]>
Commit | Line | Data |
---|---|---|
185a020b | 1 | # $OpenBSD: test-exec.sh,v 1.25 2004/12/06 10:49:56 dtucker Exp $ |
836d58d7 | 2 | # Placed in the Public Domain. |
3 | ||
836d58d7 | 4 | #SUDO=sudo |
5 | ||
9c70ca37 | 6 | # Unbreak GNU head(1) |
7 | _POSIX2_VERSION=199209 | |
8 | export _POSIX2_VERSION | |
9 | ||
08f8b491 | 10 | if [ ! -z "$TEST_SSH_PORT" ]; then |
11 | PORT="$TEST_SSH_PORT" | |
12 | else | |
13 | PORT=4242 | |
14 | fi | |
15 | ||
4638d96a | 16 | if [ -x /usr/ucb/whoami ]; then |
17 | USER=`/usr/ucb/whoami` | |
c1b10a96 | 18 | elif whoami >/dev/null 2>&1; then |
4638d96a | 19 | USER=`whoami` |
20 | else | |
21 | USER=`id -un` | |
22 | fi | |
23 | ||
836d58d7 | 24 | OBJ=$1 |
25 | if [ "x$OBJ" = "x" ]; then | |
26 | echo '$OBJ not defined' | |
27 | exit 2 | |
28 | fi | |
29 | if [ ! -d $OBJ ]; then | |
30 | echo "not a directory: $OBJ" | |
31 | exit 2 | |
32 | fi | |
33 | SCRIPT=$2 | |
34 | if [ "x$SCRIPT" = "x" ]; then | |
35 | echo '$SCRIPT not defined' | |
36 | exit 2 | |
37 | fi | |
38 | if [ ! -f $SCRIPT ]; then | |
39 | echo "not a file: $SCRIPT" | |
40 | exit 2 | |
41 | fi | |
006cb311 | 42 | if $TEST_SHELL -n $SCRIPT; then |
836d58d7 | 43 | true |
44 | else | |
45 | echo "syntax error in $SCRIPT" | |
46 | exit 2 | |
47 | fi | |
48 | unset SSH_AUTH_SOCK | |
49 | ||
50 | # defaults | |
51 | SSH=ssh | |
52 | SSHD=sshd | |
53 | SSHAGENT=ssh-agent | |
54 | SSHADD=ssh-add | |
55 | SSHKEYGEN=ssh-keygen | |
56 | SSHKEYSCAN=ssh-keyscan | |
57 | SFTP=sftp | |
58 | SFTPSERVER=/usr/libexec/openssh/sftp-server | |
53e2a65c | 59 | SCP=scp |
836d58d7 | 60 | |
61 | if [ "x$TEST_SSH_SSH" != "x" ]; then | |
dd75dc6d | 62 | SSH="${TEST_SSH_SSH}" |
836d58d7 | 63 | fi |
64 | if [ "x$TEST_SSH_SSHD" != "x" ]; then | |
dd75dc6d | 65 | SSHD="${TEST_SSH_SSHD}" |
836d58d7 | 66 | fi |
67 | if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then | |
dd75dc6d | 68 | SSHAGENT="${TEST_SSH_SSHAGENT}" |
836d58d7 | 69 | fi |
70 | if [ "x$TEST_SSH_SSHADD" != "x" ]; then | |
dd75dc6d | 71 | SSHADD="${TEST_SSH_SSHADD}" |
836d58d7 | 72 | fi |
73 | if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then | |
dd75dc6d | 74 | SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" |
836d58d7 | 75 | fi |
76 | if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then | |
dd75dc6d | 77 | SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" |
836d58d7 | 78 | fi |
79 | if [ "x$TEST_SSH_SFTP" != "x" ]; then | |
dd75dc6d | 80 | SFTP="${TEST_SSH_SFTP}" |
836d58d7 | 81 | fi |
82 | if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then | |
dd75dc6d | 83 | SFTPSERVER="${TEST_SSH_SFTPSERVER}" |
836d58d7 | 84 | fi |
53e2a65c | 85 | if [ "x$TEST_SSH_SCP" != "x" ]; then |
86 | SCP="${TEST_SSH_SCP}" | |
87 | fi | |
836d58d7 | 88 | |
403447b4 | 89 | # Path to sshd must be absolute for rexec |
185a020b | 90 | if [ ! -x /$SSHD ]; then |
91 | SSHD=`which sshd` | |
92 | fi | |
403447b4 | 93 | |
836d58d7 | 94 | # these should be used in tests |
53e2a65c | 95 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
96 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | |
836d58d7 | 97 | |
98 | # helper | |
c7751424 | 99 | echon() |
100 | { | |
101 | if [ "x`echo -n`" = "x" ]; then | |
102 | echo -n "$@" | |
103 | elif [ "x`echo '\c'`" = "x" ]; then | |
104 | echo "$@\c" | |
105 | else | |
106 | fatal "Don't know how to echo without newline." | |
107 | fi | |
108 | } | |
109 | ||
c1b10a96 | 110 | have_prog() |
111 | { | |
112 | saved_IFS="$IFS" | |
113 | IFS=":" | |
114 | for i in $PATH | |
115 | do | |
116 | if [ -x $i/$1 ]; then | |
117 | IFS="$saved_IFS" | |
118 | return 0 | |
119 | fi | |
120 | done | |
121 | IFS="$saved_IFS" | |
122 | return 1 | |
123 | } | |
124 | ||
836d58d7 | 125 | cleanup () |
126 | { | |
127 | if [ -f $PIDFILE ]; then | |
128 | pid=`cat $PIDFILE` | |
129 | if [ "X$pid" = "X" ]; then | |
130 | echo no sshd running | |
131 | else | |
132 | if [ $pid -lt 2 ]; then | |
133 | echo bad pid for ssd: $pid | |
134 | else | |
135 | $SUDO kill $pid | |
136 | fi | |
137 | fi | |
138 | fi | |
139 | } | |
140 | ||
141 | trace () | |
142 | { | |
143 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then | |
144 | echo "$@" | |
145 | fi | |
146 | } | |
147 | ||
