243 lines
4.4 KiB
Bash
243 lines
4.4 KiB
Bash
# $OpenBSD: test-exec.sh,v 1.14 2002/04/15 15:19:48 markus Exp $
|
|
# Placed in the Public Domain.
|
|
|
|
PORT=4242
|
|
#SUDO=sudo
|
|
|
|
if [ -x /usr/ucb/whoami ]; then
|
|
USER=`/usr/ucb/whoami`
|
|
elif [ -x "`which whoami 2>&1`" ]; then
|
|
USER=`whoami`
|
|
else
|
|
USER=`id -un`
|
|
fi
|
|
|
|
OBJ=$1
|
|
if [ "x$OBJ" = "x" ]; then
|
|
echo '$OBJ not defined'
|
|
exit 2
|
|
fi
|
|
if [ ! -d $OBJ ]; then
|
|
echo "not a directory: $OBJ"
|
|
exit 2
|
|
fi
|
|
SCRIPT=$2
|
|
if [ "x$SCRIPT" = "x" ]; then
|
|
echo '$SCRIPT not defined'
|
|
exit 2
|
|
fi
|
|
if [ ! -f $SCRIPT ]; then
|
|
echo "not a file: $SCRIPT"
|
|
exit 2
|
|
fi
|
|
if sh -n $SCRIPT; then
|
|
true
|
|
else
|
|
echo "syntax error in $SCRIPT"
|
|
exit 2
|
|
fi
|
|
unset SSH_AUTH_SOCK
|
|
|
|
# defaults
|
|
SSH=ssh
|
|
SSHD=sshd
|
|
SSHAGENT=ssh-agent
|
|
SSHADD=ssh-add
|
|
SSHKEYGEN=ssh-keygen
|
|
SSHKEYSCAN=ssh-keyscan
|
|
SFTP=sftp
|
|
SFTPSERVER=/usr/libexec/openssh/sftp-server
|
|
|
|
if [ "x$TEST_SSH_SSH" != "x" ]; then
|
|
SSH=${TEST_SSH_SSH}
|
|
fi
|
|
if [ "x$TEST_SSH_SSHD" != "x" ]; then
|
|
SSHD=${TEST_SSH_SSHD}
|
|
fi
|
|
if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
|
|
SSHAGENT=${TEST_SSH_SSHAGENT}
|
|
fi
|
|
if [ "x$TEST_SSH_SSHADD" != "x" ]; then
|
|
SSHADD=${TEST_SSH_SSHADD}
|
|
fi
|
|
if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
|
|
SSHKEYGEN=${TEST_SSH_SSHKEYGEN}
|
|
fi
|
|
if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
|
|
SSHKEYSCAN=${TEST_SSH_SSHKEYSCAN}
|
|
fi
|
|
if [ "x$TEST_SSH_SFTP" != "x" ]; then
|
|
SFTP=${TEST_SSH_SFTP}
|
|
fi
|
|
if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
|
|
SFTPSERVER=${TEST_SSH_SFTPSERVER}
|
|
fi
|
|
|
|
# these should be used in tests
|
|
export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER
|
|
#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER
|
|
|
|
# helper
|
|
echon()
|
|
{
|
|
if [ "x`echo -n`" = "x" ]; then
|
|
echo -n "$@"
|
|
elif [ "x`echo '\c'`" = "x" ]; then
|
|
echo "$@\c"
|
|
else
|
|
fatal "Don't know how to echo without newline."
