صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
trn
/
j-hpn-ssh
mirrorاز git://github.com/johnsonjh/j-hpn-ssh
دنبال کردن 1
ستاره دار 1
انشعاب 0
پرونده‌ها
شاخه: master
شاخه‌ها تگ‌ها
j-hpn-ssh
/
regress
/
test-exec.sh

test-exec.sh 17 KB
لینک دائمی تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728 
  1. #!/usr/bin/env sh
    2. 

  2. #	$OpenBSD: test-exec.sh,v 1.76 2020/04/04 23:04:41 dtucker Exp $
    3. 

  3. #	Placed in the Public Domain.
    4. 

  4. 

  5. #SUDO=sudo
    6. 

  6. 

  7. # Unbreak GNU head(1)
    8. 

  8. _POSIX2_VERSION=199209
    9. 

  9. export _POSIX2_VERSION
    10. 

  10. 

  11. case `uname -s 2>/dev/null` in
    12. 

  12. OSF1*)
    13. 

  13. 	BIN_SH=xpg4
    14. 

  14. 	export BIN_SH
    15. 

  15. 	;;
    16. 

  16. CYGWIN*)
    17. 

  17. 	os=cygwin
    18. 

  18. 	;;
    19. 

  19. esac
    20. 

  20. 

  21. if [ ! -z "$TEST_SSH_PORT" ]; then
    22. 

  22. 	PORT="$TEST_SSH_PORT"
    23. 

  23. else
    24. 

  24. 	PORT=4242
    25. 

  25. fi
    26. 

  26. 

  27. # If configure tells us to use a different egrep, create a wrapper function
    28. 

  28. # to call it.  This means we don't need to change all the tests that depend
    29. 

  29. # on a good implementation.
    30. 

  30. if test "x${EGREP}" != "x"; then
    31. 

  31. 	egrep ()
    32. 

  32. {
    33. 

  33. 	 ${EGREP} "$@"
    34. 

  34. }
    35. 

  35. fi
    36. 

  36. 

  37. if [ -x /usr/ucb/whoami ]; then
    38. 

  38. 	USER=`/usr/ucb/whoami`
    39. 

  39. elif whoami >/dev/null 2>&1; then
    40. 

  40. 	USER=`whoami`
    41. 

  41. elif logname >/dev/null 2>&1; then
    42. 

  42. 	USER=`logname`
    43. 

  43. else
    44. 

  44. 	USER=`id -un`
    45. 

  45. fi
    46. 

  46. if test -z "$LOGNAME"; then
    47. 

  47. 	LOGNAME="${USER}"
    48. 

  48. 	export LOGNAME
    49. 

  49. fi
    50. 

  50. 

  51. OBJ=$1
    52. 

  52. if [ "x$OBJ" = "x" ]; then
    53. 

  53. 	echo '$OBJ not defined'
    54. 

  54. 	exit 2
    55. 

  55. fi
    56. 

  56. if [ ! -d $OBJ ]; then
    57. 

  57. 	echo "not a directory: $OBJ"
    58. 

  58. 	exit 2
    59. 

  59. fi
    60. 

  60. SCRIPT=$2
    61. 

  61. if [ "x$SCRIPT" = "x" ]; then
    62. 

  62. 	echo '$SCRIPT not defined'
    63. 

  63. 	exit 2
    64. 

  64. fi
    65. 

  65. if [ ! -f $SCRIPT ]; then
    66. 

  66. 	echo "not a file: $SCRIPT"
    67. 

  67. 	exit 2
    68. 

  68. fi
    69. 

  69. if $TEST_SHELL -n $SCRIPT; then
    70. 

  70. 	true
    71. 

  71. else
    72. 

  72. 	echo "syntax error in $SCRIPT"
    73. 

  73. 	exit 2
    74. 

  74. fi
    75. 

  75. unset SSH_AUTH_SOCK
    76. 

  76. 

  77. SRC=`dirname ${SCRIPT}`
    78. 

  78. 

  79. # defaults
    80. 

  80. SSH=ssh
    81. 

  81. SSHD=sshd
    82. 

  82. SSHAGENT=ssh-agent
    83. 

  83. SSHADD=ssh-add
    84. 

  84. SSHKEYGEN=ssh-keygen
    85. 

  85. SSHKEYSCAN=ssh-keyscan
    86. 

  86. SFTP=sftp
    87. 

  87. SFTPSERVER=/usr/libexec/openssh/sftp-server
    88. 

  88. SCP=scp
    89. 

  89. 

