Lines Matching +full:wait +full:- +full:pin
1 # $OpenBSD: test-exec.sh,v 1.119 2024/06/20 08:18:34 dtucker Exp $
6 if [ ! -z "$TEST_SSH_ELAPSED_TIMES" ]; then
10 if [ ! -z "$TEST_SSH_PORT" ]; then
21 if [ ! -d $OBJ ]; then
30 if [ ! -f $SCRIPT ]; then
34 if $TEST_SHELL -n $SCRIPT; then
42 # Portable-specific settings.
44 if [ -x /usr/ucb/whoami ]; then
51 USER=`id -un`
53 if test -z "$LOGNAME"; then
62 case `uname -s 2>/dev/null` in
87 SSHAGENT=ssh-agent
88 SSHADD=ssh-add
89 SSHKEYGEN=ssh-keygen
90 SSHKEYSCAN=ssh-keyscan
92 SFTPSERVER=/usr/libexec/openssh/sftp-server
93 SSHD_SESSION=/usr/libexec/sshd-session
109 TEST_SHELL="${TEST_SHELL:-/bin/sh}"
114 #OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
200 rm -rf $OBJ/valgrind-out $OBJ/valgrind-vgdb
201 mkdir -p $OBJ/valgrind-out $OBJ/valgrind-vgdb
202 # When using sudo ensure low-priv tests can write pipes and logs.
204 chmod 777 $OBJ/valgrind-out $OBJ/valgrind-vgdb
212 sftp-chroot)
219 VG_LEAK="--leak-check=no"
221 VG_LEAK="--leak-check=full"
224 VG_LOG="$OBJ/valgrind-out/${VG_TEST}."
225 VG_OPTS="--track-origins=yes $VG_LEAK"
226 VG_OPTS="$VG_OPTS --trace-children=yes"
227 VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}"
228 VG_OPTS="$VG_OPTS --vgdb-prefix=$OBJ/valgrind-vgdb/"
234 SSH="$VG --log-file=${VG_LOG}ssh.%p $SSH"
235 SSHD="$VG --log-file=${VG_LOG}sshd.%p $SSHD"
236 SSHAGENT="$VG --log-file=${VG_LOG}ssh-agent.%p $SSHAGENT"
237 SSHADD="$VG --log-file=${VG_LOG}ssh-add.%p $SSHADD"
238 SSHKEYGEN="$VG --log-file=${VG_LOG}ssh-keygen.%p $SSHKEYGEN"
239 SSHKEYSCAN="$VG --log-file=${VG_LOG}ssh-keyscan.%p $SSHKEYSCAN"
240 SFTP="$VG --log-file=${VG_LOG}sftp.%p ${SFTP}"
241 SCP="$VG --log-file=${VG_LOG}scp.%p $SCP"
242 cat > $OBJ/valgrind-sftp-server.sh << EOF
244 exec $VG --log-file=${VG_LOG}sftp-server.%p $SFTPSERVER "\$@"
246 chmod a+rx $OBJ/valgrind-sftp-server.sh
247 SFTPSERVER="$OBJ/valgrind-sftp-server.sh"
259 mkdir -p $TEST_SSH_LOGDIR
274 if [ ! -d "$TEST_REGRESS_CACHE_DIR" ]; then
275 mkdir -p "$TEST_REGRESS_CACHE_DIR"
285 if [ "$bin" -nt "$CACHE" ]; then
286 rm -f "$CACHE"
289 if [ -f "$CACHE" ]; then
303 # For ssh, e can't just specify "SSH=ssh -E..." because sftp and scp don't
304 # handle spaces in arguments. scp and sftp like to use -q so we remove those
305 # to preserve our debug logging. In the rare instance where -q is desirable
306 # -qq is equivalent and is not removed.
