xref: /freebsd/crypto/openssh/regress/test-exec.sh (revision 4928135658a9d0eaee37003df6137ab363fcb0b4)
1#	$OpenBSD: test-exec.sh,v 1.62 2018/03/16 09:06:31 dtucker Exp $
2#	Placed in the Public Domain.
3
4#SUDO=sudo
5
6# Unbreak GNU head(1)
7_POSIX2_VERSION=199209
8export _POSIX2_VERSION
9
10case `uname -s 2>/dev/null` in
11OSF1*)
12	BIN_SH=xpg4
13	export BIN_SH
14	;;
15CYGWIN_NT-5.0)
16	os=cygwin
17	TEST_SSH_IPV6=no
18	;;
19CYGWIN*)
20	os=cygwin
21	;;
22esac
23
24if [ ! -z "$TEST_SSH_PORT" ]; then
25	PORT="$TEST_SSH_PORT"
26else
27	PORT=4242
28fi
29
30if [ -x /usr/ucb/whoami ]; then
31	USER=`/usr/ucb/whoami`
32elif whoami >/dev/null 2>&1; then
33	USER=`whoami`
34elif logname >/dev/null 2>&1; then
35	USER=`logname`
36else
37	USER=`id -un`
38fi
39
40OBJ=$1
41if [ "x$OBJ" = "x" ]; then
42	echo '$OBJ not defined'
43	exit 2
44fi
45if [ ! -d $OBJ ]; then
46	echo "not a directory: $OBJ"
47	exit 2
48fi
49SCRIPT=$2
50if [ "x$SCRIPT" = "x" ]; then
51	echo '$SCRIPT not defined'
52	exit 2
53fi
54if [ ! -f $SCRIPT ]; then
55	echo "not a file: $SCRIPT"
56	exit 2
57fi
58if $TEST_SHELL -n $SCRIPT; then
59	true
60else
61	echo "syntax error in $SCRIPT"
62	exit 2
63fi
64unset SSH_AUTH_SOCK
65
66SRC=`dirname ${SCRIPT}`
67
68# defaults
69SSH=ssh
70SSHD=sshd
71SSHAGENT=ssh-agent
72SSHADD=ssh-add
73SSHKEYGEN=ssh-keygen
74SSHKEYSCAN=ssh-keyscan
75SFTP=sftp
76SFTPSERVER=/usr/libexec/openssh/sftp-server
77SCP=scp
78
79# Interop testing
80PLINK=plink
81PUTTYGEN=puttygen
82CONCH=conch
83
84if [ "x$TEST_SSH_SSH" != "x" ]; then
85	SSH="${TEST_SSH_SSH}"
86fi
87if [ "x$TEST_SSH_SSHD" != "x" ]; then
88	SSHD="${TEST_SSH_SSHD}"
89fi
90if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
91	SSHAGENT="${TEST_SSH_SSHAGENT}"
92fi
93if [ "x$TEST_SSH_SSHADD" != "x" ]; then
94	SSHADD="${TEST_SSH_SSHADD}"
95fi
96if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
97	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
98fi
99if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
100	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
101fi
102if [ "x$TEST_SSH_SFTP" != "x" ]; then
103	SFTP="${TEST_SSH_SFTP}"
104fi
105if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
106	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
107fi
108if [ "x$TEST_SSH_SCP" != "x" ]; then
109	SCP="${TEST_SSH_SCP}"
110fi
111if [ "x$TEST_SSH_PLINK" != "x" ]; then
112	# Find real binary, if it exists
113	case "${TEST_SSH_PLINK}" in
114	/*) PLINK="${TEST_SSH_PLINK}" ;;
115	*) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
116	esac
117fi
118if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
119	# Find real binary, if it exists
120	case "${TEST_SSH_PUTTYGEN}" in
121	/*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
122	*) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
123	esac
124fi
125if [ "x$TEST_SSH_CONCH" != "x" ]; then
126	# Find real binary, if it exists
127	case "${TEST_SSH_CONCH}" in
128	/*) CONCH="${TEST_SSH_CONCH}" ;;
129	*) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
130	esac
131fi
132
133# Path to sshd must be absolute for rexec
134case "$SSHD" in
135/*) ;;
136*) SSHD=`which $SSHD` ;;
137esac
138
139case "$SSHAGENT" in
140/*) ;;
141*) SSHAGENT=`which $SSHAGENT` ;;
142esac
143
144# Record the actual binaries used.
