xref: /openbsd/regress/usr.bin/ssh/test-exec.sh (revision 17df1aa7) 
1#	$OpenBSD: test-exec.sh,v 1.37 2010/02/24 06:21:56 djm Exp $
2#	Placed in the Public Domain.
3
4USER=`id -un`
5#SUDO=sudo
6
7if [ ! -z "$TEST_SSH_PORT" ]; then
8	PORT="$TEST_SSH_PORT"
9else
10	PORT=4242
11fi
12
13OBJ=$1
14if [ "x$OBJ" = "x" ]; then
15	echo '$OBJ not defined'
16	exit 2
17fi
18if [ ! -d $OBJ ]; then
19	echo "not a directory: $OBJ"
20	exit 2
21fi
22SCRIPT=$2
23if [ "x$SCRIPT" = "x" ]; then
24	echo '$SCRIPT not defined'
25	exit 2
26fi
27if [ ! -f $SCRIPT ]; then
28	echo "not a file: $SCRIPT"
29	exit 2
30fi
31if sh -n $SCRIPT; then
32	true
33else
34	echo "syntax error in $SCRIPT"
35	exit 2
36fi
37unset SSH_AUTH_SOCK
38
39SRC=`dirname ${SCRIPT}`
40
41# defaults
42SSH=ssh
43SSHD=sshd
44SSHAGENT=ssh-agent
45SSHADD=ssh-add
46SSHKEYGEN=ssh-keygen
47SSHKEYSCAN=ssh-keyscan
48SFTP=sftp
49SFTPSERVER=/usr/libexec/sftp-server
50SCP=scp
51
52# Interop testing
53PLINK=/usr/local/bin/plink
54PUTTYGEN=/usr/local/bin/puttygen
55CONCH=/usr/local/bin/conch
56
57if [ "x$TEST_SSH_SSH" != "x" ]; then
58	SSH="${TEST_SSH_SSH}"
59fi
60if [ "x$TEST_SSH_SSHD" != "x" ]; then
61	SSHD="${TEST_SSH_SSHD}"
62fi
63if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
64	SSHAGENT="${TEST_SSH_SSHAGENT}"
65fi
66if [ "x$TEST_SSH_SSHADD" != "x" ]; then
67	SSHADD="${TEST_SSH_SSHADD}"
68fi
69if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
70	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
71fi
72if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
73	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
74fi
75if [ "x$TEST_SSH_SFTP" != "x" ]; then
76	SFTP="${TEST_SSH_SFTP}"
77fi
78if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
79	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
80fi
81if [ "x$TEST_SSH_SCP" != "x" ]; then
82	SCP="${TEST_SSH_SCP}"
83fi
84if [ "x$TEST_SSH_PLINK" != "x" ]; then
85	PLINK="${TEST_SSH_PLINK}"
86fi
87if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
88	PUTTYGEN="${TEST_SSH_PUTTYGEN}"
89fi
90if [ "x$TEST_SSH_CONCH" != "x" ]; then
91	CONCH="${TEST_SSH_CONCH}"
92fi
93
94# Path to sshd must be absolute for rexec
95if [ ! -x /$SSHD ]; then
96	SSHD=`which sshd`
97fi
98
99if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
100	TEST_SSH_LOGFILE=/dev/null
101fi
102
103# these should be used in tests
104export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
105#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
106
107# helper
108cleanup ()
109{
110	if [ -f $PIDFILE ]; then
111		pid=`cat $PIDFILE`
112		if [ "X$pid" = "X" ]; then
113			echo no sshd running
114		else
115			if [ $pid -lt 2 ]; then
116				echo bad pid for ssh: $pid
117			else
118				$SUDO kill $pid
119				trace "wait for sshd to exit"
120				i=0;
121				while [ -f $PIDFILE -a $i -lt 5 ]; do
122					i=`expr $i + 1`
123					sleep $i
124				done
125				test -f $PIDFILE && \
126				    fatal "sshd didn't exit port $PORT pid $pid"
127			fi
128		fi
129	fi
130}
131
132trace ()
133{
134	echo "trace: $@" >>$TEST_SSH_LOGFILE
135	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
136		echo "$@"
137	fi
138}
139
140verbose ()
141{
142	echo "verbose: $@" >>$TEST_SSH_LOGFILE
143	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
144		echo "$@"
145	fi
146}
147
148
149fail ()
150{
151	echo "FAIL: $@" >>$TEST_SSH_LOGFILE
152	RESULT=1
153	echo "$@"
154}
155
156fatal ()
157{
158	echo "FATAL: $@" >>$TEST_SSH_LOGFILE
159	echo -n "FATAL: "
160	fail "$@"
161	cleanup
162	exit $RESULT
163}
164
165RESULT=0
166PIDFILE=$OBJ/pidfile
167
168trap fatal 3 2
169
170# create server config
171cat << EOF > $OBJ/sshd_config
172	Port			$PORT
173	Protocol		2,1
174	AddressFamily		inet
175	ListenAddress		127.0.0.1
176	#ListenAddress		::1
177	PidFile			$PIDFILE
178	AuthorizedKeysFile	$OBJ/authorized_keys_%u
179	LogLevel		DEBUG
180	AcceptEnv		_XXX_TEST_*
181	AcceptEnv		_XXX_TEST
182	Subsystem	sftp	$SFTPSERVER
183EOF
184
185if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
