X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/b1770b6e4e865e3422e18e903b8e918df8802aa0..224f418b1ea62a1d1b4bbf261b50b2dc02aed98a:/test/runtest diff --git a/test/runtest b/test/runtest index 9bcace082..0eda52d91 100755 --- a/test/runtest +++ b/test/runtest @@ -28,14 +28,17 @@ $testversion = "4.80 (08-May-12)"; # This gets embedded in the D-H params filename, and the value comes # from asking GnuTLS for "normal", but there appears to be no way to # use certtool/... to ask what that value currently is. *sigh* -# This value is correct as of GnuTLS 2.12.18. -# -$gnutls_dh_bits_normal = 2432; +# We also clamp it because of NSS interop, see addition of tls_dh_max_bits. +# This value is correct as of GnuTLS 2.12.18 as clamped by tls_dh_max_bits. +# normal = 2432 tls_dh_max_bits = 2236 +$gnutls_dh_bits_normal = 2236; $cf = "bin/cf -exact"; $cr = "\r"; $debug = 0; +$force_continue = 0; $force_update = 0; +$log_failed_filename = "failed-summary.log"; $more = "less -XF"; $optargs = ""; $save_output = 0; @@ -74,6 +77,9 @@ $parm_port_d2 = 1226; # Additional for daemon $parm_port_d3 = 1227; # Additional for daemon $parm_port_d4 = 1228; # Additional for daemon +# Manually set locale +$ENV{'LC_ALL'} = 'C'; + ############################################################################### @@ -159,7 +165,7 @@ if (exists $TEST_STATE->{exim_pid}) { $pid = $TEST_STATE->{exim_pid}; print "Tidyup: killing wait-mode daemon pid=$pid\n"; - system("sudo kill -SIGINT $pid"); + system("sudo kill -INT $pid"); } if (opendir(DIR, "spool")) @@ -173,7 +179,7 @@ if (opendir(DIR, "spool")) chomp($pid = ); close(PID); print "Tidyup: killing daemon pid=$pid\n"; - system("sudo rm -f spool/$spool; sudo kill -SIGINT $pid"); + system("sudo rm -f spool/$spool; sudo kill -INT $pid"); } } else @@ -187,7 +193,8 @@ close(T); system("sudo /bin/rm -rf ./spool test-* ./dnszones/*") if ($rc == 0 && !$save_output); -system("sudo /bin/rm -rf ./eximdir/*"); +system("sudo /bin/rm -rf ./eximdir/*") + if (!$save_output); print "\nYou were in test $test at the end there.\n\n" if defined $test; exit $rc if ($rc >= 0); @@ -309,6 +316,7 @@ return @yield; sub munge { my($file) = $_[0]; +my($extra) = $_[1]; my($yield) = 0; my(@saved) = (); @@ -334,6 +342,13 @@ $spid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; while() { RESET_AFTER_EXTRA_LINE_READ: + # Custom munges + if ($extra) + { + next if $extra =~ m%^/% && eval $extra; + eval $extra if $extra =~ m/^s/; + } + # Check for "*** truncated ***" $yield = 1 if /\*\*\* truncated \*\*\*/; @@ -343,6 +358,9 @@ RESET_AFTER_EXTRA_LINE_READ: # But convert "name=the.local.host address=127.0.0.1" to use "localhost" s/name=the\.local\.host address=127\.0\.0\.1/name=localhost address=127.0.0.1/g; + # The name of the shell may vary + s/\s\Q$parm_shell\E\b/ ENV_SHELL/; + # Replace the path to the testsuite directory s?\Q$parm_cwd\E?TESTSUITE?g; @@ -390,9 +408,6 @@ RESET_AFTER_EXTRA_LINE_READ: # The message for a non-listening FIFO varies s/:[^:]+: while opening named pipe/: Error: while opening named pipe/; - # The name of the shell may vary - s/\s\Q$parm_shell\E\b/ SHELL/; - # Debugging output of lists of hosts may have different sort keys s/sort=\S+/sort=xx/ if /^\S+ (?:\d+\.){3}\d+ mx=\S+ sort=\S+/; @@ -470,7 +485,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/\d\d-[A-Z][a-z]{2}-\d{4}\s\d\d:\d\d:\d\d/07-Mar-2000 