openssh/regress/test-exec.sh

255670Sdes#	$OpenBSD: test-exec.sh,v 1.46 2013/06/21 02:26:26 djm Exp $
98937Sdes#	Placed in the Public Domain.
98937Sdes
98937Sdes#SUDO=sudo
98937Sdes
146998Sdes# Unbreak GNU head(1)
146998Sdes_POSIX2_VERSION=199209
146998Sdesexport _POSIX2_VERSION
146998Sdes
146998Sdescase `uname -s 2>/dev/null` in
146998SdesOSF1*)
146998Sdes	BIN_SH=xpg4
146998Sdes	export BIN_SH
146998Sdes	;;
239849SdesCYGWIN_NT-5.0)
239849Sdes	os=cygwin
239849Sdes	TEST_SSH_IPV6=no
239849Sdes	;;
239849SdesCYGWIN*)
239849Sdes	os=cygwin
239849Sdes	;;
146998Sdesesac
146998Sdes
137015Sdesif [ ! -z "$TEST_SSH_PORT" ]; then
137015Sdes	PORT="$TEST_SSH_PORT"
137015Sdeselse
137015Sdes	PORT=4242
137015Sdesfi
137015Sdes
124208Sdesif [ -x /usr/ucb/whoami ]; then
124208Sdes	USER=`/usr/ucb/whoami`
124208Sdeselif whoami >/dev/null 2>&1; then
124208Sdes	USER=`whoami`
157016Sdeselif logname >/dev/null 2>&1; then
157016Sdes	USER=`logname`
124208Sdeselse
124208Sdes	USER=`id -un`
124208Sdesfi
124208Sdes
98937SdesOBJ=$1
98937Sdesif [ "x$OBJ" = "x" ]; then
98937Sdes	echo '$OBJ not defined'
98937Sdes	exit 2
98937Sdesfi
98937Sdesif [ ! -d $OBJ ]; then
98937Sdes	echo "not a directory: $OBJ"
98937Sdes	exit 2
98937Sdesfi
98937SdesSCRIPT=$2
98937Sdesif [ "x$SCRIPT" = "x" ]; then
98937Sdes	echo '$SCRIPT not defined'
98937Sdes	exit 2
98937Sdesfi
98937Sdesif [ ! -f $SCRIPT ]; then
98937Sdes	echo "not a file: $SCRIPT"
98937Sdes	exit 2
98937Sdesfi
126274Sdesif $TEST_SHELL -n $SCRIPT; then
98937Sdes	true
98937Sdeselse
98937Sdes	echo "syntax error in $SCRIPT"
98937Sdes	exit 2
98937Sdesfi
98937Sdesunset SSH_AUTH_SOCK
98937Sdes
146998SdesSRC=`dirname ${SCRIPT}`
146998Sdes
98937Sdes# defaults
98937SdesSSH=ssh
98937SdesSSHD=sshd
98937SdesSSHAGENT=ssh-agent
98937SdesSSHADD=ssh-add
98937SdesSSHKEYGEN=ssh-keygen
98937SdesSSHKEYSCAN=ssh-keyscan
98937SdesSFTP=sftp
98937SdesSFTPSERVER=/usr/libexec/openssh/sftp-server
137015SdesSCP=scp
98937Sdes
180746Sdes# Interop testing
180750SdesPLINK=plink
180750SdesPUTTYGEN=puttygen
180750SdesCONCH=conch
180746Sdes
98937Sdesif [ "x$TEST_SSH_SSH" != "x" ]; then
128456Sdes	SSH="${TEST_SSH_SSH}"
98937Sdesfi
98937Sdesif [ "x$TEST_SSH_SSHD" != "x" ]; then
128456Sdes	SSHD="${TEST_SSH_SSHD}"
98937Sdesfi
98937Sdesif [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
128456Sdes	SSHAGENT="${TEST_SSH_SSHAGENT}"
98937Sdesfi
98937Sdesif [ "x$TEST_SSH_SSHADD" != "x" ]; then
128456Sdes	SSHADD="${TEST_SSH_SSHADD}"
98937Sdesfi
98937Sdesif [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
128456Sdes	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
98937Sdesfi
98937Sdesif [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
128456Sdes	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
98937Sdesfi
98937Sdesif [ "x$TEST_SSH_SFTP" != "x" ]; then
128456Sdes	SFTP="${TEST_SSH_SFTP}"
98937Sdesfi
98937Sdesif [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
128456Sdes	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
98937Sdesfi
137015Sdesif [ "x$TEST_SSH_SCP" != "x" ]; then
137015Sdes	SCP="${TEST_SSH_SCP}"
137015Sdesfi
180746Sdesif [ "x$TEST_SSH_PLINK" != "x" ]; then
180746Sdes	# Find real binary, if it exists
180746Sdes	case "${TEST_SSH_PLINK}" in
180746Sdes	/*) PLINK="${TEST_SSH_PLINK}" ;;
180746Sdes	*) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
180746Sdes	esac
180746Sdesfi
180746Sdesif [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
180746Sdes	# Find real binary, if it exists
180746Sdes	case "${TEST_SSH_PUTTYGEN}" in
180746Sdes	/*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
180746Sdes	*) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
180746Sdes	esac
180746Sdesfi
180750Sdesif [ "x$TEST_SSH_CONCH" != "x" ]; then
180750Sdes	# Find real binary, if it exists
180750Sdes	case "${TEST_SSH_CONCH}" in
180750Sdes	/*) CONCH="${TEST_SSH_CONCH}" ;;
180750Sdes	*) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
180750Sdes	esac
180750Sdesfi
98937Sdes
137015Sdes# Path to sshd must be absolute for rexec
149749Sdescase "$SSHD" in
149749Sdes/*) ;;
149749Sdes*) SSHD=`which sshd` ;;
149749Sdesesac
137015Sdes
255670Sdes# Logfiles.
