]>
Commit | Line | Data |
---|---|---|
185a020b | 1 | # $OpenBSD: test-exec.sh,v 1.25 2004/12/06 10:49:56 dtucker Exp $ |
836d58d7 | 2 | # Placed in the Public Domain. |
3 | ||
836d58d7 | 4 | #SUDO=sudo |
5 | ||
08f8b491 | 6 | if [ ! -z "$TEST_SSH_PORT" ]; then |
7 | PORT="$TEST_SSH_PORT" | |
8 | else | |
9 | PORT=4242 | |
10 | fi | |
11 | ||
4638d96a | 12 | if [ -x /usr/ucb/whoami ]; then |
13 | USER=`/usr/ucb/whoami` | |
c1b10a96 | 14 | elif whoami >/dev/null 2>&1; then |
4638d96a | 15 | USER=`whoami` |
16 | else | |
17 | USER=`id -un` | |
18 | fi | |
19 | ||
836d58d7 | 20 | OBJ=$1 |
21 | if [ "x$OBJ" = "x" ]; then | |
22 | echo '$OBJ not defined' | |
23 | exit 2 | |
24 | fi | |
25 | if [ ! -d $OBJ ]; then | |
26 | echo "not a directory: $OBJ" | |
27 | exit 2 | |
28 | fi | |
29 | SCRIPT=$2 | |
30 | if [ "x$SCRIPT" = "x" ]; then | |
31 | echo '$SCRIPT not defined' | |
32 | exit 2 | |
33 | fi | |
34 | if [ ! -f $SCRIPT ]; then | |
35 | echo "not a file: $SCRIPT" | |
36 | exit 2 | |
37 | fi | |
006cb311 | 38 | if $TEST_SHELL -n $SCRIPT; then |
836d58d7 | 39 | true |
40 | else | |
41 | echo "syntax error in $SCRIPT" | |
42 | exit 2 | |
43 | fi | |
44 | unset SSH_AUTH_SOCK | |
45 | ||
46 | # defaults | |
47 | SSH=ssh | |
48 | SSHD=sshd | |
49 | SSHAGENT=ssh-agent | |
50 | SSHADD=ssh-add | |
51 | SSHKEYGEN=ssh-keygen | |
52 | SSHKEYSCAN=ssh-keyscan | |
53 | SFTP=sftp | |
54 | SFTPSERVER=/usr/libexec/openssh/sftp-server | |
53e2a65c | 55 | SCP=scp |
836d58d7 | 56 | |
57 | if [ "x$TEST_SSH_SSH" != "x" ]; then | |
dd75dc6d | 58 | SSH="${TEST_SSH_SSH}" |
836d58d7 | 59 | fi |
60 | if [ "x$TEST_SSH_SSHD" != "x" ]; then | |
dd75dc6d | 61 | SSHD="${TEST_SSH_SSHD}" |
836d58d7 | 62 | fi |
63 | if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then | |
dd75dc6d | 64 | SSHAGENT="${TEST_SSH_SSHAGENT}" |
836d58d7 | 65 | fi |
66 | if [ "x$TEST_SSH_SSHADD" != "x" ]; then | |
dd75dc6d | 67 | SSHADD="${TEST_SSH_SSHADD}" |
836d58d7 | 68 | fi |
69 | if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then | |
dd75dc6d | 70 | SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" |
836d58d7 | 71 | fi |
72 | if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then | |
dd75dc6d | 73 | SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" |
836d58d7 | 74 | fi |
75 | if [ "x$TEST_SSH_SFTP" != "x" ]; then | |
dd75dc6d | 76 | SFTP="${TEST_SSH_SFTP}" |
836d58d7 | 77 | fi |
78 | if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then | |
dd75dc6d | 79 | SFTPSERVER="${TEST_SSH_SFTPSERVER}" |
836d58d7 | 80 | fi |
53e2a65c | 81 | if [ "x$TEST_SSH_SCP" != "x" ]; then |
82 | SCP="${TEST_SSH_SCP}" | |
83 | fi | |
836d58d7 | 84 | |
403447b4 | 85 | # Path to sshd must be absolute for rexec |
185a020b | 86 | if [ ! -x /$SSHD ]; then |
87 | SSHD=`which sshd` | |
88 | fi | |
403447b4 | 89 | |
836d58d7 | 90 | # these should be used in tests |
53e2a65c | 91 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
92 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | |
836d58d7 | 93 | |
94 | # helper | |
c7751424 | 95 | echon() |
96 | { | |
97 | if [ "x`echo -n`" = "x" ]; then | |
98 | echo -n "$@" | |
99 | elif [ "x`echo '\c'`" = "x" ]; then | |
100 | echo "$@\c" | |
101 | else | |
102 | fatal "Don't know how to echo without newline." | |
103 | fi | |
104 | } | |
105 | ||
c1b10a96 | 106 | have_prog() |
107 | { | |
108 | saved_IFS="$IFS" | |
109 | IFS=":" | |
110 | for i in $PATH | |
111 | do | |
112 | if [ -x $i/$1 ]; then | |
113 | IFS="$saved_IFS" | |
114 | return 0 | |
115 | fi | |
116 | done | |
117 | IFS="$saved_IFS" | |
118 | return 1 | |
119 | } | |
120 | ||
836d58d7 | 121 | cleanup () |
122 | { | |
123 | if [ -f $PIDFILE ]; then | |
124 | pid=`cat $PIDFILE` | |
125 | if [ "X$pid" = "X" ]; then | |
126 | echo no sshd running | |
127 | else | |
128 | if [ $pid -lt 2 ]; then | |
129 | echo bad pid for ssd: $pid | |
130 | else | |
131 | $SUDO kill $pid | |
132 | fi | |
133 | fi | |
134 | fi | |
135 | } | |
136 | ||
137 | trace () | |
138 | { | |
139 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then | |
140 | echo "$@" | |
141 | fi | |
142 | } | |
143 | ||
144 | verbose () | |
145 | { | |
