summaryrefslogtreecommitdiff
path: root/qa/966
blob: eb96eb4d4dfb30143608b7caa8561f418c22fbf0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

#!/bin/sh
# PCP QA Test No. 966
# Test that pmcd still starts, but with secure connections disabled, if NSS fails to initialize.
#
# Copyright (c) 2014 Red Hat.
#

seq=`basename $0`
echo "QA output created by $seq"

. ./common.secure
nss_notrun_checks

_cleanup()
{
    nss_cleanup

    $sudo $PCP_RC_DIR/pcp restart 2>&1 | _filter_pcp_stop | _filter_pcp_start
    _wait_for_pmcd
    _wait_for_pmlogger

    $sudo rm -f $tmp.*
    $sudo rm -fr $tmp
}

status=1	# failure is the default!
$sudo rm -rf $tmp.* $seq.full
trap "_cleanup; exit \$status" 0 1 2 3 15
$sudo $PCP_RC_DIR/pcp stop | _filter_pcp_stop

# Remove the initialized NSS cert db and exit with failure.
# Passed to nss_setup_collector in order to start pmcd
# with a missing cert db.
missing_certs()
{
    $sudo rm -fr $collectordb
    return 1
}

# real QA test starts here
nss_backup
nss_setup_randomness

# Set up secure connection environment
sleep 2
nss_setup_collector true $qahost $hostname

# make the new certificate visible to just this user
echo "checking client, user certificate only.  should pass..."
nss_setup_empty_userdb
nss_import_cert_userdb
export PCP_SECURE_SOCKETS=1
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
unset PCP_SECURE_SOCKETS

# verify that pmcd still starts and accepts insecure connections if the NSS configuration
# has been corrupted.
nss_setup_collector missing_certs 2>&1 | \
    sed -e "s|$collectordb|COLLECTORDB|" \
        -e 's/^\[.*\] pmcd([0-9][0-9]*)/[DATE] pmcd(PID)/'

echo "checking client, secure connection.  should fail..." | tee -a $seq.full
export PCP_SECURE_SOCKETS=1
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
unset PCP_SECURE_SOCKETS

echo "checking client, insecure connection.  should pass..."
unset PCP_SECURE_SOCKETS
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo

echo "checking client, connecting via 'local:'.  should pass..."
unset PCP_SECURE_SOCKETS
yes | pminfo -h local: -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo

_cleanup

# success, all done
status=0
exit
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-21 17:36:40 +0000