  90. # Set by make_tmpdir() on demand (below).
    91. 

  91. SSH_REGRESS_TMP=
    92. 

  92. 

  93. # Interop testing
    94. 

  94. PLINK=plink
    95. 

  95. PUTTYGEN=puttygen
    96. 

  96. CONCH=conch
    97. 

  97. 

  98. # Tools used by multiple tests
    99. 

  99. NC=$OBJ/netcat
    100. 

  100. 

  101. if [ "x$TEST_SSH_SSH" != "x" ]; then
    102. 

  102. 	SSH="${TEST_SSH_SSH}"
    103. 

  103. fi
    104. 

  104. if [ "x$TEST_SSH_SSHD" != "x" ]; then
    105. 

  105. 	SSHD="${TEST_SSH_SSHD}"
    106. 

  106. fi
    107. 

  107. if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
    108. 

  108. 	SSHAGENT="${TEST_SSH_SSHAGENT}"
    109. 

  109. fi
    110. 

  110. if [ "x$TEST_SSH_SSHADD" != "x" ]; then
    111. 

  111. 	SSHADD="${TEST_SSH_SSHADD}"
    112. 

  112. fi
    113. 

  113. if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
    114. 

  114. 	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
    115. 

  115. fi
    116. 

  116. if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
    117. 

  117. 	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
    118. 

  118. fi
    119. 

  119. if [ "x$TEST_SSH_SFTP" != "x" ]; then
    120. 

  120. 	SFTP="${TEST_SSH_SFTP}"
    121. 

  121. fi
    122. 

  122. if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
    123. 

  123. 	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
    124. 

  124. fi
    125. 

  125. if [ "x$TEST_SSH_SCP" != "x" ]; then
    126. 

  126. 	SCP="${TEST_SSH_SCP}"
    127. 

  127. fi
    128. 

  128. if [ "x$TEST_SSH_PLINK" != "x" ]; then
    129. 

  129. 	# Find real binary, if it exists
    130. 

  130. 	case "${TEST_SSH_PLINK}" in
    131. 

  131. 	/*) PLINK="${TEST_SSH_PLINK}" ;;
    132. 

  132. 	*) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
    133. 

  133. 	esac
    134. 

  134. fi
    135. 

  135. if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
    136. 

  136. 	# Find real binary, if it exists
    137. 

  137. 	case "${TEST_SSH_PUTTYGEN}" in
    138. 

  138. 	/*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
    139. 

  139. 	*) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
    140. 

  140. 	esac
    141. 

  141. fi
    142. 

  142. if [ "x$TEST_SSH_CONCH" != "x" ]; then
    143. 

  143. 	# Find real binary, if it exists
    144. 

  144. 	case "${TEST_SSH_CONCH}" in
    145. 

  145. 	/*) CONCH="${TEST_SSH_CONCH}" ;;
    146. 

  146. 	*) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
    147. 

  147. 	esac
    148. 

  148. fi
    149. 

  149. if [ "x$TEST_SSH_PKCS11_HELPER" != "x" ]; then
    150. 

  150. 	SSH_PKCS11_HELPER="${TEST_SSH_PKCS11_HELPER}"
    151. 

  151. fi
    152. 

  152. if [ "x$TEST_SSH_SK_HELPER" != "x" ]; then
    153. 

  153. 	SSH_SK_HELPER="${TEST_SSH_SK_HELPER}"
    154. 

  154. fi
    155. 

  155. 

  156. # Path to sshd must be absolute for rexec
    157. 

  157. case "$SSHD" in
    158. 

  158. /*) ;;
    159. 

  159. *) SSHD=`which $SSHD` ;;
    160. 

  160. esac
    161. 

  161. 

  162. case "$SSHAGENT" in
    163. 

  163. /*) ;;
    164. 

  164. *) SSHAGENT=`which $SSHAGENT` ;;
    165. 

  165. esac
    166. 

  166. 

  167. # Record the actual binaries used.
    168. 

  168. SSH_BIN=${SSH}
    169. 

  169. SSHD_BIN=${SSHD}
    170. 

  170. SSHAGENT_BIN=${SSHAGENT}
    171. 

  171. SSHADD_BIN=${SSHADD}
    172. 

  172. SSHKEYGEN_BIN=${SSHKEYGEN}
    173. 

  173. SSHKEYSCAN_BIN=${SSHKEYSCAN}
    174. 

  174. SFTP_BIN=${SFTP}
    175. 

  175. SFTPSERVER_BIN=${SFTPSERVER}
    176. 

  176. SCP_BIN=${SCP}
    177. 

  177. 

