]>
Commit | Line | Data |
---|---|---|
014f1b23 | 1 | # $OpenBSD: test-exec.sh,v 1.35 2008/06/28 13:57:25 djm Exp $ |
836d58d7 | 2 | # Placed in the Public Domain. |
3 | ||
836d58d7 | 4 | #SUDO=sudo |
5 | ||
9c70ca37 | 6 | # Unbreak GNU head(1) |
7 | _POSIX2_VERSION=199209 | |
8 | export _POSIX2_VERSION | |
9 | ||
13863e85 | 10 | case `uname -s 2>/dev/null` in |
11 | OSF1*) | |
12 | BIN_SH=xpg4 | |
13 | export BIN_SH | |
14 | ;; | |
15 | esac | |
16 | ||
08f8b491 | 17 | if [ ! -z "$TEST_SSH_PORT" ]; then |
18 | PORT="$TEST_SSH_PORT" | |
19 | else | |
20 | PORT=4242 | |
21 | fi | |
22 | ||
4638d96a | 23 | if [ -x /usr/ucb/whoami ]; then |
24 | USER=`/usr/ucb/whoami` | |
c1b10a96 | 25 | elif whoami >/dev/null 2>&1; then |
4638d96a | 26 | USER=`whoami` |
0ceedd4e | 27 | elif logname >/dev/null 2>&1; then |
28 | USER=`logname` | |
4638d96a | 29 | else |
30 | USER=`id -un` | |
31 | fi | |
32 | ||
836d58d7 | 33 | OBJ=$1 |
34 | if [ "x$OBJ" = "x" ]; then | |
35 | echo '$OBJ not defined' | |
36 | exit 2 | |
37 | fi | |
38 | if [ ! -d $OBJ ]; then | |
39 | echo "not a directory: $OBJ" | |
40 | exit 2 | |
41 | fi | |
42 | SCRIPT=$2 | |
43 | if [ "x$SCRIPT" = "x" ]; then | |
44 | echo '$SCRIPT not defined' | |
45 | exit 2 | |
46 | fi | |
47 | if [ ! -f $SCRIPT ]; then | |
48 | echo "not a file: $SCRIPT" | |
49 | exit 2 | |
50 | fi | |
006cb311 | 51 | if $TEST_SHELL -n $SCRIPT; then |
836d58d7 | 52 | true |
53 | else | |
54 | echo "syntax error in $SCRIPT" | |
55 | exit 2 | |
56 | fi | |
57 | unset SSH_AUTH_SOCK | |
58 | ||
83154755 | 59 | SRC=`dirname ${SCRIPT}` |
60 | ||
836d58d7 | 61 | # defaults |
62 | SSH=ssh | |
63 | SSHD=sshd | |
64 | SSHAGENT=ssh-agent | |
65 | SSHADD=ssh-add | |
66 | SSHKEYGEN=ssh-keygen | |
67 | SSHKEYSCAN=ssh-keyscan | |
68 | SFTP=sftp | |
69 | SFTPSERVER=/usr/libexec/openssh/sftp-server | |
53e2a65c | 70 | SCP=scp |
836d58d7 | 71 | |
f3dad773 | 72 | # Interop testing |
8476b024 | 73 | PLINK=plink |
74 | PUTTYGEN=puttygen | |
75 | CONCH=conch | |
f3dad773 | 76 | |
836d58d7 | 77 | if [ "x$TEST_SSH_SSH" != "x" ]; then |
dd75dc6d | 78 | SSH="${TEST_SSH_SSH}" |
836d58d7 | 79 | fi |
80 | if [ "x$TEST_SSH_SSHD" != "x" ]; then | |
dd75dc6d | 81 | SSHD="${TEST_SSH_SSHD}" |
836d58d7 | 82 | fi |
83 | if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then | |
dd75dc6d | 84 | SSHAGENT="${TEST_SSH_SSHAGENT}" |
836d58d7 | 85 | fi |
86 | if [ "x$TEST_SSH_SSHADD" != "x" ]; then | |
dd75dc6d | 87 | SSHADD="${TEST_SSH_SSHADD}" |
836d58d7 | 88 | fi |
89 | if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then | |
dd75dc6d | 90 | SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" |
836d58d7 | 91 | fi |
92 | if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then | |
dd75dc6d | 93 | SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" |
836d58d7 | 94 | fi |
95 | if [ "x$TEST_SSH_SFTP" != "x" ]; then | |
dd75dc6d | 96 | SFTP="${TEST_SSH_SFTP}" |
836d58d7 | 97 | fi |
98 | if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then | |
dd75dc6d | 99 | SFTPSERVER="${TEST_SSH_SFTPSERVER}" |
