]>
Commit | Line | Data |
---|---|---|
2c06c99b | 1 | # $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $ |
700318f3 | 2 | # Placed in the Public Domain. |
3 | ||
700318f3 | 4 | #SUDO=sudo |
5 | ||
996d5e62 | 6 | # Unbreak GNU head(1) |
7 | _POSIX2_VERSION=199209 | |
8 | export _POSIX2_VERSION | |
9 | ||
10 | case `uname -s 2>/dev/null` in | |
11 | OSF1*) | |
12 | BIN_SH=xpg4 | |
13 | export BIN_SH | |
14 | ;; | |
15 | esac | |
16 | ||
c9f39d2c | 17 | if [ ! -z "$TEST_SSH_PORT" ]; then |
18 | PORT="$TEST_SSH_PORT" | |
19 | else | |
20 | PORT=4242 | |
21 | fi | |
22 | ||
0fff78ff | 23 | if [ -x /usr/ucb/whoami ]; then |
24 | USER=`/usr/ucb/whoami` | |
25 | elif whoami >/dev/null 2>&1; then | |
26 | USER=`whoami` | |
2c06c99b | 27 | elif logname >/dev/null 2>&1; then |
28 | USER=`logname` | |
0fff78ff | 29 | else |
30 | USER=`id -un` | |
31 | fi | |
32 | ||
700318f3 | 33 | OBJ=$1 |
34 | if [ "x$OBJ" = "x" ]; then | |
35 | echo '$OBJ not defined' | |
36 | exit 2 | |
37 | fi | |
38 | if [ ! -d $OBJ ]; then | |
39 | echo "not a directory: $OBJ" | |
40 | exit 2 | |
41 | fi | |
42 | SCRIPT=$2 | |
43 | if [ "x$SCRIPT" = "x" ]; then | |
44 | echo '$SCRIPT not defined' | |
45 | exit 2 | |
46 | fi | |
47 | if [ ! -f $SCRIPT ]; then | |
48 | echo "not a file: $SCRIPT" | |
49 | exit 2 | |
50 | fi | |
cdd66111 | 51 | if $TEST_SHELL -n $SCRIPT; then |
700318f3 | 52 | true |
53 | else | |
54 | echo "syntax error in $SCRIPT" | |
55 | exit 2 | |
56 | fi | |
57 | unset SSH_AUTH_SOCK | |
58 | ||
996d5e62 | 59 | SRC=`dirname ${SCRIPT}` |
60 | ||
700318f3 | 61 | # defaults |
62 | SSH=ssh | |
63 | SSHD=sshd | |
64 | SSHAGENT=ssh-agent | |
65 | SSHADD=ssh-add | |
66 | SSHKEYGEN=ssh-keygen | |
67 | SSHKEYSCAN=ssh-keyscan | |
68 | SFTP=sftp | |
69 | SFTPSERVER=/usr/libexec/openssh/sftp-server | |
c9f39d2c | 70 | SCP=scp |
700318f3 | 71 | |
72 | if [ "x$TEST_SSH_SSH" != "x" ]; then | |
99be0775 | 73 | SSH="${TEST_SSH_SSH}" |
700318f3 | 74 | fi |
75 | if [ "x$TEST_SSH_SSHD" != "x" ]; then | |
99be0775 | 76 | SSHD="${TEST_SSH_SSHD}" |
700318f3 | 77 | fi |
78 | if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then | |
99be0775 | 79 | SSHAGENT="${TEST_SSH_SSHAGENT}" |
700318f3 | 80 | fi |
81 | if [ "x$TEST_SSH_SSHADD" != "x" ]; then | |
99be0775 | 82 | SSHADD="${TEST_SSH_SSHADD}" |
700318f3 | 83 | fi |
84 | if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then | |
99be0775 | 85 | SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" |
700318f3 | 86 | fi |
87 | if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then | |
99be0775 | 88 | SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" |
700318f3 | 89 | fi |
90 | if [ "x$TEST_SSH_SFTP" != "x" ]; then | |
99be0775 | 91 | SFTP="${TEST_SSH_SFTP}" |
700318f3 | 92 | fi |
93 | if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then | |
99be0775 | 94 | SFTPSERVER="${TEST_SSH_SFTPSERVER}" |
700318f3 | 95 | fi |
c9f39d2c | 96 | if [ "x$TEST_SSH_SCP" != "x" ]; then |
97 | SCP="${TEST_SSH_SCP}" | |
98 | fi | |
99 | ||
100 | # Path to sshd must be absolute for rexec | |
