1# $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $ 2# Placed in the Public Domain. 3 4#SUDO=sudo 5 6# Unbreak GNU head(1) 7_POSIX2_VERSION=199209 8export _POSIX2_VERSION 9 10case `uname -s 2>/dev/null` in 11OSF1*) 12 BIN_SH=xpg4 13 export BIN_SH 14 ;; 15esac 16 17if [ ! -z "$TEST_SSH_PORT" ]; then 18 PORT="$TEST_SSH_PORT" 19else 20 PORT=4242 21fi 22 23if [ -x /usr/ucb/whoami ]; then 24 USER=`/usr/ucb/whoami` 25elif whoami >/dev/null 2>&1; then 26 USER=`whoami` 27elif logname >/dev/null 2>&1; then 28 USER=`logname` 29else 30 USER=`id -un` 31fi 32 33OBJ=$1 34if [ "x$OBJ" = "x" ]; then 35 echo '$OBJ not defined' 36 exit 2 37fi 38if [ ! -d $OBJ ]; then 39 echo "not a directory: $OBJ" 40 exit 2 41fi 42SCRIPT=$2 43if [ "x$SCRIPT" = "x" ]; then 44 echo '$SCRIPT not defined' 45 exit 2 46fi 47if [ ! -f $SCRIPT ]; then 48 echo "not a file: $SCRIPT" 49 exit 2 50fi 51if $TEST_SHELL -n $SCRIPT; then 52 true 53else 54 echo "syntax error in $SCRIPT" 55 exit 2 56fi 57unset SSH_AUTH_SOCK 58 59SRC=`dirname ${SCRIPT}` 60 61# defaults 62SSH=ssh 63SSHD=sshd 64SSHAGENT=ssh-agent 65SSHADD=ssh-add 66SSHKEYGEN=ssh-keygen 67SSHKEYSCAN=ssh-keyscan 68SFTP=sftp 69SFTPSERVER=/usr/libexec/openssh/sftp-server 70SCP=scp 71 72if [ "x$TEST_SSH_SSH" != "x" ]; then 73 SSH="${TEST_SSH_SSH}" 74fi 75if [ "x$TEST_SSH_SSHD" != "x" ]; then 76 SSHD="${TEST_SSH_SSHD}" 77fi 78if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then 79 SSHAGENT="${TEST_SSH_SSHAGENT}" 80fi 81if [ "x$TEST_SSH_SSHADD" != "x" ]; then 82 SSHADD="${TEST_SSH_SSHADD}" 83fi 84if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then 85 SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" 86fi 87if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then 88 SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" 89fi 90if [ "x$TEST_SSH_SFTP" != "x" ]; then 91 SFTP="${TEST_SSH_SFTP}" 92fi 93if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then 94 SFTPSERVER="${TEST_SSH_SFTPSERVER}" 95fi 96if [ "x$TEST_SSH_SCP" != "x" ]; then 97 SCP="${TEST_SSH_SCP}" 98fi 99 100# Path to sshd must be absolute for rexec 101case "$SSHD" in 102/*) ;; 103*) SSHD=`which sshd` ;; 104esac 105 106if [ "x$TEST_SSH_LOGFILE" = "x" ]; then 107 TEST_SSH_LOGFILE=/dev/null 108fi 109 110# these should be used in tests 111export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP 112#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP 113 114# helper 115echon() 116{ 117 if [ "x`echo -n`" = "x" ]; then 118 echo -n "$@" 119 elif [ "x`echo '\c'`" = "x" ]; then 120 echo "$@\c" 121 else 122 fatal "Don't know how to echo without newline." 123 fi 124} 125 126have_prog() 127{ 128 saved_IFS="$IFS" 129 IFS=":" 130 for i in $PATH 131 do 132 if [ -x $i/$1 ]; then 133 IFS="$saved_IFS" 134 return 0 135 fi 136 done 137 IFS="$saved_IFS" 138 return 1 139} 140 141cleanup () 142{ 143 if [ -f $PIDFILE ]; then 144 pid=`cat $PIDFILE` 145 if [ "X$pid" = "X" ]; then 146 echo no sshd running 147 else 148 if [ $pid -lt 2 ]; then 149 echo bad pid for ssd: $pid 150 else 151 $SUDO kill $pid 152 fi 153 fi 154 fi 155} 156 157trace () 158{ 159 echo "trace: $@" >>$TEST_SSH_LOGFILE 160 if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then 161 echo "$@" 162 fi 163} 164 165verbose () 166{ 167 echo "verbose: $@" >>$TEST_SSH_LOGFILE 168 