146 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then | |
147 | echo "$@" | |
148 | fi | |
149 | } | |
150 | ||
151 | ||
152 | fail () | |
153 | { | |
154 | RESULT=1 | |
155 | echo "$@" | |
156 | } | |
157 | ||
158 | fatal () | |
159 | { | |
c7751424 | 160 | echon "FATAL: " |
836d58d7 | 161 | fail "$@" |
162 | cleanup | |
163 | exit $RESULT | |
164 | } | |
165 | ||
166 | RESULT=0 | |
167 | PIDFILE=$OBJ/pidfile | |
168 | ||
169 | trap fatal 3 2 | |
170 | ||
171 | # create server config | |
172 | cat << EOF > $OBJ/sshd_config | |
828d4b6f | 173 | StrictModes no |
836d58d7 | 174 | Port $PORT |
175 | ListenAddress 127.0.0.1 | |
176 | #ListenAddress ::1 | |
177 | PidFile $PIDFILE | |
178 | AuthorizedKeysFile $OBJ/authorized_keys_%u | |
179 | LogLevel QUIET | |
1b0a92c0 | 180 | AcceptEnv _XXX_TEST_* |
181 | AcceptEnv _XXX_TEST | |
00995aa0 | 182 | Subsystem sftp $SFTPSERVER |
836d58d7 | 183 | EOF |
184 | ||
677dd470 | 185 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then |
186 | trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" | |
187 | echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config | |
188 | fi | |
189 | ||
836d58d7 | 190 | # server config for proxy connects |
191 | cp $OBJ/sshd_config $OBJ/sshd_proxy | |
192 | ||
193 | # allow group-writable directories in proxy-mode | |
194 | echo 'StrictModes no' >> $OBJ/sshd_proxy | |
195 | ||
196 | # create client config | |
197 | cat << EOF > $OBJ/ssh_config | |
198 | Host * | |
199 | Hostname 127.0.0.1 | |
200 | HostKeyAlias localhost-with-alias | |
201 | Port $PORT | |
202 | User $USER | |
203 | GlobalKnownHostsFile $OBJ/known_hosts | |
204 | UserKnownHostsFile $OBJ/known_hosts | |
205 | RSAAuthentication yes | |
206 | PubkeyAuthentication yes | |
207 | ChallengeResponseAuthentication no | |
208 | HostbasedAuthentication no | |
209 | PasswordAuthentication no | |
836d58d7 | 210 | BatchMode yes |
211 | StrictHostKeyChecking yes | |
212 | EOF | |
213 | ||
677dd470 | 214 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
215 | trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" | |
216 | echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config | |
217 | fi | |
218 | ||
836d58d7 | 219 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
220 | ||
221 | trace "generate keys" | |
222 | for t in rsa rsa1; do | |
223 | # generate user key | |
224 | rm -f $OBJ/$t | |
225 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ | |
226 | fail "ssh-keygen for $t failed" | |
227 | ||
228 | # known hosts file for client | |
229 | ( | |
c7751424 | 230 | echon 'localhost-with-alias,127.0.0.1,::1 ' |
836d58d7 | 231 | cat $OBJ/$t.pub |
232 | ) >> $OBJ/known_hosts | |
233 | ||
234 | # setup authorized keys | |
235 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | |
236 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | |
237 | ||
238 | # use key as host key, too | |
239 | $SUDO cp $OBJ/$t $OBJ/host.$t | |
240 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config | |
241 | ||
242 | # don't use SUDO for proxy connect | |
243 | echo HostKey $OBJ/$t >> $OBJ/sshd_proxy | |
244 | done | |
245 | chmod 644 $OBJ/authorized_keys_$USER | |
246 | ||
247 | # create a proxy version of the client config | |
248 | ( | |
249 | cat $OBJ/ssh_config | |
4638d96a | 250 | echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy |
836d58d7 | 251 | ) > $OBJ/ssh_proxy |
252 | ||
253 | # check proxy config | |
254 | ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" | |
255 | ||
256 | start_sshd () | |
257 | { | |
258 | # start sshd | |
259 | $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" | |
260 | $SUDO ${SSHD} -f $OBJ/sshd_config | |
261 | ||
262 | trace "wait for sshd" | |
263 | i=0; | |
4638d96a | 264 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do |
836d58d7 | 265 | i=`expr $i + 1` |
266 | sleep $i | |
267 | done | |
268 | ||
269 | test -f $PIDFILE || fatal "no sshd running on port $PORT" | |
270 | } | |
271 | ||
272 | # source test body | |
273 | . $SCRIPT | |
274 | ||
275 | # kill sshd | |
276 | cleanup | |
277 | if [ $RESULT -eq 0 ]; then | |
278 | verbose ok $tid | |
279 | else | |
280 | echo failed $tid | |
281 | fi | |
282 | exit $RESULT |