495 lines
10 KiB
Bash
495 lines
10 KiB
Bash
# $OpenBSD: test-exec.sh,v 1.48 2014/07/06 07:42:03 djm Exp $
|
|
# Placed in the Public Domain.
|
|
|
|
#SUDO=sudo
|
|
|
|
# Unbreak GNU head(1)
|
|
_POSIX2_VERSION=199209
|
|
export _POSIX2_VERSION
|
|
|
|
case `uname -s 2>/dev/null` in
|
|
OSF1*)
|
|
BIN_SH=xpg4
|
|
export BIN_SH
|
|
;;
|
|
CYGWIN_NT-5.0)
|
|
os=cygwin
|
|
TEST_SSH_IPV6=no
|
|
;;
|
|
CYGWIN*)
|
|
os=cygwin
|
|
;;
|
|
esac
|
|
|
|
if [ ! -z "$TEST_SSH_PORT" ]; then
|
|
PORT="$TEST_SSH_PORT"
|
|
else
|
|
PORT=4242
|
|
fi
|
|
|
|
if [ -x /usr/ucb/whoami ]; then
|
|
USER=`/usr/ucb/whoami`
|
|
elif whoami >/dev/null 2>&1; then
|
|
USER=`whoami`
|
|
elif logname >/dev/null 2>&1; then
|
|
USER=`logname`
|
|
else
|
|
USER=`id -un`
|
|
fi
|
|
|
|
OBJ=$1
|
|
if [ "x$OBJ" = "x" ]; then
|
|
echo '$OBJ not defined'
|
|
exit 2
|
|
fi
|
|
if [ ! -d $OBJ ]; then
|
|
echo "not a directory: $OBJ"
|
|
exit 2
|
|
fi
|
|
SCRIPT=$2
|
|
if [ "x$SCRIPT" = "x" ]; then
|
|
echo '$SCRIPT not defined'
|
|
exit 2
|
|
fi
|
|
if [ ! -f $SCRIPT ]; then
|
|
echo "not a file: $SCRIPT"
|
|
exit 2
|
|
fi
|
|
if $TEST_SHELL -n $SCRIPT; then
|
|
true
|
|
else
|
|
echo "syntax error in $SCRIPT"
|
|
exit 2
|
|
fi
|
|
unset SSH_AUTH_SOCK
|
|
|
|
SRC=`dirname ${SCRIPT}`
|
|
|
|
# defaults
|
|
SSH=ssh
|
|
SSHD=sshd
|
|
SSHAGENT=ssh-agent
|
|
SSHADD=ssh-add
|
|
SSHKEYGEN=ssh-keygen
|
|
SSHKEYSCAN=ssh-keyscan
|
|
SFTP=sftp
|
|
SFTPSERVER=/usr/libexec/openssh/sftp-server
|
|
SCP=scp
|
|
|
|
# Interop testing
|
|
PLINK=plink
|
|
PUTTYGEN=puttygen
|
|
CONCH=conch
|
|
|
|
if [ "x$TEST_SSH_SSH" != "x" ]; then
|
|
SSH="${TEST_SSH_SSH}"
|
|
fi
|
|
if [ "x$TEST_SSH_SSHD" != "x" ]; then
|
|
SSHD="${TEST_SSH_SSHD}"
|
|
fi
|
|
if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
|
|
SSHAGENT="${TEST_SSH_SSHAGENT}"
|
|
fi
|
|
if [ "x$TEST_SSH_SSHADD" != "x" ]; then
|
|
SSHADD="${TEST_SSH_SSHADD}"
|
|
fi
|
|
if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
|
|
SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
|
|
fi
|
|
if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
|
|
SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
|
|
fi
|
|
if [ "x$TEST_SSH_SFTP" != "x" ]; then
|
|
SFTP="${TEST_SSH_SFTP}"
|
|
fi
|
|
if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
|
|
SFTPSERVER="${TEST_SSH_SFTPSERVER}"
|
|
fi
|
|
if [ "x$TEST_SSH_SCP" != "x" ]; then
|
|
SCP="${TEST_SSH_SCP}"
|
|
fi
|
|
if [ "x$TEST_SSH_PLINK" != "x" ]; then
|
|
# Find real binary, if it exists
|
|
case "${TEST_SSH_PLINK}" in
|
|
/*) PLINK="${TEST_SSH_PLINK}" ;;
|
|
*) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
|
|
esac
|
|
fi
|
|
if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
|
|
# Find real binary, if it exists
|
|
case "${TEST_SSH_PUTTYGEN}" in
|
|
/*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
|
|
*) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
|
|
esac
|
|
fi
|
|
if [ "x$TEST_SSH_CONCH" != "x" ]; then
|
|
# Find real binary, if it exists
|
|
case "${TEST_SSH_CONCH}" in
|
|
/*) CONCH="${TEST_SSH_CONCH}" ;;
|
|
*) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
|
|
esac
|
|
fi
|
|
|
|
# Path to sshd must be absolute for rexec
|
|
case "$SSHD" in
|
|
/*) ;;
|
|
*) SSHD=`which $SSHD` ;;
|
|
esac
|
|
|
|
case "$SSHAGENT" in
|
|
/*) ;;
|
|
*) SSHAGENT=`which $SSHAGENT` ;;