255670Sdes# SSH_LOGFILE should be the debug output of ssh(1) only
255670Sdes# SSHD_LOGFILE should be the debug output of sshd(8) only
255670Sdes# REGRESS_LOGFILE is the output of the test itself stdout and stderr
146998Sdesif [ "x$TEST_SSH_LOGFILE" = "x" ]; then
255670Sdes	TEST_SSH_LOGFILE=$OBJ/ssh.log
146998Sdesfi
255670Sdesif [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
255670Sdes	TEST_SSHD_LOGFILE=$OBJ/sshd.log
255670Sdesfi
255670Sdesif [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
255670Sdes	TEST_REGRESS_LOGFILE=$OBJ/regress.log
255670Sdesfi
146998Sdes
255670Sdes# truncate logfiles
255670Sdes>$TEST_SSH_LOGFILE
255670Sdes>$TEST_SSHD_LOGFILE
255670Sdes>$TEST_REGRESS_LOGFILE
248613Sdes
255670Sdes# Create wrapper ssh with logging.  We can't just specify "SSH=ssh -E..."
255670Sdes# because sftp and scp don't handle spaces in arguments.
255670SdesSSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
255670Sdesecho "#!/bin/sh" > $SSHLOGWRAP
255670Sdesecho "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
255670Sdes
255670Sdeschmod a+rx $OBJ/ssh-log-wrapper.sh
255670SdesSSH="$SSHLOGWRAP"
255670Sdes
255670Sdes# Some test data.  We make a copy because some tests will overwrite it.
255670Sdes# The tests may assume that $DATA exists and is writable and $COPY does
255670Sdes# not exist.
255670SdesDATANAME=data
255670SdesDATA=$OBJ/${DATANAME}
255670Sdescat $SSHD $SSHD $SSHD $SSHD >${DATA}
255670Sdeschmod u+w ${DATA}
255670SdesCOPY=$OBJ/copy
255670Sdesrm -f ${COPY}
255670Sdes
98937Sdes# these should be used in tests
137015Sdesexport SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
137015Sdes#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
98937Sdes
255670Sdes# Portable specific functions
124208Sdeshave_prog()
124208Sdes{
124208Sdes	saved_IFS="$IFS"
124208Sdes	IFS=":"
124208Sdes	for i in $PATH
124208Sdes	do
124208Sdes		if [ -x $i/$1 ]; then
124208Sdes			IFS="$saved_IFS"
124208Sdes			return 0
124208Sdes		fi
124208Sdes	done
124208Sdes	IFS="$saved_IFS"
124208Sdes	return 1
124208Sdes}
124208Sdes
255670Sdesjot() {
255670Sdes	awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
255670Sdes}
255670Sdes
255670Sdes# Check whether preprocessor symbols are defined in config.h.
