diff options
author | Parménides GV <parmegv@sdf.org> | 2014-07-31 12:09:49 +0200 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2014-07-31 12:09:49 +0200 |
commit | 0393ba6656ce6cf679a2c4663275b3ed0f1a34b9 (patch) | |
tree | f000311e97598ab3fc42e2bea23e6cb342ad166c /ics-openvpn-stripped/main/openvpn/tests | |
parent | b28eeb08e8ec3baafdd9388cc5b70c6c84db9cf1 (diff) |
Updated ics-openvpn to rev 859 + no 2nd notification.
Diffstat (limited to 'ics-openvpn-stripped/main/openvpn/tests')
6 files changed, 613 insertions, 0 deletions
diff --git a/ics-openvpn-stripped/main/openvpn/tests/Makefile.am b/ics-openvpn-stripped/main/openvpn/tests/Makefile.am new file mode 100644 index 00000000..b7980e04 --- /dev/null +++ b/ics-openvpn-stripped/main/openvpn/tests/Makefile.am @@ -0,0 +1,23 @@ +# +# OpenVPN -- An application to securely tunnel IP networks +# over a single UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> +# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> +# + +MAINTAINERCLEANFILES = \ + $(srcdir)/Makefile.in + +test_scripts = t_client.sh t_lpback.sh t_cltsrv.sh + +TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)" +TESTS = $(test_scripts) + +dist_noinst_SCRIPTS = \ + $(test_scripts) \ + t_cltsrv-down.sh + diff --git a/ics-openvpn-stripped/main/openvpn/tests/t_client.rc-sample b/ics-openvpn-stripped/main/openvpn/tests/t_client.rc-sample new file mode 100644 index 00000000..6e666077 --- /dev/null +++ b/ics-openvpn-stripped/main/openvpn/tests/t_client.rc-sample @@ -0,0 +1,93 @@ +# +# this is sourced from t_client.sh and defines which openvpn client tests +# to run +# +# (sample config, copy to t_client.rc and adapt to your environment) +# +# +# define these - if empty, no tests will run +# +top_srcdir="${top_srcdir:-..}" +CA_CERT="${top_srcdir}/sample/sample-keys/ca.crt" +CLIENT_KEY="${top_srcdir}/sample/sample-keys/client.key" +CLIENT_CERT="${top_srcdir}/sample/sample-keys/client.crt" +# +# remote host (used as macro below) +# +REMOTE=mytestserver +# +# tests to run (list suffixes for config stanzas below) +# +TEST_RUN_LIST="1 2" + +# +# use "sudo" (etc) to give openvpn the necessary privileges +# if this is not active, "make check" must be run as root +# +#RUN_SUDO=sudo + +# +# base confic that is the same for all the p2mp test runs +# +OPENVPN_BASE_P2MP="--client --ca $CA_CERT \ + --cert $CLIENT_CERT --key $CLIENT_KEY \ + --ns-cert-type server --nobind --comp-lzo --verb 3" + +# base config for p2p tests +# +OPENVPN_BASE_P2P="..." + +# +# +# now define the individual tests - all variables suffixed with _1, _2 etc +# will be used in test run "1", "2", etc. +# +# if something is not defined here, the corresponding test is not run +# +# possible test options: +# +# RUN_TITLE_x="what is being tested on here" (purely informational) +# OPENVPN_CONF_x = "how to call ./openvpn" [mandatory] +# EXPECT_IFCONFIG4_x = "this IPv4 address needs to show up in ifconfig" +# EXPECT_IFCONFIG6_x = "this IPv6 address needs to show up in ifconfig" +# PING4_HOSTS_x = "these hosts musts ping when openvpn is up (IPv4 fping)" +# PING6_HOSTS_x = "these hosts musts ping when openvpn is up (IPv6 fping6)" +# +# Test 1: UDP / p2mp tun +# specify IPv4+IPv6 addresses expected from server and ping targets +# +RUN_TITLE_1="testing tun/udp/ipv4+ipv6" +OPENVPN_CONF_1="$OPENVPN_BASE_P2MP --dev tun --proto udp --remote $REMOTE --port 51194" +EXPECT_IFCONFIG4_1="10.100.50.6" +EXPECT_IFCONFIG6_1="2001:db8:a050::1:0" +PING4_HOSTS_1="10.100.50.1 10.100.0.1" +PING6_HOSTS_1="2001:db8::1 2001:db8:a050::1" + +# Test 2: TCP / p2mp tun +# +RUN_TITLE_2="testing