836d58d7 | 100 | fi |
53e2a65c | 101 | if [ "x$TEST_SSH_SCP" != "x" ]; then |
102 | SCP="${TEST_SSH_SCP}" | |
103 | fi | |
f3dad773 | 104 | if [ "x$TEST_SSH_PLINK" != "x" ]; then |
32f129d1 | 105 | # Find real binary, if it exists |
106 | case "${TEST_SSH_PLINK}" in | |
107 | /*) PLINK="${TEST_SSH_PLINK}" ;; | |
3e782ad1 | 108 | *) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;; |
32f129d1 | 109 | esac |
f3dad773 | 110 | fi |
111 | if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then | |
32f129d1 | 112 | # Find real binary, if it exists |
113 | case "${TEST_SSH_PUTTYGEN}" in | |
114 | /*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;; | |
3e782ad1 | 115 | *) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;; |
32f129d1 | 116 | esac |
f3dad773 | 117 | fi |
014f1b23 | 118 | if [ "x$TEST_SSH_CONCH" != "x" ]; then |
8476b024 | 119 | # Find real binary, if it exists |
120 | case "${TEST_SSH_CONCH}" in | |
121 | /*) CONCH="${TEST_SSH_CONCH}" ;; | |
122 | *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;; | |
123 | esac | |
014f1b23 | 124 | fi |
836d58d7 | 125 | |
403447b4 | 126 | # Path to sshd must be absolute for rexec |
6177fa47 | 127 | case "$SSHD" in |
128 | /*) ;; | |
129 | *) SSHD=`which sshd` ;; | |
130 | esac | |
403447b4 | 131 | |
83154755 | 132 | if [ "x$TEST_SSH_LOGFILE" = "x" ]; then |
133 | TEST_SSH_LOGFILE=/dev/null | |
134 | fi | |
135 | ||
836d58d7 | 136 | # these should be used in tests |
53e2a65c | 137 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
138 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | |
836d58d7 | 139 | |
140 | # helper | |
c7751424 | 141 | echon() |
142 | { | |
143 | if [ "x`echo -n`" = "x" ]; then | |
144 | echo -n "$@" | |
145 | elif [ "x`echo '\c'`" = "x" ]; then | |
146 | echo "$@\c" | |
147 | else | |
148 | fatal "Don't know how to echo without newline." | |
149 | fi | |
150 | } | |
151 | ||
c1b10a96 | 152 | have_prog() |
153 | { | |
154 | saved_IFS="$IFS" | |
155 | IFS=":" | |
156 | for i in $PATH | |
157 | do | |
158 | if [ -x $i/$1 ]; then | |
159 | IFS="$saved_IFS" | |
160 | return 0 | |
161 | fi | |
162 | done | |
163 | IFS="$saved_IFS" | |
164 | return 1 | |
165 | } | |
166 | ||
836d58d7 | 167 | cleanup () |
168 | { | |
169 | if [ -f $PIDFILE ]; then | |
170 | pid=`cat $PIDFILE` | |
171 | if [ "X$pid" = "X" ]; then | |
172 | echo no sshd running | |
173 | else | |
174 | if [ $pid -lt 2 ]; then | |
175 | echo bad pid for ssd: $pid | |
176 | else | |
177 | $SUDO kill $pid | |
178 | fi | |
179 | fi | |
180 | fi | |
181 | } | |
182 | ||
183 | trace () | |
184 | { | |
2432048a | 185 | echo "trace: $@" >>$TEST_SSH_LOGFILE |
836d58d7 | 186 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then |
2432048a | 187 | echo "$@" |
836d58d7 | 188 | fi |
189 | } | |
190 | ||
191 | verbose () | |
192 | { | |
2432048a | 193 | echo "verbose: $@" >>$TEST_SSH_LOGFILE |
836d58d7 | 194 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then |
2432048a | 195 | echo "$@" |
836d58d7 | 196 | fi |
197 | } | |