  178. if [ "x$USE_VALGRIND" != "x" ]; then
    179. 

  179. 	rm -rf $OBJ/valgrind-out $OBJ/valgrind-vgdb
    180. 

  180. 	mkdir -p $OBJ/valgrind-out $OBJ/valgrind-vgdb
    181. 

  181. 	# When using sudo ensure low-priv tests can write pipes and logs.
    182. 

  182. 	if [ "x$SUDO" != "x" ]; then
    183. 

  183. 		chmod 777 $OBJ/valgrind-out $OBJ/valgrind-vgdb
    184. 

  184. 	fi
    185. 

  185. 	VG_TEST=`basename $SCRIPT .sh`
    186. 

  186. 

  187. 	# Some tests are difficult to fix.
    188. 

  188. 	case "$VG_TEST" in
    189. 

  189. 	reexec)
    190. 

  190. 		VG_SKIP=1 ;;
    191. 

  191. 	sftp-chroot)
    192. 

  192. 		if [ "x${SUDO}" != "x" ]; then
    193. 

  193. 			VG_SKIP=1
    194. 

  194. 		fi ;;
    195. 

  195. 	esac
    196. 

  196. 

  197. 	if [ x"$VG_SKIP" = "x" ]; then
    198. 

  198. 		VG_LEAK="--leak-check=no"
    199. 

  199. 		if [ x"$VALGRIND_CHECK_LEAKS" != "x" ]; then
    200. 

  200. 			VG_LEAK="--leak-check=full"
    201. 

  201. 		fi
    202. 

  202. 		VG_IGNORE="/bin/*,/sbin/*,/usr/*,/var/*"
    203. 

  203. 		VG_LOG="$OBJ/valgrind-out/${VG_TEST}."
    204. 

  204. 		VG_OPTS="--track-origins=yes $VG_LEAK"
    205. 

  205. 		VG_OPTS="$VG_OPTS --trace-children=yes"
    206. 

  206. 		VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}"
    207. 

  207. 		VG_OPTS="$VG_OPTS --vgdb-prefix=$OBJ/valgrind-vgdb/"
    208. 

  208. 		VG_PATH="valgrind"
    209. 

  209. 		if [ "x$VALGRIND_PATH" != "x" ]; then
    210. 

  210. 			VG_PATH="$VALGRIND_PATH"
    211. 

  211. 		fi
    212. 

  212. 		VG="$VG_PATH $VG_OPTS"
    213. 

  213. 		SSH="$VG --log-file=${VG_LOG}ssh.%p $SSH"
    214. 

  214. 		SSHD="$VG --log-file=${VG_LOG}sshd.%p $SSHD"
    215. 

  215. 		SSHAGENT="$VG --log-file=${VG_LOG}ssh-agent.%p $SSHAGENT"
    216. 

  216. 		SSHADD="$VG --log-file=${VG_LOG}ssh-add.%p $SSHADD"
    217. 

  217. 		SSHKEYGEN="$VG --log-file=${VG_LOG}ssh-keygen.%p $SSHKEYGEN"
    218. 

  218. 		SSHKEYSCAN="$VG --log-file=${VG_LOG}ssh-keyscan.%p $SSHKEYSCAN"
    219. 

  219. 		SFTP="$VG --log-file=${VG_LOG}sftp.%p ${SFTP}"
    220. 

  220. 		SCP="$VG --log-file=${VG_LOG}scp.%p $SCP"
    221. 

  221. 		cat > $OBJ/valgrind-sftp-server.sh << EOF
    222. 

  222. #!/bin/sh
    223. 

  223. exec $VG --log-file=${VG_LOG}sftp-server.%p $SFTPSERVER "\$@"
    224. 

  224. EOF
    225. 

  225. 		chmod a+rx $OBJ/valgrind-sftp-server.sh
    226. 

  226. 		SFTPSERVER="$OBJ/valgrind-sftp-server.sh"
    227. 

  227. 	fi
    228. 

  228. fi
    229. 

  229. 

  230. # Logfiles.
    231. 

  231. # SSH_LOGFILE should be the debug output of ssh(1) only
    232. 

  232. # SSHD_LOGFILE should be the debug output of sshd(8) only
    233. 

  233. # REGRESS_LOGFILE is the output of the test itself stdout and stderr
    234. 

  234. if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
    235. 

  235. 	TEST_SSH_LOGFILE=$OBJ/ssh.log
    236. 

  236. fi
    237. 

  237. if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
    238. 