307 SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
314 for i in "\$@";do shift;case "\$i" in -q):;; *) set -- "\$@" "\$i";;esac;done
315 rm -f $TEST_SSH_LOGFILE
316 ln -f -s \${logfile} $TEST_SSH_LOGFILE
317 exec ${SSH} -E\${logfile} "\$@"
320 chmod a+rx $OBJ/ssh-log-wrapper.sh
325 SSHDLOGWRAP=$OBJ/sshd-log-wrapper.sh
330 rm -f $TEST_SSHD_LOGFILE
332 test -z "$SUDO" || chown $USER \$logfile
333 ln -f -s \${logfile} $TEST_SSHD_LOGFILE
336 exec ${SSHD} -E\${logfile} "\$@"
338 chmod a+rx $OBJ/sshd-log-wrapper.sh
358 rm -f ${COPY}
362 while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
379 if [ -x $i/$1 ]; then
400 if [ ! -x "`which rev`" ]; then
403 awk '{for (i=length; i>0; i--) printf "%s", substr($0, i, 1); print ""}'
407 if [ -x "/usr/xpg4/bin/id" ]; then
434 elif [ -x ${OPENSSL_BIN} ]; then
437 wc -c
441 # Some platforms don't have hostname at all, but on others uname -n doesn't
446 uname -n
452 SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
459 [ -z $PIDFILE ] && return
460 [ -f $PIDFILE ] || return
465 elif [ $pid -lt 2 ]; then
470 trace "wait for sshd to exit"
472 while [ -f $PIDFILE -a $i -lt 5 ]; do
476 if test -f $PIDFILE; then
477 if $SUDO kill -0 $pid; then
491 if [ $SSH_PID -lt 2 ]; then
498 rm -rf "$SSH_REGRESS_TMP"
501 if [ ! -z "$TEST_SSH_ELAPSED_TIMES" ]; then
503 elapsed=$(($now - $STARTTIME))
511 if [ -d "$TEST_SSH_LOGDIR" ]; then
512 rm -f $TEST_SSH_LOGDIR/*
519 tarname="$OBJ/failed-$testname-logs.tar"
