SIGTERM cleans up the session similarly to SIGINT

Resolves #9 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
sailfishos-mirror · Nov 24, 2018 · 9fe4b3f · 9fe4b3f
1 parent 0263090
commit 9fe4b3f
Show file tree

Hide file tree

Showing 6 changed files with 154 additions and 6 deletions.
diff --git a/main.c b/main.c
@@ -725,6 +725,7 @@ static void handle_signal(int sig)
 	char cmd;
 
 	switch (sig) {
+	case SIGTERM:
 	case SIGINT:
 		cmd = OC_CMD_CANCEL;
 		break;
@@ -1538,6 +1539,7 @@ int main(int argc, char **argv)
 	memset(&sa, 0, sizeof(sa));
 
 	sa.sa_handler = handle_signal;
+	sigaction(SIGTERM, &sa, NULL);
 	sigaction(SIGINT, &sa, NULL);
 	sigaction(SIGHUP, &sa, NULL);
 	sigaction(SIGUSR2, &sa, NULL);
@@ -1693,7 +1695,7 @@ int main(int argc, char **argv)
 		ret = 1;
 		break;
 	case -EINTR:
-		vpn_progress(vpninfo, PRG_INFO, _("User cancelled (SIGINT); exiting.\n"));
+		vpn_progress(vpninfo, PRG_INFO, _("User cancelled (SIGINT/SIGTERM); exiting.\n"));
 		ret = 0;
 		break;
 	case -ECONNABORTED:

diff --git a/openconnect.8.in b/openconnect.8.in
@@ -547,7 +547,7 @@ if this code is not executable on the local machine.
 .SH SIGNALS
 In the data phase of the connection, the following signals are handled:
 .TP
-.B SIGINT
+.B SIGINT / SIGTERM
 performs a clean shutdown by logging the session off, disconnecting from the
 gateway, and running the vpnc\-script to restore the network configuration.
 .TP
@@ -560,8 +560,6 @@ session off; this allows for reconnection later using
 forces an immediate disconnection and reconnection; this can be used to
 quickly recover from LAN IP address changes.
 .TP
-.B SIGTERM
-exits immediately without logging off or running vpnc\-script.
 .SH LIMITATIONS
 Note that although IPv6 has been tested on all platforms on which
 .B openconnect

diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -38,12 +38,12 @@ EXTRA_DIST = certs/ca.pem certs/ca-key.pem certs/user-cert.pem $(USER_KEYS) $(US
 	certs/server-cert.pem certs/server-key.pem configs/test1.passwd \
 	common.sh configs/test-user-cert.config configs/test-user-pass.config \
 	configs/user-cert.prm softhsm2.conf.in softhsm ns.sh configs/test-dtls-psk.config \
-	scripts/vpnc-script
+	scripts/vpnc-script scripts/vpnc-script-detect-disconnect
 
 dist_check_SCRIPTS =
 
 if HAVE_NETNS
-dist_check_SCRIPTS += dtls-psk
+dist_check_SCRIPTS += dtls-psk sigterm
 endif
 