  238. 	TEST_SSHD_LOGFILE=$OBJ/sshd.log
    239. 

  239. fi
    240. 

  240. if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
    241. 

  241. 	TEST_REGRESS_LOGFILE=$OBJ/regress.log
    242. 

  242. fi
    243. 

  243. 

  244. # truncate logfiles
    245. 

  245. >$TEST_SSH_LOGFILE
    246. 

  246. >$TEST_SSHD_LOGFILE
    247. 

  247. >$TEST_REGRESS_LOGFILE
    248. 

  248. 

  249. # Create wrapper ssh with logging.  We can't just specify "SSH=ssh -E..."
    250. 

  250. # because sftp and scp don't handle spaces in arguments.
    251. 

  251. SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
    252. 

  252. echo "#!/bin/sh" > $SSHLOGWRAP
    253. 

  253. echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
    254. 

  254. 

  255. chmod a+rx $OBJ/ssh-log-wrapper.sh
    256. 

  256. REAL_SSH="$SSH"
    257. 

  257. REAL_SSHD="$SSHD"
    258. 

  258. SSH="$SSHLOGWRAP"
    259. 

  259. 

  260. # Some test data.  We make a copy because some tests will overwrite it.
    261. 

  261. # The tests may assume that $DATA exists and is writable and $COPY does
    262. 

  262. # not exist.  Tests requiring larger data files can call increase_datafile_size
    263. 

  263. # [kbytes] to ensure the file is at least that large.
    264. 

  264. DATANAME=data
    265. 

  265. DATA=$OBJ/${DATANAME}
    266. 

  266. cat ${SSHAGENT_BIN} >${DATA}
    267. 

  267. chmod u+w ${DATA}
    268. 

  268. COPY=$OBJ/copy
    269. 

  269. rm -f ${COPY}
    270. 

  270. 

  271. increase_datafile_size()
    272. 

  272. {
    273. 

  273. 	while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
    274. 

  274. 		cat ${SSHAGENT_BIN} >>${DATA}
    275. 

  275. 	done
    276. 

  276. }
    277. 

  277. 

  278. # these should be used in tests
    279. 

  279. export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
    280. 

  280. export SSH_PKCS11_HELPER SSH_SK_HELPER
    281. 

  281. #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
    282. 

  282. 

  283. # Portable specific functions
    284. 

  284. have_prog()
    285. 

  285. {
    286. 

  286. 	saved_IFS="$IFS"
    287. 

  287. 	IFS=":"
    288. 

  288. 	for i in $PATH
    289. 

  289. 	do
    290. 

  290. 		if [ -x $i/$1 ]; then
    291. 

  291. 			IFS="$saved_IFS"
    292. 

  292. 			return 0
    293. 

  293. 		fi
    294. 

  294. 	done
    295. 

  295. 	IFS="$saved_IFS"
    296. 

  296. 	return 1
    297. 

  297. }
    298. 

  298. 

  299. jot() {
    300. 

  300. 	awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
    301. 

  301. }
    302. 

  302. 

  303. # Check whether preprocessor symbols are defined in config.h.
    304. 

  304. config_defined ()
    305. 

  305. {
    306. 

  306. 	str=$1
    307. 

  307. 	while test "x$2" != "x" ; do
    308. 

  308. 		str="$str|$2"
    309. 

  309. 		shift
    310. 

  310. 	done
    311. 

  311. 	egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
    312. 

  312. }
    313. 

  313. 

  314. md5 () {
    315. 

  315. 	if have_prog md5sum; then
    316. 

  316. 		md5sum
    317. 

  317. 	elif have_prog openssl; then
    318. 

  318. 		openssl md5
    319. 

  319. 	elif have_prog cksum; then
    320. 

  320. 		cksum
    321. 

  321. 	elif have_prog sum; then
    322. 

  322. 		sum
    323. 

  323. 	else
    324. 

  324. 		wc -c
    325. 

  325. 	fi
    326. 

  326. }
    327. 

  327. 

  328. # Some platforms don't have hostname at all, but on others uname -n doesn't
    329. 

  329. # provide the fully qualified name we need, so in the former case we create
    330. 

  330. # our own hostname function.
    331. 

  331. if ! have_prog hostname; then
    332. 

  332. 	hostname() {
    333. 

  333. 		uname -n
    334. 

  334. 	}
    335. 

  335. fi
    336. 

  336. # End of portable specific functions
    337. 

  337. 

  338. stop_sshd ()
    339. 

  339. {
    340. 

  340. 	if [ -f $PIDFILE ]; then
    341. 

