]>
Commit | Line | Data |
---|---|---|
1 | # $OpenBSD: test-exec.sh,v 1.20 2004/06/22 22:45:52 dtucker Exp $ | |
2 | # Placed in the Public Domain. | |
3 | ||
4 | PORT=4242 | |
5 | #SUDO=sudo | |
6 | ||
7 | if [ -x /usr/ucb/whoami ]; then | |
8 | USER=`/usr/ucb/whoami` | |
9 | elif whoami >/dev/null 2>&1; then | |
10 | USER=`whoami` | |
11 | else | |
12 | USER=`id -un` | |
13 | fi | |
14 | ||
15 | OBJ=$1 | |
16 | if [ "x$OBJ" = "x" ]; then | |
17 | echo '$OBJ not defined' | |
18 | exit 2 | |
19 | fi | |
20 | if [ ! -d $OBJ ]; then | |
21 | echo "not a directory: $OBJ" | |
22 | exit 2 | |
23 | fi | |
24 | SCRIPT=$2 | |
25 | if [ "x$SCRIPT" = "x" ]; then | |
26 | echo '$SCRIPT not defined' | |
27 | exit 2 | |
28 | fi | |
29 | if [ ! -f $SCRIPT ]; then | |
30 | echo "not a file: $SCRIPT" | |
31 | exit 2 | |
32 | fi | |
33 | if $TEST_SHELL -n $SCRIPT; then | |
34 | true | |
35 | else | |
36 | echo "syntax error in $SCRIPT" | |
37 | exit 2 | |
38 | fi | |
39 | unset SSH_AUTH_SOCK | |
40 | ||
41 | # defaults | |
42 | SSH=ssh | |
43 | SSHD=sshd | |
44 | SSHAGENT=ssh-agent | |
45 | SSHADD=ssh-add | |
46 | SSHKEYGEN=ssh-keygen | |
47 | SSHKEYSCAN=ssh-keyscan | |
48 | SFTP=sftp | |
49 | SFTPSERVER=/usr/libexec/openssh/sftp-server | |
50 | SCP=scp | |
51 | ||
52 | if [ "x$TEST_SSH_SSH" != "x" ]; then | |
53 | SSH="${TEST_SSH_SSH}" | |
54 | fi | |
55 | if [ "x$TEST_SSH_SSHD" != "x" ]; then | |
56 | SSHD="${TEST_SSH_SSHD}" | |
57 | fi | |
58 | if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then | |
59 | SSHAGENT="${TEST_SSH_SSHAGENT}" | |
60 | fi | |
61 | if [ "x$TEST_SSH_SSHADD" != "x" ]; then | |
62 | SSHADD="${TEST_SSH_SSHADD}" | |
63 | fi | |
64 | if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then | |
65 | SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" | |
66 | fi | |
67 | if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then | |
68 | SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" | |
69 | fi | |
70 | if [ "x$TEST_SSH_SFTP" != "x" ]; then | |
71 | SFTP="${TEST_SSH_SFTP}" | |
72 | fi | |
73 | if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then | |
74 | SFTPSERVER="${TEST_SSH_SFTPSERVER}" | |
75 | fi | |
76 | if [ "x$TEST_SSH_SCP" != "x" ]; then | |
77 | SCP="${TEST_SSH_SCP}" | |
78 | fi | |
79 | ||
80 | # these should be used in tests | |
81 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP | |
82 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | |
83 | ||
84 | # helper | |
85 | echon() | |
86 | { | |
87 | if [ "x`echo -n`" = "x" ]; then | |
88 | echo -n "$@" | |
89 | elif [ "x`echo '\c'`" = "x" ]; then | |
90 | echo "$@\c" | |
91 | else | |
92 | fatal "Don't know how to echo without newline." | |
93 | fi | |
94 | } | |
95 | ||
96 | have_prog() | |
97 | { | |
98 | saved_IFS="$IFS" | |
99 | IFS=":" | |
100 | for i in $PATH | |
101 | do | |
102 | if [ -x $i/$1 ]; then | |
103 | IFS="$saved_IFS" | |
104 | return 0 | |
105 | fi | |
106 | done | |
107 | IFS="$saved_IFS" | |
108 | return 1 | |
109 | } | |
110 | ||
111 | cleanup () | |
112 | { | |
113 | if [ -f $PIDFILE ]; then | |
114 | pid=`cat $PIDFILE` | |
115 | if [ "X$pid" = "X" ]; then | |
116 | echo no sshd running | |
117 | else | |
118 | if [ $pid -lt 2 ]; then | |
119 | echo bad pid for ssd: $pid | |
120 | else | |
121 | $SUDO kill $pid | |
122 | fi | |
123 | fi | |
124 | fi | |
125 | } | |
126 | ||
127 | trace () | |
128 | { | |
129 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then | |
130 | echo "$@" | |
131 | fi | |
132 | } | |
133 | ||
134 | verbose () | |
135 | { | |
136 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then | |
137 | echo "$@" | |
138 | fi | |
139 | } | |
140 | ||
141 | ||
142 | fail () | |
143 | { | |
144 | RESULT=1 | |
145 | echo "$@" | |
146 | } | |
147 | ||
148 | fatal () | |
149 | { | |
150 | echon "FATAL: " | |
