tinc/test/security.test

99 lines
2.6 KiB
Text
Raw Permalink Normal View History

2022-04-22 18:35:35 +00:00
#!/bin/sh
. "${0%/*}/testlib.sh"
# Skip this test if tools are missing
which socket >/dev/null || exit 77
which timeout >/dev/null || exit 77
# Initialize two nodes
$tinc $c1 <<EOF
init foo
set DeviceType dummy
set Port 32754
set Address localhost
set PingTimeout 1
set AutoConnect no
EOF
$tinc $c2 <<EOF
init bar
set DeviceType dummy
set Port 32755
set PingTimeout 1
set MaxTimeout 1
set ExperimentalProtocol no
set AutoConnect no
EOF
# Exchange host config files
$tinc $c1 export | $tinc $c2 exchange | $tinc $c1 import
$tinc $c1 start $r1
$tinc $c2 start $r2
# No ID sent by responding node if we don't send an ID first, before the timeout
result=`(sleep 2; echo "0 bar 17.7") | timeout 3 socket localhost 32754` && exit 1
test $? = 124
test -z "$result"
# ID sent if initiator sends first, but still tarpitted
result=`echo "0 bar 17.7" | timeout 3 socket localhost 32754` && exit 1
test $? = 124
test "`echo "$result" | head -c 10`" = "0 foo 17.7"
# No invalid IDs allowed
result=`echo "0 foo 17.7" | timeout 1 socket localhost 32754` && exit 1
test $? = 124
test -z "$result"
result=`echo "0 baz 17.7" | timeout 1 socket localhost 32754` && exit 1
test $? = 124
test -z "$result"
# No NULL METAKEYs allowed
result=`printf "0 foo 17.0\n1 0 672 0 0 834188619F4D943FD0F4B1336F428BD4AC06171FEABA66BD2356BC9593F0ECD643F0E4B748C670D7750DFDE75DC9F1D8F65AB1026F5ED2A176466FBA4167CC567A2085ABD070C1545B180BDA86020E275EA9335F509C57786F4ED2378EFFF331869B856DDE1C05C461E4EECAF0E2FB97AF77B7BC2AD1B34C12992E45F5D1254BBF0C3FB224ABB3E8859594A83B6CA393ED81ECAC9221CE6BC71A727BCAD87DD80FC0834B87BADB5CB8FD3F08BEF90115A8DF1923D7CD9529729F27E1B8ABD83C4CF8818AE10257162E0057A658E265610B71F9BA4B365A20C70578FAC65B51B91100392171BA12A440A5E93C4AA62E0C9B6FC9B68F953514AAA7831B4B2C31C4\n" | timeout 3 socket localhost 32755` && exit 1
test $? = 124
test -z "$result" # Not even the ID should be sent when the first packet contains illegal data
# No splicing allowed
$tinc $c2 stop
$tinc $c2 del ExperimentalProtocol
$tinc $c2 start $r2
./splice foo localhost 32754 bar localhost 32755 17.7 &
sleep 3
test `$tinc $c1 dump reachable nodes | wc -l` = 1
test `$tinc $c2 dump reachable nodes | wc -l` = 1
kill $!
$tinc $c2 stop
$tinc $c1 stop
# Test splicing again with legacy protocol
$tinc $c1 set ExperimentalProtocol no
$tinc $c2 set ExperimentalProtocol no
$tinc $c1 start $r1
$tinc $c2 start $r2
./splice foo localhost 32754 bar localhost 32755 17.0 &
sleep 3
test `$tinc $c1 dump reachable nodes | wc -l` = 1
test `$tinc $c2 dump reachable nodes | wc -l` = 1
kill $!
# Clean up
$tinc $c2 stop
$tinc $c1 stop