7 # get valid hostnames: $remote_1, $remote_2, etc.
14 echo "Cannot discover local host name!"
18 ipaddr
=`_host_to_ipaddr $host`
21 echo "Cannot translate hostname ($host) to an IP address!"
29 ##############################################################################
30 # The die.* tests die automatically by themselves.
32 cat >die
.001 <<End-of-File
33 # Test whitespace in "[access]" token
35 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
42 cat >die
.002 <<End-of-File
43 # Test whitespace in "[access]" token
45 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
52 cat >die
.003 <<End-of-File
53 # Test whitespace in "[access]" token
55 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
62 cat >die
.004 <<End-of-File
63 # Test whitespace in "[access]" token
65 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
68 # what the &^*%# is this doing here!?
75 cat >die
.005 <<End-of-File
76 # Test missing host list
78 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
86 cat >die
.006 <<End-of-File
87 # Test missing comma in host list
89 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
92 allow $remote_1 $remote_2: all;
97 cat >die
.007 <<End-of-File
98 # Test extra comma in host list
100 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
103 allow $remote_1,: all;
108 cat >die
.008 <<End-of-File
109 # Test missing colon after host list
111 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
119 cat >die
.009 <<End-of-File
120 # Test extra comma and missing colon after host list
122 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
125 allow $remote_1, all;
130 cat >die
.010 <<End-of-File
131 # Test missing semicolon
133 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
141 cat >die
.011 <<End-of-File
142 # Test statement with lotsa whitespace and comments interspersed.
144 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
155 : #a thing as beautiful
158 # the bottom of my in-tray
165 cat >die
.012 <<End-of-File
166 # Test all operation types.
168 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
172 allow $remote_1 : fetch;
173 allow $remote_1 : store;
174 allow $remote_1 : all;
175 allow $remote_1 : maximum 666 connections;
180 cat >die
.013 <<End-of-File
181 # Test all operations in a single permission list.
183 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
186 allow $remote_1: fetch, store, maximum 666 connections;
191 cat >die
.014 <<End-of-File
192 # Test clash of "all" with a specific operation.
194 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
197 allow $remote_1: all, fetch;
202 cat >die
.015 <<End-of-File
203 # Test that "all" works with a connection limit.
205 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
208 allow $remote_1: all, maximum 666 connections;
213 cat >die
.016 <<End-of-File
214 # Test that specific operations work with a connection limit.
216 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
219 allow $remote_1: fetch, store, maximum 666 connections;
224 cat >die
.017 <<End-of-File
225 # Test that a connection limit fails in a disallow.
227 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
230 disallow $remote_1: store, maximum 666 connections;
235 cat >die
.018 <<End-of-File
236 # Test that a connection limit fails in a disallow with except.
238 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
241 disallow $remote_1: all except fetch, maximum 666 connections;
246 cat >die
.019 <<End-of-File
247 # Test that a connection limit is OK in an allow with an except.
249 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
252 allow $remote_1: all except store, maximum 666 connections;
257 cat >die
.020 <<End-of-File
258 # Test that a bogus hostname is detected
260 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
263 allow error...mebourne : fetch;
268 cat >die
.021 <<End-of-File
269 # Test a no such host condition
271 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
274 allow nosuchhost.melbourne.sgi.com : fetch;
279 cat >die
.022 <<End-of-File
280 # Test that a bogus IP address
282 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
285 allow 192.2.3.999 : fetch;
290 cat >die
.023 <<End-of-File
291 # Test bad wildcard detection in IP address
293 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
296 allow 192.*.2 : fetch;
301 cat >die
.024 <<End-of-File
302 # Test embedded wildcard detection in host name
304 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
307 allow *.melbourne : fetch;
312 cat >die
.025 <<End-of-File
313 # Test wildcard detection in textual host name
315 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
318 allow melbourne.* : fetch;
323 cat >die
.026 <<End-of-File
324 # Test range check for IP address components
326 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
329 allow 192.-1.* : fetch;
330 allow 192.256.* : fetch;
335 cat >die
.027 <<End-of-File
336 # Test "reinforcing" of permissions
338 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
341 allow $remote_1 : fetch;
342 allow $remote_1 : fetch;
347 cat >die
.028 <<End-of-File
348 # Test contradictory permissions
350 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
353 allow $remote_1 : fetch;
354 disallow $remote_1 : fetch;
359 cat >die
.029 <<End-of-File
360 # Test contradictory permissions with host aliasing (IP and name)
362 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
366 disallow $ipaddr : fetch;
371 cat >die
.030 <<End-of-File
372 # Test contradictory permissions with host aliasing (different names)
374 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
377 allow $remote_1 : all;
378 disallow $remote_1 : fetch;
383 cat >die
.031 <<End-of-File
