1# $OpenBSD: test-exec.sh,v 1.86 2021/08/08 08:27:28 dtucker Exp $ 2# Placed in the Public Domain. 3 4#SUDO=sudo 5 6if [ ! -x "$TEST_SSH_ELAPSED_TIMES" ]; then 7 STARTTIME=`date '+%s'` 8fi 9 10if [ ! -z "$TEST_SSH_PORT" ]; then 11 PORT="$TEST_SSH_PORT" 12else 13 PORT=4242 14fi 15 16OBJ=$1 17if [ "x$OBJ" = "x" ]; then 18 echo '$OBJ not defined' 19 exit 2 20fi 21if [ ! -d $OBJ ]; then 22 echo "not a directory: $OBJ" 23 exit 2 24fi 25SCRIPT=$2 26if [ "x$SCRIPT" = "x" ]; then 27 echo '$SCRIPT not defined' 28 exit 2 29fi 30if [ ! -f $SCRIPT ]; then 31 echo "not a file: $SCRIPT" 32 exit 2 33fi 34if $TEST_SHELL -n $SCRIPT; then 35 true 36else 37 echo "syntax error in $SCRIPT" 38 exit 2 39fi 40unset SSH_AUTH_SOCK 41 42# Portable-specific settings. 43 44if [ -x /usr/ucb/whoami ]; then 45 USER=`/usr/ucb/whoami` 46elif whoami >/dev/null 2>&1; then 47 USER=`whoami` 48elif logname >/dev/null 2>&1; then 49 USER=`logname` 50else 51 USER=`id -un` 52fi 53if test -z "$LOGNAME"; then 54 LOGNAME="${USER}" 55 export LOGNAME 56fi 57 58# Unbreak GNU head(1) 59_POSIX2_VERSION=199209 60export _POSIX2_VERSION 61 62case `uname -s 2>/dev/null` in 63OSF1*) 64 BIN_SH=xpg4 65 export BIN_SH 66 ;; 67CYGWIN*) 68 os=cygwin 69 ;; 70esac 71 72# If configure tells us to use a different egrep, create a wrapper function 73# to call it. This means we don't need to change all the tests that depend 74# on a good implementation. 75if test "x${EGREP}" != "x"; then 76 egrep () 77{ 78 ${EGREP} "$@" 79} 80fi 81 82SRC=`dirname ${SCRIPT}` 83 84# defaults 85SSH=ssh 86SSHD=sshd 87SSHAGENT=ssh-agent 88SSHADD=ssh-add 89SSHKEYGEN=ssh-keygen 90SSHKEYSCAN=ssh-keyscan 91SFTP=sftp 92SFTPSERVER=/usr/libexec/openssh/sftp-server 93SCP=scp 94 95# Set by make_tmpdir() on demand (below). 96SSH_REGRESS_TMP= 97 98# Interop testing 99PLINK=plink 100PUTTYGEN=puttygen 101CONCH=conch 102 103# Tools used by multiple tests 104NC=$OBJ/netcat 105OPENSSL_BIN="${OPENSSL_BIN:-openssl}" 106 107if [ "x$TEST_SSH_SSH" != "x" ]; then 108 SSH="${TEST_SSH_SSH}" 109fi 110if [ "x$TEST_SSH_SSHD" != "x" ]; then 111 SSHD="${TEST_SSH_SSHD}" 112fi 113if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then 114 SSHAGENT="${TEST_SSH_SSHAGENT}" 115fi 116if [ "x$TEST_SSH_SSHADD" != "x" ]; then 117 SSHADD="${TEST_SSH_SSHADD}" 118fi 119if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then 120 SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" 121fi 122if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then 123 SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" 124fi 125if [ "x$TEST_SSH_SFTP" != "x" ]; then 126 SFTP="${TEST_SSH_SFTP}" 127fi 128if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then 129 SFTPSERVER="${TEST_SSH_SFTPSERVER}" 130fi 131if [ "x$TEST_SSH_SCP" != "x" ]; then 132 SCP="${TEST_SSH_SCP}" 133fi 134if [ "x$TEST_SSH_PLINK" != "x" ]; then 135 # Find real binary, if it exists 136 case "${TEST_SSH_PLINK}" in 137 /*) PLINK="${TEST_SSH_PLINK}" ;; 138 *) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;; 139 esac 140fi 141if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then 142 # Find real binary, if it exists 143 case "${TEST_SSH_PUTTYGEN}" in 144 /*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;; 145 *) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;; 146 esac 147fi 148if [ "x$TEST_SSH_CONCH" != "x" ]; then 149 # Find real binary, if it exists 150 case "${TEST_SSH_CONCH}" in 151 /*) CONCH="${TEST_SSH_CONCH}" ;; 152 *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;; 153 esac 154fi 155if [ "x$TEST_SSH_PKCS11_HELPER" != "x" ]; then 156 SSH_PKCS11_HELPER="${TEST_SSH_PKCS11_HELPER}" 157fi 158if [ "x$TEST_SSH_SK_HELPER" != "x" ]; then 159 SSH_SK_HELPER="${TEST_SSH_SK_HELPER}" 160fi 161if [ "x$TEST_SSH_OPENSSL" != "x" ]; then 162 OPENSSL_BIN="${TEST_SSH_OPENSSL}" 163fi 164 165# Path to sshd must be absolute for rexec 166case "$SSHD" in 167/*) ;; 168*) SSHD=`which $SSHD` ;; 169esac 170 171case "$SSHAGENT" in 172/*) ;; 173*) SSHAGENT=`which $SSHAGENT` ;; 174esac 175 176# Record the actual binaries used. 177SSH_BIN=${SSH} 178SSHD_BIN=${SSHD} 179SSHAGENT_BIN=${SSHAGENT} 180SSHADD_BIN=${SSHADD} 181SSHKEYGEN_BIN=${SSHKEYGEN} 182SSHKEYSCAN_BIN=${SSHKEYSCAN} 183SFTP_BIN=${SFTP} 184SFTPSERVER_BIN=${SFTPSERVER} 185SCP_BIN=${SCP} 186 187if [ "x$USE_VALGRIND" != "x" ]; then 188 rm -rf $OBJ/valgrind-out $OBJ/valgrind-vgdb 189 mkdir -p $OBJ/valgrind-out $OBJ/valgrind-vgdb 190 # When using sudo ensure low-priv tests can write pipes and logs. 191 if [ "x$SUDO" != "x" ]; then 192 chmod 777 $OBJ/valgrind-out $OBJ/valgrind-vgdb 193 fi 194 VG_TEST=`basename $SCRIPT .sh` 195 196 # Some tests are difficult to fix. 197 case "$VG_TEST" in 198 reexec) 199 VG_SKIP=1 ;; 200 sftp-chroot) 201 if [ "x${SUDO}" != "x" ]; then 202 VG_SKIP=1 203 fi ;; 204 esac 205 206 if [ x"$VG_SKIP" = "x" ]; then 207 VG_LEAK="--leak-check=no" 208 if [ x"$VALGRIND_CHECK_LEAKS" != "x" ]; then 209 VG_LEAK="--leak-check=full" 210 fi 211 VG_IGNORE="/bin/*,/sbin/*,/usr/*,/var/*" 212 VG_LOG="$OBJ/valgrind-out/${VG_TEST}." 213 VG_OPTS="--track-origins=yes $VG_LEAK" 214 VG_OPTS="$VG_OPTS --trace-children=yes" 215 VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}" 216 VG_OPTS="$VG_OPTS --vgdb-prefix=$OBJ/valgrind-vgdb/" 217 VG_PATH="valgrind" 218 if [ "x$VALGRIND_PATH" != "x" ]; then 219 VG_PATH="$VALGRIND_PATH" 220 fi 221 VG="$VG_PATH $VG_OPTS" 222 SSH="$VG --log-file=${VG_LOG}ssh.%p $SSH" 223 SSHD="$VG --log-file=${VG_LOG}sshd.%p $SSHD" 224 SSHAGENT="$VG --log-file=${VG_LOG}ssh-agent.%p $SSHAGENT" 225 SSHADD="$VG --log-file=${VG_LOG}ssh-add.%p $SSHADD" 226 SSHKEYGEN="$VG --log-file=${VG_LOG}ssh-keygen.%p $SSHKEYGEN" 227 SSHKEYSCAN="$VG --log-file=${VG_LOG}ssh-keyscan.%p $SSHKEYSCAN" 228 SFTP="$VG --log-file=${VG_LOG}sftp.%p ${SFTP}" 229 SCP="$VG --log-file=${VG_LOG}scp.%p $SCP" 230 cat > $OBJ/valgrind-sftp-server.sh << EOF 231#!/bin/sh 232exec $VG --log-file=${VG_LOG}sftp-server.%p $SFTPSERVER "\$@" 233EOF 234 chmod a+rx $OBJ/valgrind-sftp-server.sh 235 SFTPSERVER="$OBJ/valgrind-sftp-server.sh" 236 fi 237fi 238 239# Logfiles. 240# SSH_LOGFILE should be the debug output of ssh(1) only 241# SSHD_LOGFILE should be the debug output of sshd(8) only 242# REGRESS_LOGFILE is the output of the test itself stdout and stderr 243if [ "x$TEST_SSH_LOGFILE" = "x" ]; then 244 TEST_SSH_LOGFILE=$OBJ/ssh.log 245fi 246if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then 247 TEST_SSHD_LOGFILE=$OBJ/sshd.log 248fi 249if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then 250 TEST_REGRESS_LOGFILE=$OBJ/regress.log 251fi 252 253# truncate logfiles 254>$TEST_SSH_LOGFILE 255>$TEST_SSHD_LOGFILE 256>$TEST_REGRESS_LOGFILE 257 258# Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..." 