151 | fail "$@" | |
152 | cleanup | |
153 | exit $RESULT | |
154 | } | |
155 | ||
156 | RESULT=0 | |
157 | PIDFILE=$OBJ/pidfile | |
158 | ||
159 | trap fatal 3 2 | |
160 | ||
161 | # create server config | |
162 | cat << EOF > $OBJ/sshd_config | |
163 | StrictModes no | |
164 | Port $PORT | |
165 | ListenAddress 127.0.0.1 | |
166 | #ListenAddress ::1 | |
167 | PidFile $PIDFILE | |
168 | AuthorizedKeysFile $OBJ/authorized_keys_%u | |
169 | LogLevel QUIET | |
170 | AcceptEnv _XXX_TEST_* | |
171 | AcceptEnv _XXX_TEST | |
172 | Subsystem sftp $SFTPSERVER | |
173 | EOF | |
174 | ||
175 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then | |
176 | trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" | |
177 | echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config | |
178 | fi | |
179 | ||
180 | # server config for proxy connects | |
181 | cp $OBJ/sshd_config $OBJ/sshd_proxy | |
182 | ||
183 | # allow group-writable directories in proxy-mode | |
184 | echo 'StrictModes no' >> $OBJ/sshd_proxy | |
185 | ||
186 | # create client config | |
187 | cat << EOF > $OBJ/ssh_config | |
188 | Host * | |
189 | Hostname 127.0.0.1 | |
190 | HostKeyAlias localhost-with-alias | |
191 | Port $PORT | |
192 | User $USER | |
193 | GlobalKnownHostsFile $OBJ/known_hosts | |
194 | UserKnownHostsFile $OBJ/known_hosts | |
195 | RSAAuthentication yes | |
196 | PubkeyAuthentication yes | |
197 | ChallengeResponseAuthentication no | |
198 | HostbasedAuthentication no | |
199 | PasswordAuthentication no | |
200 | RhostsRSAAuthentication no | |
201 | BatchMode yes | |
202 | StrictHostKeyChecking yes | |
203 | EOF | |
204 | ||
205 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then | |
206 | trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" | |
207 | echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config | |
208 | fi | |
209 | ||
210 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER | |
211 | ||
212 | trace "generate keys" | |
213 | for t in rsa rsa1; do | |
214 | # generate user key | |
215 | rm -f $OBJ/$t | |
216 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ | |
217 | fail "ssh-keygen for $t failed" | |
218 | ||
219 | # known hosts file for client | |
220 | ( | |
221 | echon 'localhost-with-alias,127.0.0.1,::1 ' | |
222 | cat $OBJ/$t.pub | |
223 | ) >> $OBJ/known_hosts | |
224 | ||
225 | # setup authorized keys | |
226 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | |
227 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | |
228 | ||
229 | # use key as host key, too | |
230 | $SUDO cp $OBJ/$t $OBJ/host.$t | |
231 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config | |
232 | ||
233 | # don't use SUDO for proxy connect | |
234 | echo HostKey $OBJ/$t >> $OBJ/sshd_proxy | |
235 | done | |
236 | chmod 644 $OBJ/authorized_keys_$USER | |
237 | ||
238 | # create a proxy version of the client config | |
239 | ( | |
240 | cat $OBJ/ssh_config | |
241 | echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy | |
242 | ) > $OBJ/ssh_proxy | |
243 | ||
244 | # check proxy config | |
245 | ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" | |
246 | ||
247 | start_sshd () | |
248 | { | |
249 | # start sshd | |
250 | $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" | |
251 | $SUDO ${SSHD} -f $OBJ/sshd_config | |
252 | ||
253 | trace "wait for sshd" | |
254 | i=0; | |
255 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do | |
256 | i=`expr $i + 1` | |
257 | sleep $i | |
258 | done | |
259 | ||
260 | test -f $PIDFILE || fatal "no sshd running on port $PORT" | |
261 | } | |
262 | ||
263 | # source test body | |
264 | . $SCRIPT | |
265 | ||
266 | # kill sshd | |
267 | cleanup | |
268 | if [ $RESULT -eq 0 ]; then | |
269 | verbose ok $tid | |
270 | else | |
271 | echo failed $tid | |
272 | fi | |
273 | exit $RESULT |