if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then 169 echo "$@" 170 fi 171} 172 173 174fail () 175{ 176 echo "FAIL: $@" >>$TEST_SSH_LOGFILE 177 RESULT=1 178 echo "$@" 179} 180 181fatal () 182{ 183 echo "FATAL: $@" >>$TEST_SSH_LOGFILE 184 echon "FATAL: " 185 fail "$@" 186 cleanup 187 exit $RESULT 188} 189 190RESULT=0 191PIDFILE=$OBJ/pidfile 192 193trap fatal 3 2 194 195# create server config 196cat << EOF > $OBJ/sshd_config 197 StrictModes no 198 Port $PORT 199 AddressFamily inet 200 ListenAddress 127.0.0.1 201 #ListenAddress ::1 202 PidFile $PIDFILE 203 AuthorizedKeysFile $OBJ/authorized_keys_%u 204 LogLevel VERBOSE 205 AcceptEnv _XXX_TEST_* 206 AcceptEnv _XXX_TEST 207 Subsystem sftp $SFTPSERVER 208EOF 209 210if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then 211 trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" 212 echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config 213fi 214 215# server config for proxy connects 216cp $OBJ/sshd_config $OBJ/sshd_proxy 217 218# allow group-writable directories in proxy-mode 219echo 'StrictModes no' >> $OBJ/sshd_proxy 220 221# create client config 222cat << EOF > $OBJ/ssh_config 223Host * 224 Hostname 127.0.0.1 225 HostKeyAlias localhost-with-alias 226 Port $PORT 227 User $USER 228 GlobalKnownHostsFile $OBJ/known_hosts 229 UserKnownHostsFile $OBJ/known_hosts 230 RSAAuthentication yes 231 PubkeyAuthentication yes 232 ChallengeResponseAuthentication no 233 HostbasedAuthentication no 234 PasswordAuthentication no 235 BatchMode yes 236 StrictHostKeyChecking yes 237EOF 238 239if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then 240 trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" 241 echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config 242fi 243 244rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER 245 246trace "generate keys" 247for t in rsa rsa1; do 248 # generate user key 249 rm -f $OBJ/$t 250 ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\ 251 fail "ssh-keygen for $t failed" 252 253 # known hosts file for client 254 ( 255 echon 'localhost-with-alias,127.0.0.1,::1 ' 256 cat $OBJ/$t.pub 257 ) >> $OBJ/known_hosts 258 259 # setup authorized keys 260 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 261 echo IdentityFile $OBJ/$t >> $OBJ/ssh_config 262 263 # use key as host key, too 264 $SUDO cp $OBJ/$t $OBJ/host.$t 265 echo HostKey $OBJ/host.$t >> $OBJ/sshd_config 266 267 # don't use SUDO for proxy connect 268 echo HostKey $OBJ/$t >> $OBJ/sshd_proxy 269done 270chmod 644 $OBJ/authorized_keys_$USER 271 272# create a proxy version of the client config 273( 274 cat $OBJ/ssh_config 275 echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy 276) > $OBJ/ssh_proxy 277 278# check proxy config 279${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" 280 281start_sshd () 282{ 283 # start sshd 284 $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" 285 $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1 286 287 trace "wait for sshd" 288 i=0; 289 while [ ! -f $PIDFILE -a $i -lt 10 ]; do 290 i=`expr $i + 1` 291 sleep $i 292 done 293 294 test -f $PIDFILE || fatal "no sshd running on port $PORT" 295} 296 297# source test body 298. $SCRIPT 299 300# kill sshd 301cleanup 302if [ $RESULT -eq 0 ]; then 303 verbose ok $tid 304else 305 echo failed $tid 306fi 307exit $RESULT 308