[openssh.git] / regress / test-exec.sh

#	$OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $
#	Placed in the Public Domain.

#SUDO=sudo

if [ ! -z "$TEST_SSH_PORT" ]; then
	PORT="$TEST_SSH_PORT"
else
	PORT=4242
fi

if [ -x /usr/ucb/whoami ]; then
	USER=`/usr/ucb/whoami`
elif whoami >/dev/null 2>&1; then
	USER=`whoami`
else
	USER=`id -un`
fi

OBJ=$1
if [ "x$OBJ" = "x" ]; then
	echo '$OBJ not defined'
	exit 2
fi
if [ ! -d $OBJ ]; then
	echo "not a directory: $OBJ"
	exit 2
fi
SCRIPT=$2
if [ "x$SCRIPT" = "x" ]; then
	echo '$SCRIPT not defined'
	exit 2
fi
if [ ! -f $SCRIPT ]; then
	echo "not a file: $SCRIPT"
	exit 2
fi
if $TEST_SHELL -n $SCRIPT; then
	true
else
	echo "syntax error in $SCRIPT"
	exit 2
fi
unset SSH_AUTH_SOCK

# defaults
SSH=ssh
SSHD=sshd
SSHAGENT=ssh-agent
SSHADD=ssh-add
SSHKEYGEN=ssh-keygen
SSHKEYSCAN=ssh-keyscan
SFTP=sftp
SFTPSERVER=/usr/libexec/openssh/sftp-server
SCP=scp

if [ "x$TEST_SSH_SSH" != "x" ]; then
	SSH="${TEST_SSH_SSH}"
fi
if [ "x$TEST_SSH_SSHD" != "x" ]; then
	SSHD="${TEST_SSH_SSHD}"
fi
if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
	SSHAGENT="${TEST_SSH_SSHAGENT}"
fi
if [ "x$TEST_SSH_SSHADD" != "x" ]; then
	SSHADD="${TEST_SSH_SSHADD}"
fi
if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
fi
if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
fi
if [ "x$TEST_SSH_SFTP" != "x" ]; then
	SFTP="${TEST_SSH_SFTP}"
fi
if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
fi
if [ "x$TEST_SSH_SCP" != "x" ]; then
	SCP="${TEST_SSH_SCP}"
fi

# Path to sshd must be absolute for rexec
SSHD=`which sshd`

# these should be used in tests
export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP

# helper
echon()
{
       if [ "x`echo -n`" = "x" ]; then
               echo -n "$@"
       elif [ "x`echo '\c'`" = "x" ]; then
               echo "$@\c"
       else
               fatal "Don't know how to echo without newline."
       fi
}

have_prog()
{
	saved_IFS="$IFS"
	IFS=":"
	for i in $PATH
	do
		if [ -x $i/$1 ]; then
			IFS="$saved_IFS"
			return 0
		fi
	done
	IFS="$saved_IFS"
	return 1
}

cleanup ()
{
	if [ -f $PIDFILE ]; then
		pid=`cat $PIDFILE`
		if [ "X$pid" = "X" ]; then
			echo no sshd running
		else
			if [ $pid -lt 2 ]; then
				echo bad pid for ssd: $pid
			else
				$SUDO kill $pid
			fi
		fi
	fi
}

trace ()
{
	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
		echo "$@"
	fi
}

verbose ()
{
	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
		echo "$@"
	fi
}


fail ()
{
	RESULT=1
	echo "$@"
}

fatal ()
{
	echon "FATAL: "
	fail "$@"
	cleanup
	exit $RESULT
}

RESULT=0
PIDFILE=$OBJ/pidfile

trap fatal 3 2

# create server config
cat << EOF > $OBJ/sshd_config
	StrictModes		no
	Port			$PORT
	ListenAddress		127.0.0.1
	#ListenAddress		::1
	PidFile			$PIDFILE
	AuthorizedKeysFile	$OBJ/authorized_keys_%u
	LogLevel		QUIET
	AcceptEnv		_XXX_TEST_*
	AcceptEnv		_XXX_TEST
	Subsystem	sftp	$SFTPSERVER
EOF

if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
fi

# server config for proxy connects
cp $OBJ/sshd_config $OBJ/sshd_proxy

# allow group-writable directories in proxy-mode
echo 'StrictModes no' >> $OBJ/sshd_proxy

# create client config
cat << EOF > $OBJ/ssh_config
Host *
	Hostname		127.0.0.1
	HostKeyAlias		localhost-with-alias
	Port			$PORT
	User			$USER
	GlobalKnownHostsFile	$OBJ/known_hosts
	UserKnownHostsFile	$OBJ/known_hosts
	RSAAuthentication	yes
	PubkeyAuthentication	yes
	ChallengeResponseAuthentication	no
	HostbasedAuthentication	no
	PasswordAuthentication	no
	RhostsRSAAuthentication	no
	BatchMode		yes
	StrictHostKeyChecking	yes
EOF

if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
	trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
fi

rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER

trace "generate keys"
for t in rsa rsa1; do
	# generate user key
	rm -f $OBJ/$t
	${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
		fail "ssh-keygen for $t failed"

