1# $OpenBSD: channel-timeout.sh,v 1.2 2024/01/09 22:19:36 djm Exp $ 2# Placed in the Public Domain. 3 4tid="channel timeout" 5 6# XXX not comprehensive. Still need -R -L agent X11 forwarding + interactive 7 8rm -f $OBJ/finished.* $OBJ/mux.* 9 10MUXPATH=$OBJ/mux.$$ 11open_mux() { 12 ${SSH} -nNfM -oControlPath=$MUXPATH -F $OBJ/ssh_proxy "$@" somehost || 13 fatal "open mux failed" 14 test -e $MUXPATH || fatal "mux socket $MUXPATH not established" 15} 16 17close_mux() { 18 test -e $MUXPATH || fatal "mux socket $MUXPATH missing" 19 ${SSH} -qF $OBJ/ssh_proxy -oControlPath=$MUXPATH -O exit somehost || 20 fatal "could not terminate mux process" 21 for x in 1 2 3 4 5 6 7 8 9 10 ; do 22 test -e $OBJ/mux && break 23 sleep 1 24 done 25 test -e $MUXPATH && fatal "mux did not clean up" 26} 27mux_client() { 28 ${SSH} -F $OBJ/ssh_proxy -oControlPath=$MUXPATH somehost "$@" 29} 30 31rm -f $OBJ/sshd_proxy.orig 32cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig 33 34verbose "no timeout" 35${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" 36r=$? 37if [ $r -ne 23 ]; then 38 fail "ssh failed" 39fi 40 41verbose "command timeout" 42(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ 43 > $OBJ/sshd_proxy 44${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" 45r=$? 46if [ $r -ne 255 ]; then 47 fail "ssh returned unexpected error code $r" 48fi 49 50verbose "command long timeout" 51(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=60") \ 52 > $OBJ/sshd_proxy 53${SSH} -F $OBJ/ssh_proxy somehost "exit 23" 54r=$? 55if [ $r -ne 23 ]; then 56 fail "ssh returned unexpected error code $r" 57fi 58 59verbose "command wildcard timeout" 60(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:*=1") \ 61 > $OBJ/sshd_proxy 62${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" 63r=$? 64if [ $r -ne 255 ]; then 65 fail "ssh returned unexpected error code $r" 66fi 67 68verbose "command irrelevant timeout" 69(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ 70 > $OBJ/sshd_proxy 71${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" 72r=$? 73if [ $r -ne 23 ]; then 74 fail "ssh failed" 75fi 76 77verbose "multiplexed command timeout" 78(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ 79 > $OBJ/sshd_proxy 80open_mux 81mux_client "sleep 5 ; exit 23" 82r=$? 83if [ $r -ne 255 ]; then 84 fail "ssh returned unexpected error code $r" 85fi 86close_mux 87 88verbose "irrelevant multiplexed command timeout" 89(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ 90 > $OBJ/sshd_proxy 91open_mux 92mux_client "sleep 5 ; exit 23" 93r=$? 94if [ $r -ne 23 ]; then 95 fail "ssh returned unexpected error code $r" 96fi 97close_mux 98 99verbose "global command timeout" 100(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \ 101 > $OBJ/sshd_proxy 102open_mux 103mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null & 104mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null & 105mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null & 106wait 107test -f $OBJ/finished.1 && fail "first mux process completed" 108test -f $OBJ/finished.2 && fail "second mux process completed" 109test -f $OBJ/finished.3 || fail "third mux process did not complete" 110close_mux 111 112# Set up a "slow sftp server" that sleeps before executing the real one. 113cat > $OBJ/slow-sftp-server.sh << _EOF 114#!/bin/sh 115 116sleep 5 117$SFTPSERVER 118_EOF 119chmod a+x $OBJ/slow-sftp-server.sh 120 121verbose "sftp no timeout" 122(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; 123 echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy 124 125rm -f ${COPY} 126$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY 127r=$? 128if [ $r -ne 0 ]; then 129 fail "sftp failed" 130fi 131cmp $DATA $COPY || fail "corrupted copy" 132 133verbose "sftp timeout" 134(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; 135 echo "ChannelTimeout session:subsystem:sftp=1" ; 136 echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy 137 138rm -f ${COPY} 139$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY 140r=$? 141if [ $r -eq 0 ]; then 142 fail "sftp succeeded unexpectedly" 143fi 144test -f $COPY && cmp $DATA $COPY && fail "intact copy" 145 146verbose "sftp irrelevant timeout" 147(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; 148 echo "ChannelTimeout session:subsystem:command=1" ; 149 echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy 150 151rm -f ${COPY} 152$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY 153r=$? 154if [ $r -ne 0 ]; then 155 fail "sftp failed" 156fi 157cmp $DATA $COPY || fail "corrupted copy" 158