]>
Commit | Line | Data |
---|---|---|
19031d79 | 1 | # $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $ |
836d58d7 | 2 | # Placed in the Public Domain. |
3 | ||
836d58d7 | 4 | #SUDO=sudo |
5 | ||
08f8b491 | 6 | if [ ! -z "$TEST_SSH_PORT" ]; then |
7 | PORT="$TEST_SSH_PORT" | |
8 | else | |
9 | PORT=4242 | |
10 | fi | |
11 | ||
4638d96a | 12 | if [ -x /usr/ucb/whoami ]; then |
13 | USER=`/usr/ucb/whoami` | |
c1b10a96 | 14 | elif whoami >/dev/null 2>&1; then |
4638d96a | 15 | USER=`whoami` |
16 | else | |
17 | USER=`id -un` | |
18 | fi | |
19 | ||
836d58d7 | 20 | OBJ=$1 |
21 | if [ "x$OBJ" = "x" ]; then | |
22 | echo '$OBJ not defined' | |
23 | exit 2 | |
24 | fi | |
25 | if [ ! -d $OBJ ]; then | |
26 | echo "not a directory: $OBJ" | |
27 | exit 2 | |
28 | fi | |
29 | SCRIPT=$2 | |
30 | if [ "x$SCRIPT" = "x" ]; then | |
31 | echo '$SCRIPT not defined' | |
32 | exit 2 | |
33 | fi | |
34 | if [ ! -f $SCRIPT ]; then | |
35 | echo "not a file: $SCRIPT" | |
36 | exit 2 | |
37 | fi | |
006cb311 | 38 | if $TEST_SHELL -n $SCRIPT; then |
836d58d7 | 39 | true |
40 | else | |
41 | echo "syntax error in $SCRIPT" | |
42 | exit 2 | |
43 | fi | |
44 | unset SSH_AUTH_SOCK | |
45 | ||
46 | # defaults | |
47 | SSH=ssh | |
48 | SSHD=sshd | |
49 | SSHAGENT=ssh-agent | |
50 | SSHADD=ssh-add | |
51 | SSHKEYGEN=ssh-keygen | |
52 | SSHKEYSCAN=ssh-keyscan | |
53 | SFTP=sftp | |
54 | SFTPSERVER=/usr/libexec/openssh/sftp-server | |
53e2a65c | 55 | SCP=scp |
836d58d7 | 56 | |
57 | if [ "x$TEST_SSH_SSH" != "x" ]; then | |
dd75dc6d | 58 | SSH="${TEST_SSH_SSH}" |
836d58d7 | 59 | fi |
60 | if [ "x$TEST_SSH_SSHD" != "x" ]; then | |
dd75dc6d | 61 | SSHD="${TEST_SSH_SSHD}" |
836d58d7 | 62 | fi |
63 | if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then | |
dd75dc6d | 64 | SSHAGENT="${TEST_SSH_SSHAGENT}" |
836d58d7 | 65 | fi |
66 | if [ "x$TEST_SSH_SSHADD" != "x" ]; then | |
dd75dc6d | 67 | SSHADD="${TEST_SSH_SSHADD}" |
836d58d7 | 68 | fi |
69 | if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then | |
dd75dc6d | 70 | SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" |
836d58d7 | 71 | fi |
72 | if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then | |
dd75dc6d | 73 | SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" |
836d58d7 | 74 | fi |
75 | if [ "x$TEST_SSH_SFTP" != "x" ]; then | |
dd75dc6d | 76 | SFTP="${TEST_SSH_SFTP}" |
836d58d7 | 77 | fi |
78 | if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then | |
dd75dc6d | 79 | SFTPSERVER="${TEST_SSH_SFTPSERVER}" |
836d58d7 | 80 | fi |
53e2a65c | 81 | if [ "x$TEST_SSH_SCP" != "x" ]; then |
82 | SCP="${TEST_SSH_SCP}" | |
83 | fi | |
836d58d7 | 84 | |
403447b4 | 85 | # Path to sshd must be absolute for rexec |
86 | SSHD=`which sshd` | |
87 | ||
836d58d7 | 88 | # these should be used in tests |
53e2a65c | 89 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
90 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | |
836d58d7 | 91 | |
92 | # helper | |
c7751424 | 93 | echon() |
94 | { | |
95 | if [ "x`echo -n`" = "x" ]; then | |
96 | echo -n "$@" | |
97 | elif [ "x`echo '\c'`" = "x" ]; then | |
98 | echo "$@\c" | |
99 | else | |
100 | fatal "Don't know how to echo without newline." | |
101 | fi | |
102 | } | |
103 | ||
c1b10a96 | 104 | have_prog() |
105 | { | |
106 | saved_IFS="$IFS" | |
107 | IFS=":" | |
108 | for i in $PATH | |
109 | do | |
110 | if [ -x $i/$1 ]; then | |
111 | IFS="$saved_IFS" | |
112 | return 0 | |
113 | fi | |
114 | done | |
115 | IFS="$saved_IFS" | |
116 | return 1 | |
117 | } | |
118 | ||
836d58d7 | 119 | cleanup () |
120 | { | |
121 | if [ -f $PIDFILE ]; then | |
122 | pid=`cat $PIDFILE` | |
123 | if [ "X$pid" = "X" ]; then | |
124 | echo no sshd running | |
125 | else | |
126 | if [ $pid -lt 2 ]; then | |
127 | echo bad pid for ssd: $pid | |
128 | else | |
129 | $SUDO kill $pid | |
130 | fi | |
131 | fi | |
132 | fi | |
133 | } | |
134 | ||
135 | trace () | |
136 | { | |
137 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then | |
138 | echo "$@" | |
139 | fi | |
140 | } | |
141 | ||
142 | verbose () | |
143 | { | |
144 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then | |
145 | echo "$@" | |