198 | ||
199 | ||
200 | fail () | |
201 | { | |
2432048a | 202 | echo "FAIL: $@" >>$TEST_SSH_LOGFILE |
836d58d7 | 203 | RESULT=1 |
2432048a | 204 | echo "$@" |
836d58d7 | 205 | } |
206 | ||
207 | fatal () | |
208 | { | |
2432048a | 209 | echo "FATAL: $@" >>$TEST_SSH_LOGFILE |
c7751424 | 210 | echon "FATAL: " |
836d58d7 | 211 | fail "$@" |
212 | cleanup | |
213 | exit $RESULT | |
214 | } | |
215 | ||
216 | RESULT=0 | |
217 | PIDFILE=$OBJ/pidfile | |
218 | ||
219 | trap fatal 3 2 | |
220 | ||
221 | # create server config | |
222 | cat << EOF > $OBJ/sshd_config | |
828d4b6f | 223 | StrictModes no |
836d58d7 | 224 | Port $PORT |
9b347e5f | 225 | AddressFamily inet |
836d58d7 | 226 | ListenAddress 127.0.0.1 |
227 | #ListenAddress ::1 | |
228 | PidFile $PIDFILE | |
229 | AuthorizedKeysFile $OBJ/authorized_keys_%u | |
433f6c0f | 230 | LogLevel VERBOSE |
1b0a92c0 | 231 | AcceptEnv _XXX_TEST_* |
232 | AcceptEnv _XXX_TEST | |
00995aa0 | 233 | Subsystem sftp $SFTPSERVER |
836d58d7 | 234 | EOF |
235 | ||
677dd470 | 236 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then |
237 | trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" | |
238 | echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config | |
239 | fi | |
240 | ||
836d58d7 | 241 | # server config for proxy connects |
242 | cp $OBJ/sshd_config $OBJ/sshd_proxy | |
243 | ||
244 | # allow group-writable directories in proxy-mode | |
245 | echo 'StrictModes no' >> $OBJ/sshd_proxy | |
246 | ||
247 | # create client config | |
248 | cat << EOF > $OBJ/ssh_config | |
249 | Host * | |
250 | Hostname 127.0.0.1 | |
251 | HostKeyAlias localhost-with-alias | |
252 | Port $PORT | |
253 | User $USER | |
254 | GlobalKnownHostsFile $OBJ/known_hosts | |
255 | UserKnownHostsFile $OBJ/known_hosts | |
256 | RSAAuthentication yes | |
257 | PubkeyAuthentication yes | |
258 | ChallengeResponseAuthentication no | |
259 | HostbasedAuthentication no | |
260 | PasswordAuthentication no | |
836d58d7 | 261 | BatchMode yes |
262 | StrictHostKeyChecking yes | |
263 | EOF | |
264 | ||
677dd470 | 265 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
266 | trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" | |
267 | echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config | |
268 | fi | |
269 | ||
836d58d7 | 270 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
271 | ||
272 | trace "generate keys" | |
273 | for t in rsa rsa1; do | |
274 | # generate user key | |
275 | rm -f $OBJ/$t | |
d77c7dff | 276 | ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\ |
836d58d7 | 277 | fail "ssh-keygen for $t failed" |
278 | ||
279 | # known hosts file for client | |
280 | ( | |
c7751424 | 281 | echon 'localhost-with-alias,127.0.0.1,::1 ' |
836d58d7 | 282 | cat $OBJ/$t.pub |
283 | ) >> $OBJ/known_hosts | |
284 | ||
285 | # setup authorized keys | |
286 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | |
287 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | |
288 | ||
289 | # use key as host key, too | |
290 | $SUDO cp $OBJ/$t $OBJ/host.$t | |
