diff options
Diffstat (limited to 'testing/tests/tnc')
74 files changed, 140 insertions, 243 deletions
diff --git a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat index 6b7c713ef..3478c07df 100644 --- a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-11-fhh/pretest.dat b/testing/tests/tnc/tnccs-11-fhh/pretest.dat index 8fab1fb6c..d181aab9f 100644 --- a/testing/tests/tnc/tnccs-11-fhh/pretest.dat +++ b/testing/tests/tnc/tnccs-11-fhh/pretest.dat @@ -9,7 +9,8 @@ dave::cat /etc/tnc/dummyimc.file moon::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start carol::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start dave::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start -carol::sleep 1 +moon::expect-connection rw-allow +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat index b9eee4f57..3f3aa9f64 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat @@ -10,5 +10,5 @@ moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EA moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat index 96163aa36..d2bb94583 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat @@ -8,7 +8,7 @@ alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.propertie moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat index 224807860..955584ba3 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf index 23f840f69..45845710b 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf @@ -3,11 +3,11 @@ libimcv { load = random nonce openssl pubkey sqlite debug_level = 3 - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db policy_script = ipsec imv_policy_manager assessment_result = no } attest { - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db } diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf index b8488fef8..e8706082e 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf @@ -5,6 +5,8 @@ charon { multiple_authentication=no + retransmit_tries = 5 + plugins { eap-tnc { protocol = tnccs-1.1 diff --git a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat b/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat index dc8507d26..18e03746b 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat +++ b/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat @@ -3,7 +3,6 @@ carol::ipsec stop dave::ipsec stop alice::killall radiusd alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second -alice::rm /etc/pts/config.db carol::echo 1 > /proc/sys/net/ipv4/ip_forward moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat index 03b24747e..31ee7d1c7 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat @@ -6,7 +6,7 @@ dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd alice::cat /etc/tnc_config carol::cat /etc/tnc_config @@ -14,9 +14,9 @@ dave::cat /etc/tnc_config moon::ipsec start dave::ipsec start carol::ipsec start -dave::sleep 1 +dave::expect-connection home dave::ipsec up home +carol::expect-connection home carol::ipsec up home -carol::sleep 1 alice::ipsec attest --sessions alice::ipsec attest --devices diff --git a/testing/tests/tnc/tnccs-11-radius-pts/test.conf b/testing/tests/tnc/tnccs-11-radius-pts/test.conf index f23a19329..318dfdfcb 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/test.conf +++ b/testing/tests/tnc/tnccs-11-radius-pts/test.conf @@ -24,3 +24,6 @@ IPSECHOSTS="moon carol dave" # RADIUSHOSTS="alice" +# Guest instances on which databases are used +# +DBHOSTS="alice" diff --git a/testing/tests/tnc/tnccs-11-radius/evaltest.dat b/testing/tests/tnc/tnccs-11-radius/evaltest.dat index 224807860..955584ba3 100644 --- a/testing/tests/tnc/tnccs-11-radius/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-radius/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat index 71dff71b7..fcfb1451c 100644 --- a/testing/tests/tnc/tnccs-11-radius/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius/pretest.dat @@ -10,7 +10,7 @@ dave::cat /etc/tnc_config moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-11-supplicant/pretest.dat b/testing/tests/tnc/tnccs-11-supplicant/pretest.dat index ac03fedbb..4dbff64a3 100644 --- a/testing/tests/tnc/tnccs-11-supplicant/pretest.dat +++ b/testing/tests/tnc/tnccs-11-supplicant/pretest.dat @@ -6,6 +6,6 @@ carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::hostapd -B /etc/hostapd/hostapd.conf carol::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties wpa_supplicant -B -c /etc/wpa_supplicant.conf -D wired -i eth0 -carol::sleep 4 +carol::sleep 4 dave::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties wpa_supplicant -B -c /etc/wpa_supplicant.conf -D wired -i eth0 dave::sleep 4 diff --git a/testing/tests/tnc/tnccs-11/evaltest.dat b/testing/tests/tnc/tnccs-11/evaltest.dat index 6b7c713ef..3478c07df 100644 --- a/testing/tests/tnc/tnccs-11/evaltest.dat +++ b/testing/tests/tnc/tnccs-11/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-11/pretest.dat b/testing/tests/tnc/tnccs-11/pretest.dat index cac1cfafc..85622034d 100644 --- a/testing/tests/tnc/tnccs-11/pretest.dat +++ b/testing/tests/tnc/tnccs-11/pretest.dat @@ -7,7 +7,7 @@ dave::cat /etc/tnc_config moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-20-block/evaltest.dat b/testing/tests/tnc/tnccs-20-block/evaltest.dat index 03b576efa..e0f3d9357 100644 --- a/testing/tests/tnc/tnccs-20-block/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-block/evaltest.dat @@ -9,4 +9,4 @@ moon:: cat /var/log/daemon.log::added group membership 'allow'::YES moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-block/pretest.dat b/testing/tests/tnc/tnccs-20-block/pretest.dat index f5b3b2e8c..c66a2e1ec 100644 --- a/testing/tests/tnc/tnccs-20-block/pretest.dat +++ b/testing/tests/tnc/tnccs-20-block/pretest.dat @@ -8,7 +8,7 @@ dave::cat /etc/tnc_config moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat index bac7294b2..c69940c4b 100644 --- a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat index b2b243ba3..85622034d 100644 --- a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat +++ b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat @@ -5,9 +5,9 @@ moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::ipsec start -carol::ipsec start -dave::ipsec start -carol::sleep 1 +carol::ipsec start +dave::ipsec start +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat index 38c651328..85622034d 100644 --- a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat +++ b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat @@ -5,8 +5,9 @@ moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::ipsec start -carol::ipsec start +carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat index 6947c4bdf..e5c202947 100644 --- a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat +++ b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat @@ -3,6 +3,6 @@ carol::iptables-restore < /etc/iptables.rules moon::cat /etc/tnc_config carol::cat /etc/tnc_config moon::ipsec start -carol::ipsec start -carol::sleep 1 +carol::ipsec start +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat index bac7294b2..c69940c4b 100644 --- a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-fhh/pretest.dat b/testing/tests/tnc/tnccs-20-fhh/pretest.dat index 72c9b1665..39b0e03eb 100644 --- a/testing/tests/tnc/tnccs-20-fhh/pretest.dat +++ b/testing/tests/tnc/tnccs-20-fhh/pretest.dat @@ -8,9 +8,10 @@ carol::cat /etc/tnc/dummyimc.file dave::cat /etc/tnc/dummyimc.file moon::cat /etc/tnc/dummyimv.policy moon::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start -carol::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start -dave::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start -carol::sleep 1 +carol::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start +dave::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start +moon::expect-connection rw-allow +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/apache2/sites-available/default deleted file mode 100644 index 626000612..000000000 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/apache2/sites-available/default +++ /dev/null @@ -1,26 +0,0 @@ -WSGIPythonPath /var/www/tnc - -<VirtualHost *:80> - ServerName tnc.strongswan.org - ServerAlias tnc - ServerAdmin webmaster@localhost - - DocumentRoot /var/www/tnc - - <Directory /var/www/tnc/config> - <Files wsgi.py> - Order deny,allow - Allow from all - </Files> - </Directory> - - WSGIScriptAlias / /var/www/tnc/config/wsgi.py - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - - Alias /static/ /var/www/tnc/static/ - - ErrorLog ${APACHE_LOG_DIR}/tnc/error.log - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined -</VirtualHost> diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/pts/data1.sql deleted file mode 100644 index d6a547bd1..000000000 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/pts/data1.sql +++ /dev/null @@ -1,61 +0,0 @@ -/* Devices */ - -INSERT INTO devices ( /* 1 */ - value, product, created -) -SELECT 'aabbccddeeff11223344556677889900', id, 1372330615 -FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; - -/* Groups Members */ - -INSERT INTO groups_members ( - group_id, device_id -) VALUES ( - 10, 1 -); - -/* Identities */ - -INSERT INTO identities ( - type, value -) VALUES ( /* dave@strongswan.org */ - 5, X'64617665' -); - -/* Sessions */ - -INSERT INTO sessions ( - time, connection, identity, device, product, rec -) -SELECT NOW, 1, 1, 1, id, 0 -FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; - -/* Results */ - -INSERT INTO results ( - session, policy, rec, result -) VALUES ( - 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' -); - -/* Enforcements */ - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 10, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 17, 2, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 18, 10, 86400 -); - -DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongTNC/settings.ini deleted file mode 100644 index 5e7b7b556..000000000 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongTNC/settings.ini +++ /dev/null @@ -1,19 +0,0 @@ -[debug] -DEBUG=0 -TEMPLATE_DEBUG=0 -DEBUG_TOOLBAR=0 - -[db] -DJANGO_DB_URL=sqlite:////var/www/tnc/django.db -STRONGTNC_DB_URL = sqlite:////etc/pts/config.db - -[localization] -LANGUAGE_CODE=en-us -TIME_ZONE=Europe/Zurich - -[admins] -Your Name: alice@strongswan.org - -[security] -SECRET_KEY=strongSwan -ALLOWED_HOSTS=127.0.0.1,10.10.0.1,tnc.strongswan.org,tnc diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf index d22a7e978..1ecf6f883 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf @@ -23,13 +23,6 @@ charon { } libimcv { - debug_level = 3 - database = sqlite:///etc/pts/config.db + debug_level = 3 policy_script = ipsec imv_policy_manager - - plugins { - imv-swid { - rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ - } - } } diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat index 913dd2190..0978d1252 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat +++ b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat @@ -11,7 +11,7 @@ alice::ipsec start moon::ipsec start carol::ipsec start dave::ipsec start -dave::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat index 3bce9f6e5..997a48167 100644 --- a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat index fab55d11a..07b17600d 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat @@ -1,4 +1,4 @@ sun::ipsec start moon::cat /etc/pts/options -moon::sleep 1 -moon::ipsec pt-tls-client --optionsfrom /etc/pts/options +sun::expect-connection pdp +moon::ipsec pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat index 14c2aaf6c..8c9e59a56 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat @@ -15,6 +15,6 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf index 228441289..156a2e4c4 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf @@ -5,6 +5,8 @@ charon { multiple_authentication = no + retransmit_tries = 5 + plugins { tnc-imc { preferred_language = de diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf index 88a4ad36e..c8992bdad 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf @@ -15,7 +15,7 @@ charon { } libimcv { - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db policy_script = ipsec imv_policy_manager plugins { imv-attestation { @@ -26,5 +26,5 @@ libimcv { attest { load = random nonce openssl sqlite - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db } diff --git a/testing/tests/tnc/tnccs-20-os-pts/posttest.dat b/testing/tests/tnc/tnccs-20-os-pts/posttest.dat index 48514d6e0..74b902c69 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/posttest.dat +++ b/testing/tests/tnc/tnccs-20-os-pts/posttest.dat @@ -5,4 +5,3 @@ moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush carol::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::rm /etc/pts/config.db diff --git a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat index 7a562eec5..345f54816 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat +++ b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat @@ -4,16 +4,16 @@ dave::iptables-restore < /etc/iptables.rules carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id moon::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db +moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::ipsec start dave::ipsec start carol::ipsec start -dave::sleep 1 +dave::expect-connection home dave::ipsec up home +carol::expect-connection home carol::ipsec up home -carol::sleep 1 moon::ipsec attest --sessions moon::ipsec attest --devices diff --git a/testing/tests/tnc/tnccs-20-os-pts/test.conf b/testing/tests/tnc/tnccs-20-os-pts/test.conf index a8a05af19..4b1c410ff 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/test.conf +++ b/testing/tests/tnc/tnccs-20-os-pts/test.conf @@ -20,7 +20,6 @@ TCPDUMPHOSTS="moon" # IPSECHOSTS="moon carol dave" -# Guest instances on which FreeRadius is started +# Guest instances on which databases are used # -RADIUSHOSTS= - +DBHOSTS="moon" diff --git a/testing/tests/tnc/tnccs-20-os/evaltest.dat b/testing/tests/tnc/tnccs-20-os/evaltest.dat index 1cf7ed69a..292116309 100644 --- a/testing/tests/tnc/tnccs-20-os/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-os/evaltest.dat @@ -15,6 +15,6 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf index baa7dbbc8..43cf395d9 100644 --- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf @@ -15,11 +15,11 @@ charon { } libimcv { - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db policy_script = ipsec imv_policy_manager } attest { load = random nonce openssl sqlite - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db } diff --git a/testing/tests/tnc/tnccs-20-os/posttest.dat b/testing/tests/tnc/tnccs-20-os/posttest.dat index 48514d6e0..74b902c69 100644 --- a/testing/tests/tnc/tnccs-20-os/posttest.dat +++ b/testing/tests/tnc/tnccs-20-os/posttest.dat @@ -5,4 +5,3 @@ moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush carol::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::rm /etc/pts/config.db diff --git a/testing/tests/tnc/tnccs-20-os/pretest.dat b/testing/tests/tnc/tnccs-20-os/pretest.dat index fc102ec12..3c5cd328e 100644 --- a/testing/tests/tnc/tnccs-20-os/pretest.dat +++ b/testing/tests/tnc/tnccs-20-os/pretest.dat @@ -5,7 +5,7 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id moon::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql moon::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db +moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-os/test.conf b/testing/tests/tnc/tnccs-20-os/test.conf index a8a05af19..f4fd4dc16 100644 --- a/testing/tests/tnc/tnccs-20-os/test.conf +++ b/testing/tests/tnc/tnccs-20-os/test.conf @@ -20,7 +20,6 @@ TCPDUMPHOSTS="moon" # IPSECHOSTS="moon carol dave" -# Guest instances on which FreeRadius is started +# Guest instances on which databases are used # -RADIUSHOSTS= - +DBHOSTS="moon"
\ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat index f744453e6..d373eb39b 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat @@ -24,6 +24,6 @@ moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP succe moon:: ipsec statusall 2>/dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES moon:: ipsec statusall 2>/dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongTNC/settings.ini index 5e7b7b556..ea9cbbee4 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongTNC/settings.ini +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongTNC/settings.ini @@ -5,7 +5,7 @@ DEBUG_TOOLBAR=0 [db] DJANGO_DB_URL=sqlite:////var/www/tnc/django.db -STRONGTNC_DB_URL = sqlite:////etc/pts/config.db +STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db [localization] LANGUAGE_CODE=en-us diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf index 1c34f51f8..48d5d70f0 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf @@ -24,7 +24,7 @@ charon { libimcv { debug_level = 3 - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db policy_script = ipsec imv_policy_manager plugins { diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf index ee16a4cad..8aa2ab97e 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf @@ -3,6 +3,8 @@ charon { load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + retransmit_timeout = + plugins { eap-ttls { max_message_count = 0 diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf index dd7d16076..aea7a71f9 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf @@ -3,7 +3,9 @@ charon { load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - plugins { + retransmit_timeout = + + plugins { eap-ttls { max_message_count = 0 } diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat index 1e5c3f8cd..fe9f59e44 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat @@ -3,7 +3,6 @@ carol::ipsec stop dave::ipsec stop alice::ipsec stop alice::service apache2 stop -alice::rm /etc/pts/config.db moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat index ca3c559d1..4b8d3f024 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat @@ -8,15 +8,16 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db -alice::chgrp www-data /etc/pts/config.db; chmod g+w /etc/pts/config.db +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db +alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan alice::service apache2 start alice::ipsec start moon::ipsec start dave::ipsec start carol::ipsec start -carol::sleep 1 +dave::expect-connection home dave::ipsec up home +carol::expect-connection home carol::ipsec up home carol::sleep 1 diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/test.conf b/testing/tests/tnc/tnccs-20-pdp-eap/test.conf index c4ca1a19f..345e91150 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/test.