384 # Test mutually exclusive host lists
386 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
389 allow $remote_1, $remote_2 : all;
390 disallow $remote_3, $remote_4 : store;
395 cat >die
.032 <<End-of-File
396 # Test overlapping host lists
398 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
401 allow $remote_1, $remote_2 : all;
402 allow $remote_3, $remote_2 : fetch, store;
407 cat >die
.033 <<End-of-File
408 # Test overlapping host lists with conflict
410 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
413 allow $remote_1, $remote_4, $remote_2 : all;
414 disallow $remote_3, $remote_2, $remote_5 : store;
419 cat >die
.034 <<End-of-File
420 # Test overlapping host lists with conflicting connection counts
422 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
425 allow $remote_1, $remote_4, $remote_2 : all, maximum 30 connections;
426 allow $remote_3, $remote_2, $remote_5 : fetch, store, maximum 10 connections;
431 cat >die
.035 <<End-of-File
432 # Test various levels of wildcarding
434 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
437 allow 192.68.139.105: all;
438 allow 192.68.139.*: all, maximum 666 connections;
439 allow 192.68.*: all except store, maximum 555 connections;
440 allow 192.*: fetch, store, maximum 444 connections;
441 allow *: fetch, maximum 333 connections;
446 cat >die
.036 <<End-of-File
447 # Test various levels of wildcarding with several similar setups
449 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
452 allow 192.68.139.105: all;
453 allow 192.68.139.*: all, maximum 666 connections;
454 allow 192.68.*: all except store, maximum 555 connections;
455 allow 192.*: fetch, store, maximum 444 connections;
456 allow *: fetch, maximum 333 connections;
458 allow 193.68.139.105: all;
459 allow 193.68.139.*: all, maximum 666 connections;
460 allow 193.68.*: all except store, maximum 555 connections;
461 allow 193.*: fetch, store, maximum 444 connections;
463 allow 194.68.139.105: all;
464 allow 194.68.139.*: all, maximum 666 connections;
465 allow 194.68.*: all except store, maximum 555 connections;
466 allow 194.*: fetch, store, maximum 444 connections;
471 cat >die
.037 <<End-of-File
472 # Test reinforcing of disallows
474 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
477 disallow $remote_1: fetch;
478 disallow $remote_1: store;
479 disallow $remote_1: all;
484 cat >die
.038 <<End-of-File
485 # Test detection of multiple conflicting explicit connections limits
487 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
490 allow $remote_1: maximum 5 connections, fetch, maximum 666 connections;
495 cat >die
.039 <<End-of-File
496 # Test detection of connections limits immediately after "all except"
498 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
501 allow $remote_1: all except maximum 5 connections;
506 cat >die
.040 <<End-of-File
507 # Test unlimited connections access spec.
509 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
512 allow $remote_1: unlimited connections;
517 cat >die
.041 <<End-of-File
518 # Test clash of unlimited connections with explicit maximum
520 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
523 allow $remote_1: unlimited connections;
524 allow $remote_1: fetch, maximum 666 connections;
529 cat >die
.042 <<End-of-File
530 # Test reinforcing of unlimited connections
532 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
535 allow $remote_1: store, unlimited connections;
536 allow $remote_1: fetch, unlimited connections;
541 # Note: no quotes around "End-Of-File" or $host and $ipaddr not expanded
543 cat >die
.043 <<End-of-File
544 # Test conflicts with localhost aliasing
546 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
549 allow localhost: all;
550 disallow $host: fetch;
551 disallow $ipaddr : store;
556 cat >die
.044 <<End-of-File
557 # Check that log advisory and log mandatory no longer work
559 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
562 allow $remote_1 : log advisory;
563 allow $remote_1 : log mandatory;
568 cat >die
.045 <<End-of-File
569 # Test invalid and valid operations in a single permission list.
571 sample 254 socket inet 2077 $PCP_PMDAS_DIR/sample/pmdasample -i 2077
574 allow $remote_1: fetch, store, log advisory, log mandatory, maximum 666 connections;
579 ##############################################################################
580 # The kill.* tests must be killed as they leave pmcd running.
582 cat >kill.001 <<End-of-File
583 # Test various special case tokens and the parser
585 tricky 128 pipe binary \\
587 more params x-D x-R x-d 43\\
588 21 back\\\\slash "broken\\
590 abc:def 1;2;3 zzz "#abc\\"def" "x \\"y\\" z" \\#abc #and a comment\\
595 cat >filter.
kill.001 <<'End-of-File'
598 # Filter log from kill.001
600 . $PCP_DIR/etc/pcp.env
602 echo "This is `basename $0` "
604 sed -e '/No such file/s/^cat:/Cannot open/' \
606 | grep -v "Cannot open" \
608 -e '/^[A-Z][a-z][a-z] [A-Z][a-z][a-z] *[0-9][0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [0-9][0-9][0-9][0-9]$/d' \
609 -e '/^Log for pmcd on/s/ on .*/ on .../' \
610 -e '/^Log finished/s/finished .*/finished .../' \
611 -e 's/^\[[A-Z].. [A-Z].. *[0-9][0-9]* ..:..:..]/[DATE]/' \
612 -e '/pmcd([0-9][0-9]*)/s//pmcd(PID)/' \
613 -e '/pcp\[[0-9][0-9]*]/s//pcp[PID]/' \
614 -e '/^pmcd: PID/s/= .*/= PID/' \
615 -e '/pmcd caught SIG.* from pid=/s/=[0-9][0-9]*/=N/g' \
617 /pipe cmd=/ { $4 = "FD"; $5 = "FD" }
618 /ok .* INADDR_ANY/ { $2 = "FD" }
619 /ok .*pmcd.socket$/ { next }
620 /^tricky/ { for ( i = 1 ; i <= NF ; i++ )
621 if ( i == 3 ) printf "PID " ; else printf "%s ", $i
628 echo 'dummy cat agent should have produced "Cannot open" messages:'
629 grep "Cannot open" kill.001.$$
633 chmod u
+x filter.
kill.001