255670Sdesconfig_defined ()
255670Sdes{
255670Sdes	str=$1
255670Sdes	while test "x$2" != "x" ; do
255670Sdes		str="$str|$2"
255670Sdes		shift
255670Sdes	done
255670Sdes	egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
255670Sdes}
255670Sdes
255670Sdesmd5 () {
255670Sdes	if have_prog md5sum; then
255670Sdes		md5sum
255670Sdes	elif have_prog openssl; then
255670Sdes		openssl md5
255670Sdes	elif have_prog cksum; then
255670Sdes		cksum
255670Sdes	elif have_prog sum; then
255670Sdes		sum
255670Sdes	else
255670Sdes		wc -c
255670Sdes	fi
255670Sdes}
255670Sdes# End of portable specific functions
255670Sdes
255670Sdes# helper
98937Sdescleanup ()
98937Sdes{
98937Sdes	if [ -f $PIDFILE ]; then
214979Sdes		pid=`$SUDO cat $PIDFILE`
98937Sdes		if [ "X$pid" = "X" ]; then
98937Sdes			echo no sshd running
98937Sdes		else
98937Sdes			if [ $pid -lt 2 ]; then
204861Sdes				echo bad pid for ssh: $pid
98937Sdes			else
98937Sdes				$SUDO kill $pid
204861Sdes				trace "wait for sshd to exit"
204861Sdes				i=0;
204861Sdes				while [ -f $PIDFILE -a $i -lt 5 ]; do
204861Sdes					i=`expr $i + 1`
204861Sdes					sleep $i
204861Sdes				done
204861Sdes				test -f $PIDFILE && \
204861Sdes				    fatal "sshd didn't exit port $PORT pid $pid"
98937Sdes			fi
98937Sdes		fi
98937Sdes	fi
98937Sdes}
98937Sdes
255670Sdesstart_debug_log ()
255670Sdes{
255670Sdes	echo "trace: $@" >$TEST_REGRESS_LOGFILE
255670Sdes	echo "trace: $@" >$TEST_SSH_LOGFILE
255670Sdes	echo "trace: $@" >$TEST_SSHD_LOGFILE
255670Sdes}
255670Sdes
255670Sdessave_debug_log ()
255670Sdes{
255670Sdes	echo $@ >>$TEST_REGRESS_LOGFILE
255670Sdes	echo $@ >>$TEST_SSH_LOGFILE
255670Sdes	echo $@ >>$TEST_SSHD_LOGFILE
255670Sdes	(cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
255670Sdes	(cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
255670Sdes	(cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
255670Sdes}
255670Sdes
98937Sdestrace ()
98937Sdes{
255670Sdes	start_debug_log $@
98937Sdes	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
98937Sdes		echo "$@"
98937Sdes	fi
98937Sdes}
98937Sdes
98937Sdesverbose ()
98937Sdes{
255670Sdes	start_debug_log $@
98937Sdes	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
98937Sdes		echo "$@"
98937Sdes	fi
98937Sdes}
98937Sdes
225825Sdeswarn ()
225825Sdes{
225825Sdes	echo "WARNING: $@" >>$TEST_SSH_LOGFILE
225825Sdes	echo "WARNING: $@"
225825Sdes}
98937Sdes
98937Sdesfail ()
98937Sdes{
255670Sdes	save_debug_log "FAIL: $@"
98937Sdes	RESULT=1
98937Sdes	echo "$@"
255670Sdes
98937Sdes}
98937Sdes
98937Sdesfatal ()
98937Sdes{
255670Sdes	save_debug_log "FATAL: $@"
255670Sdes	printf "FATAL: "
98937Sdes	fail "$@"
98937Sdes	cleanup
98937Sdes	exit $RESULT
98937Sdes}
98937Sdes
98937SdesRESULT=0
98937SdesPIDFILE=$OBJ/pidfile
98937Sdes
98937Sdestrap fatal 3 2
98937Sdes
98937Sdes# create server config
98937Sdescat << EOF > $OBJ/sshd_config
137015Sdes	StrictModes		no
98937Sdes	Port			$PORT
204861Sdes	Protocol		2,1
157016Sdes	AddressFamily		inet
98937Sdes	ListenAddress		127.0.0.1
98937Sdes	#ListenAddress		::1
98937Sdes	PidFile			$PIDFILE
98937Sdes	AuthorizedKeysFile	$OBJ/authorized_keys_%u
255670Sdes	LogLevel		DEBUG3
137015Sdes	AcceptEnv		_XXX_TEST_*
137015Sdes	AcceptEnv		_XXX_TEST
137015Sdes	Subsystem	sftp	$SFTPSERVER
98937SdesEOF
98937Sdes
137015Sdesif [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
137015Sdes	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
137015Sdes	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
137015Sdesfi
137015Sdes
98937Sdes# server config for proxy connects
98937Sdescp $OBJ/sshd_config $OBJ/sshd_proxy
98937Sdes
98937Sdes# allow group-writable directories in proxy-mode
98937Sdesecho 'StrictModes no' >> $OBJ/sshd_proxy
98937Sdes
98937Sdes# create client config
98937Sdescat << EOF > $OBJ/ssh_config
98937SdesHost *
204861Sdes	Protocol		2,1
98937Sdes	Hostname		127.0.0.1
98937Sdes	HostKeyAlias		localhost-with-alias
98937Sdes	Port			$PORT
98937Sdes	User			$USER
98937Sdes	GlobalKnownHostsFile	$OBJ/known_hosts
98937Sdes	UserKnownHostsFile	$OBJ/known_hosts
98937Sdes	RSAAuthentication	yes
98937Sdes	PubkeyAuthentication	yes
98937Sdes	ChallengeResponseAuthentication	no
98937Sdes	HostbasedAuthentication	no