186	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
187	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
188fi
189
190# server config for proxy connects
191cp $OBJ/sshd_config $OBJ/sshd_proxy
192
193# allow group-writable directories in proxy-mode
194echo 'StrictModes no' >> $OBJ/sshd_proxy
195
196# create client config
197cat << EOF > $OBJ/ssh_config
198Host *
199	Protocol		2,1
200	Hostname		127.0.0.1
201	HostKeyAlias		localhost-with-alias
202	Port			$PORT
203	User			$USER
204	GlobalKnownHostsFile	$OBJ/known_hosts
205	UserKnownHostsFile	$OBJ/known_hosts
206	RSAAuthentication	yes
207	PubkeyAuthentication	yes
208	ChallengeResponseAuthentication	no
209	HostbasedAuthentication	no
210	PasswordAuthentication	no
211	RhostsRSAAuthentication	no
212	BatchMode		yes
213	StrictHostKeyChecking	yes
214EOF
215
216if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
217	trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
218	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
219fi
220
221rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
222
223trace "generate keys"
224for t in rsa rsa1; do
225	# generate user key
226	rm -f $OBJ/$t
227	${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
228		fail "ssh-keygen for $t failed"
229
230	# known hosts file for client
231	(
232		echo -n 'localhost-with-alias,127.0.0.1,::1 '
233		cat $OBJ/$t.pub
234	) >> $OBJ/known_hosts
235
236	# setup authorized keys
237	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
238	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
239
240	# use key as host key, too
241	$SUDO cp $OBJ/$t $OBJ/host.$t
242	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
243
244	# don't use SUDO for proxy connect
245	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
246done
247chmod 644 $OBJ/authorized_keys_$USER
248
249# Activate Twisted Conch tests if the binary is present
250REGRESS_INTEROP_CONCH=no
251if test -x "$CONCH" ; then
252	REGRESS_INTEROP_CONCH=yes
253fi
254
255# If PuTTY is present and we are running a PuTTY test, prepare keys and
256# configuration
257REGRESS_INTEROP_PUTTY=no
258if test -x "$PUTTYGEN" -a -x "$PLINK" ; then
259	REGRESS_INTEROP_PUTTY=yes
260fi
261case "$SCRIPT" in
262*putty*)	;;
263*)		REGRESS_INTEROP_PUTTY=no ;;
264esac
265
266if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
267	mkdir -p ${OBJ}/.putty
268
269	# Add a PuTTY key to authorized_keys
270	rm -f ${OBJ}/putty.rsa2
271	puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
272	puttygen -O public-openssh ${OBJ}/putty.rsa2 \
273	    >> $OBJ/authorized_keys_$USER
274
275	# Convert rsa2 host key to PuTTY format
276	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
277	    ${OBJ}/.putty/sshhostkeys
278	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
279	    ${OBJ}/.putty/sshhostkeys
280
281	# Setup proxied session
282	mkdir -p ${OBJ}/.putty/sessions
283	rm -f ${OBJ}/.putty/sessions/localhost_proxy
284	echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
285	echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
286	echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
287	echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
288
289	REGRESS_INTEROP_PUTTY=yes
290fi
291
292# create a proxy version of the client config
293(
294	cat $OBJ/ssh_config
295	echo proxycommand sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy
296) > $OBJ/ssh_proxy
297
298# check proxy config
299${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
300
301start_sshd ()
302{
303	# start sshd
304	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
305	$SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1
306
307	trace "wait for sshd"
308	i=0;
309	while [ ! -f $PIDFILE -a $i -lt 5 ]; do
310		i=`expr $i + 1`
311		sleep $i
312	done
313
314	test -f $PIDFILE || fatal "no sshd running on port $PORT"
315}
316
317# source test body
318. $SCRIPT
319
320# kill sshd
321cleanup
322if [ $RESULT -eq 0 ]; then
323	verbose ok $tid
324else
325	echo failed $tid
326fi
327exit $RESULT
328