[openssh.git] / regress / test-exec.sh

#	$OpenBSD: test-exec.sh,v 1.25 2004/12/06 10:49:56 dtucker Exp $
#	Placed in the Public Domain.

#SUDO=sudo

if [ ! -z "$TEST_SSH_PORT" ]; then
	PORT="$TEST_SSH_PORT"
else
	PORT=4242
fi

if [ -x /usr/ucb/whoami ]; then
	USER=`/usr/ucb/whoami`
elif whoami >/dev/null 2>&1; then
	USER=`whoami`
else
	USER=`id -un`
fi

OBJ=$1
if [ "x$OBJ" = "x" ]; then
	echo '$OBJ not defined'
	exit 2
fi
if [ ! -d $OBJ ]; then
	echo "not a directory: $OBJ"
	exit 2
fi
SCRIPT=$2
if [ "x$SCRIPT" = "x" ]; then
	echo '$SCRIPT not defined'
	exit 2
fi
if [ ! -f $SCRIPT ]; then
	echo "not a file: $SCRIPT"
	exit 2
fi
if $TEST_SHELL -n $SCRIPT; then
	true
else
	echo "syntax error in $SCRIPT"
	exit 2
fi
unset SSH_AUTH_SOCK

# defaults
SSH=ssh
SSHD=sshd
SSHAGENT=ssh-agent
SSHADD=ssh-add
SSHKEYGEN=ssh-keygen
SSHKEYSCAN=ssh-keyscan
SFTP=sftp
SFTPSERVER=/usr/libexec/openssh/sftp-server
SCP=scp

if [ "x$TEST_SSH_SSH" != "x" ]; then
	SSH="${TEST_SSH_SSH}"
fi
if [ "x$TEST_SSH_SSHD" != "x" ]; then
	SSHD="${TEST_SSH_SSHD}"
fi
if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
	SSHAGENT="${TEST_SSH_SSHAGENT}"
fi
if [ "x$TEST_SSH_SSHADD" != "x" ]; then
	SSHADD="${TEST_SSH_SSHADD}"
fi
if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
fi
if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
fi
if [ "x$TEST_SSH_SFTP" != "x" ]; then
	SFTP="${TEST_SSH_SFTP}"
fi
if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
fi
if [ "x$TEST_SSH_SCP" != "x" ]; then
	SCP="${TEST_SSH_SCP}"
fi

# Path to sshd must be absolute for rexec
if [ ! -x /$SSHD ]; then
	SSHD=`which sshd`
fi

# these should be used in tests
export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP

# helper
echon()
{
       if [ "x`echo -n`" = "x" ]; then
               echo -n "$@"
       elif [ "x`echo '\c'`" = "x" ]; then
               echo "$@\c"
       else
               fatal "Don't know how to echo without newline."
       fi
}

have_prog()
{
	saved_IFS="$IFS"
	IFS=":"
	for i in $PATH
	do
		if [ -x $i/$1 ]; then
			IFS="$saved_IFS"
			return 0
		fi
	done
	IFS="$saved_IFS"
	return 1
}

cleanup ()
{
	if [ -f $PIDFILE ]; then
		pid=`cat $PIDFILE`
		if [ "X$pid" = "X" ]; then
			echo no sshd running
		else
			if [ $pid -lt 2 ]; then
				echo bad pid for ssd: $pid
			else
				$SUDO kill $pid
			fi
		fi
	fi
}

trace ()
{
	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
		echo "$@"
	fi
}

verbose ()
{
	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
		echo "$@"
	fi
}


fail ()
{
	RESULT=1
	echo "$@"
}

fatal ()
{
	echon "FATAL: "
	fail "$@"
	cleanup
	exit $RESULT
}

RESULT=0
PIDFILE=$OBJ/pidfile

trap fatal 3 2

# create server config
cat << EOF > $OBJ/sshd_config
	StrictModes		no
	Port			$PORT
	ListenAddress		127.0.0.1
	#ListenAddress		::1
	PidFile			$PIDFILE
	AuthorizedKeysFile	$OBJ/authorized_keys_%u
	LogLevel		QUIET
	AcceptEnv		_XXX_TEST_*
	AcceptEnv		_XXX_TEST
	Subsystem	sftp	$SFTPSERVER
EOF

