tests/test-nbd-client-tls.sh

   1 #!/usr/bin/env bash
   2 # nbdkit
   3 # Copyright Red Hat
   4 #
   5 # Redistribution and use in source and binary forms, with or without
   6 # modification, are permitted provided that the following conditions are
   7 # met:
   8 #
   9 # * Redistributions of source code must retain the above copyright
  10 # notice, this list of conditions and the following disclaimer.
  11 #
  12 # * Redistributions in binary form must reproduce the above copyright
  13 # notice, this list of conditions and the following disclaimer in the
  14 # documentation and/or other materials provided with the distribution.
  15 #
  16 # * Neither the name of Red Hat nor the names of its contributors may be
  17 # used to endorse or promote products derived from this software without
  18 # specific prior written permission.
  19 #
  20 # THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
  21 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  22 # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  23 # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
  24 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  25 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  26 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  27 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  28 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  29 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  30 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31 # SUCH DAMAGE.
  32
  33 # Check that nbd-client (the kernel client) can interoperate with
  34 # nbdkit with TLS.
  35
  36 source ./functions.sh
  37 set -e
  38 set -x
  39
  40 nbddev=/dev/nbd2
  41
  42 requires_root
  43
  44 requires nbd-client --version
  45 requires_not nbd-client -c $nbddev
  46
  47 requires blockdev --version
  48 requires dd --version
  49 requires hexdump --version
  50
  51 # NBD support was added in 2.1.55!  Mainly we're using this to check
  52 # this is Linux.
  53 requires_linux_kernel_version 2.2
  54
  55 # Does the nbdkit binary support TLS?
  56 if ! nbdkit --dump-config | grep -sq tls=yes; then
  57     echo "$0: nbdkit built without TLS support"
  58     exit 77
  59 fi
  60
  61 # Did we create the PKI files?
  62 # Probably 'certtool' is missing.
  63 pkidir="$PWD/pki"
  64 if [ ! -f "$pkidir/ca-cert.pem" ]; then
  65     echo "$0: PKI files were not created by the test harness"
  66     exit 77
  67 fi
  68
  69 sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
  70 pid=nbd-client-tls.pid
  71 rm -f $sock $pid
  72 cleanup_fn rm -f $sock $pid
  73
  74 # Try to make sure the nbd device is cleaned up on exit.
  75 #
  76 # We have to run this here so we run this command first, before trying
  77 # to kill nbdkit.  (The order in which the cleanup hooks run should
  78 # probably be reversed).
  79 cleanup_fn nbd-client -d $nbddev
  80
  81 # Start an nbdkit instance serving known data and allowing writes.
  82 start_nbdkit -P $pid -U $sock \
  83              --tls=require --tls-certificates="$pkidir" --tls-verify-peer \
  84              pattern 10M --filter=cow
  85
  86 # Open a connection with nbd-client.
  87 nbd-client -unix $sock $nbddev \
  88            -cacertfile $pkidir/ca-cert.pem \
  89            -certfile $pkidir/client-cert.pem \
  90            -keyfile $pkidir/client-key.pem
  91
  92 # Check the device exists.
  93 nbd-client -c $nbddev
  94 size="$( blockdev --getsize64 $nbddev )"
  95 test "$size" -eq $(( 10 * 1024 * 1024 ))
  96
  97 # Check the data in the device looks reasonable.
  98 dd if=$nbddev bs=1024 count=1 skip=1 | hexdump -C
  99
 100 # Try writing.
 101 dd if=/dev/zero of=$nbddev bs=1024 count=100 skip=200