148 | verbose () | |
149 | { | |
150 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then | |
151 | echo "$@" | |
152 | fi | |
153 | } | |
154 | ||
155 | ||
156 | fail () | |
157 | { | |
158 | RESULT=1 | |
159 | echo "$@" | |
160 | } | |
161 | ||
162 | fatal () | |
163 | { | |
c7751424 | 164 | echon "FATAL: " |
836d58d7 | 165 | fail "$@" |
166 | cleanup | |
167 | exit $RESULT | |
168 | } | |
169 | ||
170 | RESULT=0 | |
171 | PIDFILE=$OBJ/pidfile | |
172 | ||
173 | trap fatal 3 2 | |
174 | ||
175 | # create server config | |
176 | cat << EOF > $OBJ/sshd_config | |
828d4b6f | 177 | StrictModes no |
836d58d7 | 178 | Port $PORT |
179 | ListenAddress 127.0.0.1 | |
180 | #ListenAddress ::1 | |
181 | PidFile $PIDFILE | |
182 | AuthorizedKeysFile $OBJ/authorized_keys_%u | |
183 | LogLevel QUIET | |
1b0a92c0 | 184 | AcceptEnv _XXX_TEST_* |
185 | AcceptEnv _XXX_TEST | |
00995aa0 | 186 | Subsystem sftp $SFTPSERVER |
836d58d7 | 187 | EOF |
188 | ||
677dd470 | 189 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then |
190 | trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" | |
191 | echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config | |
192 | fi | |
193 | ||
836d58d7 | 194 | # server config for proxy connects |
195 | cp $OBJ/sshd_config $OBJ/sshd_proxy | |
196 | ||
197 | # allow group-writable directories in proxy-mode | |
198 | echo 'StrictModes no' >> $OBJ/sshd_proxy | |
199 | ||
200 | # create client config | |
201 | cat << EOF > $OBJ/ssh_config | |
202 | Host * | |
203 | Hostname 127.0.0.1 | |
204 | HostKeyAlias localhost-with-alias | |
205 | Port $PORT | |
206 | User $USER | |
207 | GlobalKnownHostsFile $OBJ/known_hosts | |
208 | UserKnownHostsFile $OBJ/known_hosts | |
209 | RSAAuthentication yes | |
210 | PubkeyAuthentication yes | |
211 | ChallengeResponseAuthentication no | |
212 | HostbasedAuthentication no | |
213 | PasswordAuthentication no | |
836d58d7 | 214 | BatchMode yes |
215 | StrictHostKeyChecking yes | |
216 | EOF | |
217 | ||
677dd470 | 218 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
219 | trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" | |
220 | echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config | |
221 | fi | |
222 | ||
836d58d7 | 223 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
224 | ||
225 | trace "generate keys" | |
226 | for t in rsa rsa1; do | |
227 | # generate user key | |
228 | rm -f $OBJ/$t | |
229 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ | |
230 | fail "ssh-keygen for $t failed" | |
231 | ||
232 | # known hosts file for client | |
233 | ( | |
c7751424 | 234 | echon 'localhost-with-alias,127.0.0.1,::1 ' |
836d58d7 | 235 | cat $OBJ/$t.pub |
236 | ) >> $OBJ/known_hosts | |
237 | ||
238 | # setup authorized keys | |
239 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | |
240 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | |
241 | ||
242 | # use key as host key, too | |
243 | $SUDO cp $OBJ/$t $OBJ/host.$t | |
244 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config | |
245 | ||
246 | # don't use SUDO for proxy connect | |
247 | echo HostKey $OBJ/$t >> $OBJ/sshd_proxy | |
248 | done | |
249 | chmod 644 $OBJ/authorized_keys_$USER | |
250 | ||
251 | # create a proxy version of the client config | |
252 | ( | |
253 | cat $OBJ/ssh_config | |
4638d96a | 254 | echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy |
836d58d7 | 255 | ) > $OBJ/ssh_proxy |
256 | ||
257 | # check proxy config | |
258 | ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" | |
259 | ||
260 | start_sshd () | |
261 | { | |
262 | # start sshd | |
263 | $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" | |
264 | $SUDO ${SSHD} -f $OBJ/sshd_config | |
265 | ||
266 | trace "wait for sshd" | |
267 | i=0; | |
4638d96a | 268 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do |
836d58d7 | 269 | i=`expr $i + 1` |
270 | sleep $i | |
271 | done | |
272 | ||
273 | test -f $PIDFILE || fatal "no sshd running on port $PORT" | |
274 | } | |
275 | ||
276 | # source test body | |
277 | . $SCRIPT | |
278 | ||
279 | # kill sshd | |
280 | cleanup | |
281 | if [ $RESULT -eq 0 ]; then | |
282 | verbose ok $tid | |
283 | else | |
284 | echo failed $tid | |
285 | fi | |
286 | exit $RESULT |