 if HAVE_CWRAP

diff --git a/tests/scripts/vpnc-script-detect-disconnect b/tests/scripts/vpnc-script-detect-disconnect
@@ -0,0 +1,14 @@
+#!/bin/sh -x
+
+# Fake script just for unit tests. Do not use.
+# For a real one, see http://www.infradead.org/openconnect/vpnc-script.html
+
+if [ "$reason" = "connect" ]; then
+    ip link set dev "$TUNDEV" up mtu "$INTERNAL_IP4_MTU"
+    ip addr add "$INTERNAL_IP4_ADDRESS/32" peer "$INTERNAL_IP4_ADDRESS" dev "$TUNDEV"
+    ip -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV
+    rm -f ${DISCONNECT_FILE}
+elif [ "$reason" = "disconnect" ];then
+    touch ${DISCONNECT_FILE}
+fi
+exit 0
diff --git a/tests/sigterm b/tests/sigterm
@@ -0,0 +1,133 @@
+#!/bin/bash
+#
+# Copyright (C) 2018 Nikos Mavrogiannopoulos
+#
+# This file is part of ocserv.
+#
+# ocserv is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# ocserv is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# This tests operation/traffic under compression (lzs or lz4).
+
+OCCTL="${OCCTL:-occtl}"
+SERV="${OCSERV:-ocserv}"
+srcdir=${srcdir:-.}
+PORT=4569
+PIDFILE=ocserv-pid.$$.tmp
+CLIPID=oc-pid.$$.tmp
+PATH=${PATH}:/usr/sbin
+IP=$(which ip)
+OUTFILE=traffic.$$.tmp
+export DISCONNECT_FILE=disconnected-ok.$$.tmp
+
+. `dirname $0`/common.sh
+
+rm -f ${DISCONNECT_FILE}
+
+if test -z "${IP}";then
+	echo "no IP tool is present"
+	exit 77
+fi
+
+if test "$(id -u)" != "0";then
+	echo "This test must be run as root"
+	exit 77
+fi
+
+echo "Testing ocserv connection with DTLS-PSK... "
+
+function finish {
+  set +e
+  echo " * Cleaning up..."
+  test -n "${PID}" && kill ${PID} >/dev/null 2>&1
+  test -n "${PIDFILE}" && rm -f ${PIDFILE} >/dev/null 2>&1
+  test -f "${CLIPID}" && kill $(cat ${CLIPID}) >/dev/null 2>&1
+  test -f "${CLIPID}" && rm -f ${CLIPID} >/dev/null 2>&1
+  test -n "${CONFIG}" && rm -f ${CONFIG} >/dev/null 2>&1
+  rm -f ${OUTFILE} 2>&1
+}
+trap finish EXIT
+
+# server address
+ADDRESS=10.202.2.1
+CLI_ADDRESS=10.202.1.1
+VPNNET=192.168.3.0/24
+VPNADDR=192.168.3.1
+VPNNET6=fd91:6d87:8341:dc6a::/112
+VPNADDR6=fd91:6d87:8341:dc6a::1
+OCCTL_SOCKET=./occtl-comp-$$.socket
+USERNAME=test
+TUNDEV=oc-$$-tun0
+
+. `dirname $0`/ns.sh
+
+# Run servers
+update_config test-dtls-psk.config
+if test "$VERBOSE" = 1;then
+DEBUG="-d 3"
+fi
+
+${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
+
+sleep 4
+
+# Run clients
+echo " * Getting cookie from ${ADDRESS}:${PORT}..."
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
+if test $? != 0;then
+	echo "Could not get cookie from server"
+	exit 1
+fi
+
+echo " * Connecting to ${ADDRESS}:${PORT}..."
+( echo "test" | ${CMDNS1} ${OPENCONNECT} --interface ${TUNDEV} --dtls-ciphers=PSK-NEGOTIATE ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script-detect-disconnect --pid-file=${CLIPID} --passwd-on-stdin -b )
+if test $? != 0;then
+	echo "Could not connect to server"
+	exit 1
+fi
+
+set -e
+
+echo " * wait for ${TUNDEV}"
+
+TIMEOUT=10
+while ! ${CMDNS1} ip addr list dev ${TUNDEV} &>/dev/null; do
+    TIMEOUT=$(($TIMEOUT - 1))
+    if [ $TIMEOUT -eq 0 ]; then
+	echo "Timed out waiting for ${TUNDEV}"
+	exit 1
+    fi
+    sleep 1
+done
+
+echo " * add routes"
+
+${CMDNS1} ip route add ${VPNADDR} dev ${TUNDEV}
+${CMDNS1} ip -6 route add ${VPNADDR6} dev ${TUNDEV}
+
+echo " * ping remote address"
+
+${CMDNS1} ping -c 3 ${VPNADDR}
+
+test -f "${CLIPID}" && kill $(cat ${CLIPID}) >/dev/null 2>&1
+rm -f "${CLIPID}"
+
+sleep 5
+
+if ! test -f ${DISCONNECT_FILE};then
+	echo "Could not find ${DISCONNECT_FILE}"
+	exit 1
+fi
+
+exit 0
diff --git a/www/changelog.xml b/www/changelog.xml
@@ -29,6 +29,7 @@
        <li>Verify ESP sequence numbers and warn even if replay protection is disabled.</li>
        <li>Add support for PAN GlobalProtect VPN protocol (<tt>--protocol=gp</tt>).</li>
        <li>Reorganize listing of command-line options, and include information on supported protocols.</li>
+       <li>SIGTERM cleans up the session similarly to SIGINT.</li>
      </ul><br/>
   </li>
   <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a></b>