  341. 		pid=`$SUDO cat $PIDFILE`
    342. 

  342. 		if [ "X$pid" = "X" ]; then
    343. 

  343. 			echo no sshd running
    344. 

  344. 		else
    345. 

  345. 			if [ $pid -lt 2 ]; then
    346. 

  346. 				echo bad pid for sshd: $pid
    347. 

  347. 			else
    348. 

  348. 				$SUDO kill $pid
    349. 

  349. 				trace "wait for sshd to exit"
    350. 

  350. 				i=0;
    351. 

  351. 				while [ -f $PIDFILE -a $i -lt 5 ]; do
    352. 

  352. 					i=`expr $i + 1`
    353. 

  353. 					sleep $i
    354. 

  354. 				done
    355. 

  355. 				if test -f $PIDFILE; then
    356. 

  356. 					if $SUDO kill -0 $pid; then
    357. 

  357. 						echo "sshd didn't exit " \
    358. 

  358. 						    "port $PORT pid $pid"
    359. 

  359. 					else
    360. 

  360. 						echo "sshd died without cleanup"
    361. 

  361. 					fi
    362. 

  362. 					exit 1
    363. 

  363. 				fi
    364. 

  364. 			fi
    365. 

  365. 		fi
    366. 

  366. 	fi
    367. 

  367. }
    368. 

  368. 

  369. make_tmpdir ()
    370. 

  370. {
    371. 

  371. 	SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
    372. 

  372. 	    fatal "failed to create temporary directory"
    373. 

  373. }
    374. 

  374. 

  375. # helper
    376. 

  376. cleanup ()
    377. 

  377. {
    378. 

  378. 	if [ "x$SSH_PID" != "x" ]; then
    379. 

  379. 		if [ $SSH_PID -lt 2 ]; then
    380. 

  380. 			echo bad pid for ssh: $SSH_PID
    381. 

  381. 		else
    382. 

  382. 			kill $SSH_PID
    383. 

  383. 		fi
    384. 

  384. 	fi
    385. 

  385. 	if [ "x$SSH_REGRESS_TMP" != "x" ]; then
    386. 

  386. 		rm -rf "$SSH_REGRESS_TMP"
    387. 

  387. 	fi
    388. 

  388. 	stop_sshd
    389. 

  389. }
    390. 

  390. 

  391. start_debug_log ()
    392. 

  392. {
    393. 

  393. 	echo "trace: $@" >$TEST_REGRESS_LOGFILE
    394. 

  394. 	echo "trace: $@" >$TEST_SSH_LOGFILE
    395. 

  395. 	echo "trace: $@" >$TEST_SSHD_LOGFILE
    396. 

  396. }
    397. 

  397. 

  398. save_debug_log ()
    399. 

  399. {
    400. 

  400. 	echo $@ >>$TEST_REGRESS_LOGFILE
    401. 

  401. 	echo $@ >>$TEST_SSH_LOGFILE
    402. 

  402. 	echo $@ >>$TEST_SSHD_LOGFILE
    403. 

  403. 	(cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
    404. 

  404. 	(cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
    405. 

  405. 	(cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
    406. 

  406. }
    407. 

  407. 

  408. trace ()
    409. 

  409. {
    410. 

  410. 	start_debug_log $@
    411. 

  411. 	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
    412. 

  412. 		echo "$@"
    413. 

  413. 	fi
    414. 

  414. }
    415. 

  415. 

  416. verbose ()
    417. 

  417. {
    418. 

  418. 	start_debug_log $@
    419. 

  419. 	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
    420. 

  420. 		echo "$@"
    421. 

  421. 	fi
    422. 

  422. }
    423. 

  423. 

  424. warn ()
    425. 

  425. {
    426. 

  426. 	echo "WARNING: $@" >>$TEST_SSH_LOGFILE
    427. 

  427. 	echo "WARNING: $@"
    428. 

  428. }
    429. 

  429. 

  430. fail ()
    431. 

  431. {
    432. 

  432. 	save_debug_log "FAIL: $@"
    433. 

  433. 	RESULT=1
    434. 

  434. 	echo "$@"
    435. 

  435. 	if test "x$TEST_SSH_FAIL_FATAL" != "x" ; then
    436. 

  436. 		cleanup
    437. 

  437. 		exit $RESULT
    438. 

  438. 	fi
    439. 

  439. }
    440. 

  440. 

  441. fatal ()
    442. 

  442. {
    443. 

  443. 	save_debug_log "FATAL: $@"
    444. 

  444. 	printf "FATAL: "
    445. 

