]>
Commit | Line | Data |
---|---|---|
9b347e5f | 1 | # $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $ |
836d58d7 | 2 | # Placed in the Public Domain. |
3 | ||
836d58d7 | 4 | #SUDO=sudo |
5 | ||
9c70ca37 | 6 | # Unbreak GNU head(1) |
7 | _POSIX2_VERSION=199209 | |
8 | export _POSIX2_VERSION | |
9 | ||
13863e85 | 10 | case `uname -s 2>/dev/null` in |
11 | OSF1*) | |
12 | BIN_SH=xpg4 | |
13 | export BIN_SH | |
14 | ;; | |
15 | esac | |
16 | ||
08f8b491 | 17 | if [ ! -z "$TEST_SSH_PORT" ]; then |
18 | PORT="$TEST_SSH_PORT" | |
19 | else | |
20 | PORT=4242 | |
21 | fi | |
22 | ||
4638d96a | 23 | if [ -x /usr/ucb/whoami ]; then |
24 | USER=`/usr/ucb/whoami` | |
c1b10a96 | 25 | elif whoami >/dev/null 2>&1; then |
4638d96a | 26 | USER=`whoami` |
27 | else | |
28 | USER=`id -un` | |
29 | fi | |
30 | ||
836d58d7 | 31 | OBJ=$1 |
32 | if [ "x$OBJ" = "x" ]; then | |
33 | echo '$OBJ not defined' | |
34 | exit 2 | |
35 | fi | |
36 | if [ ! -d $OBJ ]; then | |
37 | echo "not a directory: $OBJ" | |
38 | exit 2 | |
39 | fi | |
40 | SCRIPT=$2 | |
41 | if [ "x$SCRIPT" = "x" ]; then | |
42 | echo '$SCRIPT not defined' | |
43 | exit 2 | |
44 | fi | |
45 | if [ ! -f $SCRIPT ]; then | |
46 | echo "not a file: $SCRIPT" | |
47 | exit 2 | |
48 | fi | |
006cb311 | 49 | if $TEST_SHELL -n $SCRIPT; then |
836d58d7 | 50 | true |
51 | else | |
52 | echo "syntax error in $SCRIPT" | |
53 | exit 2 | |
54 | fi | |
55 | unset SSH_AUTH_SOCK | |
56 | ||
83154755 | 57 | SRC=`dirname ${SCRIPT}` |
58 | ||
836d58d7 | 59 | # defaults |
60 | SSH=ssh | |
61 | SSHD=sshd | |
62 | SSHAGENT=ssh-agent | |
63 | SSHADD=ssh-add | |
64 | SSHKEYGEN=ssh-keygen | |
65 | SSHKEYSCAN=ssh-keyscan | |
66 | SFTP=sftp | |
67 | SFTPSERVER=/usr/libexec/openssh/sftp-server | |
53e2a65c | 68 | SCP=scp |
836d58d7 | 69 | |
70 | if [ "x$TEST_SSH_SSH" != "x" ]; then | |
dd75dc6d | 71 | SSH="${TEST_SSH_SSH}" |
836d58d7 | 72 | fi |
73 | if [ "x$TEST_SSH_SSHD" != "x" ]; then | |
dd75dc6d | 74 | SSHD="${TEST_SSH_SSHD}" |
836d58d7 | 75 | fi |
76 | if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then | |
dd75dc6d | 77 | SSHAGENT="${TEST_SSH_SSHAGENT}" |
836d58d7 | 78 | fi |
79 | if [ "x$TEST_SSH_SSHADD" != "x" ]; then | |
dd75dc6d | 80 | SSHADD="${TEST_SSH_SSHADD}" |
836d58d7 | 81 | fi |
82 | if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then | |
dd75dc6d | 83 | SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" |
836d58d7 | 84 | fi |
85 | if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then | |
dd75dc6d | 86 | SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" |
836d58d7 | 87 | fi |
88 | if [ "x$TEST_SSH_SFTP" != "x" ]; then | |
dd75dc6d | 89 | SFTP="${TEST_SSH_SFTP}" |
836d58d7 | 90 | fi |
91 | if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then | |
dd75dc6d | 92 | SFTPSERVER="${TEST_SSH_SFTPSERVER}" |
836d58d7 | 93 | fi |
53e2a65c | 94 | if [ "x$TEST_SSH_SCP" != "x" ]; then |
95 | SCP="${TEST_SSH_SCP}" | |
96 | fi | |
836d58d7 | 97 | |
403447b4 | 98 | # Path to sshd must be absolute for rexec |
6177fa47 | 99 | case "$SSHD" in |