	# known hosts file for client
	(
		echon 'localhost-with-alias,127.0.0.1,::1 '
		cat $OBJ/$t.pub
	) >> $OBJ/known_hosts

	# setup authorized keys
	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config

	# use key as host key, too
	$SUDO cp $OBJ/$t $OBJ/host.$t
	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config

	# don't use SUDO for proxy connect
	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
done
chmod 644 $OBJ/authorized_keys_$USER

# create a proxy version of the client config
(
	cat $OBJ/ssh_config
	echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy
) > $OBJ/ssh_proxy

# check proxy config
${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"

start_sshd ()
{
	# start sshd
	$SUDO ${SSHD} -f $OBJ/sshd_config -t	|| fatal "sshd_config broken"
	$SUDO ${SSHD} -f $OBJ/sshd_config

	trace "wait for sshd"
	i=0;
	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
		i=`expr $i + 1`
		sleep $i
	done

	test -f $PIDFILE || fatal "no sshd running on port $PORT"
}

# source test body
. $SCRIPT

# kill sshd
cleanup
if [ $RESULT -eq 0 ]; then
	verbose ok $tid
else
	echo failed $tid
fi
exit $RESULT
Commit	Line	Data
19031d79	1	# $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $
836d58d7	2	# Placed in the Public Domain.
836d58d7	3
836d58d7	4	#SUDO=sudo
836d58d7	5
08f8b491	6	if [ ! -z "$TEST_SSH_PORT" ]; then
	7	PORT="$TEST_SSH_PORT"
	8	else
	9	PORT=4242
	10	fi
	11
4638d96a	12	if [ -x /usr/ucb/whoami ]; then
4638d96a	13	USER=`/usr/ucb/whoami`
c1b10a96	14	elif whoami >/dev/null 2>&1; then
4638d96a	15	USER=`whoami`
	16	else
	17	USER=`id -un`
	18	fi
	19
836d58d7	20	OBJ=$1
	21	if [ "x$OBJ" = "x" ]; then
	22	echo '$OBJ not defined'
	23	exit 2
	24	fi
	25	if [ ! -d $OBJ ]; then
	26	echo "not a directory: $OBJ"
	27	exit 2
	28	fi
	29	SCRIPT=$2
	30	if [ "x$SCRIPT" = "x" ]; then
	31	echo '$SCRIPT not defined'
	32	exit 2
	33	fi
	34	if [ ! -f $SCRIPT ]; then
	35	echo "not a file: $SCRIPT"
	36	exit 2
	37	fi
006cb311	38	if $TEST_SHELL -n $SCRIPT; then
836d58d7	39	true
	40	else
	41	echo "syntax error in $SCRIPT"
	42	exit 2
	43	fi
	44	unset SSH_AUTH_SOCK
	45
	46	# defaults
	47	SSH=ssh
	48	SSHD=sshd
	49	SSHAGENT=ssh-agent
	50	SSHADD=ssh-add
	51	SSHKEYGEN=ssh-keygen
	52	SSHKEYSCAN=ssh-keyscan
	53	SFTP=sftp
	54	SFTPSERVER=/usr/libexec/openssh/sftp-server
53e2a65c	55	SCP=scp
836d58d7	56
836d58d7	57	if [ "x$TEST_SSH_SSH" != "x" ]; then
dd75dc6d	58	SSH="${TEST_SSH_SSH}"
836d58d7	59	fi
836d58d7	60	if [ "x$TEST_SSH_SSHD" != "x" ]; then
dd75dc6d	61	SSHD="${TEST_SSH_SSHD}"
836d58d7	62	fi
836d58d7	63	if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
dd75dc6d	64	SSHAGENT="${TEST_SSH_SSHAGENT}"
836d58d7	65	fi
836d58d7	66	if [ "x$TEST_SSH_SSHADD" != "x" ]; then
dd75dc6d	67	SSHADD="${TEST_SSH_SSHADD}"
836d58d7	68	fi
836d58d7	69	if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
dd75dc6d	70	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
836d58d7	71	fi
836d58d7	72	if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
dd75dc6d	73	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
836d58d7	74	fi
836d58d7	75	if [ "x$TEST_SSH_SFTP" != "x" ]; then
dd75dc6d	76	SFTP="${TEST_SSH_SFTP}"
836d58d7	77	fi
836d58d7	78	if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
dd75dc6d	79	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
836d58d7	80	fi
53e2a65c	81	if [ "x$TEST_SSH_SCP" != "x" ]; then
	82	SCP="${TEST_SSH_SCP}"
	83	fi
836d58d7	84
403447b4	85	# Path to sshd must be absolute for rexec
	86	SSHD=`which sshd`
	87
836d58d7	88	# these should be used in tests
53e2a65c	89	export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
53e2a65c	90	#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
836d58d7	91
836d58d7	92	# helper
c7751424	93	echon()
	94	{
	95	if [ "x`echo -n`" = "x" ]; then
	96	echo -n "$@"
	97	elif [ "x`echo '\c'`" = "x" ]; then
	98	echo "$@\c"
	99	else
	100	fatal "Don't know how to echo without newline."
	101	fi
	102	}
	103
c1b10a96	104	have_prog()
	105	{
	106	saved_IFS="$IFS"
	107	IFS=":"
	108	for i in $PATH
	109	do
	110	if [ -x $i/$1 ]; then
	111	IFS="$saved_IFS"
	112	return 0
	113	fi