  445. 	fail "$@"
    446. 

  446. 	cleanup
    447. 

  447. 	exit $RESULT
    448. 

  448. }
    449. 

  449. 

  450. RESULT=0
    451. 

  451. PIDFILE=$OBJ/pidfile
    452. 

  452. 

  453. trap fatal 3 2
    454. 

  454. 

  455. # create server config
    456. 

  456. cat << EOF > $OBJ/sshd_config
    457. 

  457. 	StrictModes		no
    458. 

  458. 	Port			$PORT
    459. 

  459. 	AddressFamily		inet
    460. 

  460. 	ListenAddress		127.0.0.1
    461. 

  461. 	#ListenAddress		::1
    462. 

  462. 	PidFile			$PIDFILE
    463. 

  463. 	AuthorizedKeysFile	$OBJ/authorized_keys_%u
    464. 

  464. 	LogLevel		DEBUG3
    465. 

  465. 	AcceptEnv		_XXX_TEST_*
    466. 

  466. 	AcceptEnv		_XXX_TEST
    467. 

  467. 	Subsystem	sftp	$SFTPSERVER
    468. 

  468. EOF
    469. 

  469. 

  470. # This may be necessary if /usr/src and/or /usr/obj are group-writable,
    471. 

  471. # but if you aren't careful with permissions then the unit tests could
    472. 

  472. # be abused to locally escalate privileges.
    473. 

  473. if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
    474. 

  474. 	echo "StrictModes no" >> $OBJ/sshd_config
    475. 

  475. else
    476. 

  476. 	# check and warn if excessive permissions are likely to cause failures.
    477. 

  477. 	unsafe=""
    478. 

  478. 	dir="${OBJ}"
    479. 

  479. 	while test ${dir} != "/"; do
    480. 

  480. 		if test -d "${dir}" && ! test -h "${dir}"; then
    481. 

  481. 			perms=`ls -ld ${dir}`
    482. 

  482. 			case "${perms}" in
    483. 

  483. 			?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;;
    484. 

  484. 			esac
    485. 

  485. 		fi
    486. 

  486. 		dir=`dirname ${dir}`
    487. 

  487. 	done
    488. 

  488. 	if ! test  -z "${unsafe}"; then
    489. 

  489. 		cat <<EOD
    490. 

  490. 

  491. WARNING: Unsafe (group or world writable) directory permissions found:
    492. 

  492. ${unsafe}
    493. 

  493. 

  494. These could be abused to locally escalate privileges.  If you are
    495. 

  495. sure that this is not a risk (eg there are no other users), you can
    496. 

  496. bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1
    497. 

  497. 

  498. EOD
    499. 

  499. 	fi
    500. 

  500. fi
    501. 

  501. 

  502. if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
    503. 

  503. 	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
    504. 

  504. 	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
    505. 

  505. fi
    506. 

  506. 

  507. # server config for proxy connects
    508. 

  508. cp $OBJ/sshd_config $OBJ/sshd_proxy
    509. 

  509. 

  510. # allow group-writable directories in proxy-mode
    511. 

  511. echo 'StrictModes no' >> $OBJ/sshd_proxy
    512. 

  512. 

  513. # create client config
    514. 

  514. cat << EOF > $OBJ/ssh_config
    515. 

  515. Host *
    516. 

  516. 	Hostname		127.0.0.1
    517. 

  517. 	HostKeyAlias		localhost-with-alias
    518. 

  518. 	Port			$PORT
    519. 

  519. 	User			$USER
    520. 

  520. 	GlobalKnownHostsFile	$OBJ/known_hosts
    521. 

  521. 	UserKnownHostsFile	$OBJ/known_hosts
    522. 

  522. 	PubkeyAuthentication	yes
    523. 

  523. 	ChallengeResponseAuthentication	no
    524. 

  524. 	HostbasedAuthentication	no
    525. 

  525. 	PasswordAuthentication	no
    526. 

  526. 	BatchMode		yes
    527. 

  527. 	StrictHostKeyChecking	yes
    528. 

  528. 	LogLevel		DEBUG3
    529. 

  529. EOF
    530. 

  530. 

  531. if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
    532. 

  532. 	trace "adding ssh_config option $TEST_SSH_SSH_CONFOPTS"
    533. 

  533. 	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
    534. 

  534. fi
    535. 

  535. 

  536. rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
    537. 

  537. 

  538. SSH_SK_PROVIDER=
    539. 

  539. if ! config_defined ENABLE_SK; then
    540. 

  540. 	trace skipping sk-dummy
    541. 