100 | /*) ;; | |
101 | *) SSHD=`which sshd` ;; | |
102 | esac | |
403447b4 | 103 | |
83154755 | 104 | if [ "x$TEST_SSH_LOGFILE" = "x" ]; then |
105 | TEST_SSH_LOGFILE=/dev/null | |
106 | fi | |
107 | ||
836d58d7 | 108 | # these should be used in tests |
53e2a65c | 109 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
110 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | |
836d58d7 | 111 | |
112 | # helper | |
c7751424 | 113 | echon() |
114 | { | |
115 | if [ "x`echo -n`" = "x" ]; then | |
116 | echo -n "$@" | |
117 | elif [ "x`echo '\c'`" = "x" ]; then | |
118 | echo "$@\c" | |
119 | else | |
120 | fatal "Don't know how to echo without newline." | |
121 | fi | |
122 | } | |
123 | ||
c1b10a96 | 124 | have_prog() |
125 | { | |
126 | saved_IFS="$IFS" | |
127 | IFS=":" | |
128 | for i in $PATH | |
129 | do | |
130 | if [ -x $i/$1 ]; then | |
131 | IFS="$saved_IFS" | |
132 | return 0 | |
133 | fi | |
134 | done | |
135 | IFS="$saved_IFS" | |
136 | return 1 | |
137 | } | |
138 | ||
836d58d7 | 139 | cleanup () |
140 | { | |
141 | if [ -f $PIDFILE ]; then | |
142 | pid=`cat $PIDFILE` | |
143 | if [ "X$pid" = "X" ]; then | |
144 | echo no sshd running | |
145 | else | |
146 | if [ $pid -lt 2 ]; then | |
147 | echo bad pid for ssd: $pid | |
148 | else | |
149 | $SUDO kill $pid | |
150 | fi | |
151 | fi | |
152 | fi | |
153 | } | |
154 | ||
155 | trace () | |
156 | { | |
83154755 | 157 | echo "trace: $@" >>$TEST_SSH_LOGFILE |
836d58d7 | 158 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then |
159 | echo "$@" | |
160 | fi | |
161 | } | |
162 | ||
163 | verbose () | |
164 | { | |
83154755 | 165 | echo "verbose: $@" >>$TEST_SSH_LOGFILE |
836d58d7 | 166 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then |
167 | echo "$@" | |
168 | fi | |
169 | } | |
170 | ||
171 | ||
172 | fail () | |
173 | { | |
83154755 | 174 | echo "FAIL: $@" >>$TEST_SSH_LOGFILE |
836d58d7 | 175 | RESULT=1 |
176 | echo "$@" | |
177 | } | |
178 | ||
179 | fatal () | |
180 | { | |
83154755 | 181 | echo "FATAL: $@" >>$TEST_SSH_LOGFILE |
c7751424 | 182 | echon "FATAL: " |
836d58d7 | 183 | fail "$@" |
184 | cleanup | |
185 | exit $RESULT | |
186 | } | |
187 | ||
188 | RESULT=0 | |
189 | PIDFILE=$OBJ/pidfile | |
190 | ||
191 | trap fatal 3 2 | |
192 | ||
193 | # create server config | |
194 | cat << EOF > $OBJ/sshd_config | |
828d4b6f | 195 | StrictModes no |
836d58d7 | 196 | Port $PORT |
9b347e5f | 197 | AddressFamily inet |
836d58d7 | 198 | ListenAddress 127.0.0.1 |
199 | #ListenAddress ::1 | |
200 | PidFile $PIDFILE | |
201 | AuthorizedKeysFile $OBJ/authorized_keys_%u | |
433f6c0f | 202 | LogLevel VERBOSE |
1b0a92c0 | 203 | AcceptEnv _XXX_TEST_* |
204 | AcceptEnv _XXX_TEST | |
00995aa0 | 205 | Subsystem sftp $SFTPSERVER |
836d58d7 | 206 | EOF |
207 | ||
677dd470 | 208 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then |
209 | trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" | |
210 | echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config | |
211 | fi | |
212 | ||
836d58d7 | 213 | # server config for proxy connects |