259# because sftp and scp don't handle spaces in arguments. scp and sftp like 260# to use -q so we remove those to preserve our debug logging. In the rare 261# instance where -q is desirable -qq is equivalent and is not removed. 262SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh 263cat >$SSHLOGWRAP <<EOD 264#!/bin/sh 265for i in "\$@";do shift;case "\$i" in -q):;; *) set -- "\$@" "\$i";;esac;done 266exec ${SSH} -E${TEST_SSH_LOGFILE} "\$@" 267EOD 268 269chmod a+rx $OBJ/ssh-log-wrapper.sh 270REAL_SSH="$SSH" 271REAL_SSHD="$SSHD" 272SSH="$SSHLOGWRAP" 273 274# Some test data. We make a copy because some tests will overwrite it. 275# The tests may assume that $DATA exists and is writable and $COPY does 276# not exist. Tests requiring larger data files can call increase_datafile_size 277# [kbytes] to ensure the file is at least that large. 278DATANAME=data 279DATA=$OBJ/${DATANAME} 280cat ${SSHAGENT_BIN} >${DATA} 281chmod u+w ${DATA} 282COPY=$OBJ/copy 283rm -f ${COPY} 284 285increase_datafile_size() 286{ 287 while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do 288 cat ${SSHAGENT_BIN} >>${DATA} 289 done 290} 291 292# these should be used in tests 293export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP 294export SSH_PKCS11_HELPER SSH_SK_HELPER 295#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP 296 297# Portable specific functions 298have_prog() 299{ 300 saved_IFS="$IFS" 301 IFS=":" 302 for i in $PATH 303 do 304 if [ -x $i/$1 ]; then 305 IFS="$saved_IFS" 306 return 0 307 fi 308 done 309 IFS="$saved_IFS" 310 return 1 311} 312 313jot() { 314 awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" 315} 316 317# Check whether preprocessor symbols are defined in config.h. 318config_defined () 319{ 320 str=$1 321 while test "x$2" != "x" ; do 322 str="$str|$2" 323 shift 324 done 325 egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1 326} 327 328md5 () { 329 if have_prog md5sum; then 330 md5sum 331 elif have_prog openssl; then 332 openssl md5 333 elif have_prog cksum; then 334 cksum 335 elif have_prog sum; then 336 sum 337 elif [ -x ${OPENSSL_BIN} ]; then 338 ${OPENSSL_BIN} md5 339 else 340 wc -c 341 fi 342} 343 344# Some platforms don't have hostname at all, but on others uname -n doesn't 345# provide the fully qualified name we need, so in the former case we create 346# our own hostname function. 347if ! have_prog hostname; then 348 hostname() { 349 uname -n 350 } 351fi 352 353make_tmpdir () 354{ 355 SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \ 356 fatal "failed to create temporary directory" 357} 358# End of portable specific functions 359 360stop_sshd () 361{ 362 if [ -f $PIDFILE ]; then 363 pid=`$SUDO cat $PIDFILE` 364 if [ "X$pid" = "X" ]; then 365 echo no sshd running 366 else 367 if [ $pid -lt 2 ]; then 368 echo bad pid for sshd: $pid 369 else 370 $SUDO kill $pid 371 trace "wait for sshd to exit" 372 i=0; 373 while [ -f $PIDFILE -a $i -lt 5 ]; do 374 i=`expr $i + 1` 375 sleep $i 376 done 377 if test -f $PIDFILE; then 378 if $SUDO