  541. elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
    542. 

  542. 	SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
    543. 

  543. elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
    544. 

  544. 	SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
    545. 

  545. fi
    546. 

  546. export SSH_SK_PROVIDER
    547. 

  547. 

  548. if ! test -z "$SSH_SK_PROVIDER"; then
    549. 

  549. 	EXTRA_AGENT_ARGS='-P/*' # XXX want realpath(1)...
    550. 

  550. 	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/ssh_config
    551. 

  551. 	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_config
    552. 

  552. 	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_proxy
    553. 

  553. fi
    554. 

  554. export EXTRA_AGENT_ARGS
    555. 

  555. 

  556. maybe_filter_sk() {
    557. 

  557. 	if test -z "$SSH_SK_PROVIDER" ; then
    558. 

  558. 		grep -v ^sk
    559. 

  559. 	else
    560. 

  560. 		cat
    561. 

  561. 	fi
    562. 

  562. }
    563. 

  563. 

  564. SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk`
    565. 

  565. SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk`
    566. 

  566. 

  567. for t in ${SSH_KEYTYPES}; do
    568. 

  568. 	# generate user key
    569. 

  569. 	if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then
    570. 

  570. 		trace "generating key type $t"
    571. 

  571. 		rm -f $OBJ/$t
    572. 

  572. 		${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
    573. 

  573. 			fail "ssh-keygen for $t failed"
    574. 

  574. 	else
    575. 

  575. 		trace "using cached key type $t"
    576. 

  576. 	fi
    577. 

  577. 

  578. 	# setup authorized keys
    579. 

  579. 	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
    580. 

  580. 	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
    581. 

  581. done
    582. 

  582. 

  583. for t in ${SSH_HOSTKEY_TYPES}; do
    584. 

  584. 	# known hosts file for client
    585. 

  585. 	(
    586. 

  586. 		printf 'localhost-with-alias,127.0.0.1,::1 '
    587. 

  587. 		cat $OBJ/$t.pub
    588. 

  588. 	) >> $OBJ/known_hosts
    589. 

  589. 

  590. 	# use key as host key, too
    591. 

  591. 	$SUDO cp $OBJ/$t $OBJ/host.$t
    592. 

  592. 	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
    593. 

  593. 

  594. 	# don't use SUDO for proxy connect
    595. 

  595. 	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
    596. 

  596. done
    597. 

  597. chmod 644 $OBJ/authorized_keys_$USER
    598. 

  598. 

  599. # Activate Twisted Conch tests if the binary is present
    600. 

  600. REGRESS_INTEROP_CONCH=no
    601. 

  601. if test -x "$CONCH" ; then
    602. 

  602. 	REGRESS_INTEROP_CONCH=yes
    603. 

  603. fi
    604. 

  604. case "$SCRIPT" in
    605. 

  605. *conch*)	;;
    606. 

  606. *)		REGRESS_INTEROP_CONCH=no
    607. 

  607. esac
    608. 

  608. 

  609. if test "$REGRESS_INTEROP_CONCH" = "yes" ; then
    610. 

  610. 	# Convert rsa key to old format to work around
    611. 

  611. 	# https://twistedmatrix.com/trac/ticket/9515
    612. 

  612. 	cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
    613. 

  613. 	cp $OBJ/ssh-rsa.pub $OBJ/ssh-rsa_oldfmt.pub
    614. 

  614. 	${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
    615. 

  615. fi
    616. 

  616. 

  617. # If PuTTY is present, new enough and we are running a PuTTY test, prepare
    618. 

  618. # keys and configuration.
    619. 

  619. REGRESS_INTEROP_PUTTY=no
    620. 

  620. if test -x "$PUTTYGEN" -a -x "$PLINK" &&
    621. 

  621.     "$PUTTYGEN" --help 2>&1 | grep -- --new-passphrase >/dev/null; then
    622. 

  622. 	REGRESS_INTEROP_PUTTY=yes
    623. 

  623. fi
    624. 

  624. case "$SCRIPT" in
    625. 

  625. *putty*)	;;
    626. 

  626. *)		REGRESS_INTEROP_PUTTY=no ;;
    627. 

  627. esac
    628. 

  628. 

  629. if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
    630. 

  630. 	mkdir -p ${OBJ}/.putty
    631. 

  631. 

  632. 	# Add a PuTTY key to authorized_keys
    633. 

  633. 	rm -f ${OBJ}/putty.rsa2
    634. 

  634. 	if ! "$PUTTYGEN" -t rsa -o ${OBJ}/putty.rsa2 \
    635. 