291 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config | |
292 | ||
293 | # don't use SUDO for proxy connect | |
294 | echo HostKey $OBJ/$t >> $OBJ/sshd_proxy | |
295 | done | |
296 | chmod 644 $OBJ/authorized_keys_$USER | |
297 | ||
014f1b23 | 298 | # Activate Twisted Conch tests if the binary is present |
299 | REGRESS_INTEROP_CONCH=no | |
300 | if test -x "$CONCH" ; then | |
301 | REGRESS_INTEROP_CONCH=yes | |
302 | fi | |
303 | ||
f0528444 | 304 | # If PuTTY is present and we are running a PuTTY test, prepare keys and |
305 | # configuration | |
f3dad773 | 306 | REGRESS_INTEROP_PUTTY=no |
64c576e9 | 307 | if test -x "$PUTTYGEN" -a -x "$PLINK" ; then |
94edc013 | 308 | REGRESS_INTEROP_PUTTY=yes |
309 | fi | |
310 | case "$SCRIPT" in | |
311 | *putty*) ;; | |
312 | *) REGRESS_INTEROP_PUTTY=no ;; | |
313 | esac | |
314 | ||
315 | if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then | |
f3dad773 | 316 | mkdir -p ${OBJ}/.putty |
317 | ||
318 | # Add a PuTTY key to authorized_keys | |
319 | rm -f ${OBJ}/putty.rsa2 | |
320 | puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null | |
321 | puttygen -O public-openssh ${OBJ}/putty.rsa2 \ | |
322 | >> $OBJ/authorized_keys_$USER | |
323 | ||
324 | # Convert rsa2 host key to PuTTY format | |
325 | ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \ | |
326 | ${OBJ}/.putty/sshhostkeys | |
327 | ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \ | |
328 | ${OBJ}/.putty/sshhostkeys | |
329 | ||
330 | # Setup proxied session | |
331 | mkdir -p ${OBJ}/.putty/sessions | |
332 | rm -f ${OBJ}/.putty/sessions/localhost_proxy | |
333 | echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy | |
334 | echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy | |
335 | echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy | |
336 | echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy | |
337 | ||
338 | REGRESS_INTEROP_PUTTY=yes | |
339 | fi | |
340 | ||
836d58d7 | 341 | # create a proxy version of the client config |
342 | ( | |
343 | cat $OBJ/ssh_config | |
1501be86 | 344 | echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy |
836d58d7 | 345 | ) > $OBJ/ssh_proxy |
346 | ||
347 | # check proxy config | |
348 | ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" | |
349 | ||
350 | start_sshd () | |
351 | { | |
352 | # start sshd | |
f3dad773 | 353 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" |
354 | $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1 | |
836d58d7 | 355 | |
356 | trace "wait for sshd" | |
357 | i=0; | |
4638d96a | 358 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do |
836d58d7 | 359 | i=`expr $i + 1` |
360 | sleep $i | |
361 | done | |
362 | ||
363 | test -f $PIDFILE || fatal "no sshd running on port $PORT" | |
364 | } | |
365 | ||
366 | # source test body | |
367 | . $SCRIPT | |
368 | ||
369 | # kill sshd | |
370 | cleanup | |
371 | if [ $RESULT -eq 0 ]; then | |
372 | verbose ok $tid | |
373 | else | |
374 | echo failed $tid | |
375 | fi | |
376 | exit $RESULT |