tun/tcp/ipv4+ipv6" +OPENVPN_CONF_2="$OPENVPN_BASE_P2MP --dev tun --proto tcp --remote $REMOTE --port 51194" +EXPECT_IFCONFIG4_2="10.100.51.6" +EXPECT_IFCONFIG6_2="2001:db8:a051::1:0" +PING4_HOSTS_2="10.100.51.1 10.100.0.1" +PING6_HOSTS_2="2001:db8::1 2001:db8:a051::1" + +# Test 3: UDP / p2p tun +# ... + +# Test 4: TCP / p2p tun +# ... + +# Test 5: UDP / p2mp tap +# ... + +# Test 6: TCP / p2mp tun +# ... + +# Test 7: UDP / p2p tap +# ... + +# Test 8: TCP / p2p tap +# ... + +# Test 9: whatever you want to test... :-) diff --git a/ics-openvpn-stripped/main/openvpn/tests/t_client.sh.in b/ics-openvpn-stripped/main/openvpn/tests/t_client.sh.in new file mode 100755 index 00000000..d4f7c4ab --- /dev/null +++ b/ics-openvpn-stripped/main/openvpn/tests/t_client.sh.in @@ -0,0 +1,347 @@ +#!@SHELL@ +# +# run OpenVPN client against ``test reference'' server +# - check that ping, http, ... via tunnel works +# - check that interface config / routes are properly cleaned after test end +# +# prerequisites: +# - openvpn binary in current directory +# - writable current directory to create subdir for logs +# - t_client.rc in current directory OR source dir that specifies tests +# - for "ping4" checks: fping binary in $PATH +# - for "ping6" checks: fping6 binary in $PATH +# + +srcdir="${srcdir:-.}" +top_builddir="${top_builddir:-..}" +if [ -r "${top_builddir}"/t_client.rc ] ; then + . "${top_builddir}"/t_client.rc +elif [ -r "${srcdir}"/t_client.rc ] ; then + . "${srcdir}"/t_client.rc +else + echo "$0: cannot find 't_client.rc' in build dir ('${top_builddir}')" >&2 + echo "$0: or source directory ('${srcdir}'). SKIPPING TEST." >&2 + exit 77 +fi + +# Check for external dependencies +which fping > /dev/null +if [ $? -ne 0 ]; then + echo "$0: fping is not available in \$PATH" >&2 + exit 77 +fi +which fping6 > /dev/null +if [ $? -ne 0 ]; then + echo "$0: fping6 is not available in \$PATH" >&2 + exit 77 +fi + +if [ ! -x "${top_builddir}/src/openvpn/openvpn" ] +then + echo "no (executable) openvpn binary in current build tree. FAIL." >&2 + exit 1 +fi + +if [ ! -w . ] +then + echo "current directory is not writable (required for logging). FAIL." >&2 + exit 1 +fi + +if [ -z "$CA_CERT" ] ; then + echo "CA_CERT not defined in 't_client.rc'. SKIP test." >&2 + exit 77 +fi + +if [ -z "$TEST_RUN_LIST" ] ; then + echo "TEST_RUN_LIST empty, no tests defined. SKIP test." >&2 + exit 77 +fi + +# make sure we have permissions to run ifconfig/route from OpenVPN +# can't use "id -u" here - doesn't work on Solaris +ID=`id` +if expr "$ID" : "uid=0" >/dev/null +then : +else + if [ -z "$RUN_SUDO" ] + then + echo "$0: this test must run be as root, or RUN_SUDO=... " >&2 + echo " must be set correctly in 't_client.rc'. SKIP." >&2 + exit 77 + fi +fi + +LOGDIR=t_client-`hostname`-`date +%Y%m%d-%H%M%S` +if mkdir $LOGDIR +then : +else + echo "can't create log directory '$LOGDIR'. FAIL." >&2 + exit 1 +fi + +exit_code=0 + +# ---------------------------------------------------------- +# helper functions +# ---------------------------------------------------------- +# print failure message, increase FAIL counter +fail() +{ + echo "" + echo "FAIL: $@" >&2 + fail_count=$(( $fail_count + 1 )) +} + +# print "all interface IP addresses" + "all routes" +# this is higly system dependent... +get_ifconfig_route() +{ + # linux / iproute2? (-> if configure got a path) + if [ -n "@IPROUTE@" ] + then + echo "-- linux iproute2 --" + @IPROUTE@ addr show | grep -v valid_lft + @IPROUTE@ route show + @IPROUTE@ -o -6 route show | grep -v ' cache' | sed -E -e 's/ expires [0-9]*sec//' -e 's/ (mtu|hoplimit|cwnd|ssthresh) [0-9]+//g' -e 's/ (rtt|rttvar) [0-9]+ms//g' + return + fi + + # try uname + case `uname -s` in + Linux) + echo "-- linux / ifconfig --" + LANG=C @IFCONFIG@ -a |egrep "( addr:|encap:)" + LANG=C @NETSTAT@ -rn -4 -6 + return + ;; + FreeBSD|NetBSD|Darwin) + echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --" + @IFCONFIG@ -a | egrep "(flags=|inet)" + @NETSTAT@ -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' + return + ;; + OpenBSD) + echo "-- OpenBSD --" + @IFCONFIG@ -a | egrep "(flags=|inet)" | \ + sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//' + @NETSTAT@ -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' + return + ;; + SunOS) + echo "-- Solaris --" + @IFCONFIG@ -a | egrep "(flags=|inet)" + @NETSTAT@ -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' + return + ;; + AIX) + echo "-- AIX --" + @IFCONFIG@ -a | egrep "(flags=|inet)" + @NETSTAT@ -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' + return + ;; + esac + + echo "get_ifconfig_route(): no idea how to get info on your OS. FAIL." >&2 + exit 20 +} + +# ---------------------------------------------------------- +# check ifconfig +# arg1: "4" or "6" -> for message +# arg2: IPv4/IPv6 address that must show up in out of "get_ifconfig_route" +check_ifconfig() +{ + proto=$1 ; shift + expect_list="$@" + + if [ -z "$expect_list" ] ; then return ; fi + + for expect in $expect_list + do + if get_ifconfig_route | fgrep "$expect" >/dev/null + then : + else + fail "check_ifconfig(): expected IPv$proto address '$expect' not found in ifconfig output." + fi + done +} + +# ---------------------------------------------------------- +# run pings +# arg1: "4" or "6" -> fping/fing6 +# arg2: "want_ok" or "want_fail" (expected ping result) +# arg3... -> fping arguments (host list) +run_ping_tests() +{ + proto=$1 ; want=$2 ; shift ; shift + targetlist="$@" + + # "no targets" is fine + if [ -z "$targetlist" ] ; then return ; fi + + case $proto in + 4) cmd=fping ;; + 6) cmd=fping6 ;; + *) echo "internal error in run_ping_tests arg 1: '$proto'" >&2 + exit 1 ;; + esac + + case $want in + want_ok) sizes_list="64 1440 3000" ;; + want_fail) sizes_list="64" ;; + esac + + for bytes in $sizes_list + do + echo "run IPv$proto ping tests ($want), $bytes byte packets..." + + echo "$cmd -b $bytes -C 20 -p 250 -q $targetlist" >>$LOGDIR/$SUF:fping.out + $cmd -b $bytes -C 20 -p 250 -q $targetlist >>$LOGDIR/$SUF:fping.out 2>&1 + + # while OpenVPN is running, pings must succeed (want='want_ok') + # before OpenVPN is up, pings must NOT succeed (want='want_fail') + + rc=$? + if [ $rc = 0 ] # all ping OK + then + if [ $want = "want_fail" ] # not what we want + then + fail "IPv$proto ping test succeeded, but needs to *fail*." + fi + else # ping failed + if [ $want = "want_ok" ] # not what we wanted + then + fail "IPv$proto ping test ($bytes bytes) failed, but should succeed." + fi + fi + done +} + +# ---------------------------------------------------------- +# main test loop +# ---------------------------------------------------------- +SUMMARY_OK= +SUMMARY_FAIL= + +for SUF in $TEST_RUN_LIST +do + # get config variables + eval test_prep=\"\$PREPARE_$SUF\" + eval test_cleanup=\"\$CLEANUP_$SUF\" + eval test_run_title=\"\$RUN_TITLE_$SUF\" + eval openvpn_conf=\"\$OPENVPN_CONF_$SUF\" + eval expect_ifconfig4=\"\$EXPECT_IFCONFIG4_$SUF\" + eval expect_ifconfig6=\"\$EXPECT_IFCONFIG6_$SUF\" + eval ping4_hosts=\"\$PING4_HOSTS_$SUF\" + eval ping6_hosts=\"\$PING6_HOSTS_$SUF\" + + echo -e "\n### test run $SUF: '$test_run_title' ###\n" + fail_count=0 + + if [ -n "$test_prep" ]; then + echo -e "running preparation: '$test_prep'" + eval $test_prep + fi + + echo "save pre-openvpn ifconfig + route" + get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_pre.txt + + echo -e "\nrun pre-openvpn ping tests - targets must not be reachable..." + run_ping_tests 4 want_fail "$ping4_hosts" + run_ping_tests 6 want_fail "$ping6_hosts" + if [ "$fail_count" = 0 ] ; then + echo -e "OK.