if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
fi

# server config for proxy connects
cp $OBJ/sshd_config $OBJ/sshd_proxy

# allow group-writable directories in proxy-mode
echo 'StrictModes no' >> $OBJ/sshd_proxy

# create client config
cat << EOF > $OBJ/ssh_config
Host *
	Hostname		127.0.0.1
	HostKeyAlias		localhost-with-alias
	Port			$PORT
	User			$USER
	GlobalKnownHostsFile	$OBJ/known_hosts
	UserKnownHostsFile	$OBJ/known_hosts
	RSAAuthentication	yes
	PubkeyAuthentication	yes
	ChallengeResponseAuthentication	no
	HostbasedAuthentication	no
	PasswordAuthentication	no
	BatchMode		yes
	StrictHostKeyChecking	yes
EOF

if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
	trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
fi

rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER

trace "generate keys"
for t in rsa rsa1; do
	# generate user key
	rm -f $OBJ/$t
	${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
		fail "ssh-keygen for $t failed"

	# known hosts file for client
	(
		echon 'localhost-with-alias,127.0.0.1,::1 '
		cat $OBJ/$t.pub
	) >> $OBJ/known_hosts

	# setup authorized keys
	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config

	# use key as host key, too
	$SUDO cp $OBJ/$t $OBJ/host.$t
	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config

	# don't use SUDO for proxy connect
	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
done
chmod 644 $OBJ/authorized_keys_$USER

# create a proxy version of the client config
(
	cat $OBJ/ssh_config
	echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy
) > $OBJ/ssh_proxy

# check proxy config
${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"

start_sshd ()
{
	# start sshd
	$SUDO ${SSHD} -f $OBJ/sshd_config -t	|| fatal "sshd_config broken"
	$SUDO ${SSHD} -f $OBJ/sshd_config

	trace "wait for sshd"
	i=0;
	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
		i=`expr $i + 1`
		sleep $i
	done