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/test.conf @@ -20,7 +20,7 @@ TCPDUMPHOSTS="moon" # IPSECHOSTS="moon carol dave alice" -# Guest instances on which FreeRadius is started +# Guest instances on which databases are used # -RADIUSHOSTS= +DBHOSTS="alice" diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongTNC/settings.ini index 5e7b7b556..ea9cbbee4 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongTNC/settings.ini +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongTNC/settings.ini @@ -5,7 +5,7 @@ DEBUG_TOOLBAR=0 [db] DJANGO_DB_URL=sqlite:////var/www/tnc/django.db -STRONGTNC_DB_URL = sqlite:////etc/pts/config.db +STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db [localization] LANGUAGE_CODE=en-us diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf index 857e6d6d6..5fa49e7a7 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf @@ -18,7 +18,7 @@ libtls { } libimcv { - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db policy_script = ipsec imv_policy_manager plugins { diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat index b7da857a7..2f45a149d 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat @@ -3,7 +3,6 @@ dave::ip route del 10.1.0.0/16 via 192.168.0.1 winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 alice::ipsec stop alice::service apache2 stop -alice::rm /etc/pts/config.db alice::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat index eed7967ee..e14ba8902 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat @@ -8,12 +8,12 @@ dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id dave::cat /etc/tnc_config alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db -alice::chgrp www-data /etc/pts/config.db; chmod g+w /etc/pts/config.db +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db +alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan alice::service apache2 start alice::ipsec start -alice::sleep 1 +alice::expect-connection aaa winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 dave::ip route add 10.1.0.0/16 via 192.168.0.1 dave::cat /etc/pts/options @@ -21,4 +21,3 @@ dave::ipsec pt-tls-client --optionsfrom /etc/pts/options carol::ip route add 10.1.0.0/16 via 192.168.0.1 carol::cat /etc/pts/options carol::ipsec pt-tls-client --optionsfrom /etc/pts/options -carol::sleep 1 diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf index 5f4f8e725..baeceb92b 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf @@ -20,7 +20,6 @@ TCPDUMPHOSTS="moon" # IPSECHOSTS="carol moon dave alice" -# Guest instances on which FreeRadius is started +# Guest instances on which databases are used # -RADIUSHOSTS= - +DBHOSTS="alice" diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat index 14c2aaf6c..8c9e59a56 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat @@ -15,6 +15,6 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf index e67223b45..c69f9454d 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf @@ -3,6 +3,8 @@ charon { load = aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + retransmit_timeout = + multiple_authentication = no plugins { diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf index e72ab0920..38b2e2ec2 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf @@ -15,7 +15,7 @@ charon { } libimcv { - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db policy_script = ipsec imv_policy_manager plugins { imv-attestation { @@ -28,5 +28,5 @@ libimcv { attest { load = random nonce openssl sqlite - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db } diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat index 48514d6e0..74b902c69 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat @@ -5,4 +5,3 @@ moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush carol::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::rm /etc/pts/config.db diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat index 7a562eec5..345f54816 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat @@ -4,16 +4,16 @@ dave::iptables-restore < /etc/iptables.rules carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id moon::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db +moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::ipsec start dave::ipsec start carol::ipsec start -dave::sleep 1 +dave::expect-connection home dave::ipsec up home +carol::expect-connection home carol::ipsec up home -carol::sleep 1 moon::ipsec attest --sessions moon::ipsec attest --devices diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/test.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/test.conf index a8a05af19..2fd3139f5 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/test.conf +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/test.conf @@ -20,7 +20,7 @@ TCPDUMPHOSTS="moon" # IPSECHOSTS="moon carol dave" -# Guest instances on which FreeRadius is started +# Guest instances on which databases are used # -RADIUSHOSTS= +DBHOSTS="moon" diff --git a/testing/tests/tnc/tnccs-20-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-pts/evaltest.dat index 0bf4f2b9b..d67756349 100644 --- a/testing/tests/tnc/tnccs-20-pts/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pts/evaltest.dat @@ -15,6 +15,6 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf index 3c41f154a..b6c9ab661 100644 --- a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf @@ -3,6 +3,8 @@ charon { load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + retransmit_timeout = + multiple_authentication = no plugins { tnc-imc { diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf index 88a4ad36e..d9d0624f5 100644 --- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf @@ -3,6 +3,8 @@ charon { load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite + retransmit_timeout = + multiple_authentication = no plugins { @@ -15,7 +17,7 @@ charon { } libimcv { - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db policy_script = ipsec imv_policy_manager plugins { imv-attestation { @@ -26,5 +28,5 @@ libimcv { attest { load = random nonce openssl sqlite - database = sqlite:///etc/pts/config.db + database = sqlite:///etc/db.d/config.db } diff --git a/testing/tests/tnc/tnccs-20-pts/posttest.dat b/testing/tests/tnc/tnccs-20-pts/posttest.dat index 48514d6e0..74b902c69 100644 --- a/testing/tests/tnc/tnccs-20-pts/posttest.dat +++ b/testing/tests/tnc/tnccs-20-pts/posttest.dat @@ -5,4 +5,3 @@ moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush carol::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::rm /etc/pts/config.db diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat index 7a562eec5..345f54816 100644 --- a/testing/tests/tnc/tnccs-20-pts/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pts/pretest.dat @@ -4,16 +4,16 @@ dave::iptables-restore < /etc/iptables.rules carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id moon::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db +moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::ipsec start dave::ipsec start carol::ipsec start -dave::sleep 1 +dave::expect-connection home dave::ipsec up home +carol::expect-connection home carol::ipsec up home -carol::sleep 1 moon::ipsec attest --sessions moon::ipsec attest --devices diff --git a/testing/tests/tnc/tnccs-20-pts/test.conf b/testing/tests/tnc/tnccs-20-pts/test.conf index a8a05af19..2fd3139f5 100644 --- a/testing/tests/tnc/tnccs-20-pts/test.conf +++ b/testing/tests/tnc/tnccs-20-pts/test.conf @@ -20,7 +20,7 @@ TCPDUMPHOSTS="moon" # IPSECHOSTS="moon carol dave" -# Guest instances on which FreeRadius is started +# Guest instances on which databases are used # -RADIUSHOSTS= +DBHOSTS="moon" diff --git a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat index bac7294b2..c69940c4b 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat index b2b243ba3..85622034d 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat +++ b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat @@ -5,9 +5,9 @@ moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::ipsec start -carol::ipsec start -dave::ipsec start -carol::sleep 1 +carol::ipsec start +dave::ipsec start +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-20-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-tls/evaltest.dat index 40d5e24d5..fe1becb97 100644 --- a/testing/tests/tnc/tnccs-20-tls/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-tls/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU= moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-tls/pretest.dat b/testing/tests/tnc/tnccs-20-tls/pretest.dat index cac1cfafc..85622034d 100644 --- a/testing/tests/tnc/tnccs-20-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-tls/pretest.dat @@ -7,7 +7,7 @@ dave::cat /etc/tnc_config moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-20/evaltest.dat b/testing/tests/tnc/tnccs-20/evaltest.dat index bac7294b2..c69940c4b 100644 --- a/testing/tests/tnc/tnccs-20/evaltest.dat +++ b/testing/tests/tnc/tnccs-20/evaltest.dat @@ -13,7 +13,7 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20/pretest.dat b/testing/tests/tnc/tnccs-20/pretest.dat index b2b243ba3..85622034d 100644 --- a/testing/tests/tnc/tnccs-20/pretest.dat +++ b/testing/tests/tnc/tnccs-20/pretest.dat @@ -5,9 +5,9 @@ moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::ipsec start -carol::ipsec start -dave::ipsec start -carol::sleep 1 +carol::ipsec start +dave::ipsec start +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/tnc/tnccs-dynamic/evaltest.dat b/testing/tests/tnc/tnccs-dynamic/evaltest.dat index 405298381..3d0c55449 100644 --- a/testing/tests/tnc/tnccs-dynamic/evaltest.dat +++ b/testing/tests/tnc/tnccs-dynamic/evaltest.dat @@ -21,7 +21,7 @@ moon:: cat /var/log/daemon.log::removed TNCCS Connection ID 2::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-dynamic/pretest.dat b/testing/tests/tnc/tnccs-dynamic/pretest.dat index 60775a11e..927b89d06 100644 --- a/testing/tests/tnc/tnccs-dynamic/pretest.dat +++ b/testing/tests/tnc/tnccs-dynamic/pretest.dat @@ -7,7 +7,7 @@ dave::cat /etc/tnc_config moon::LEAK_DETECTIVE_DISABLE=1 ipsec start carol::LEAK_DETECTIVE_DISABLE=1 ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 |