145SSH_BIN=${SSH}
146SSHD_BIN=${SSHD}
147SSHAGENT_BIN=${SSHAGENT}
148SSHADD_BIN=${SSHADD}
149SSHKEYGEN_BIN=${SSHKEYGEN}
150SSHKEYSCAN_BIN=${SSHKEYSCAN}
151SFTP_BIN=${SFTP}
152SFTPSERVER_BIN=${SFTPSERVER}
153SCP_BIN=${SCP}
154
155if [ "x$USE_VALGRIND" != "x" ]; then
156	mkdir -p $OBJ/valgrind-out
157	VG_TEST=`basename $SCRIPT .sh`
158
159	# Some tests are difficult to fix.
160	case "$VG_TEST" in
161	connect-privsep|reexec)
162		VG_SKIP=1 ;;
163	esac
164
165	if [ x"$VG_SKIP" = "x" ]; then
166		VG_IGNORE="/bin/*,/sbin/*,/usr/*,/var/*"
167		VG_LOG="$OBJ/valgrind-out/${VG_TEST}."
168		VG_OPTS="--track-origins=yes --leak-check=full"
169		VG_OPTS="$VG_OPTS --trace-children=yes"
170		VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}"
171		VG_PATH="valgrind"
172		if [ "x$VALGRIND_PATH" != "x" ]; then
173			VG_PATH="$VALGRIND_PATH"
174		fi
175		VG="$VG_PATH $VG_OPTS"
176		SSH="$VG --log-file=${VG_LOG}ssh.%p $SSH"
177		SSHD="$VG --log-file=${VG_LOG}sshd.%p $SSHD"
178		SSHAGENT="$VG --log-file=${VG_LOG}ssh-agent.%p $SSHAGENT"
179		SSHADD="$VG --log-file=${VG_LOG}ssh-add.%p $SSHADD"
180		SSHKEYGEN="$VG --log-file=${VG_LOG}ssh-keygen.%p $SSHKEYGEN"
181		SSHKEYSCAN="$VG --log-file=${VG_LOG}ssh-keyscan.%p $SSHKEYSCAN"
182		SFTP="$VG --log-file=${VG_LOG}sftp.%p ${SFTP}"
183		SCP="$VG --log-file=${VG_LOG}scp.%p $SCP"
184		cat > $OBJ/valgrind-sftp-server.sh << EOF
185#!/bin/sh
186exec $VG --log-file=${VG_LOG}sftp-server.%p $SFTPSERVER "\$@"
187EOF
188		chmod a+rx $OBJ/valgrind-sftp-server.sh
189		SFTPSERVER="$OBJ/valgrind-sftp-server.sh"
190	fi
191fi
192
193# Logfiles.
194# SSH_LOGFILE should be the debug output of ssh(1) only
195# SSHD_LOGFILE should be the debug output of sshd(8) only
196# REGRESS_LOGFILE is the output of the test itself stdout and stderr
197if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
198	TEST_SSH_LOGFILE=$OBJ/ssh.log
199fi
200if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
201	TEST_SSHD_LOGFILE=$OBJ/sshd.log
202fi
203if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
204	TEST_REGRESS_LOGFILE=$OBJ/regress.log
205fi
206
207# truncate logfiles
208>$TEST_SSH_LOGFILE
209>$TEST_SSHD_LOGFILE
210>$TEST_REGRESS_LOGFILE
211
212# Create wrapper ssh with logging.  We can't just specify "SSH=ssh -E..."
213# because sftp and scp don't handle spaces in arguments.
214SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
215echo "#!/bin/sh" > $SSHLOGWRAP
216echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
217
218chmod a+rx $OBJ/ssh-log-wrapper.sh
219REAL_SSH="$SSH"
220SSH="$SSHLOGWRAP"
221
222# Some test data.  We make a copy because some tests will overwrite it.
223# The tests may assume that $DATA exists and is writable and $COPY does
224# not exist.  Tests requiring larger data files can call increase_datafile_size
225# [kbytes] to ensure the file is at least that large.