	test -f $PIDFILE || fatal "no sshd running on port $PORT"
}

# source test body
. $SCRIPT

# kill sshd
cleanup
if [ $RESULT -eq 0 ]; then
	verbose ok $tid
else
	echo failed $tid
fi
exit $RESULT
Commit	Line	Data
185a020b	1	# $OpenBSD: test-exec.sh,v 1.25 2004/12/06 10:49:56 dtucker Exp $
836d58d7	2	# Placed in the Public Domain.
836d58d7	3
836d58d7	4	#SUDO=sudo
836d58d7	5
08f8b491	6	if [ ! -z "$TEST_SSH_PORT" ]; then
	7	PORT="$TEST_SSH_PORT"
	8	else
	9	PORT=4242
	10	fi
	11
4638d96a	12	if [ -x /usr/ucb/whoami ]; then
4638d96a	13	USER=`/usr/ucb/whoami`
c1b10a96	14	elif whoami >/dev/null 2>&1; then
4638d96a	15	USER=`whoami`
	16	else
	17	USER=`id -un`
	18	fi
	19
836d58d7	20	OBJ=$1
	21	if [ "x$OBJ" = "x" ]; then
	22	echo '$OBJ not defined'
	23	exit 2
	24	fi
	25	if [ ! -d $OBJ ]; then
	26	echo "not a directory: $OBJ"
	27	exit 2
	28	fi
	29	SCRIPT=$2
	30	if [ "x$SCRIPT" = "x" ]; then
	31	echo '$SCRIPT not defined'
	32	exit 2
	33	fi
	34	if [ ! -f $SCRIPT ]; then
	35	echo "not a file: $SCRIPT"
	36	exit 2
	37	fi
006cb311	38	if $TEST_SHELL -n $SCRIPT; then
836d58d7	39	true
	40	else
	41	echo "syntax error in $SCRIPT"
	42	exit 2
	43	fi
	44	unset SSH_AUTH_SOCK
	45
	46	# defaults
	47	SSH=ssh
	48	SSHD=sshd
	49	SSHAGENT=ssh-agent
	50	SSHADD=ssh-add
	51	SSHKEYGEN=ssh-keygen
	52	SSHKEYSCAN=ssh-keyscan
	53	SFTP=sftp
	54	SFTPSERVER=/usr/libexec/openssh/sftp-server
53e2a65c	55	SCP=scp
836d58d7	56
836d58d7	57	if [ "x$TEST_SSH_SSH" != "x" ]; then
dd75dc6d	58	SSH="${TEST_SSH_SSH}"
836d58d7	59	fi
836d58d7	60	if [ "x$TEST_SSH_SSHD" != "x" ]; then
dd75dc6d	61	SSHD="${TEST_SSH_SSHD}"
836d58d7	62	fi
836d58d7	63	if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
dd75dc6d	64	SSHAGENT="${TEST_SSH_SSHAGENT}"
836d58d7	65	fi
836d58d7	66	if [ "x$TEST_SSH_SSHADD" != "x" ]; then
dd75dc6d	67	SSHADD="${TEST_SSH_SSHADD}"
836d58d7	68	fi
836d58d7	69	if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
dd75dc6d	70	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
836d58d7	71	fi
836d58d7	72	if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
dd75dc6d	73	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
836d58d7	74	fi
836d58d7	75	if [ "x$TEST_SSH_SFTP" != "x" ]; then
dd75dc6d	76	SFTP="${TEST_SSH_SFTP}"
836d58d7	77	fi
836d58d7	78	if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
dd75dc6d	79	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
836d58d7	80	fi
53e2a65c	81	if [ "x$TEST_SSH_SCP" != "x" ]; then
	82	SCP="${TEST_SSH_SCP}"
	83	fi
836d58d7	84
403447b4	85	# Path to sshd must be absolute for rexec
185a020b	86	if [ ! -x /$SSHD ]; then
	87	SSHD=`which sshd`
	88	fi
403447b4	89
836d58d7	90	# these should be used in tests
53e2a65c	91	export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
53e2a65c	92	#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
836d58d7	93
836d58d7	94	# helper
c7751424	95	echon()
	96	{
	97	if [ "x`echo -n`" = "x" ]; then
	98	echo -n "$@"
	99	elif [ "x`echo '\c'`" = "x" ]; then
	100	echo "$@\c"
	101	else
	102	fatal "Don't know how to echo without newline."
	103	fi
	104	}
	105
c1b10a96	106	have_prog()
	107	{
	108	saved_IFS="$IFS"
	109	IFS=":"
	110	for i in $PATH
	111	do
	112	if [ -x $i/$1 ]; then
	113	IFS="$saved_IFS"
	114	return 0
	115	fi
	116	done
	117	IFS="$saved_IFS"
	118	return 1
	119	}
	120
836d58d7	121	cleanup ()
	122	{
	123	if [ -f $PIDFILE ]; then
	124	pid=`cat $PIDFILE`
	125	if [ "X$pid" = "X" ]; then
	126	echo no sshd running
	127	else
	128	if [ $pid -lt 2 ]; then
	129	echo bad pid for ssd: $pid
	130	else
	131	$SUDO kill $pid
	132	fi
	133	fi
	134	fi
	135	}
	136
	137	trace ()
	138	{
	139	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