98937Sdes	PasswordAuthentication	no
255670Sdes	RhostsRSAAuthentication	no
98937Sdes	BatchMode		yes
98937Sdes	StrictHostKeyChecking	yes
255670Sdes	LogLevel		DEBUG3
98937SdesEOF
98937Sdes
137015Sdesif [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
137015Sdes	trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
137015Sdes	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
137015Sdesfi
137015Sdes
98937Sdesrm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
98937Sdes
98937Sdestrace "generate keys"
98937Sdesfor t in rsa rsa1; do
98937Sdes	# generate user key
255670Sdes	if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN} -nt $OBJ/$t ]; then
255670Sdes		rm -f $OBJ/$t
255670Sdes		${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
255670Sdes			fail "ssh-keygen for $t failed"
255670Sdes	fi
98937Sdes
98937Sdes	# known hosts file for client
98937Sdes	(
255670Sdes		printf 'localhost-with-alias,127.0.0.1,::1 '
98937Sdes		cat $OBJ/$t.pub
98937Sdes	) >> $OBJ/known_hosts
98937Sdes
98937Sdes	# setup authorized keys
98937Sdes	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
98937Sdes	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
98937Sdes
98937Sdes	# use key as host key, too
98937Sdes	$SUDO cp $OBJ/$t $OBJ/host.$t
98937Sdes	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
98937Sdes
98937Sdes	# don't use SUDO for proxy connect
98937Sdes	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
98937Sdesdone
98937Sdeschmod 644 $OBJ/authorized_keys_$USER
98937Sdes
180750Sdes# Activate Twisted Conch tests if the binary is present
180750SdesREGRESS_INTEROP_CONCH=no
180750Sdesif test -x "$CONCH" ; then
180750Sdes	REGRESS_INTEROP_CONCH=yes
180750Sdesfi
180750Sdes
180750Sdes# If PuTTY is present and we are running a PuTTY test, prepare keys and
180750Sdes# configuration
180746SdesREGRESS_INTEROP_PUTTY=no
180746Sdesif test -x "$PUTTYGEN" -a -x "$PLINK" ; then
180750Sdes	REGRESS_INTEROP_PUTTY=yes
180750Sdesfi
180750Sdescase "$SCRIPT" in
180750Sdes*putty*)	;;
180750Sdes*)		REGRESS_INTEROP_PUTTY=no ;;
180750Sdesesac
180750Sdes
180750Sdesif test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
180746Sdes	mkdir -p ${OBJ}/.putty
180746Sdes
180746Sdes	# Add a PuTTY key to authorized_keys
180746Sdes	rm -f ${OBJ}/putty.rsa2
180746Sdes	puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
180746Sdes	puttygen -O public-openssh ${OBJ}/putty.rsa2 \
180746Sdes	    >> $OBJ/authorized_keys_$USER
180746Sdes
180746Sdes	# Convert rsa2 host key to PuTTY format
180746Sdes	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
180746Sdes	    ${OBJ}/.putty/sshhostkeys
180746Sdes	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
180746Sdes	    ${OBJ}/.putty/sshhostkeys
180746Sdes
180746Sdes	# Setup proxied session
180746Sdes	mkdir -p ${OBJ}/.putty/sessions
180746Sdes	rm -f ${OBJ}/.putty/sessions/localhost_proxy
180746Sdes	echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
180746Sdes	echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
180746Sdes	echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
255670Sdes	echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
180746Sdes
180746Sdes	REGRESS_INTEROP_PUTTY=yes
180746Sdesfi
180746Sdes
98937Sdes# create a proxy version of the client config
98937Sdes(
98937Sdes	cat $OBJ/ssh_config
255670Sdes	echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy
98937Sdes) > $OBJ/ssh_proxy
98937Sdes
98937Sdes# check proxy config
98937Sdes${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
98937Sdes
98937Sdesstart_sshd ()
98937Sdes{
98937Sdes	# start sshd
180746Sdes	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
255670Sdes	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
98937Sdes
98937Sdes	trace "wait for sshd"
98937Sdes	i=0;
124208Sdes	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
98937Sdes		i=`expr $i + 1`
98937Sdes		sleep $i
98937Sdes	done
98937Sdes
98937Sdes	test -f $PIDFILE || fatal "no sshd running on port $PORT"
98937Sdes}
98937Sdes
98937Sdes# source test body
98937Sdes. $SCRIPT
98937Sdes
98937Sdes# kill sshd
98937Sdescleanup
98937Sdesif [ $RESULT -eq 0 ]; then
98937Sdes	verbose ok $tid
98937Sdeselse
98937Sdes	echo failed $tid
98937Sdesfi
98937Sdesexit $RESULT