146 | fi | |
147 | } | |
148 | ||
149 | ||
150 | fail () | |
151 | { | |
152 | RESULT=1 | |
153 | echo "$@" | |
154 | } | |
155 | ||
156 | fatal () | |
157 | { | |
c7751424 | 158 | echon "FATAL: " |
836d58d7 | 159 | fail "$@" |
160 | cleanup | |
161 | exit $RESULT | |
162 | } | |
163 | ||
164 | RESULT=0 | |
165 | PIDFILE=$OBJ/pidfile | |
166 | ||
167 | trap fatal 3 2 | |
168 | ||
169 | # create server config | |
170 | cat << EOF > $OBJ/sshd_config | |
828d4b6f | 171 | StrictModes no |
836d58d7 | 172 | Port $PORT |
173 | ListenAddress 127.0.0.1 | |
174 | #ListenAddress ::1 | |
175 | PidFile $PIDFILE | |
176 | AuthorizedKeysFile $OBJ/authorized_keys_%u | |
177 | LogLevel QUIET | |
1b0a92c0 | 178 | AcceptEnv _XXX_TEST_* |
179 | AcceptEnv _XXX_TEST | |
00995aa0 | 180 | Subsystem sftp $SFTPSERVER |
836d58d7 | 181 | EOF |
182 | ||
677dd470 | 183 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then |
184 | trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" | |
185 | echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config | |
186 | fi | |
187 | ||
836d58d7 | 188 | # server config for proxy connects |
189 | cp $OBJ/sshd_config $OBJ/sshd_proxy | |
190 | ||
191 | # allow group-writable directories in proxy-mode | |
192 | echo 'StrictModes no' >> $OBJ/sshd_proxy | |
193 | ||
194 | # create client config | |
195 | cat << EOF > $OBJ/ssh_config | |
196 | Host * | |
197 | Hostname 127.0.0.1 | |
198 | HostKeyAlias localhost-with-alias | |
199 | Port $PORT | |
200 | User $USER | |
201 | GlobalKnownHostsFile $OBJ/known_hosts | |
202 | UserKnownHostsFile $OBJ/known_hosts | |
203 | RSAAuthentication yes | |
204 | PubkeyAuthentication yes | |
205 | ChallengeResponseAuthentication no | |
206 | HostbasedAuthentication no | |
207 | PasswordAuthentication no | |
836d58d7 | 208 | RhostsRSAAuthentication no |
209 | BatchMode yes | |
210 | StrictHostKeyChecking yes | |
211 | EOF | |
212 | ||
677dd470 | 213 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
214 | trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" | |
215 | echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config | |
216 | fi | |
217 | ||
836d58d7 | 218 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
219 | ||
220 | trace "generate keys" | |
221 | for t in rsa rsa1; do | |
222 | # generate user key | |
223 | rm -f $OBJ/$t | |
224 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ | |
225 | fail "ssh-keygen for $t failed" | |
226 | ||
227 | # known hosts file for client | |
228 | ( | |
c7751424 | 229 | echon 'localhost-with-alias,127.0.0.1,::1 ' |
836d58d7 | 230 | cat $OBJ/$t.pub |
231 | ) >> $OBJ/known_hosts | |
232 | ||
233 | # setup authorized keys | |
234 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | |
235 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | |
236 | ||
237 | # use key as host key, too | |
238 | $SUDO cp $OBJ/$t $OBJ/host.$t | |
239 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config | |
240 | ||
241 | # don't use SUDO for proxy connect | |
242 | echo HostKey $OBJ/$t >> $OBJ/sshd_proxy | |
243 | done | |
244 | chmod 644 $OBJ/authorized_keys_$USER | |
245 | ||
246 | # create a proxy version of the client config | |
247 | ( | |
248 | cat $OBJ/ssh_config | |
4638d96a | 249 | echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy |
836d58d7 | 250 | ) > $OBJ/ssh_proxy |
251 | ||
252 | # check proxy config | |
253 | ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" | |
254 | ||
255 | start_sshd () | |
256 | { | |
257 | # start sshd | |
258 | $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" | |
259 | $SUDO ${SSHD} -f $OBJ/sshd_config | |
260 | ||
261 | trace "wait for sshd" | |
262 | i=0; | |
4638d96a | 263 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do |
836d58d7 | 264 | i=`expr $i + 1` |
265 | sleep $i | |
266 | done | |
267 | ||
268 | test -f $PIDFILE || fatal "no sshd running on port $PORT" | |
269 | } | |
270 | ||
271 | # source test body | |
272 | . $SCRIPT | |
273 | ||
274 | # kill sshd | |
275 | cleanup | |
276 | if [ $RESULT -eq 0 ]; then | |
277 | verbose ok $tid | |
278 | else | |
279 | echo failed $tid | |
280 | fi | |
281 | exit $RESULT |