12:21:52/g; # Time on queue tolerance - s/QT=1s/QT=0s/; + s/(QT|D)=1s/$1=0s/; # Eximstats heading s/Exim\sstatistics\sfrom\s\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\sto\s @@ -482,16 +497,58 @@ RESET_AFTER_EXTRA_LINE_READ: # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we # treat the standard algorithms the same. # So far, have seen: + # TLSv1:AES128-GCM-SHA256:128 # TLSv1:AES256-SHA:256 + # TLSv1.1:AES256-SHA:256 # TLSv1.2:AES256-GCM-SHA384:256 + # TLSv1.2:DHE-RSA-AES256-SHA:256 + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 # We also need to handle the ciphersuite without the TLS part present, for # client-ssl's output. We also see some older forced ciphersuites, but # negotiating TLS 1.2 instead of 1.0. # Mail headers (...), log-lines X=..., client-ssl output ... # (and \b doesn't match between ' ' and '(' ) - s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg; + s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg; + s/\bAES128-GCM-SHA256:128\b/AES256-SHA:256/g; + s/\bAES128-GCM-SHA256\b/AES256-SHA/g; s/\bAES256-GCM-SHA384\b/AES256-SHA/g; + s/\bDHE-RSA-AES256-SHA\b/AES256-SHA/g; + + # GnuTLS have seen: + # TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 + # TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 + # TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical) + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 + # + # X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256 + # X=TLS1.2:RSA_AES_256_CBC_SHA1:256 + # X=TLS1.1:RSA_AES_256_CBC_SHA1:256 + # X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 + # and as stand-alone cipher: + # ECDHE-RSA-AES256-SHA + # DHE-RSA-AES256-SHA256 + # DHE-RSA-AES256-SHA + # picking latter as canonical simply because regex easier that way. + s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g; + s/TLS1.[012]:((EC)?DHE_)?RSA_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256/g; + s/\b(ECDHE-RSA-AES256-SHA|DHE-RSA-AES256-SHA256)\b/AES256-SHA/g; + + # GnuTLS library error message changes + s/No certificate was found/The peer did not send any certificate/g; +#(dodgy test?) s/\(certificate verification failed\): invalid/\(gnutls_handshake\): The peer did not send any certificate./g; + s/\(gnutls_priority_set\): No or insufficient priorities were set/\(gnutls_handshake\): Could not negotiate a supported cipher suite/g; + + # (this new one is a generic channel-read error, but the testsuite + # only hits it in one place) + s/TLS error on connection \(gnutls_handshake\): Error in the pull function\./a TLS session is required but an attempt to start TLS failed/g; + + # (replace old with new, hoping that old only happens in one situation) + s/TLS error on connection to \d{1,3}(.\d{1,3}){3} \[\d{1,3}(.\d{1,3}){3}\] \(gnutls_handshake\): A TLS packet with unexpected length was received./a TLS session is required for ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4], but an attempt to start TLS failed/g; + s/TLS error on connection from \[127.0.0.1\] \(recv\): A TLS packet with unexpected length was received./TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated./g; + + # signature algorithm names + s/RSA-SHA1/RSA-SHA/; # ======== Caller's login, uid, gid, home, gecos ======== @@ -506,7 +563,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/\buid=$parm_caller_uid\b/uid=CALLER_UID/g; s/\bgid=$parm_caller_gid\b/gid=CALLER_GID/g; - s/\bname=$parm_caller_gecos\b/name=CALLER_GECOS/g; + s/\bname="?