From patchwork Tue Feb 13 14:47:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3614 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:59c4:b0:554:adf7:68e6 with SMTP id z4csp366696may; Tue, 13 Feb 2024 06:48:02 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUQBYklXIrVxiFg66EWrnbfqoTTC3qrmnr8/QZ9yvLwg3DqU2B9B38Yxeh+z9RXdLYkd66UPgHzctS+MmgIpSIbx1VayAc= X-Google-Smtp-Source: AGHT+IEdj84b33MfyoW0dGy/iU2erg7CWp1gdyGip7khaNf33UQHiuueIIgPiiwywAJXTVGXICvN X-Received: by 2002:a05:6a00:4211:b0:6e0:cfe2:906b with SMTP id cd17-20020a056a00421100b006e0cfe2906bmr9804405pfb.0.1707835682286; Tue, 13 Feb 2024 06:48:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1707835682; cv=none; d=google.com; s=arc-20160816; b=AJE1kt7hGNNx/1rHu22qFVLAFQpNWaapjcCOchlLH7DSKGTPqTfzNIgZoH6/cfP2It +rcBBe2wCPpergOhmi5vEvMtoYtc8BKNAay6CiX22lUI9dvCNYDfYr3/9eufHfppA8NT iiZpLaRi4tGcEuxFOtoFAWITK4yHIdmA7fTcyimNfRLJKiYLgzTDHuE6jS3sZtH/vCxf 8w2omtuj0U7Cf+WWjLZgZ4+Mw9+pgX2P++DturjUin0rJoSh8yK4VLEjPOir5d3jEN6l nCU30OfwaJlNu2YQHDHm6nCD+T0ANwJW2ZH6p3jK0PmX+8Rw8gdwzjH6YkoGDdlQwe3a CgAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=WfUxstrbFD7y/cCR5kD0r+4Pu/Sl2ArOZgGSjfWRNR8=; fh=xoCyjPD52ZEs0akybqz3pf0scRMf6bVpJoo5DEsERWs=; b=yG6M+HX3J5OefPY7Sgpr9rZNtdPEuqHlztSjw9xv+nW/QHp+4vr3OdeXmMnuFWF+c7 uenCzY/ObXdRBk1lDpmOWTAutP+fe6kIy3azR6v3pV02BKZLssnS61JSPegznYQEDCnS Z59v0mEmq3UHqhJxei6SxLOGZWyceXc667CKM3tR9P/65OeIr0DeNKAzHTrgTfHdmp67 2OIHBeoOlWBTSGBWm+sGVKZBBeMulHQ18wotW43nVqMqkJgPEKu5ncNzlqb0j1ulQCb+ k+ECB6l62v/2ZuvEUuE7OXTcEeZQBeYUezduOpDVe0SIPd+yU8o626yiQULshxNCWF7Z pXNg==; darn=openvpn.net ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GmnEWVZT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GGFB4a9v; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=LvJ97lng; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net X-Forwarded-Encrypted: i=1; AJvYcCVdOHA9DKib+SaTAMo6NfV15zglOEB2MeZdhjacJw1KvBdkCxDSC1StBuhUpBG7t+Brw5v0dBdllyCKJmqblwV7erAgsQdvbL0tQwX2ioxbK/df1bs+iB5F/U45lW6EZE7yf48oFSAw2jSA18mLTknF6cfX1no= Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id k189-20020a6324c6000000b005dc7f609bb8si1737516pgk.644.2024.02.13.06.48.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Feb 2024 06:48:02 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GmnEWVZT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GGFB4a9v; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=LvJ97lng; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rZu4N-0002aW-N3; Tue, 13 Feb 2024 14:47:36 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rZu4K-0002aQ-LZ for openvpn-devel@lists.sourceforge.net; Tue, 13 Feb 2024 14:47:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Y5mPMrYTieD74u3ws9bxJY1GsE1kEch/RWE4aKZfoHA=; b=GmnEWVZT7Brrid7CJQOIP7Mvoc eDmoN9xSTEyFAN2K5wmPQK5vh1Iv0PFuH2SgP/IwSpz/cS9Q+O1CkR2uGgdVgQ69u2cQcVi0rv8TR 95mAzApSlE5tzXHNcBmXM8ibTOh7Bq4wHyxJTn+2zd4g4cLIqm8ugnZGLC0SHA+X11f0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=Y5mPMrYTieD74u3ws9bxJY1GsE1kEch/RWE4aKZfoHA=; b=G GFB4a9vjdblVbxh9pI18Ap8Somi2XgrkbAfUf6K5V9zlTdICRzXwXzWazdnX2FIrvRwyDny1dW0TI Yqhhw8UhTJ4oXvn5wasS/qkJYsfWcDxx7gngDdqHCI3vtK0BLszjudeOgkuXzAVRGlhhn8q7xnsDn