	140	echo "$@"
	141	fi
	142	}
	143
	144	verbose ()
	145	{
	146	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
	147	echo "$@"
	148	fi
	149	}
	150
	151
	152	fail ()
	153	{
	154	RESULT=1
	155	echo "$@"
	156	}
	157
	158	fatal ()
	159	{
c7751424	160	echon "FATAL: "
836d58d7	161	fail "$@"
	162	cleanup
	163	exit $RESULT
	164	}
	165
	166	RESULT=0
	167	PIDFILE=$OBJ/pidfile
	168
	169	trap fatal 3 2
	170
	171	# create server config
	172	cat << EOF > $OBJ/sshd_config
828d4b6f	173	StrictModes no
836d58d7	174	Port $PORT
	175	ListenAddress 127.0.0.1
	176	#ListenAddress ::1
	177	PidFile $PIDFILE
	178	AuthorizedKeysFile $OBJ/authorized_keys_%u
	179	LogLevel QUIET
1b0a92c0	180	AcceptEnv _XXX_TEST_*
1b0a92c0	181	AcceptEnv _XXX_TEST
00995aa0	182	Subsystem sftp $SFTPSERVER
836d58d7	183	EOF
836d58d7	184
677dd470	185	if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
	186	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
	187	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
	188	fi
	189
836d58d7	190	# server config for proxy connects
	191	cp $OBJ/sshd_config $OBJ/sshd_proxy
	192
	193	# allow group-writable directories in proxy-mode
	194	echo 'StrictModes no' >> $OBJ/sshd_proxy
	195
	196	# create client config
	197	cat << EOF > $OBJ/ssh_config
	198	Host *
	199	Hostname 127.0.0.1
	200	HostKeyAlias localhost-with-alias
	201	Port $PORT
	202	User $USER
	203	GlobalKnownHostsFile $OBJ/known_hosts
	204	UserKnownHostsFile $OBJ/known_hosts
	205	RSAAuthentication yes
	206	PubkeyAuthentication yes
	207	ChallengeResponseAuthentication no
	208	HostbasedAuthentication no
	209	PasswordAuthentication no
836d58d7	210	BatchMode yes
	211	StrictHostKeyChecking yes
	212	EOF
	213
677dd470	214	if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
	215	trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
	216	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
	217	fi
	218
836d58d7	219	rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
	220
	221	trace "generate keys"
	222	for t in rsa rsa1; do
	223	# generate user key
	224	rm -f $OBJ/$t
	225	${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t \|\|\
	226	fail "ssh-keygen for $t failed"
	227
	228	# known hosts file for client
	229	(
c7751424	230	echon 'localhost-with-alias,127.0.0.1,::1 '
836d58d7	231	cat $OBJ/$t.pub
	232	) >> $OBJ/known_hosts
	233
	234	# setup authorized keys
	235	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
	236	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
	237
	238	# use key as host key, too
	239	$SUDO cp $OBJ/$t $OBJ/host.$t
	240	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
	241
	242	# don't use SUDO for proxy connect
	243	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
	244	done
	245	chmod 644 $OBJ/authorized_keys_$USER
	246
	247	# create a proxy version of the client config
	248	(
	249	cat $OBJ/ssh_config
4638d96a	250	echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy
836d58d7	251	) > $OBJ/ssh_proxy
	252
	253	# check proxy config
	254	${SSHD} -t -f $OBJ/sshd_proxy \|\| fatal "sshd_proxy broken"
	255
	256	start_sshd ()
	257	{
	258	# start sshd
	259	$SUDO ${SSHD} -f $OBJ/sshd_config -t \|\| fatal "sshd_config broken"
	260	$SUDO ${SSHD} -f $OBJ/sshd_config
	261
	262	trace "wait for sshd"
	263	i=0;
4638d96a	264	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
836d58d7	265	i=`expr $i + 1`
	266	sleep $i
	267	done
	268
	269	test -f $PIDFILE \|\| fatal "no sshd running on port $PORT"
	270	}
	271
	272	# source test body
	273	. $SCRIPT
	274
	275	# kill sshd
	276	cleanup
	277	if [ $RESULT -eq 0 ]; then
	278	verbose ok $tid
	279	else
	280	echo failed $tid
	281	fi
	282	exit $RESULT