$parm_caller_gecos"?/name=CALLER_GECOS/g; # When looking at spool files with -Mvh, we will find not only the caller # login, but also the uid and gid. It seems that $) in some Perls gives all @@ -697,8 +754,7 @@ RESET_AFTER_EXTRA_LINE_READ: # numbers, or handle specific bad conditions in different ways, leading to # different wording in the error messages, so we cannot compare them. - s/(TLS error on connection (?:from|to) .*? \(SSL_\w+\): error:)(.*)/$1 <>/; - + s/(TLS error on connection (?:from .* )?\(SSL_\w+\): error:)(.*)/$1 <>/; # ======== Maildir things ======== # timestamp output in maildir processing @@ -748,6 +804,10 @@ RESET_AFTER_EXTRA_LINE_READ: # other output is fragile; perhaps the debug output should be revised instead. s%(?; + next; + } + next if /^tls_validate_require_cipher child \d+ ended: status=0x0/; # We invoke Exim with -D, so we hit this new messag as of Exim 4.73: next if /^macros_trusted overridden to true by whitelisting/; @@ -928,6 +1003,11 @@ RESET_AFTER_EXTRA_LINE_READ: @saved = (); } + # Skip hosts_require_dane checks when the options + # are unset, because dane ain't always there. + + next if /in\shosts_require_dane\?\sno\s\(option\sunset\)/x; + # Skip some lines that Exim puts out at the start of debugging output # because they will be different in different binaries. @@ -949,6 +1029,14 @@ RESET_AFTER_EXTRA_LINE_READ: next; } + # ======== log ======== + + elsif ($is_log) + { + # Berkeley DB version differences + next if / Berkeley DB error: /; + } + # ======== All files other than stderr ======== print MUNGED; @@ -967,16 +1055,43 @@ return $yield; # Arguments: [0] the prompt string # [1] if there is a U in the prompt and $force_update is true +# [2] if there is a C in the prompt and $force_continue is true # Returns: nothing (it sets $_) sub interact{ print $_[0]; if ($_[1]) { $_ = "u"; print "... update forced\n"; } + elsif ($_[2]) { $_ = "c"; print "... continue forced\n"; } else { $_ = ; } } +################################################## +# Subroutine to log in force_continue mode # +################################################## + +# In force_continue mode, we just want a terse output to a statically +# named logfile. If multiple files in same batch (stdout, stderr, etc) +# all have mismatches, it will log multiple times. +# +# Arguments: [0] the logfile to append to +# [1] the testno that failed +# Returns: nothing + + + +sub log_failure { + my $logfile = shift(); + my $testno = shift(); + my $detail = shift() || ''; + if ( open(my $fh, ">>", $logfile) ) { + print $fh "Test $testno $detail failed\n"; + close $fh; + } +} + + ################################################## # Subroutine to compare one output file # @@ -991,6 +1106,7 @@ if ($_[1]) { $_ = "u"; print "... update forced\n"; } # [2] where to put the munged copy # [3] the name of the saved file # [4] TRUE if this is a log file whose deliveries must be sorted +# [5] optionally, a custom munge command # # Returns: 0 comparison succeeded or differences to be ignored # 1 comparison failed; files may have been updated (=> re-compare) @@ -998,7 +1114,7 @@ if ($_[1]) { $_ = "u"; print "... update forced\n"; } # Does not return if the user replies "Q" to a prompt. sub check_file{ -my($rf,$rsf,$mf,$sf,$sortfile) = @_; +my($rf,$rsf,$mf,$sf,$sortfile,$extra) = @_; # If there is no saved file, the raw files must either not exist, or be # empty. The test ! -s is TRUE if the file does not exist or is empty. @@ -1014,8 +1130,9 @@ if (! -e $sf) for (;;) { print "Continue, Show, or Quit? [Q] "; - $_ = ; + $_ = $force_continue ? "c" : ; tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, $rf) if (/^c$/i && $force_continue); return 0 if /^c$/i; last if (/^s$/); } @@ -1034,8 +1151,9 @@ if (! -e $sf) print "\n"; for (;;) { - interact("Continue, Update & retry, Quit? [Q] ", $force_update); + interact("Continue, Update & retry, Quit? [Q] ", $force_update, $force_continue); tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, $rsf) if (/^c$/i && $force_continue); return 0 if /^c$/i; last if (/^u$/i); } @@ -1046,11 +1164,11 @@ if (! -e $sf) # data that does exist. open(MUNGED, ">$mf") || tests_exit(-1, "Failed to open $mf: $!"); -my($truncated) = munge($rf) if -e $rf; +my($truncated) = munge($rf, $extra) if -e $rf; if (defined $rsf && -e $rsf) { print MUNGED "\n******** SERVER ********\n"; - $truncated |= munge($rsf); + $truncated |= munge($rsf, $extra); } close(MUNGED); @@ -1151,8 +1269,9 @@ if (-e $sf) print "\n"; for (;;) { - interact("Continue, Retry, Update & retry, Quit? [Q] ", $force_update); + interact("Continue, Retry, Update & retry, Quit? [Q] ", $force_update, $force_continue); tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, $sf) if (/^c$/i && $force_continue); return 0 if /^c$/i; return 1 if /^r$/i; last if (/^u$/i); @@ -1171,47 +1290,89 @@ return 1; +################################################## +# Custom munges +# keyed by name of munge; value is a ref to a hash +# which is keyed by file, value a string to look for. +# Usable files are: +# paniclog, rejectlog, mainlog, stdout, stderr, msglog, mail +# Search strings starting with 's' do substitutions; +# with '/' do line-skips. +# Triggered by a scriptfile line "munge " +################################################## +$munges = + { 'dnssec' => + { 'stderr' => '/^Reverse DNS security status: unverified\n/' }, + + 'gnutls_unexpected' => + { 'mainlog' => '/\(recv\): A TLS packet with unexpected length was received./' }, + + 'gnutls_handshake' => + { 'mainlog' => 's/\(gnutls_handshake\): Error in the push function/\(gnutls_handshake\): A TLS packet with unexpected length was received/' }, + + 'optional_events' => + { 'stdout' => '/event_action =/' }, + + 'optional_ocsp' => + { 'stderr' => '/127.0.0.1 in hosts_requ(ire|est)_ocsp/' }, + + 'no_tpt_filter_epipe' => + { 'stderr' => '/^writing error 32: Broken pipe$/' }, + + 'optional_cert_hostnames' => + { 'stderr' => '/in tls_verify_cert_hostnames\? no/' }, + + }; + + ################################################## # Subroutine to check the output of a test # ################################################## # This function is called when the series of subtests is complete. It makes -# use of check() file, whose arguments are: +# use of check_file(), whose arguments are: # # [0] the name of the main raw output file # [1] the name of the server raw output file or undef # [2] where to put the munged copy # [3] the name of the saved file # [4] TRUE if this is a log file whose deliveries must be sorted +# [5] an optional custom munge command # -# Arguments: none +# Arguments: Optionally, name of a