|
|
fi
|
|
}
|
|
|
|
cleanup ()
|
|
{
|
|
if [ -f $PIDFILE ]; then
|
|
pid=`cat $PIDFILE`
|
|
if [ "X$pid" = "X" ]; then
|
|
echo no sshd running
|
|
else
|
|
if [ $pid -lt 2 ]; then
|
|
echo bad pid for ssd: $pid
|
|
else
|
|
$SUDO kill $pid
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
trace ()
|
|
{
|
|
if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
|
|
echo "$@"
|
|
fi
|
|
}
|
|
|
|
verbose ()
|
|
{
|
|
if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
|
|
echo "$@"
|
|
fi
|
|
}
|
|
|
|
|
|
fail ()
|
|
{
|
|
RESULT=1
|
|
echo "$@"
|
|
}
|
|
|
|
fatal ()
|
|
{
|
|
echon "FATAL: "
|
|
fail "$@"
|
|
cleanup
|
|
exit $RESULT
|
|
}
|
|
|
|
RESULT=0
|
|
PIDFILE=$OBJ/pidfile
|
|
|
|
trap fatal 3 2
|
|
|
|
# create server config
|
|
cat << EOF > $OBJ/sshd_config
|
|
Port $PORT
|
|
ListenAddress 127.0.0.1
|
|
#ListenAddress ::1
|
|
PidFile $PIDFILE
|
|
AuthorizedKeysFile $OBJ/authorized_keys_%u
|
|
LogLevel QUIET
|
|
StrictModes no
|
|
EOF
|
|
|
|
# server config for proxy connects
|
|
cp $OBJ/sshd_config $OBJ/sshd_proxy
|
|
|
|
# allow group-writable directories in proxy-mode
|
|
echo 'StrictModes no' >> $OBJ/sshd_proxy
|
|
|
|
# create client config
|
|
cat << EOF > $OBJ/ssh_config
|
|
Host *
|
|
Hostname 127.0.0.1
|
|
HostKeyAlias localhost-with-alias
|
|
Port $PORT
|
|
User $USER
|
|
GlobalKnownHostsFile $OBJ/known_hosts
|
|
UserKnownHostsFile $OBJ/known_hosts
|
|
RSAAuthentication yes
|
|
PubkeyAuthentication yes
|
|
ChallengeResponseAuthentication no
|
|
HostbasedAuthentication no
|
|
PasswordAuthentication no
|
|
RhostsAuthentication no
|
|
RhostsRSAAuthentication no
|
|
BatchMode yes
|
|
StrictHostKeyChecking yes
|
|
EOF
|
|
|
|
rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
|
|
|
|
trace "generate keys"
|
|
for t in rsa rsa1; do
|
|
# generate user key
|
|
rm -f $OBJ/$t
|
|
${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\
|
|
fail "ssh-keygen for $t failed"
|
|
|
|
# known hosts file for client
|
|
(
|
|
echon 'localhost-with-alias,127.0.0.1,::1 '
|
|
cat $OBJ/$t.pub
|
|
) >> $OBJ/known_hosts
|
|
|
|
# setup authorized keys
|
|
cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
|
|
echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
|
|
|
|
# use key as host key, too
|
|
$SUDO cp $OBJ/$t $OBJ/host.$t
|
|
echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
|
|
|
|
# don't use SUDO for proxy connect
|
|
echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
|
|
done
|
|
chmod 644 $OBJ/authorized_keys_$USER
|
|
|
|
# create a proxy version of the client config
|
|
(
|
|
cat $OBJ/ssh_config
|
|
echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy
|
|
) > $OBJ/ssh_proxy
|
|
|
|
# check proxy config
|
|
${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"
|
|
|
|
start_sshd ()
|
|
{
|
|
# start sshd
|
|
$SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken"
|
|
$SUDO ${SSHD} -f $OBJ/sshd_config
|
|
|
|
trace "wait for sshd"
|
|
i=0;
|
|
while [ ! -f $PIDFILE -a $i -lt 10 ]; do
|
|
i=`expr $i + 1`
|
|
sleep $i
|
|
done
|
|
|
|
test -f $PIDFILE || fatal "no sshd running on port $PORT"
|
|
}
|
|
|
|
# source test body
|
|
. $SCRIPT
|
|
|
|
# kill sshd
|
|
cleanup
|
|
if [ $RESULT -eq 0 ]; then
|
|
verbose ok $tid
|
|
else
|
|
echo failed $tid
|
|
fi
|
|
exit $RESULT
|