214 | cp $OBJ/sshd_config $OBJ/sshd_proxy | |
215 | ||
216 | # allow group-writable directories in proxy-mode | |
217 | echo 'StrictModes no' >> $OBJ/sshd_proxy | |
218 | ||
219 | # create client config | |
220 | cat << EOF > $OBJ/ssh_config | |
221 | Host * | |
222 | Hostname 127.0.0.1 | |
223 | HostKeyAlias localhost-with-alias | |
224 | Port $PORT | |
225 | User $USER | |
226 | GlobalKnownHostsFile $OBJ/known_hosts | |
227 | UserKnownHostsFile $OBJ/known_hosts | |
228 | RSAAuthentication yes | |
229 | PubkeyAuthentication yes | |
230 | ChallengeResponseAuthentication no | |
231 | HostbasedAuthentication no | |
232 | PasswordAuthentication no | |
836d58d7 | 233 | BatchMode yes |
234 | StrictHostKeyChecking yes | |
235 | EOF | |
236 | ||
677dd470 | 237 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
238 | trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" | |
239 | echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config | |
240 | fi | |
241 | ||
836d58d7 | 242 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
243 | ||
244 | trace "generate keys" | |
245 | for t in rsa rsa1; do | |
246 | # generate user key | |
247 | rm -f $OBJ/$t | |
d77c7dff | 248 | ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\ |
836d58d7 | 249 | fail "ssh-keygen for $t failed" |
250 | ||
251 | # known hosts file for client | |
252 | ( | |
c7751424 | 253 | echon 'localhost-with-alias,127.0.0.1,::1 ' |
836d58d7 | 254 | cat $OBJ/$t.pub |
255 | ) >> $OBJ/known_hosts | |
256 | ||
257 | # setup authorized keys | |
258 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | |
259 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | |
260 | ||
261 | # use key as host key, too | |
262 | $SUDO cp $OBJ/$t $OBJ/host.$t | |
263 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config | |
264 | ||
265 | # don't use SUDO for proxy connect | |
266 | echo HostKey $OBJ/$t >> $OBJ/sshd_proxy | |
267 | done | |
268 | chmod 644 $OBJ/authorized_keys_$USER | |
269 | ||
270 | # create a proxy version of the client config | |
271 | ( | |
272 | cat $OBJ/ssh_config | |
1501be86 | 273 | echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy |
836d58d7 | 274 | ) > $OBJ/ssh_proxy |
275 | ||
276 | # check proxy config | |
277 | ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" | |
278 | ||
279 | start_sshd () | |
280 | { | |
281 | # start sshd | |
282 | $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" | |
83154755 | 283 | $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1 |
836d58d7 | 284 | |
285 | trace "wait for sshd" | |
286 | i=0; | |
4638d96a | 287 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do |
836d58d7 | 288 | i=`expr $i + 1` |
289 | sleep $i | |
290 | done | |
291 | ||
292 | test -f $PIDFILE || fatal "no sshd running on port $PORT" | |
293 | } | |
294 | ||
295 | # source test body | |
296 | . $SCRIPT | |
297 | ||
298 | # kill sshd | |
299 | cleanup | |
300 | if [ $RESULT -eq 0 ]; then | |
301 | verbose ok $tid | |
302 | else | |
303 | echo failed $tid | |
304 | fi | |
305 | exit $RESULT |