\n" + else + echo -e "FAIL: make sure that ping hosts are ONLY reachable via VPN, SKIP test $SUF". + exit_code=31 + continue + fi + + echo " run openvpn $openvpn_conf" + echo "# src/openvpn/openvpn $openvpn_conf" >$LOGDIR/$SUF:openvpn.log + $RUN_SUDO "${top_builddir}/src/openvpn/openvpn" $openvpn_conf >>$LOGDIR/$SUF:openvpn.log & + opid=$! + + # make sure openvpn client is terminated in case shell exits + trap "$RUN_SUDO kill $opid" 0 + trap "$RUN_SUDO kill $opid ; trap - 0 ; exit 1" 1 2 3 15 + + echo "wait for connection to establish..." + sleep ${SETUP_TIME_WAIT:-10} + + # test whether OpenVPN process is still there + if $RUN_SUDO kill -0 $opid + then : + else + echo -e "OpenVPN process has failed to start up, check log ($LOGDIR/$SUF:openvpn.log). FAIL.\ntail of logfile follows:\n..." >&2 + tail $LOGDIR/$SUF:openvpn.log >&2 + trap - 0 1 2 3 15 + exit 10 + fi + + # compare whether anything changed in ifconfig/route setup? + echo "save ifconfig+route" + get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route.txt + + echo -n "compare pre-openvpn ifconfig+route with current values..." + if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \ + $LOGDIR/$SUF:ifconfig_route.txt >/dev/null + then + fail "no differences between ifconfig/route before OpenVPN start and now." + else + echo -e " OK!\n" + fi + + # expected ifconfig values in there? + check_ifconfig 4 "$expect_ifconfig4" + check_ifconfig 6 "$expect_ifconfig6" + + run_ping_tests 4 want_ok "$ping4_hosts" + run_ping_tests 6 want_ok "$ping6_hosts" + echo -e "ping tests done.\n" + + echo "stopping OpenVPN" + $RUN_SUDO kill $opid + wait $! + rc=$? + if [ $rc != 0 ] ; then + fail "OpenVPN return code $rc, expect 0" + fi + + echo -e "\nsave post-openvpn ifconfig + route..." + get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_post.txt + + echo -n "compare pre- and post-openvpn ifconfig + route..." + if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \ + $LOGDIR/$SUF:ifconfig_route_post.txt >$LOGDIR/$SUF:ifconfig_route_diff.txt + then + echo -e " OK.\n" + else + cat $LOGDIR/$SUF:ifconfig_route_diff.txt >&2 + fail "differences between pre- and post-ifconfig/route" + fi + if [ "$fail_count" = 0 ] ; then + echo -e "test run $SUF: all tests OK.\n" + SUMMARY_OK="$SUMMARY_OK $SUF" + else + echo -e "test run $SUF: $fail_count test failures. FAIL.\n"; + SUMMARY_FAIL="$SUMMARY_FAIL $SUF" + exit_code=30 + fi + + if [ -n "$test_cleanup" ]; then + echo -e "cleaning up: '$test_cleanup'" + eval $test_cleanup + fi + +done + +if [ -z "$SUMMARY_OK" ] ; then SUMMARY_OK=" none"; fi +if [ -z "$SUMMARY_FAIL" ] ; then SUMMARY_FAIL=" none"; fi +echo "Test sets succeded:$SUMMARY_OK." +echo "Test sets failed:$SUMMARY_FAIL." + +# remove trap handler +trap - 0 1 2 3 15 +exit $exit_code diff --git a/ics-openvpn-stripped/main/openvpn/tests/t_cltsrv-down.sh b/ics-openvpn-stripped/main/openvpn/tests/t_cltsrv-down.sh new file mode 100755 index 00000000..2ef852aa --- /dev/null +++ b/ics-openvpn-stripped/main/openvpn/tests/t_cltsrv-down.sh @@ -0,0 +1,2 @@ +#! /bin/sh +echo "${role}:${signal}" >&3 diff --git a/ics-openvpn-stripped/main/openvpn/tests/t_cltsrv.sh b/ics-openvpn-stripped/main/openvpn/tests/t_cltsrv.sh new file mode 100755 index 00000000..752251e4 --- /dev/null +++ b/ics-openvpn-stripped/main/openvpn/tests/t_cltsrv.sh @@ -0,0 +1,91 @@ +#! /bin/sh +# +# t_cltsrv.sh - script to test OpenVPN's crypto loopback +# Copyright (C) 2005, 2006, 2008 Matthias Andree +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +set -e +srcdir="${srcdir:-.