1# $OpenBSD: scp.sh,v 1.13 2021/08/10 03:35:45 djm Exp $ 2# Placed in the Public Domain. 3 4tid="scp" 5 6#set -x 7 8COPY2=${OBJ}/copy2 9DIR=${COPY}.dd 10DIR2=${COPY}.dd2 11 12SRC=`dirname ${SCRIPT}` 13cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp 14chmod 755 ${OBJ}/scp-ssh-wrapper.scp 15export SCP # used in scp-ssh-wrapper.scp 16 17scpclean() { 18 rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} 19 mkdir ${DIR} ${DIR2} 20 chmod 755 ${DIR} ${DIR2} 21} 22 23for mode in scp sftp ; do 24 tag="$tid: $mode mode" 25 if test $mode = scp ; then 26 scpopts="-O -q -S ${OBJ}/scp-ssh-wrapper.scp" 27 else 28 scpopts="-s -D ${SFTPSERVER}" 29 fi 30 verbose "tid: simple copy local file to local file" 31 scpclean 32 $SCP $scpopts ${DATA} ${COPY} || fail "copy failed" 33 cmp ${DATA} ${COPY} || fail "corrupted copy" 34 35 verbose "$tag: simple copy local file to remote file" 36 scpclean 37 $SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" 38 cmp ${DATA} ${COPY} || fail "corrupted copy" 39 40 verbose "$tag: simple copy remote file to local file" 41 scpclean 42 $SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed" 43 cmp ${DATA} ${COPY} || fail "corrupted copy" 44 45 verbose "$tag: simple copy local file to remote dir" 46 scpclean 47 cp ${DATA} ${COPY} 48 $SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed" 49 cmp ${COPY} ${DIR}/copy || fail "corrupted copy" 50 51 verbose "$tag: simple copy local file to local dir" 52 scpclean 53 cp ${DATA} ${COPY} 54 $SCP $scpopts ${COPY} ${DIR} || fail "copy failed" 55 cmp ${COPY} ${DIR}/copy || fail "corrupted copy" 56 57 verbose "$tag: simple copy remote file to local dir" 58 scpclean 59 cp ${DATA} ${COPY} 60 $SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed" 61 cmp ${COPY} ${DIR}/copy || fail "corrupted copy" 62 63 verbose "$tag: recursive local dir to remote dir" 64 scpclean 65 rm -rf ${DIR2} 66 cp ${DATA} ${DIR}/copy 67 $SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed" 68 diff -rN ${DIR} ${DIR2} || fail "corrupted copy" 69 70 verbose "$tag: recursive local dir to local dir" 71 scpclean 72 rm -rf ${DIR2} 73 cp ${DATA} ${DIR}/copy 74 $SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed" 75 diff -rN ${DIR} ${DIR2} || fail "corrupted copy" 76 77 verbose "$tag: recursive remote dir to local dir" 78 scpclean 79 rm -rf ${DIR2} 80 cp ${DATA} ${DIR}/copy 81 $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" 82 diff -rN ${DIR} ${DIR2} || fail "corrupted copy" 83 84 verbose "$tag: shell metacharacters" 85 scpclean 86 (cd ${DIR} && \ 87 touch '`touch metachartest`' && \ 88 $SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \ 89 [ ! -f metachartest ] ) || fail "shell metacharacters" 90 91 if [ ! -z "$SUDO" ]; then 92 verbose "$tag: skipped file after scp -p with failed chown+utimes" 93 scpclean 94 cp -p ${DATA} ${DIR}/copy 95 cp -p ${DATA} ${DIR}/copy2 96 cp ${DATA} ${DIR2}/copy 97 chmod 660 ${DIR2}/copy 98 $SUDO chown root ${DIR2}/copy 99 $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 100 $SUDO diff -rN ${DIR} ${DIR2} || fail "corrupted copy" 101 $SUDO rm ${DIR2}/copy 102 fi 103 104 for i in 0 1 2 3 4 5 6 7; do 105 verbose "$tag: disallow bad server #$i" 106 SCPTESTMODE=badserver_$i 107 export DIR SCPTESTMODE 108 scpclean 109 $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null 110 [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir" 111 [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode" 112 113 scpclean 114 $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null 115 [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" 116 117 scpclean 118 $SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null 119 [ ! -w ${DIR2} ] && fail "allows target root attribute change" 120 121 scpclean 122 $SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null 123 [ -e ${DIR2}/extrafile ] && fail "allows unauth object creation" 124 rm -f ${DIR2}/extrafile 125 done 126 127 verbose "$tag: detect non-directory target" 128 scpclean 129 echo a > ${COPY} 130 echo b > ${COPY2} 131 $SCP $scpopts ${DATA} ${COPY} ${COPY2} 132 cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target" 133done 134 135scpclean 136rm -f ${OBJ}/scp-ssh-wrapper.exe 137