blob: 2d12debae6a5d94415819e8805b596b27e4e35a7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
#!/bin/sh
# PCP QA Test No. 713
#
# Exercise encrypted communications between pmproxy/clients
# Copyright (c) 2013 Red Hat.
#
seq=`basename $0`
echo "QA output created by $seq"
. ./common.secure
nss_notrun_checks
_cleanup()
{
nss_cleanup
$sudo $signal -a pmproxy >/dev/null 2>&1
$sudo $PCP_RC_DIR/pcp restart 2>&1 | _filter_pcp_stop | _filter_pcp_start
_wait_for_pmcd
_wait_for_pmlogger
$sudo rm -f $tmp.*
$sudo rm -fr $tmp
}
status=1 # failure is the default!
username=`id -u -n`
signal=$PCP_BINADM_DIR/pmsignal
$sudo rm -rf $tmp.* $seq.full
trap "_cleanup; exit \$status" 0 1 2 3 15
$sudo $PCP_RC_DIR/pcp stop | _filter_pcp_stop
# real QA test starts here
nss_backup
nss_setup_randomness
nss_setup_collector true $qahost $hostname
# pmcd is now secure. next, pmproxy...
$sudo $PCP_RC_DIR/pmproxy stop >/dev/null 2>&1
$sudo $signal -a pmproxy >/dev/null 2>&1
proxyargs="-C $PCP_SECURE_DB_METHOD$collectordb -P $collectorpw"
id pcp >/dev/null 2>&1 && proxyargs="$proxyargs -U $username"
$PCP_BINADM_DIR/pmproxy $proxyargs -l $tmp.log 2>&1
echo "Checking pmproxy.log for unexpected messages" | tee -a $seq.full
sleep 1 # allow log file creation to complete
egrep 'Error:|Info:' $tmp.log
cat $tmp.log >> $seq.full
# verify that local clients are prompted to establish a connection
# when a valid collectoer certificate exists but no client config.
nss_setup_empty_userdb
echo "checking client, server certificate only. should prompt and fail..." | tee -a $seq.full
export PMPROXY_HOST=$hostname
export PCP_SECURE_SOCKETS=enforce
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
unset PMPROXY_HOST PCP_SECURE_SOCKETS
# make the new certificate visible to just this user
echo "checking client, user certificate only. should pass..."
nss_setup_empty_userdb
nss_import_cert_userdb
export PMPROXY_HOST=$hostname
export PCP_SECURE_SOCKETS=enforce
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
unset PMPROXY_HOST PCP_SECURE_SOCKETS
# success, all done
status=0
exit
|