}" +top_srcdir="${top_srcdir:-..}" +top_builddir="${top_builddir:-..}" +trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15 +trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3 +addopts= +case `uname -s` in + FreeBSD) + # FreeBSD jails map the outgoing IP to the jail IP - we need to + # allow the real IP unless we want the test to run forever. + if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \ + || ps -ostate= -p $$ | grep -q J; then + addopts="--float" + if test "x`ifconfig | grep inet`" = x ; then + echo "###" + echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP." + echo "###" + exit 77 + fi + fi + ;; +esac + +# make sure that the --down script is executable -- fail (rather than +# skip) test if it isn't. +downscript="../tests/t_cltsrv-down.sh" +root="${top_srcdir}/sample" +test -x "${root}/${downscript}" || chmod +x "${root}/${downscript}" || { echo >&2 "${root}/${downscript} is not executable, failing." ; exit 1 ; } +echo "The following test will take about two minutes." >&2 +echo "If the addresses are in use, this test will retry up to two times." >&2 + +# go +success=0 +for i in 1 2 3 ; do + set +e + ( + "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" & + "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client" + ) 3>log.$$.signal >log.$$ 2>&1 + e1=$? + wait $! + e2=$? + grep 'TCP/UDP: Socket bind failed on local address.*in use' log.$$ >/dev/null && { + echo 'address in use, retrying in 150 s' + sleep 150 + continue + } + grep -v ':inactive$' log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; } + success=1 + break +done + +set -e + +# exit code - defaults to 0, PASS +ec=0 + +if [ $success != 1 ] ; then + # couldn't run test -- addresses in use, skip test + cat log.$$ + ec=77 +elif [ $e1 != 0 ] || [ $e2 != 0 ] ; then + # failure -- fail test + cat log.$$ + ec=1 +fi + +rm log.$$ log.$$.signal +trap 0 +exit $ec diff --git a/ics-openvpn-stripped/main/openvpn/tests/t_lpback.sh b/ics-openvpn-stripped/main/openvpn/tests/t_lpback.sh new file mode 100755 index 00000000..8f88ad92 --- /dev/null +++ b/ics-openvpn-stripped/main/openvpn/tests/t_lpback.sh @@ -0,0 +1,57 @@ +#! /bin/sh +# +# t_lpback.sh - script to test OpenVPN's crypto loopback +# Copyright (C) 2005 Matthias Andree +# Copyright (C) 2014 Steffan Karger +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +set -eu +top_builddir="${top_builddir:-..}" +trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15 +trap "rm -f key.$$ log.$$ ; exit 1" 0 3 + +# Get list of supported ciphers from openvpn --show-ciphers output +CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \ + sed -e '1,/^$/d' -e s'/ .*//' -e '/^\s*$/d' | sort) + +# SK, 2014-06-04: currently the DES-EDE3-CFB1 implementation of OpenSSL is +# broken (see http://rt.openssl.org/Ticket/Display.html?id=2867), so exclude +# that cipher from this test. +# GD, 2014-07-06 so is DES-CFB1 +# GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) +CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) + +"${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ +set +e + +e=0 +for cipher in ${CIPHERS} +do + echo -n "Testing cipher ${cipher}... " + ( "${top_builddir}/src/openvpn/openvpn" --test-crypto --secret key.$$ --cipher ${cipher} ) >log.$$ 2>&1 + if [ $? != 0 ] ; then + echo "FAILED" + cat log.$$ + e=1 + else + echo "OK" + fi +done + +rm key.$$ log.$$ +trap 0 +exit $e |