kill -0 $pid; then 379 echo "sshd didn't exit " \ 380 "port $PORT pid $pid" 381 else 382 echo "sshd died without cleanup" 383 fi 384 exit 1 385 fi 386 fi 387 fi 388 fi 389} 390 391# helper 392cleanup () 393{ 394 if [ "x$SSH_PID" != "x" ]; then 395 if [ $SSH_PID -lt 2 ]; then 396 echo bad pid for ssh: $SSH_PID 397 else 398 kill $SSH_PID 399 fi 400 fi 401 if [ "x$SSH_REGRESS_TMP" != "x" ]; then 402 rm -rf "$SSH_REGRESS_TMP" 403 fi 404 stop_sshd 405 if [ ! -z "$TEST_SSH_ELAPSED_TIMES" ]; then 406 now=`date '+%s'` 407 elapsed=$(($now - $STARTTIME)) 408 echo elapsed $elapsed `basename $SCRIPT .sh` 409 fi 410} 411 412start_debug_log () 413{ 414 echo "trace: $@" >$TEST_REGRESS_LOGFILE 415 echo "trace: $@" >$TEST_SSH_LOGFILE 416 echo "trace: $@" >$TEST_SSHD_LOGFILE 417} 418 419save_debug_log () 420{ 421 echo $@ >>$TEST_REGRESS_LOGFILE 422 echo $@ >>$TEST_SSH_LOGFILE 423 echo $@ >>$TEST_SSHD_LOGFILE 424 (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log 425 (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log 426 (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log 427} 428 429trace () 430{ 431 start_debug_log $@ 432 if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then 433 echo "$@" 434 fi 435} 436 437verbose () 438{ 439 start_debug_log $@ 440 if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then 441 echo "$@" 442 fi 443} 444 445fail () 446{ 447 save_debug_log "FAIL: $@" 448 RESULT=1 449 echo "$@" 450 if test "x$TEST_SSH_FAIL_FATAL" != "x" ; then 451 cleanup 452 exit $RESULT 453 fi 454} 455 456fatal () 457{ 458 save_debug_log "FATAL: $@" 459 printf "FATAL: " 460 fail "$@" 461 cleanup 462 exit $RESULT 463} 464 465RESULT=0 466PIDFILE=$OBJ/pidfile 467 468trap fatal 3 2 469 470# create server config 471cat << EOF > $OBJ/sshd_config 472 StrictModes no 473 Port $PORT 474 AddressFamily inet 475 ListenAddress 127.0.0.1 476 #ListenAddress ::1 477 PidFile $PIDFILE 478 AuthorizedKeysFile $OBJ/authorized_keys_%u 479 LogLevel DEBUG3 480 AcceptEnv _XXX_TEST_* 481 AcceptEnv _XXX_TEST 482 Subsystem sftp $SFTPSERVER 483EOF 484 485# This may be necessary if /usr/src and/or /usr/obj are group-writable, 486# but if you aren't careful with permissions then the unit tests could 487# be abused to locally escalate privileges. 488if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then 489 echo " StrictModes no" >> $OBJ/sshd_config 490else 491 # check and warn if excessive permissions are likely to cause failures. 492 unsafe="" 493 dir="${OBJ}" 494 while test ${dir} != "/"; do 495 if test -d "${dir}" && ! test -h "${dir}"; then 496 perms=`ls -ld ${dir}` 497 case "${perms}" in 498 ?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;; 499 esac 500 fi 501 dir=`dirname ${dir}` 502 done 503 if ! test -z "${unsafe}"; then 504 cat <<EOD 505 506WARNING: Unsafe (group or world writable) directory permissions found: 507${unsafe} 508 509These could be abused to locally escalate privileges. If you are 510sure that this is not a risk (eg there are no other users), you can 511bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1 512 513EOD 514 fi 515fi 516 517if [ ! -z "$TEST_SSH_MODULI_FILE" ]; then 518 trace "adding modulifile='$TEST_SSH_MODULI_FILE' to sshd_config" 519 echo " ModuliFile '$TEST_SSH_MODULI_FILE'" >> $OBJ/sshd_config 520fi 521 522if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then 523 trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" 524 echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config 525fi 526 527# server config for proxy connects 528cp $OBJ/sshd_config $OBJ/sshd_proxy 529 530# allow group-writable directories in proxy-mode 531echo 'StrictModes no' >> $OBJ/sshd_proxy 532 533# create client config 534cat << EOF > $OBJ/ssh_config 535Host * 536 Hostname 127.0.0.1 537 HostKeyAlias localhost-with-alias 538 Port $PORT 539 User $USER 540 GlobalKnownHostsFile $OBJ/known_hosts 541 UserKnownHostsFile $OBJ/known_hosts 542 PubkeyAuthentication yes 543 ChallengeResponseAuthentication no 544 HostbasedAuthentication no 545 PasswordAuthentication no 546 BatchMode yes 547 StrictHostKeyChecking yes 548 LogLevel DEBUG3 549EOF 550 551if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then 552 trace "adding ssh_config option $TEST_SSH_SSH_CONFOPTS" 553 echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config 554fi 555 556rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER 557 558SSH_SK_PROVIDER= 559if ! config_defined ENABLE_SK; then 560 trace skipping sk-dummy 561elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then 562 SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so" 563elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then 564 SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so" 565fi 566export SSH_SK_PROVIDER 567 568if ! test -z "$SSH_SK_PROVIDER"; then 569 EXTRA_AGENT_ARGS='-P/*' # XXX want realpath(1)... 570 echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/ssh_config 571 echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_config 572 echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_proxy 573fi 574export EXTRA_AGENT_ARGS 575 576maybe_filter_sk() { 577 if test -z "$SSH_SK_PROVIDER" ; then 578 grep -v ^sk 579 else 580 cat 581 fi 582} 583 584SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk` 585SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk` 586 587for t in ${SSH_KEYTYPES}; do 588 # generate user key 589 if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then 590 trace "generating key type $t" 591 rm -f $OBJ/$t 592 ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ 593 fail "ssh-keygen for $t failed" 594 else 595 trace "using cached key type $t" 596 fi 597 598 # setup authorized keys 599 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 600 echo IdentityFile $OBJ/$t >> $OBJ/ssh_config 601done 602 603for t in ${SSH_HOSTKEY_TYPES}; do 604 # known hosts file for client 605 ( 606 printf 'localhost-with-alias,127.0.0.1,::1 ' 607 cat $OBJ/$t.pub 608 ) >> $OBJ/known_hosts 609 610 # use key as host key, too 611 (umask 077; $SUDO cp $OBJ/$t $OBJ/host.$t) 612 echo HostKey $OBJ/host.$t >> $OBJ/sshd_config 613 614 # don't use SUDO for proxy connect 615 echo HostKey $OBJ/$t >> $OBJ/sshd_proxy 616done 617chmod 644 $OBJ/authorized_keys_$USER 618 619# Activate Twisted Conch tests if the binary is present 620REGRESS_INTEROP_CONCH=no 621if test -x "$CONCH" ; then 622 REGRESS_INTEROP_CONCH=yes 623fi 624 625# If PuTTY is present, new enough and we are running a PuTTY test, prepare 626# keys and configuration. 