|
|
esac
|
|
|
|
# Logfiles.
|
|
# SSH_LOGFILE should be the debug output of ssh(1) only
|
|
# SSHD_LOGFILE should be the debug output of sshd(8) only
|
|
# REGRESS_LOGFILE is the output of the test itself stdout and stderr
|
|
if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
|
|
TEST_SSH_LOGFILE=$OBJ/ssh.log
|
|
fi
|
|
if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
|
|
TEST_SSHD_LOGFILE=$OBJ/sshd.log
|
|
fi
|
|
if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
|
|
TEST_REGRESS_LOGFILE=$OBJ/regress.log
|
|
fi
|
|
|
|
# truncate logfiles
|
|
>$TEST_SSH_LOGFILE
|
|
>$TEST_SSHD_LOGFILE
|
|
>$TEST_REGRESS_LOGFILE
|
|
|
|
# Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..."
|
|
# because sftp and scp don't handle spaces in arguments.
|
|
SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
|
|
echo "#!/bin/sh" > $SSHLOGWRAP
|
|
echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
|
|
|
|
chmod a+rx $OBJ/ssh-log-wrapper.sh
|
|
SSH="$SSHLOGWRAP"
|
|
|
|
# Some test data. We make a copy because some tests will overwrite it.
|
|
# The tests may assume that $DATA exists and is writable and $COPY does
|
|
# not exist. Tests requiring larger data files can call increase_datafile_size
|
|
# [kbytes] to ensure the file is at least that large.
|
|
DATANAME=data
|
|
DATA=$OBJ/${DATANAME}
|
|
cat ${SSHAGENT} >${DATA}
|
|
chmod u+w ${DATA}
|
|
COPY=$OBJ/copy
|
|
rm -f ${COPY}
|
|
|
|
increase_datafile_size()
|
|
{
|
|
while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
|
|
cat ${SSHAGENT} >>${DATA}
|
|
done
|
|
}
|
|
|
|
# these should be used in tests
|
|
export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
|
|
#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
|
|
|
|
# Portable specific functions
|
|
have_prog()
|
|
{
|
|
saved_IFS="$IFS"
|
|
IFS=":"
|
|
for i in $PATH
|
|
do
|
|
if [ -x $i/$1 ]; then
|
|
IFS="$saved_IFS"
|
|
return 0
|
|
fi
|
|
done
|
|
IFS="$saved_IFS"