wEJOBvKBBT23OITo=; Received: from mail-lf1-f41.google.com ([209.85.167.41]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rZu4I-0001Es-HM for openvpn-devel@lists.sourceforge.net; Tue, 13 Feb 2024 14:47:33 +0000 Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-5116bf4dcf4so5333664e87.0 for ; Tue, 13 Feb 2024 06:47:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1707835639; x=1708440439; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=Y5mPMrYTieD74u3ws9bxJY1GsE1kEch/RWE4aKZfoHA=; b=LvJ97lnggsKpmQwvadG5z3PILAJKKz1e6N1PH6EFPipJEdxn7bUt0242zm7CLsd9+p xNBHatDdK778HJg5JmR80lauB7MBrJ3tLRD4TtpKC18y5Q5rhVIn7zOrL3spT6K6Em+E YtbOJqD8kAgB4fhIyxmdECU5m73Tb8/xE6szplKzvqrzz8r1Wxqyi4a+Nb8rxXFjH6W+ SxLngtpLCJDC9ghrgkjAxsuNoUkbBHFtetvaWUn6xKHeUgjKh/92lgXWLBf+fl/l0UjK G5ZnH/SfckgLdO896ICkA/jKuSPsbNCppN3UuqxnH9czxcpjwSXfmBSXWiaDO/Uofvhd Y+tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707835639; x=1708440439; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Y5mPMrYTieD74u3ws9bxJY1GsE1kEch/RWE4aKZfoHA=; b=QLh6x0MVmjq08KZEJ2x8rYsgX+PsQhUmYPcM539noWKtlTaeX2LjwK+1c6wtyutbQd yzQPc4V9LuJ42WbszHwP2i+oi5xnh7lbHYtKw7n+0k1JtHulL76Ah0xDzZid79UuxHFP zIVBiJ2eFfJYRQaRhNVkcMPFo3U1rZHnGgsJmPZWprnQbuS1kvZmsIOoPnx4TOjU8fHp YVpRMw5PUUwIf8YPgO7dw7ZwhmAuVG/ayjdcbkh1HwwNuR/dBGYKniZZ7my2GS25zIhd ofNlPoGaBH9j8nICNqOX88pv5pZKkoNpaHleUf/DIBdj7Rvi2dHbCtIpA3Wtj61NAlG3 sJBA== X-Gm-Message-State: AOJu0YwqX22mYhplAZBNDHgkqmtYuDV3guV7esFtgi9tjxrwxp7KZkHo r/Od4BTGzwplOK5L+4P02tODccL8CmusFf5LGJQ3qGka6GEOVa2obueGJYLcuhDq6wMTxd2VR0C C X-Received: by 2002:ac2:4c18:0:b0:511:6f89:adea with SMTP id t24-20020ac24c18000000b005116f89adeamr6502719lfq.15.1707835639282; Tue, 13 Feb 2024 06:47:19 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id az17-20020adfe191000000b0033b87c2725csm4179768wrb.104.2024.02.13.06.47.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 06:47:18 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 13 Feb 2024 14:47:18 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I13ea6752c8d102eabcc579e391828c05d5322899 X-Gerrit-Change-Number: 521 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 995a86aa8bcb62ce252d50e94529c8748c51f27c References: Message-ID: <0b66b827fb45e5b81169a5b39a6507f548535c5f-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.167.41 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.167.41 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1rZu4I-0001Es-HM Subject: [Openvpn-devel] [M] Change in openvpn[master]: t_client.sh: Allow to skip tests X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1790795507912370050?= X-GMAIL-MSGID: =?utf-8?q?1790795507912370050?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/521?usp=email to review the following change. Change subject: t_client.sh: Allow to skip tests ...................................................................... t_client.sh: Allow to skip tests Individual tests can define a script to run to test whether they should be skipped. Included in this commit is an example check which checks whether we can do NTLM checks. This fails e.g. on recent versions of Fedora with mbedTLS (tested