627REGRESS_INTEROP_PUTTY=no 628if test -x "$PUTTYGEN" -a -x "$PLINK" && 629 "$PUTTYGEN" --help 2>&1 | grep -- --new-passphrase >/dev/null; then 630 REGRESS_INTEROP_PUTTY=yes 631fi 632case "$SCRIPT" in 633*putty*) ;; 634*) REGRESS_INTEROP_PUTTY=no ;; 635esac 636 637if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then 638 mkdir -p ${OBJ}/.putty 639 640 # Add a PuTTY key to authorized_keys 641 rm -f ${OBJ}/putty.rsa2 642 if ! "$PUTTYGEN" -t rsa -o ${OBJ}/putty.rsa2 \ 643 --random-device=/dev/urandom \ 644 --new-passphrase /dev/null < /dev/null > /dev/null; then 645 echo "Your installed version of PuTTY is too old to support --new-passphrase, skipping test" >&2 646 exit 1 647 fi 648 "$PUTTYGEN" -O public-openssh ${OBJ}/putty.rsa2 \ 649 >> $OBJ/authorized_keys_$USER 650 651 # Convert rsa2 host key to PuTTY format 652 cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt 653 ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null 654 ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \ 655 ${OBJ}/.putty/sshhostkeys 656 ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \ 657 ${OBJ}/.putty/sshhostkeys 658 rm -f $OBJ/ssh-rsa_oldfmt 659 660 # Setup proxied session 661 mkdir -p ${OBJ}/.putty/sessions 662 rm -f ${OBJ}/.putty/sessions/localhost_proxy 663 echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy 664 echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy 665 echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy 666 echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy 667 echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy 668 echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy 669 670 PUTTYDIR=${OBJ}/.putty 671 export PUTTYDIR 672fi 673 674# create a proxy version of the client config 675( 676 cat $OBJ/ssh_config 677 echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy 678) > $OBJ/ssh_proxy 679 680# check proxy config 681${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" 682 683start_sshd () 684{ 685 # start sshd 686 $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" 687 $SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \ 688 ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE 689 690 trace "wait for sshd" 691 i=0; 692 while [ ! -f $PIDFILE -a $i -lt 10 ]; do 693 i=`expr $i + 1` 694 sleep $i 695 done 696 697 test -f $PIDFILE || fatal "no sshd running on port $PORT" 698} 699 700# source test body 701. $SCRIPT 702 703# kill sshd 704cleanup 705 706if [ "x$USE_VALGRIND" != "x" ]; then 707 # wait for any running process to complete 708 wait; sleep 1 709 VG_RESULTS=$(find $OBJ/valgrind-out -type f -print) 710 VG_RESULT_COUNT=0 711 VG_FAIL_COUNT=0 712 for i in $VG_RESULTS; do 713 if grep "ERROR SUMMARY" $i >/dev/null; then 714 VG_RESULT_COUNT=$(($VG_RESULT_COUNT + 1)) 715 if ! grep "ERROR SUMMARY: 0 errors" $i >/dev/null; then 716 VG_FAIL_COUNT=$(($VG_FAIL_COUNT + 1)) 717 RESULT=1 718 verbose valgrind failure $i 719 cat $i 720 fi 721 fi 722 done 723 if [ x"$VG_SKIP" != "x" ]; then 724 verbose valgrind skipped 725 else 726 verbose valgrind results $VG_RESULT_COUNT failures $VG_FAIL_COUNT 727 fi 728fi 729 730if [ $RESULT -eq 0 ]; then 731 verbose ok $tid 732else 733 echo failed $tid 734fi 735exit $RESULT 736