523 if [ ! -z "$SUDO" ] && [ -f "$logfile" ]; then
524 $SUDO chown -R $USER $logfile
531 (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
532 (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
533 (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
540 if [ -e "`basename $i`" ]; then
595 # If we're testing a non-installed scp, add its directory to sshd's
627 # This may be necessary if /usr/src and/or /usr/obj are group-writable,
630 if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
637 if test -d "${dir}" && ! test -h "${dir}"; then
638 perms=`ls -ld ${dir}`
645 if ! test -z "${unsafe}"; then
659 if [ ! -z "$TEST_SSH_MODULI_FILE" ]; then
664 if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
672 # allow group-writable directories in proxy-mode
679 HostKeyAlias localhost-with-alias
692 if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
697 rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
701 trace skipping sk-dummy
702 elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
703 SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
704 elif [ -f "${OBJ}/misc/sk-dummy/sk-dummy.so" ] ; then
705 SSH_SK_PROVIDER="${OBJ}/misc/sk-dummy/sk-dummy.so"
706 elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
707 SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
711 if ! test -z "$SSH_SK_PROVIDER"; then
712 EXTRA_AGENT_ARGS='-P/*' # XXX want realpath(1)...
720 if test -z "$SSH_SK_PROVIDER" ; then
721 grep -v ^sk
727 SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk`
728 SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk`
732 if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then
734 rm -f $OBJ/$t
735 ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\
736 fail "ssh-keygen for $t failed"
749 printf 'localhost-with-alias,127.0.0.1,::1 '
764 if test -x "$CONCH" ; then
771 if test -x "$PUTTYGEN" -a -x "$PLINK" &&
772 "$PUTTYGEN" --help 2>&1 | grep -- --new-passphrase >/dev/null; then
785 mkdir -p ${OBJ}/.putty
788 rm -f ${OBJ}/putty.rsa2
789 if ! "$PUTTYGEN" -t rsa -o ${OBJ}/putty.rsa2 \
790 --random-device=/dev/urandom \
791 --new-passphrase /dev/null < /dev/null > /dev/null; then
792 echo "Your installed version of PuTTY is too old to support --new-passphrase, skipping test" >&2
795 "$PUTTYGEN" -O public-openssh ${OBJ}/putty.rsa2 \
799 cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
800 ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
801 ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \
803 ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \
805 rm -f $OBJ/ssh-rsa_oldfmt
808 mkdir -p ${OBJ}/.putty/sessions
809 rm -f ${OBJ}/.putty/sessions/localhost_proxy
814 …echo "ProxyTelnetCommand=${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessio…
817 PUTTYVER="`${PLINK} --version | awk '/plink: Release/{print $3}'`"
818 PUTTYMAJORVER="`echo ${PUTTYVER} | cut -f1 -d.`"
819 PUTTYMINORVER="`echo ${PUTTYVER} | cut -f2 -d.`"
822 # Re-enable ssh-rsa on older PuTTY versions since they don't do newer
824 if [ "$PUTTYMAJORVER" -eq "0" ] && [ "$PUTTYMINORVER" -lt "76" ]; then
825 echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy
826 echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
829 if [ "$PUTTYMAJORVER" -eq "0" ] && [ "$PUTTYMINORVER" -le "64" ]; then
830 echo "KexAlgorithms +diffie-hellman-group14-sha1" \
838 if test -x "$DROPBEARKEY" -a -x "$DBCLIENT" -a -x "$DROPBEARCONVERT"; then
848 mkdir -p $OBJ/.dropbear
851 if $SSH -Q key-plain | grep "$i" >/dev/null; then
854 rm -f "$OBJ/.dropbear/id_$i"
858 if [ ! -f "$OBJ/.dropbear/id_$i" ]; then
860 $DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i \
865 $SSHKEYGEN -y -f $OBJ/.dropbear/ossh.id_$i \
867 rm -f $OBJ/.dropbear/id_$i.pub $OBJ/.dropbear/ossh.id_$i
874 …echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $O…
878 ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"
891 $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
893 ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
895 trace "wait for sshd"
897 while [ ! -f $PIDFILE -a $i -lt 10 ]; do
901 ln -f -s ${logfile} $TEST_SSHD_LOGFILE
903 test -f $PIDFILE || fatal "no sshd running on port $PORT"
910 if test -f "$_lib" ; then
925 /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
926 test -z "$TEST_SSH_PKCS11" && return 1
938 rm -rf $SSH_SOFTHSM_DIR
940 mkdir -p $TOKEN
952 …out=$(softhsm2-util --init-token --free --label token-slot-0 --pin "$TEST_SSH_PIN" --so-pin "$TEST…
953 slot=$(echo -- $out | sed 's/.* //')
958 $OPENSSL_BIN genpkey -algorithm rsa > $RSA 2>/dev/null || \
960 $OPENSSL_BIN pkcs8 -nocrypt -in $RSA > $RSAP8 || fatal "pkcs8 RSA fail"
961 softhsm2-util --slot "$slot" --label 01 --id 01 --pin "$TEST_SSH_PIN" \
962 --import $RSAP8 >/dev/null || fatal "softhsm import RSA fail"
964 ssh-keygen -y -f $RSA > ${RSA}.pub
969 $OPENSSL_BIN genpkey -genparam -algorithm ec \
970 -pkeyopt ec_paramgen_curve:prime256v1 > $ECPARAM || \
972 $OPENSSL_BIN genpkey -paramfile $ECPARAM > $EC || \
974 $OPENSSL_BIN pkcs8 -nocrypt -in $EC > $ECP8 || fatal "pkcs8 EC fail"
975 softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" \
976 --import $ECP8 >/dev/null || fatal "softhsm import EC fail"
978 ssh-keygen -y -f $EC > ${EC}.pub
979 # Prepare askpass script to load PIN.
980 PIN_SH=$SSH_SOFTHSM_DIR/pin.sh
990 # Peforms ssh-add with the right token PIN.
1003 # Some tests set these to clean up processes such as ssh-agent. We
1004 # need to wait for all valgrind processes to complete so we can check
1006 # test-exec.sh exits, waiting here will deadlock.
1012 awk -F "'" '/EXIT$/{print $2}')
1013 rm -f /tmp/trap.$$
1020 # wait for any running process to complete
1021 wait; sleep 1
1022 VG_RESULTS=$(find $OBJ/valgrind-out -type f -print)
1043 if [ $RESULT -eq 0 ]; then