226DATANAME=data
227DATA=$OBJ/${DATANAME}
228cat ${SSHAGENT_BIN} >${DATA}
229chmod u+w ${DATA}
230COPY=$OBJ/copy
231rm -f ${COPY}
232
233increase_datafile_size()
234{
235	while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
236		cat ${SSHAGENT_BIN} >>${DATA}
237	done
238}
239
240# these should be used in tests
241export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
242#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
243
244# Portable specific functions
245have_prog()
246{
247	saved_IFS="$IFS"
248	IFS=":"
249	for i in $PATH
250	do
251		if [ -x $i/$1 ]; then
252			IFS="$saved_IFS"
253			return 0
254		fi
255	done
256	IFS="$saved_IFS"
257	return 1
258}
259
260jot() {
261	awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
262}
263
264# Check whether preprocessor symbols are defined in config.h.
265config_defined ()
266{
267	str=$1
268	while test "x$2" != "x" ; do
269		str="$str|$2"
270		shift
271	done
272	egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
273}
274
275md5 () {
276	if have_prog md5sum; then
277		md5sum
278	elif have_prog openssl; then
279		openssl md5
280	elif have_prog cksum; then
281		cksum
282	elif have_prog sum; then
283		sum
284	else
285		wc -c
286	fi
287}
288# End of portable specific functions
289
290stop_sshd ()
291{
292	if [ -f $PIDFILE ]; then
293		pid=`$SUDO cat $PIDFILE`
294		if [ "X$pid" = "X" ]; then
295			echo no sshd running
296		else
297			if [ $pid -lt 2 ]; then
298				echo bad pid for sshd: $pid
299			else
300				$SUDO kill $pid
301				trace "wait for sshd to exit"
302				i=0;
303				while [ -f $PIDFILE -a $i -lt 5 ]; do
304					i=`expr $i + 1`
305					sleep $i
306				done
307				if test -f $PIDFILE; then
308					if $SUDO kill -0 $pid; then
309						echo "sshd didn't exit " \
310						    "port $PORT pid $pid"
311					else
312						echo "sshd died without cleanup"
313					fi
314					exit 1
315				fi
316			fi
317		fi
318	fi
319}
320
321# helper
322cleanup ()
323{
324	if [ "x$SSH_PID" != "x" ]; then
325		if [ $SSH_PID -lt 2 ]; then
326			echo bad pid for ssh: $SSH_PID
327		else
328			kill $SSH_PID
329		fi
330	fi
331	stop_sshd
332}
333
334start_debug_log ()
335{
336	echo "trace: $@" >$TEST_REGRESS_LOGFILE
337	echo "trace: $@" >$TEST_SSH_LOGFILE
338	echo "trace: $@" >$TEST_SSHD_LOGFILE
339}
340
341save_debug_log ()
342{
343	echo $@ >>$TEST_REGRESS_LOGFILE
344	echo $@ >>$TEST_SSH_LOGFILE
345	echo $@ >>$TEST_SSHD_LOGFILE
346	(cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
347	(cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
348	(cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
349}
350
351trace ()
352{
353	start_debug_log $@
354	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
355		echo "$@"
356	fi
357}
358
359verbose ()
360{
361	start_debug_log $@
362	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
363		echo "$@"
364	fi
365}
366
367warn ()
368{
369	echo "WARNING: $@" >>$TEST_SSH_LOGFILE
370	echo "WARNING: $@"
371}
372
373fail ()
374{
375	save_debug_log "FAIL: $@"
376	RESULT=1
377	echo "$@"
378
379}
380
381fatal ()
382{
383	save_debug_log "FATAL: $@"
384	printf "FATAL: "
385	fail "$@"
386	cleanup
387	exit $RESULT
388}
389
390RESULT=0
391PIDFILE=$OBJ/pidfile
392
393trap fatal 3 2
394
395# create server config
396cat << EOF > $OBJ/sshd_config
397	StrictModes		no
398	Port			$PORT
399	AddressFamily		inet
400	ListenAddress		127.0.0.1
401	#ListenAddress		::1
402	PidFile			$PIDFILE
403	AuthorizedKeysFile	$OBJ/authorized_keys_%u
404	LogLevel		DEBUG3
405	AcceptEnv		_XXX_TEST_*
406	AcceptEnv		_XXX_TEST
407	Subsystem	sftp	$SFTPSERVER
408EOF
409
410# This may be necessary if /usr/src and/or /usr/obj are group-writable,
411# but if you aren't careful with permissions then the unit tests could
412# be abused to locally escalate privileges.
