zendframework · mbaynton · Jun 14, 2017 · Jun 14, 2017 · Jun 14, 2017 · Jun 15, 2017
diff --git a/.ci/OpenLDAP/slapd.conf b/.ci/OpenLDAP/slapd.conf
@@ -2,6 +2,8 @@
 # Global Directives
 ##
 
+idletimeout	30
+
 # Schema and objectClass definitions
 include         /etc/ldap/schema/core.schema
 include         /etc/ldap/schema/cosine.schema

diff --git a/.ci/OpenLDAP_run.sh b/.ci/OpenLDAP_run.sh
@@ -7,10 +7,13 @@ echo "Creating database directory"
 
 rm -rf ${LDAP_DB} && mkdir ${LDAP_DB} && cp  /usr/share/doc/slapd/examples/DB_CONFIG ${LDAP_DB}
 
-echo "Launching OpenLDAP ..."
+echo "Launching OpenLDAP on port 3890..."
 
 # Start slapd with non root privileges
 slapd -h "ldap://0.0.0.0:3890/" -f ${DIR}/OpenLDAP/slapd.conf
 
+echo "Launching a PHP built-in webserver on port 3891..."
+nohup php -S 0.0.0.0:3891 --docroot ${DIR}/php_scripts 2>&1 > /dev/null &
+
 # Wait for LDAP to start
 sleep 1
diff --git a/.ci/config_iptables.sh b/.ci/config_iptables.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# This sets iptables rules that facilitate targeted dropping of connections for
+# the reconnect tests.
+
+iptables-restore <<RULES
+# Generated by iptables-save v1.4.21 on Fri Sep 29 15:37:54 2017
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 3891 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 3890 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -j REJECT --reject-with tcp-reset
+-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
+-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
+-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
+COMMIT
+# Completed on Fri Sep 29 15:37:54 2017
+RULES
diff --git a/.ci/php_scripts/drop_3890.php b/.ci/php_scripts/drop_3890.php
@@ -0,0 +1,9 @@
+<?php
+/*
+ * Removes all entries from the kernel TCP state table that are established
+ * flows to port 3890, the slapd instance. In conjunction with our iptables
+ * rules, this causes those connections to be dropped.
+ *
+ * This is used in reconnect tests.
+ */
+system('/usr/bin/sudo /usr/sbin/conntrack -D -p tcp --state ESTABLISHED --dport 3890 2>&1');
diff --git a/.travis.yml b/.travis.yml
@@ -1,4 +1,5 @@
-sudo: false
+sudo: required
+dist: trusty
 
 language: php
 
@@ -18,6 +19,7 @@ addons:
     packages:
       - slapd
       - ldap-utils
+      - conntrack
 
 env:
   global:
@@ -91,6 +93,7 @@ notifications:
 before_install:
   - travis_retry composer self-update
   - if [[ $TEST_COVERAGE != 'true' ]]; then phpenv config-rm xdebug.ini || return 0 ; fi
+  - sudo .ci/config_iptables.sh
 
 install:
   - if [[ ${TRAVIS_PHP_VERSION:0:3} == "5.5" ]]; then composer require $COMPOSER_ARGS --dev --no-update "phpunit/phpunit:^4"; fi

diff --git a/Vagrantfile b/Vagrantfile
@@ -4,7 +4,7 @@
 $install_ldap = <<SCRIPT
 export DEBIAN_FRONTEND=noninteractive
 apt-get -yq update
-apt-get -yq --no-install-suggests --no-install-recommends --force-yes install slapd ldap-utils apparmor-utils
+apt-get -yq --no-install-suggests --no-install-recommends --force-yes install slapd ldap-utils apparmor-utils conntrack php5-cli
 sudo aa-complain /usr/sbin/slapd
 SCRIPT
 
@@ -19,7 +19,10 @@ Vagrant.configure(2) do |config|
 
   # LDAP port
   config.vm.network 'forwarded_port', guest: 3890, host: 3890
+  # PHP embedded webserver port, running in .ci/php_scripts
+  config.vm.network 'forwarded_port', guest: 3891, host: 3891
 
+  config.vm.provision 'shell', privileged: true, inline: '/vagrant/.ci/config_iptables.sh', :run => 'always'
   config.vm.provision 'shell', inline: $install_ldap
   config.vm.provision 'shell', privileged: false, inline: '/vagrant/.ci/OpenLDAP_run.sh', :run => 'always'
   config.vm.provision 'shell', privileged: false, inline: '/vagrant/.ci/load_fixtures.sh', :run => 'always'

diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -65,6 +65,7 @@
         <env name="TESTS_ZEND_LDAP_ONLINE_ENABLED" value="false" />
         <env name="TESTS_ZEND_LDAP_HOST" value="localhost" />
         <env name="TESTS_ZEND_LDAP_PORT" value="3890" />
+        <env name="TESTS_ZEND_LDAP_SCRIPTS_PORT" value="3891" />
         <env name="TESTS_ZEND_LDAP_USE_START_TLS" value="false" />
         <env name="TESTS_ZEND_LDAP_USE_SSL" value="false" />
         <env name="TESTS_ZEND_LDAP_USERNAME" value="cn=Manager,dc=example,dc=com" />