custom munge to run. # Returns: 0 if the output compared equal # 1 if re-run needed (files may have been updated) sub check_output{ +my($mungename) = $_[0]; my($yield) = 0; +my($munge) = $munges->{$mungename} if defined $mungename; $yield = 1 if check_file("spool/log/paniclog", "spool/log/serverpaniclog", "test-paniclog-munged", - "paniclog/$testno", 0); + "paniclog/$testno", 0, + $munge->{'paniclog'}); $yield = 1 if check_file("spool/log/rejectlog", "spool/log/serverrejectlog", "test-rejectlog-munged", - "rejectlog/$testno", 0); + "rejectlog/$testno", 0, + $munge->{'rejectlog'}); $yield = 1 if check_file("spool/log/mainlog", "spool/log/servermainlog", "test-mainlog-munged", - "log/$testno", $sortlog); + "log/$testno", $sortlog, + $munge->{'mainlog'}); if (!$stdout_skip) { $yield = 1 if check_file("test-stdout", "test-stdout-server", "test-stdout-munged", - "stdout/$testno", 0); + "stdout/$testno", 0, + $munge->{'stdout'}); } if (!$stderr_skip) @@ -1219,7 +1380,8 @@ if (!$stderr_skip) $yield = 1 if check_file("test-stderr", "test-stderr-server", "test-stderr-munged", - "stderr/$testno", 0); + "stderr/$testno", 0, + $munge->{'stderr'}); } # Compare any delivered messages, unless this test is skipped. @@ -1258,7 +1420,8 @@ if (! $message_skip) print ">> COMPARE $mail mail/$testno.$saved_mail\n" if $debug; $yield = 1 if check_file($mail, undef, "test-mail-munged", - "mail/$testno.$saved_mail", 0); + "mail/$testno.$saved_mail", 0, + $munge->{'mail'}); delete $expected_mails{"mail/$testno.$saved_mail"}; } @@ -1271,8 +1434,9 @@ if (! $message_skip) for (;;) { - interact("Continue, Update & retry, or Quit? [Q] ", $force_update); + interact("Continue, Update & retry, or Quit? [Q] ", $force_update, $force_continue); tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, "missing email") if (/^c$/i && $force_continue); last if /^c$/i; # For update, we not only have to unlink the file, but we must also @@ -1328,7 +1492,8 @@ if (! $msglog_skip) s/((?:[^\W_]{6}-){2}[^\W_]{2}) /new_value($1, "10Hm%s-0005vi-00", \$next_msgid)/egx; $yield = 1 if check_file("spool/msglog/$msglog", undef, - "test-msglog-munged", "msglog/$testno.$munged_msglog", 0); + "test-msglog-munged", "msglog/$testno.$munged_msglog", 0, + $munge->{'msglog'}); delete $expected_msglogs{"$testno.$munged_msglog"}; } } @@ -1353,8 +1518,9 @@ if (! $msglog_skip) for (;;) { - interact("Continue, Update, or Quit? [Q] ", $force_update); + interact("Continue, Update, or Quit? [Q] ", $force_update, $force_continue); tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, "missing msglog") if (/^c$/i && $force_continue); last if /^c$/i; if (/^u$/i) { @@ -1422,6 +1588,7 @@ system("$cmd"); # 4 EOF was encountered after an initial return code line # Optionally alse a second parameter, a hash-ref, with auxilliary information: # exim_pid: pid of a run process +# munge: name of a post-script results munger sub run_command{ my($testno) = $_[0]; @@ -1607,14 +1774,14 @@ if (/^killdaemon/) print ">> killdaemon: recovered pid $pid\n" if $debug; if ($pid) { - run_system("sudo /bin/kill -SIGINT $pid"); + run_system("sudo /bin/kill -INT $pid"); wait; } } else { $pid = `cat $parm_cwd/spool/exim-daemon.*`; if ($pid) { - run_system("sudo /bin/kill -SIGINT $pid"); + run_system("sudo /bin/kill -INT $pid"); close DAEMONCMD; # Waits for process } } @@ -1634,6 +1801,18 @@ elsif (/^millisleep\s+(.