with Fedora 39) or when NTLM support is not compiled in. Change-Id: I13ea6752c8d102eabcc579e391828c05d5322899 Signed-off-by: Frank Lichtenheld --- M tests/Makefile.am A tests/ntlm_support.c M tests/t_client.sh.in 3 files changed, 76 insertions(+), 0 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/21/521/1 diff --git a/tests/Makefile.am b/tests/Makefile.am index b3b2d74..5911260 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -19,6 +19,8 @@ if !WIN32 test_scripts = t_client.sh t_lpback.sh t_cltsrv.sh + +check_PROGRAMS = ntlm_support if HAVE_SITNL test_scripts += t_net.sh endif @@ -36,3 +38,15 @@ dist_noinst_DATA = \ t_client.rc-sample + +ntlm_support_CFLAGS = -I$(top_srcdir)/src/openvpn -I$(top_srcdir)/src/compat -I$(top_srcdir)/tests/unit_tests/openvpn @TEST_CFLAGS@ +ntlm_support_LDFLAGS = @TEST_LDFLAGS@ -L$(top_srcdir)/src/openvpn $(OPTIONAL_CRYPTO_LIBS) +ntlm_support_SOURCES = ntlm_support.c \ + unit_tests/openvpn/mock_msg.c unit_tests/openvpn/mock_msg.h \ + $(top_srcdir)/src/openvpn/buffer.c \ + $(top_srcdir)/src/openvpn/crypto.c \ + $(top_srcdir)/src/openvpn/crypto_openssl.c \ + $(top_srcdir)/src/openvpn/crypto_mbedtls.c \ + $(top_srcdir)/src/openvpn/otime.c \ + $(top_srcdir)/src/openvpn/packet_id.c \ + $(top_srcdir)/src/openvpn/platform.c diff --git a/tests/ntlm_support.c b/tests/ntlm_support.c new file mode 100644 index 0000000..73bd4a8 --- /dev/null +++ b/tests/ntlm_support.c @@ -0,0 +1,49 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2023 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "syshead.h" + +#include "crypto.h" + +#include "mock_msg.h" + +int +main(void) +{ +#ifdef NTLM + if (!md_valid("MD4")) + { + msg(M_FATAL, "MD4 not supported"); + } + if (!md_valid("MD5")) + { + msg(M_FATAL, "MD5 not supported"); + } +#else /* ifdef NTLM */ + msg(M_FATAL, "NTLM support not compiled in"); +#endif +} diff --git a/tests/t_client.sh.in b/tests/t_client.sh.in index 99e6f9c..7be1c8e 100755 --- a/tests/t_client.sh.in +++ b/tests/t_client.sh.in @@ -291,12 +291,14 @@ # main test loop # ---------------------------------------------------------- SUMMARY_OK= +SUMMARY_SKIP= SUMMARY_FAIL= for SUF in $TEST_RUN_LIST do # get config variables eval test_prep=\"\$PREPARE_$SUF\" + eval test_check_skip=\"\$SKIP_$SUF\" eval test_postinit=\"\$POSTINIT_CMD_$SUF\" eval test_cleanup=\"\$CLEANUP_$SUF\" eval test_run_title=\"\$RUN_TITLE_$SUF\" @@ -318,6 +320,15 @@ output_start "### test run $SUF: '$test_run_title' ###" fail_count=0 + if [ -n "$test_check_skip" ]; then + output "check whether we need to skip: '$test_check_skip'" + eval $test_check_skip || { + output "skip check failed, SKIP test $SUF." + SUMMARY_SKIP="$SUMMARY_SKIP $SUF" + echo -e "$outbuf" ; continue + } + fi + if [ -n "$test_prep" ]; then output "running preparation: '$test_prep'" eval $test_prep @@ -455,8 +466,10 @@ done if [ -z "$SUMMARY_OK" ] ; then SUMMARY_OK=" none"; fi +if [ -z "$SUMMARY_SKIP" ] ; then SUMMARY_SKIP=" none"; fi if [ -z "$SUMMARY_FAIL" ] ; then SUMMARY_FAIL=" none"; fi echo "Test sets succeeded:$SUMMARY_OK." +echo "Test sets skipped:$SUMMARY_SKIP." echo "Test sets failed:$SUMMARY_FAIL." # remove trap handler