665a873d | 101 | case "$SSHD" in |
102 | /*) ;; | |
103 | *) SSHD=`which sshd` ;; | |
104 | esac | |
996d5e62 | 105 | |
106 | if [ "x$TEST_SSH_LOGFILE" = "x" ]; then | |
107 | TEST_SSH_LOGFILE=/dev/null | |
108 | fi | |
700318f3 | 109 | |
110 | # these should be used in tests | |
c9f39d2c | 111 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
112 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | |
700318f3 | 113 | |
114 | # helper | |
0fff78ff | 115 | echon() |
116 | { | |
117 | if [ "x`echo -n`" = "x" ]; then | |
118 | echo -n "$@" | |
119 | elif [ "x`echo '\c'`" = "x" ]; then | |
120 | echo "$@\c" | |
121 | else | |
122 | fatal "Don't know how to echo without newline." | |
123 | fi | |
124 | } | |
125 | ||
126 | have_prog() | |
127 | { | |
128 | saved_IFS="$IFS" | |
129 | IFS=":" | |
130 | for i in $PATH | |
131 | do | |
132 | if [ -x $i/$1 ]; then | |
133 | IFS="$saved_IFS" | |
134 | return 0 | |
135 | fi | |
136 | done | |
137 | IFS="$saved_IFS" | |
138 | return 1 | |
139 | } | |
140 | ||
700318f3 | 141 | cleanup () |
142 | { | |
143 | if [ -f $PIDFILE ]; then | |
144 | pid=`cat $PIDFILE` | |
145 | if [ "X$pid" = "X" ]; then | |
146 | echo no sshd running | |
147 | else | |
148 | if [ $pid -lt 2 ]; then | |
149 | echo bad pid for ssd: $pid | |
150 | else | |
151 | $SUDO kill $pid | |
152 | fi | |
153 | fi | |
154 | fi | |
155 | } | |
156 | ||
157 | trace () | |
158 | { | |
996d5e62 | 159 | echo "trace: $@" >>$TEST_SSH_LOGFILE |
700318f3 | 160 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then |
161 | echo "$@" | |
162 | fi | |
163 | } | |
164 | ||
165 | verbose () | |
166 | { | |
996d5e62 | 167 | echo "verbose: $@" >>$TEST_SSH_LOGFILE |
700318f3 | 168 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then |
169 | echo "$@" | |
170 | fi | |
171 | } | |
172 | ||
173 | ||
174 | fail () | |
175 | { | |
996d5e62 | 176 | echo "FAIL: $@" >>$TEST_SSH_LOGFILE |
700318f3 | 177 | RESULT=1 |
178 | echo "$@" | |
179 | } | |
180 | ||
181 | fatal () | |
182 | { | |
996d5e62 | 183 | echo "FATAL: $@" >>$TEST_SSH_LOGFILE |
0fff78ff | 184 | echon "FATAL: " |
700318f3 | 185 | fail "$@" |
186 | cleanup | |
187 | exit $RESULT | |
188 | } | |
189 | ||
190 | RESULT=0 | |
191 | PIDFILE=$OBJ/pidfile | |
192 | ||
193 | trap fatal 3 2 | |
194 | ||
195 | # create server config | |
196 | cat << EOF > $OBJ/sshd_config | |
c9f39d2c | 197 | StrictModes no |
700318f3 | 198 | Port $PORT |
2c06c99b | 199 | AddressFamily inet |
700318f3 | 200 | ListenAddress 127.0.0.1 |
201 | #ListenAddress ::1 | |
202 | PidFile $PIDFILE | |
203 | AuthorizedKeysFile $OBJ/authorized_keys_%u | |
dec6d9fe | 204 | LogLevel VERBOSE |
c9f39d2c | 205 | AcceptEnv _XXX_TEST_* |
206 | AcceptEnv _XXX_TEST | |
207 | Subsystem sftp $SFTPSERVER | |
700318f3 | 208 | EOF |
209 | ||
c9f39d2c | 210 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then |
211 | trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" | |
212 | echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config | |
213 | fi | |
214 | ||
700318f3 | 215 | # server config for proxy connects |