	114	done
	115	IFS="$saved_IFS"
	116	return 1
	117	}
	118
836d58d7	119	cleanup ()
	120	{
	121	if [ -f $PIDFILE ]; then
	122	pid=`cat $PIDFILE`
	123	if [ "X$pid" = "X" ]; then
	124	echo no sshd running
	125	else
	126	if [ $pid -lt 2 ]; then
	127	echo bad pid for ssd: $pid
	128	else
	129	$SUDO kill $pid
	130	fi
	131	fi
	132	fi
	133	}
	134
	135	trace ()
	136	{
	137	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
	138	echo "$@"
	139	fi
	140	}
	141
	142	verbose ()
	143	{
	144	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
	145	echo "$@"
	146	fi
	147	}
	148
	149
	150	fail ()
	151	{
	152	RESULT=1
	153	echo "$@"
	154	}
	155
	156	fatal ()
	157	{
c7751424	158	echon "FATAL: "
836d58d7	159	fail "$@"
	160	cleanup
	161	exit $RESULT
	162	}
	163
	164	RESULT=0
	165	PIDFILE=$OBJ/pidfile
	166
	167	trap fatal 3 2
	168
	169	# create server config
	170	cat << EOF > $OBJ/sshd_config
828d4b6f	171	StrictModes no
836d58d7	172	Port $PORT
	173	ListenAddress 127.0.0.1
	174	#ListenAddress ::1
	175	PidFile $PIDFILE
	176	AuthorizedKeysFile $OBJ/authorized_keys_%u
	177	LogLevel QUIET
1b0a92c0	178	AcceptEnv _XXX_TEST_*
1b0a92c0	179	AcceptEnv _XXX_TEST
00995aa0	180	Subsystem sftp $SFTPSERVER
836d58d7	181	EOF
836d58d7	182
677dd470	183	if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
	184	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
	185	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
	186	fi
	187
836d58d7	188	# server config for proxy connects
	189	cp $OBJ/sshd_config $OBJ/sshd_proxy
	190
	191	# allow group-writable directories in proxy-mode
	192	echo 'StrictModes no' >> $OBJ/sshd_proxy
	193
	194	# create client config
	195	cat << EOF > $OBJ/ssh_config
	196	Host *
	197	Hostname 127.0.0.1
	198	HostKeyAlias localhost-with-alias
	199	Port $PORT
	200	User $USER
	201	GlobalKnownHostsFile $OBJ/known_hosts
	202	UserKnownHostsFile $OBJ/known_hosts
	203	RSAAuthentication yes
	204	PubkeyAuthentication yes
	205	ChallengeResponseAuthentication no
	206	HostbasedAuthentication no
	207	PasswordAuthentication no
836d58d7	208	RhostsRSAAuthentication no
	209	BatchMode yes
	210	StrictHostKeyChecking yes
	211	EOF
	212
677dd470	213	if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
	214	trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
	215	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
	216	fi
	217
836d58d7	218	rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
	219
	220	trace "generate keys"
	221	for t in rsa rsa1; do
	222	# generate user key
	223	rm -f $OBJ/$t
	224	${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t \|\|\
	225	fail "ssh-keygen for $t failed"
	226
	227	# known hosts file for client
	228	(
c7751424	229	echon 'localhost-with-alias,127.0.0.1,::1 '
836d58d7	230	cat $OBJ/$t.pub
	231	) >> $OBJ/known_hosts
	232
	233	# setup authorized keys
	234	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
	235	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
	236
	237	# use key as host key, too
	238	$SUDO cp $OBJ/$t $OBJ/host.$t
	239	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
	240
	241	# don't use SUDO for proxy connect
	242	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
	243	done
	244	chmod 644 $OBJ/authorized_keys_$USER
	245
	246	# create a proxy version of the client config
	247	(
	248	cat $OBJ/ssh_config
4638d96a	249	echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy
836d58d7	250	) > $OBJ/ssh_proxy
	251
	252	# check proxy config
	253	${SSHD} -t -f $OBJ/sshd_proxy \|\| fatal "sshd_proxy broken"
	254
	255	start_sshd ()
	256	{
	257	# start sshd
	258	$SUDO ${SSHD} -f $OBJ/sshd_config -t \|\| fatal "sshd_config broken"
	259	$SUDO ${SSHD} -f $OBJ/sshd_config
	260
	261	trace "wait for sshd"
	262	i=0;
4638d96a	263	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
836d58d7	264	i=`expr $i + 1`
	265	sleep $i
	266	done
	267
	268	test -f $PIDFILE \|\| fatal "no sshd running on port $PORT"
	269	}
	270
	271	# source test body
	272	. $SCRIPT
	273
	274	# kill sshd
	275	cleanup
	276	if [ $RESULT -eq 0 ]; then
	277	verbose ok $tid
	278	else
	279	echo failed $tid
	280	fi
	281	exit $RESULT