[$I]}.scm) + echo +done +echo + +echo "*** SILENTLY BOOTING VMs..." +echo +for I in ${!PORT[@]} +do + NICSTANCE=-"nic user,model=virtio-net-pci,hostfwd=tcp::${PORT[$I]}-:22,hostfwd=tcp::${EXTRAPORT_HOST[$I]}-:${EXTRAPORT_VM[$I]},hostfwd=tcp::${ULTIMAPORT_HOST[$I]}-:${ULTIMAPORT_VM[$I]}" + if [ $I = $VPN_SERVER ] + then + for CURPORT in $VPNPORTS + do + NICSTANCE=${NICSTANCE},hostfwd=tcp::${CURPORT}-:${CURPORT} + done + fi + echo "* VM: ${VM[$I]}" + ${VMRUN[$I]} \ + $NICSTANCE \ + -display none & + sleep ${WAIT[$I]} + echo +done +echo + +echo "*** SETTING PASSWORDLESS LOGIN FOR WHISPERS USERS" +echo +echo "* VM: ${VM[$VPN_SERVER]}" +dirtyssh ${PORT[$VPN_SERVER]} 'passwd -d whispers' +echo +echo "* VM: ${VM[$CLIENT01]}" +dirtyssh ${PORT[$CLIENT01]} 'passwd -d whispers' +echo +echo "* VM: ${VM[$CLIENT02]}" +dirtyssh ${PORT[$CLIENT02]} 'passwd -d whispers' +echo +echo + +function full_sshagent_reports_tests() +{ + echo "*** GENERATING AND ADDING ROOT SSH PRIVATE KEYS" + echo + for I in ${!PORT[@]} + do + echo "* VM: ${VM[$I]}" + dirtyssh ${PORT[$I]} 'ssh-keygen -t rsa -N "" -f /root/.ssh/id_rsa' + dirtyssh ${PORT[$I]} \ + 'herd -s '$WHISPERSSOCK' restart ssh' + echo + done + echo + + echo "*** REPORTING SHEPHERD STATUS" + echo + for I in ${!PORT[@]} + do + echo "* VM: ${VM[$I]}" + dirtyssh ${PORT[$I]} 'herd status' + echo + done + echo + + echo "*** REPORTING NETWORK INTERFACES" + echo + for I in ${!PORT[@]} + do + echo "* VM: ${VM[$I]}" + dirtyssh ${PORT[$I]} 'ip addr show' + echo + done + echo + + echo "*** REPORTING ROUTES" + echo + for I in ${!PORT[@]} + do + echo "* VM: ${VM[$I]}" + dirtyssh ${PORT[$I]} 'ip route' + echo + done + echo + + tests_book_free_dummy_users $VPN_SERVER dummy dump-dumb dumber + tests_register_unregister $CLIENT02 $CLIENT01 + tests_manual_register_connect $CLIENT01 $CLIENT02 + tests_disconnects_connects $CLIENT01 $CLIENT02 + tests_disconnects_unregisters $CLIENT01 $CLIENT02 + tests_direct_connects $CLIENT01 $CLIENT02 +} + +if [[ foo$GO_PLAY_KIDS == foono ]] +then + full_sshagent_reports_tests + echo +fi + +echo "*** CONNECTING CLIENTS" +echo + dirtyssh ${PORT[$CLIENT01]} "herd -s $WHISPERSSOCK connect vpn" + sleep $CONNECTSLEEP +echo + dirtyssh ${PORT[$CLIENT02]} "herd -s $WHISPERSSOCK connect vpn" + sleep $CONNECTSLEEP +echo +echo + +echo "*** TESTS SUMMARRY" +echo +echo Successes: $YESCOUNT +echo Failures: $NOCOUNT +echo +echo + +echo "You can ssh into the VMs from another terminal of this host" +for I in ${!PORT[@]} +do + echo "* VM: ${VM[$I]}, port: ${PORT[$I]}" +done +echo +read -n 1 -r -s -p "When done playing, press any key to halt the VMs..." +echo +echo + +echo "*** HALTING VMs" +echo +for I in ${!PORT[@]} +do + echo "* VM: ${VM[$I]}" + dirtyssh ${PORT[$I]} halt + echo +done |