216 | cp $OBJ/sshd_config $OBJ/sshd_proxy | |
217 | ||
218 | # allow group-writable directories in proxy-mode | |
219 | echo 'StrictModes no' >> $OBJ/sshd_proxy | |
220 | ||
221 | # create client config | |
222 | cat << EOF > $OBJ/ssh_config | |
223 | Host * | |
224 | Hostname 127.0.0.1 | |
225 | HostKeyAlias localhost-with-alias | |
226 | Port $PORT | |
227 | User $USER | |
228 | GlobalKnownHostsFile $OBJ/known_hosts | |
229 | UserKnownHostsFile $OBJ/known_hosts | |
230 | RSAAuthentication yes | |
231 | PubkeyAuthentication yes | |
232 | ChallengeResponseAuthentication no | |
233 | HostbasedAuthentication no | |
234 | PasswordAuthentication no | |
700318f3 | 235 | BatchMode yes |
236 | StrictHostKeyChecking yes | |
237 | EOF | |
238 | ||
c9f39d2c | 239 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
240 | trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" | |
241 | echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config | |
242 | fi | |
243 | ||
700318f3 | 244 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
245 | ||
246 | trace "generate keys" | |
247 | for t in rsa rsa1; do | |
248 | # generate user key | |
249 | rm -f $OBJ/$t | |
2c06c99b | 250 | ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\ |
700318f3 | 251 | fail "ssh-keygen for $t failed" |
252 | ||
253 | # known hosts file for client | |
254 | ( | |
0fff78ff | 255 | echon 'localhost-with-alias,127.0.0.1,::1 ' |
700318f3 | 256 | cat $OBJ/$t.pub |
257 | ) >> $OBJ/known_hosts | |
258 | ||
259 | # setup authorized keys | |
260 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | |
261 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | |
262 | ||
263 | # use key as host key, too | |
264 | $SUDO cp $OBJ/$t $OBJ/host.$t | |
265 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config | |
266 | ||
267 | # don't use SUDO for proxy connect | |
268 | echo HostKey $OBJ/$t >> $OBJ/sshd_proxy | |
269 | done | |
270 | chmod 644 $OBJ/authorized_keys_$USER | |
271 | ||
272 | # create a proxy version of the client config | |
273 | ( | |
274 | cat $OBJ/ssh_config | |
996d5e62 | 275 | echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy |
700318f3 | 276 | ) > $OBJ/ssh_proxy |
277 | ||
278 | # check proxy config | |
279 | ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" | |
280 | ||
281 | start_sshd () | |
282 | { | |
283 | # start sshd | |
284 | $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" | |
996d5e62 | 285 | $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1 |
700318f3 | 286 | |
287 | trace "wait for sshd" | |
288 | i=0; | |
0fff78ff | 289 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do |
700318f3 | 290 | i=`expr $i + 1` |
291 | sleep $i | |
292 | done | |
293 | ||
294 | test -f $PIDFILE || fatal "no sshd running on port $PORT" | |
295 | } | |
296 | ||
297 | # source test body | |
298 | . $SCRIPT | |
299 | ||
300 | # kill sshd | |
301 | cleanup | |
302 | if [ $RESULT -eq 0 ]; then | |
303 | verbose ok $tid | |
304 | else | |
305 | echo failed $tid | |
306 | fi | |
307 | exit $RESULT |