*)$/) } +# The "munge" command selects one of a hardwired set of test-result modifications +# to be made before result compares are run agains the golden set. This lets +# us account for test-system dependent things which only affect a few, but known, +# test-cases. +# Currently only the last munge takes effect. + +if (/^munge\s+(.*)$/) + { + return (0, { munge => $1 }); + } + + # The "sleep" command does just that. For sleeps longer than 1 second we # tell the user what's going on. @@ -1849,7 +2028,8 @@ elsif (/^([A-Z_]+=\S+\s+)?(\d+)?\s*(sudo\s+)?exim(_\S+)?\s+(.*)$/) for ($i = @msglist; $i > 0; $i--) { $args =~ s/\$msg$i/$msglist[$i-1]/g; } if ( $args =~ /\$msg\d/ ) { - tests_exit(-1, "Not enough messages in spool, for test $testno line $lineno\n"); + tests_exit(-1, "Not enough messages in spool, for test $testno line $lineno\n") + unless $force_continue; } } @@ -2046,6 +2226,9 @@ while (@ARGV > 0 && $ARGV[0] =~ /^-/) { if ($arg eq "-DEBUG") { $debug = 1; $cr = "\n"; next; } if ($arg eq "-DIFF") { $cf = "diff -u"; next; } + if ($arg eq "-CONTINUE"){$force_continue = 1; + $more = "cat"; + next; } if ($arg eq "-UPDATE") { $force_update = 1; next; } if ($arg eq "-NOIPV4") { $have_ipv4 = 0; next; } if ($arg eq "-NOIPV6") { $have_ipv6 = 0; next; } @@ -2559,7 +2742,7 @@ $pwcomm = $pwcomm; $parm_caller_group = getgrgid($parm_caller_gid); -print "Program caller is $parm_caller, whose group is $parm_caller_group\n"; +print "Program caller is $parm_caller ($parm_caller_uid), whose group is $parm_caller_group ($parm_caller_gid)\n"; print "Home directory is $parm_caller_home\n"; unless (defined $parm_eximgroup) @@ -2597,7 +2780,7 @@ while (($parm_ipv4 eq "" || $parm_ipv6 eq "") && ($_ = )) $_ =~ /^\s*inet(?:\saddr)?:?\s?(\d+\.\d+\.\d+\.\d+)\s/i) { $ip = $1; - next if ($ip eq "127.0.0.1"); + next if ($ip =~ /^127\./); $parm_ipv4 = $ip; } @@ -2697,9 +2880,11 @@ if ($parm_hostname !~ /\./) print "\n*** Host name is not fully qualified: this may cause problems ***\n\n"; } -# Find the user's shell +if ($parm_hostname =~ /[[:upper:]]/) + { + print "\n*** Host name has upper case characters: this may cause problems ***\n\n"; + } -$parm_shell = $ENV{'SHELL'}; ################################################## @@ -3020,6 +3205,10 @@ foreach $basedir ("aux-var", "dnszones") } } +# Set a user's shell, distinguishable from /bin/sh + +symlink("/bin/sh","aux-var/sh"); +$ENV{'SHELL'} = $parm_shell = $parm_cwd . "/aux-var/sh"; ################################################## # Create fake DNS zones for this host # @@ -3067,6 +3256,8 @@ if ($have_ipv6 && $parm_ipv6 ne "::1") $exp_v6 = $1 . ':0' x (8-length($exp_v6)) . ':' . $2; } elsif ( $parm_ipv6 =~ /^::(.+[^:])$/ ) { $exp_v6 = '0:' x (9-length($exp_v6)) . $1; + } else { + $exp_v6 = $parm_ipv6; } my(@components) = split /:/, $exp_v6; my(@nibbles) = reverse (split /\s*/, shift @components); @@ -3122,7 +3313,7 @@ closedir(DIR); open(T, "/dev/tty") || tests_exit(-1, "Failed to open /dev/tty: $!"); print "\nPress RETURN to run the tests: "; -$_ = ; +$_ = $force_continue ? "c" : ; print "\n"; $lasttestdir = ""; @@ -3195,9 +3386,20 @@ foreach $test (@test_list) undef %expected_msglogs; # Open the test's script - open(SCRIPT, "scripts/$test") || tests_exit(-1, "Failed to open \"scripts/$test\": $!"); + # Run through the script once to set variables which should be global + while (