  635. 	    --random-device=/dev/urandom \
    636. 

  636. 	    --new-passphrase /dev/null < /dev/null > /dev/null; then
    637. 

  637. 		echo "Your installed version of PuTTY is too old to support --new-passphrase, skipping test" >&2
    638. 

  638. 		exit 1
    639. 

  639. 	fi
    640. 

  640. 	"$PUTTYGEN" -O public-openssh ${OBJ}/putty.rsa2 \
    641. 

  641. 	    >> $OBJ/authorized_keys_$USER
    642. 

  642. 

  643. 	# Convert rsa2 host key to PuTTY format
    644. 

  644. 	cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
    645. 

  645. 	${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
    646. 

  646. 	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \
    647. 

  647. 	    ${OBJ}/.putty/sshhostkeys
    648. 

  648. 	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \
    649. 

  649. 	    ${OBJ}/.putty/sshhostkeys
    650. 

  650. 	rm -f $OBJ/ssh-rsa_oldfmt
    651. 

  651. 

  652. 	# Setup proxied session
    653. 

  653. 	mkdir -p ${OBJ}/.putty/sessions
    654. 

  654. 	rm -f ${OBJ}/.putty/sessions/localhost_proxy
    655. 

  655. 	echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy
    656. 

  656. 	echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
    657. 

  657. 	echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
    658. 

  658. 	echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
    659. 

  659. 	echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
    660. 

  660. 	echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
    661. 

  661. 

  662. 	PUTTYDIR=${OBJ}/.putty
    663. 

  663. 	export PUTTYDIR
    664. 

  664. fi
    665. 

  665. 

  666. # create a proxy version of the client config
    667. 

  667. (
    668. 

  668. 	cat $OBJ/ssh_config
    669. 

  669. 	echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy
    670. 

  670. ) > $OBJ/ssh_proxy
    671. 

  671. 

  672. # check proxy config
    673. 

  673. ${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
    674. 

  674. 

  675. start_sshd ()
    676. 

  676. {
    677. 

  677. 	# start sshd
    678. 

  678. 	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
    679. 

  679. 	$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \
    680. 

  680. 	    ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
    681. 

  681. 

  682. 	trace "wait for sshd"
    683. 

  683. 	i=0;
    684. 

  684. 	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
    685. 

  685. 		i=`expr $i + 1`
    686. 

  686. 		sleep $i
    687. 

  687. 	done
    688. 

  688. 

  689. 	test -f $PIDFILE || fatal "no sshd running on port $PORT"
    690. 

  690. }
    691. 

  691. 

  692. # source test body
    693. 

  693. . $SCRIPT
    694. 

  694. 

  695. # kill sshd
    696. 

  696. cleanup
    697. 

  697. 

  698. if [ "x$USE_VALGRIND" != "x" ]; then
    699. 

  699. 	# wait for any running process to complete
    700. 

  700. 	wait; sleep 1
    701. 

  701. 	VG_RESULTS=$(find $OBJ/valgrind-out -type f -print)
    702. 

  702. 	VG_RESULT_COUNT=0
    703. 

  703. 	VG_FAIL_COUNT=0
    704. 

  704. 	for i in $VG_RESULTS; do
    705. 

  705. 		if grep "ERROR SUMMARY" $i >/dev/null; then
    706. 

  706. 			VG_RESULT_COUNT=$(($VG_RESULT_COUNT + 1))
    707. 

  707. 			if ! grep "ERROR SUMMARY: 0 errors" $i >/dev/null; then
    708. 

  708. 				VG_FAIL_COUNT=$(($VG_FAIL_COUNT + 1))
    709. 

  709. 				RESULT=1
    710. 

  710. 				verbose valgrind failure $i
    711. 

  711. 				cat $i
    712. 

  712. 			fi
    713. 

  713. 		fi
    714. 

  714. 	done
    715. 

  715. 	if [ x"$VG_SKIP" != "x" ]; then
    716. 

  716. 		verbose valgrind skipped
    717. 

  717. 	else
    718. 

  718. 		verbose valgrind results $VG_RESULT_COUNT failures $VG_FAIL_COUNT
    719. 

  719. 	fi
    720. 

  720. fi
    721. 

  721. 

  722. if [ $RESULT -eq 0 ]; then
    723. 

  723. 	verbose ok $tid
    724. 

  724. else
    725. 

  725. 	echo failed $tid
    726. 

  726. fi
    727. 

  727. exit $RESULT
    728. 

  728.