chiark
/
gitweb
/
~ianmdlvl
/
secnet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
make-secnet-sites: Fix error handling if caller is in wrong group
[secnet.git]
/
stest
/
common.tcl
diff --git
a/stest/common.tcl
b/stest/common.tcl
index cbf8fc1fae8902a7c60bc945bddfd30d31d3441c..8897bd90da340a99b4529b65e736691673c7cbb9 100644
(file)
--- a/
stest/common.tcl
+++ b/
stest/common.tcl
@@
-28,8
+28,15
@@
set extra(outside) {}
set privkey(inside) test-example/inside.privkeys/
set privkey(outside) test-example/outside.privkeys/
set privkey(inside) test-example/inside.privkeys/
set privkey(outside) test-example/outside.privkeys/
+set initiator inside
+
proc sitesconf_hook {l} { return $l }
proc sitesconf_hook {l} { return $l }
+proc oldsecnet {site} {
+ upvar #0 oldsecnet($site) oldsecnet
+ expr {[info exists oldsecnet] && [set oldsecnet]}
+}
+
proc mkconf {location site} {
global tmp
global builddir
proc mkconf {location site} {
global tmp
global builddir
@@
-92,6
+99,12
@@
exec cat
key-cache priv-cache({
privkeys \"$builddir/${privkey}priv.\";
});
key-cache priv-cache({
privkeys \"$builddir/${privkey}priv.\";
});
+"
+ }
+ {load-private *} {
+ set sitesconf sites-nonego.conf
+ append cfg "
+ local-key load-private(\"[lindex $privkey 1]\",\"$builddir/[lindex $privkey 2]\");
"
}
* {
"
}
* {
@@
-108,6
+121,11
@@
exec cat
log logfile {
prefix \"$site\";
class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
log logfile {
prefix \"$site\";
class \"debug\",\"info\",\"notice\",\"warning\",\"error\",\"security\",\"fatal\";
+ "
+ if {[oldsecnet $site]} { append cfg "
+ filename \"/dev/stderr\";
+ " }
+ append cfg "
};
"
append cfg {
};
"
append cfg {
@@
-153,30
+171,41
@@
proc spawn-secnet {location site} {
set ch [open $cf w]
puts $ch [mkconf $location $site]
close $ch
set ch [open $cf w]
puts $ch [mkconf $location $site]
close $ch
- set argl [list $builddir/secnet -dvnc $cf]
+ set secnet $builddir/secnet
+ if {[oldsecnet $site]} {
+ set secnet $env(OLD_SECNET_DIR)/secnet
+ }
+ set argl [list $secnet -dvnc $cf]
set divertk SECNET_STEST_DIVERT_$site
set divertk SECNET_STEST_DIVERT_$site
- puts
-nonewline "spawn
"
+ puts
"spawn:
"
foreach k [array names env] {
switch -glob $k {
SECNET_STEST_DIVERT_* -
foreach k [array names env] {
switch -glob $k {
SECNET_STEST_DIVERT_* -
- SECNET_TEST_BUILDDIR { }
+ SECNET_TEST_BUILDDIR
- OLD_SECNET_DIR
{ }
*SECNET* -
*PRELOAD* { puts -nonewline " $k=$env($k)" }
}
}
*SECNET* -
*PRELOAD* { puts -nonewline " $k=$env($k)" }
}
}
- puts " $argl"
if {[info exists env($divertk)]} {
switch -glob $env($divertk) {
if {[info exists env($divertk)]} {
switch -glob $env($divertk) {
- i {
+ i - {i *} {
+ regsub {^i} $env($divertk) {} divert_prefix
+ puts "$divert_prefix $argl"
puts -nonewline "run ^ command, hit return "
flush stdout
gets stdin
set argl {}
}
0 - "" {
puts -nonewline "run ^ command, hit return "
flush stdout
gets stdin
set argl {}
}
0 - "" {
+ puts " $argl"
}
}
- * {
+ /* - ./* {
+ puts " $argl"
set argl [split $env($divertk)]
set argl [split $env($divertk)]
+ puts "... $argl"
+ }
+ * {
+ error "$divertk not understood"
}
}
}
}
}
}
@@
-211,9
+240,10
@@
proc netlink-readable {location site} {
}
proc netlink-got-packet {location site data} {
}
proc netlink-got-packet {location site data} {
+ global initiator
if {![hbytes length $data]} return
if {![hbytes length $data]} return
- switch -exact $site {
- inside {
+ switch -exact $site
!$initiator
{
+ inside
!inside - outside!outside
{
switch -glob $data {
45000054ed9d4000fe0166d9ac12e802ac12e80900* {
puts "OK $data"
switch -glob $data {
45000054ed9d4000fe0166d9ac12e802ac12e80900* {
puts "OK $data"
@@
-224,8
+254,8
@@
proc netlink-got-packet {location site data} {
}
}
}
}
}
}
-
outside
{
- error "
inside rx'd!
"
+
default
{
+ error "
$site rx'd! (initiator $initiator)
"
}
}
}
}
}
}
@@
-247,6
+277,7
@@
$message
proc sendpkt {} {
global netlinkfh
proc sendpkt {} {
global netlinkfh
+ global initiator
set p {
4500 0054 ed9d 4000 4001 24da ac12 e809
ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
set p {
4500 0054 ed9d 4000 4001 24da ac12 e809
ac12 e802 0800 1de4 2d96 0001 f1d4 a05d
@@
-255,7
+286,7
@@
proc sendpkt {} {
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
}
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
}
- puts -nonewline $netlinkfh(
inside
.t) \
+ puts -nonewline $netlinkfh(
$initiator
.t) \
[hbytes h2raw c0[join $p ""]c0]
}
[hbytes h2raw c0[join $p ""]c0]
}
@@
-325,14
+356,20
@@
proc udp-relay {data src sock args} {
}
}
}
}
+proc adj-after {timeout args} {
+ upvar #0 env(SECNET_STEST_TIMEOUT_MUL) mul
+ if {[info exists mul]} { set timeout [expr {$timeout * $mul}] }
+ eval after $timeout $args
+}
+
proc test-kex {} {
udp-proxy
spawn-secnet in inside
spawn-secnet out outside
proc test-kex {} {
udp-proxy
spawn-secnet in inside
spawn-secnet out outside
- after 500 sendpkt
- after 1000 sendpkt
- after 5000 timed-out
+ a
dj-a
fter 500 sendpkt
+ a
dj-a
fter 1000 sendpkt
+ a
dj-a
fter 5000 timed-out
vwait ok
}
vwait ok
}