413if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
414	echo "StrictModes no" >> $OBJ/sshd_config
415fi
416
417if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
418	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
419	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
420fi
421
422# server config for proxy connects
423cp $OBJ/sshd_config $OBJ/sshd_proxy
424
425# allow group-writable directories in proxy-mode
426echo 'StrictModes no' >> $OBJ/sshd_proxy
427
428# create client config
429cat << EOF > $OBJ/ssh_config
430Host *
431	Hostname		127.0.0.1
432	HostKeyAlias		localhost-with-alias
433	Port			$PORT
434	User			$USER
435	GlobalKnownHostsFile	$OBJ/known_hosts
436	UserKnownHostsFile	$OBJ/known_hosts
437	PubkeyAuthentication	yes
438	ChallengeResponseAuthentication	no
439	HostbasedAuthentication	no
440	PasswordAuthentication	no
441	BatchMode		yes
442	StrictHostKeyChecking	yes
443	LogLevel		DEBUG3
444EOF
445
446if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
447	trace "adding ssh_config option $TEST_SSH_SSH_CONFOPTS"
448	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
449fi
450
451rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
452
453SSH_KEYTYPES="rsa ed25519"
454
455trace "generate keys"
456for t in ${SSH_KEYTYPES}; do
457	# generate user key
458	if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then
459		rm -f $OBJ/$t
460		${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
461			fail "ssh-keygen for $t failed"
462	fi
463
464	# known hosts file for client
465	(
466		printf 'localhost-with-alias,127.0.0.1,::1 '
467		cat $OBJ/$t.pub
468	) >> $OBJ/known_hosts
469
470	# setup authorized keys
471	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
472	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
473
474	# use key as host key, too
475	$SUDO cp $OBJ/$t $OBJ/host.$t
476	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
477
478	# don't use SUDO for proxy connect
479	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
480done
481chmod 644 $OBJ/authorized_keys_$USER
482
483# Activate Twisted Conch tests if the binary is present
484REGRESS_INTEROP_CONCH=no
485if test -x "$CONCH" ; then
486	REGRESS_INTEROP_CONCH=yes
487fi
488
489# If PuTTY is present and we are running a PuTTY test, prepare keys and
490# configuration
491REGRESS_INTEROP_PUTTY=no
492if test -x "$PUTTYGEN" -a -x "$PLINK" ; then
493	REGRESS_INTEROP_PUTTY=yes
494fi
495case "$SCRIPT" in
496*putty*)	;;
497*)		REGRESS_INTEROP_PUTTY=no ;;
498esac
499
500if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
501	mkdir -p ${OBJ}/.putty
502
503	# Add a PuTTY key to authorized_keys
504	rm -f ${OBJ}/putty.rsa2
505	if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \
506	    --random-device=/dev/urandom \
507	    --new-passphrase /dev/null < /dev/null > /dev/null; then
508		echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2
509		puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
510	fi
511	puttygen -O public-openssh ${OBJ}/putty.rsa2 \
512	    >> $OBJ/authorized_keys_$USER
513
514	# Convert rsa2 host key to PuTTY format
515	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
516	    ${OBJ}/.putty/sshhostkeys
517	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
518	    ${OBJ}/.putty/sshhostkeys
519
520	# Setup proxied session
521	mkdir -p ${OBJ}/.putty/sessions
522	rm -f ${OBJ}/.putty/sessions/localhost_proxy
523	echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy
524	echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
525	echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
526	echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
527	echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
528	echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
529
530	PUTTYDIR=${OBJ}/.putty
531	export PUTTYDIR
532
533	REGRESS_INTEROP_PUTTY=yes
534fi
535
536# create a proxy version of the client config
537(
538	cat $OBJ/ssh_config
539	echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy
540) > $OBJ/ssh_proxy
541
542# check proxy config
543${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
544
545start_sshd ()
546{
547	# start sshd
548	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
549	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
550
551	trace "wait for sshd"
552	i=0;
553	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
554		i=`expr $i + 1`
555		sleep $i
556	done
557
558	test -f $PIDFILE || fatal "no sshd running on port $PORT"
559}
560
561# source test body
562. $SCRIPT
563
564# kill sshd
565cleanup
566if [ $RESULT -eq 0 ]; then
567	verbose ok $tid
568else
569	echo failed $tid
570fi
571exit $RESULT
572