2024-02-07 15:08:22 +01:00
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
# shellcheck disable=SC2016
set -eux
set -o pipefail
# shellcheck source=test/units/util.sh
. " $( dirname " $0 " ) " /util.sh
at_exit( ) {
systemctl stop per-source-limit.socket
2024-02-27 11:10:53 +01:00
rm -f /run/systemd/system/per-source-limit{ @.service,.socket} /run/foo.conn{ 1..4}
2024-02-07 15:08:22 +01:00
systemctl daemon-reload
}
trap at_exit EXIT
2024-02-27 11:10:53 +01:00
cat >/run/systemd/system/per-source-limit.socket <<EOF
2024-02-07 15:08:22 +01:00
[ Socket]
ListenStream = /run/per-source-limit.sk
MaxConnectionsPerSource = 2
Accept = yes
EOF
2024-02-27 11:10:53 +01:00
cat >/run/systemd/system/per-source-limit@.service <<EOF
2024-02-07 15:08:22 +01:00
[ Unit]
BindsTo = per-source-limit.socket
After = per-source-limit.socket
[ Service]
ExecStartPre = echo waldo
ExecStart = sleep infinity
StandardOutput = socket
EOF
systemctl daemon-reload
systemctl start per-source-limit.socket
2024-02-27 11:10:53 +01:00
systemctl status per-source-limit.socket
2024-02-07 15:08:22 +01:00
# So these two should take up the first two connection slots
2024-02-27 11:10:53 +01:00
socat -U - UNIX-CONNECT:/run/per-source-limit.sk | tee /tmp/foo.conn1 &
2024-02-07 15:08:22 +01:00
J1 = " $! "
2024-02-27 11:10:53 +01:00
socat -U - UNIX-CONNECT:/run/per-source-limit.sk | tee /tmp/foo.conn2 &
2024-02-07 15:08:22 +01:00
J2 = " $! "
waitfor( ) {
2024-02-27 11:10:53 +01:00
local file = " ${ 1 : ? } "
for _ in { 0..20} ; do
if grep -q waldo " $file " ; then
return 0
fi
sleep .5
2024-02-07 15:08:22 +01:00
done
2024-02-27 11:10:53 +01:00
echo >& 2 "Timeout while waiting for the expected output"
return 1
2024-02-07 15:08:22 +01:00
}
# Wait until the word "waldo" shows in the output files
waitfor /tmp/foo.conn1
waitfor /tmp/foo.conn2
# The next connection should fail, because the limit is hit
2024-02-27 11:10:53 +01:00
socat -U - UNIX-CONNECT:/run/per-source-limit.sk | tee /tmp/foo.conn3 &
2024-02-07 15:08:22 +01:00
J3 = " $! "
2024-02-14 04:03:07 +09:00
# But this one should work, because done under a different UID
2024-02-27 11:10:53 +01:00
setpriv --reuid= 1 socat -U - UNIX-CONNECT:/run/per-source-limit.sk | tee /tmp/foo.conn4 &
2024-02-07 15:08:22 +01:00
J4 = " $! "
waitfor /tmp/foo.conn4
# The third job should fail quickly, wait for it
wait " $J3 "
# The other jobs will hang forever, since we run "sleep infinity" on the server side. Let's kill the jobs now.
kill " $J1 "
kill " $J2 "
kill " $J4 "
# The 3rd connection should not have seen "waldo", since it should have been refused too early
( ! grep -q "waldo" /tmp/foo.conn3 )