|
|
return 1
|
|
}
|
|
|
|
jot() {
|
|
awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
|
|
}
|
|
|
|
# Check whether preprocessor symbols are defined in config.h.
|
|
config_defined ()
|
|
{
|
|
str=$1
|
|
while test "x$2" != "x" ; do
|
|
str="$str|$2"
|
|
shift
|
|
done
|
|
egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
|
|
}
|
|
|
|
md5 () {
|
|
if have_prog md5sum; then
|
|
md5sum
|
|
elif have_prog openssl; then
|
|
openssl md5
|
|
elif have_prog cksum; then
|
|
cksum
|
|
elif have_prog sum; then
|
|
sum
|
|
else
|
|
wc -c
|
|
fi
|
|
}
|
|
# End of portable specific functions
|
|
|
|
# helper
|
|
cleanup ()
|
|
{
|
|
if [ "x$SSH_PID" != "x" ]; then
|
|
if [ $SSH_PID -lt 2 ]; then
|
|
echo bad pid for ssh: $SSH_PID
|
|
else
|
|
kill $SSH_PID
|
|
fi
|
|
fi
|
|
if [ -f $PIDFILE ]; then
|
|
pid=`$SUDO cat $PIDFILE`
|
|
if [ "X$pid" = "X" ]; then
|
|
echo no sshd running
|
|
else
|
|
if [ $pid -lt 2 ]; then
|
|
echo bad pid for sshd: $pid
|
|
else
|
|
$SUDO kill $pid
|
|
trace "wait for sshd to exit"
|
|
i=0;
|
|
while [ -f $PIDFILE -a $i -lt 5 ]; do
|
|
i=`expr $i + 1`
|
|
sleep $i
|
|
done
|
|
test -f $PIDFILE && \
|
|
fatal "sshd didn't exit port $PORT pid $pid"
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
start_debug_log ()
|
|
{
|
|
echo "trace: $@" >$TEST_REGRESS_LOGFILE
|
|
echo "trace: $@" >$TEST_SSH_LOGFILE
|
|
echo "trace: $@" >$TEST_SSHD_LOGFILE
|
|
}
|
|
|
|
save_debug_log ()
|
|
{
|
|
echo $@ >>$TEST_REGRESS_LOGFILE
|
|
echo $@ >>$TEST_SSH_LOGFILE
|
|
echo $@ >>$TEST_SSHD_LOGFILE
|
|
(cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
|
|
(cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
|
|
(cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
|
|
}
|
|
|
|
trace ()
|
|
{
|
|
start_debug_log $@
|
|
if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
|
|
echo "$@"
|
|
fi
|
|
}
|
|
|
|
verbose ()
|
|
{
|
|
start_debug_log $@
|
|
if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
|
|
echo "$@"
|
|
fi
|
|
}
|
|
|
|
warn ()
|
|
{
|
|
echo "WARNING: $@" >>$TEST_SSH_LOGFILE
|
|
echo "WARNING: $@"
|
|
}
|
|
|
|
fail ()
|
|
{
|
|
save_debug_log "FAIL: $@"
|
|
RESULT=1
|
|
echo "$@"
|
|
|
|
}
|
|
|
|
fatal ()
|
|
{
|
|
save_debug_log "FATAL: $@"
|
|
printf "FATAL: "
|
|
fail "$@"
|
|
cleanup
|
|
exit $RESULT
|
|
}
|
|
|
|
RESULT=0
|
|
PIDFILE=$OBJ/pidfile
|
|
|
|
trap fatal 3 2
|
|
|
|
# create server config
|
|
cat << EOF > $OBJ/sshd_config
|
|
StrictModes no
|
|
Port $PORT
|
|
Protocol 2,1
|
|
AddressFamily inet
|
|
ListenAddress 127.0.0.1
|
|
#ListenAddress ::1
|
|
PidFile $PIDFILE
|
|
AuthorizedKeysFile $OBJ/authorized_keys_%u
|
|
LogLevel DEBUG3
|
|
AcceptEnv _XXX_TEST_*
|
|
AcceptEnv _XXX_TEST
|
|
Subsystem sftp $SFTPSERVER
|
|
EOF
|
|
|
|
if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
|
|
trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
|
|
echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
|
|
fi
|
|
|
|
# server config for proxy connects
|
|
cp $OBJ/sshd_config $OBJ/sshd_proxy
|
|
|
|
# allow group-writable directories in proxy-mode
|
|
echo 'StrictModes no' >> $OBJ/sshd_proxy
|
|
|
|
# create client config
|
|
cat << EOF > $OBJ/ssh_config
|
|
Host *
|
|
Protocol 2,1
|
|
Hostname 127.0.0.1
|
|
HostKeyAlias localhost-with-alias
|
|
Port $PORT
|
|
User $USER
|
|
GlobalKnownHostsFile $OBJ/known_hosts
|
|
UserKnownHostsFile $OBJ/known_hosts
|
|
RSAAuthentication yes
|
|
PubkeyAuthentication yes
|
|
ChallengeResponseAuthentication no
|
|
HostbasedAuthentication no
|
|
PasswordAuthentication no
|
|
RhostsRSAAuthentication no
|
|
BatchMode yes
|
|
StrictHostKeyChecking yes
|
|
LogLevel DEBUG3
|
|
EOF
|
|
|
|
if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
|
|
trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
|
|
echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
|
|
fi
|
|
|
|
rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
|
|
|
|
trace "generate keys"
|
|
for t in rsa rsa1; do
|
|
# generate user key
|
|
if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN} -nt $OBJ/$t ]; then
|
|
rm -f $OBJ/$t
|
|
${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\
|
|
fail "ssh-keygen for $t failed"
|
|
fi
|
|
|
|
# known hosts file for client
|
|
(
|
|
printf 'localhost-with-alias,127.0.0.1,::1 '
|
|
cat $OBJ/$t.pub
|
|
) >> $OBJ/known_hosts
|
|
|
|
# setup authorized keys
|
|
cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
|
|
echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
|
|
|
|
# use key as host key, too
|
|
$SUDO cp $OBJ/$t $OBJ/host.$t
|
|
echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
|
|
|
|
# don't use SUDO for proxy connect
|
|
echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
|
|
done
|
|
chmod 644 $OBJ/authorized_keys_$USER
|
|
|
|
# Activate Twisted Conch tests if the binary is present
|
|
REGRESS_INTEROP_CONCH=no
|
|
if test -x "$CONCH" ; then
|
|
REGRESS_INTEROP_CONCH=yes
|
|
fi
|
|
|
|
# If PuTTY is present and we are running a PuTTY test, prepare keys and
|
|
# configuration
|
|
REGRESS_INTEROP_PUTTY=no
|
|
if test -x "$PUTTYGEN" -a -x "$PLINK" ; then
|
|
REGRESS_INTEROP_PUTTY=yes
|
|
fi
|
|
case "$SCRIPT" in
|
|
*putty*) ;;
|
|
*) REGRESS_INTEROP_PUTTY=no ;;
|
|
esac
|
|
|
|
if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
|
|
mkdir -p ${OBJ}/.putty
|
|
|
|
# Add a PuTTY key to authorized_keys
|
|
rm -f ${OBJ}/putty.rsa2
|
|
puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
|
|
puttygen -O public-openssh ${OBJ}/putty.rsa2 \
|
|
>> $OBJ/authorized_keys_$USER
|
|
|
|
# Convert rsa2 host key to PuTTY format
|
|
${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
|
|
${OBJ}/.putty/sshhostkeys
|
|
${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
|
|
${OBJ}/.putty/sshhostkeys
|
|
|
|
# Setup proxied session
|
|
mkdir -p ${OBJ}/.putty/sessions
|
|
rm -f ${OBJ}/.putty/sessions/localhost_proxy
|
|
echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
|
|
echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
|
|
echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
|
|
echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
|
|
|
|
REGRESS_INTEROP_PUTTY=yes
|
|
fi
|
|
|
|
# create a proxy version of the client config
|
|
(
|
|
cat $OBJ/ssh_config
|
|
echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy
|
|
) > $OBJ/ssh_proxy
|
|
|
|
# check proxy config
|
|
${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"
|
|
|
|
start_sshd ()
|
|
{
|
|
# start sshd
|
|
$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
|
|
$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
|
|
|
|
trace "wait for sshd"
|
|
i=0;
|
|
while [ ! -f $PIDFILE -a $i -lt 10 ]; do
|
|
i=`expr $i + 1`
|
|
sleep $i
|
|
done
|
|
|
|
test -f $PIDFILE || fatal "no sshd running on port $PORT"
|
|
}
|
|
|
|
# source test body
|
|
. $SCRIPT
|
|
|
|
# kill sshd
|
|
cleanup
|
|
if [ $RESULT -eq 0 ]; then
|
|
verbose ok $tid
|
|
else
|
|
echo failed $tid
|
|
fi
|
|
exit $RESULT
|