1 # $OpenBSD: test-exec.sh,v 1.64 2018/08/10 01:35:49 dtucker Exp $
2 # Placed in the Public Domain.
10 case `uname -s 2>/dev/null` in
24 if [ ! -z "$TEST_SSH_PORT" ]; then
30 if [ -x /usr/ucb/whoami ]; then
31 USER=`/usr/ucb/whoami`
32 elif whoami >/dev/null 2>&1; then
34 elif logname >/dev/null 2>&1; then
41 if [ "x$OBJ" = "x" ]; then
42 echo '$OBJ not defined'
45 if [ ! -d $OBJ ]; then
46 echo "not a directory: $OBJ"
50 if [ "x$SCRIPT" = "x" ]; then
51 echo '$SCRIPT not defined'
54 if [ ! -f $SCRIPT ]; then
55 echo "not a file: $SCRIPT"
58 if $TEST_SHELL -n $SCRIPT; then
61 echo "syntax error in $SCRIPT"
66 SRC=`dirname ${SCRIPT}`
74 SSHKEYSCAN=ssh-keyscan
76 SFTPSERVER=/usr/libexec/openssh/sftp-server
79 # Set by make_tmpdir() on demand (below).
87 if [ "x$TEST_SSH_SSH" != "x" ]; then
90 if [ "x$TEST_SSH_SSHD" != "x" ]; then
91 SSHD="${TEST_SSH_SSHD}"
93 if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
94 SSHAGENT="${TEST_SSH_SSHAGENT}"
96 if [ "x$TEST_SSH_SSHADD" != "x" ]; then
97 SSHADD="${TEST_SSH_SSHADD}"
99 if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
100 SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
102 if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
103 SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
105 if [ "x$TEST_SSH_SFTP" != "x" ]; then
106 SFTP="${TEST_SSH_SFTP}"
108 if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
109 SFTPSERVER="${TEST_SSH_SFTPSERVER}"
111 if [ "x$TEST_SSH_SCP" != "x" ]; then
112 SCP="${TEST_SSH_SCP}"
114 if [ "x$TEST_SSH_PLINK" != "x" ]; then
115 # Find real binary, if it exists
116 case "${TEST_SSH_PLINK}" in
117 /*) PLINK="${TEST_SSH_PLINK}" ;;
118 *) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
121 if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
122 # Find real binary, if it exists
123 case "${TEST_SSH_PUTTYGEN}" in
124 /*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
125 *) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
128 if [ "x$TEST_SSH_CONCH" != "x" ]; then
129 # Find real binary, if it exists
130 case "${TEST_SSH_CONCH}" in
131 /*) CONCH="${TEST_SSH_CONCH}" ;;
132 *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
136 # Path to sshd must be absolute for rexec
139 *) SSHD=`which $SSHD` ;;
144 *) SSHAGENT=`which $SSHAGENT` ;;
147 # Record the actual binaries used.
150 SSHAGENT_BIN=${SSHAGENT}
152 SSHKEYGEN_BIN=${SSHKEYGEN}
153 SSHKEYSCAN_BIN=${SSHKEYSCAN}
155 SFTPSERVER_BIN=${SFTPSERVER}
158 if [ "x$USE_VALGRIND" != "x" ]; then
159 mkdir -p $OBJ/valgrind-out
160 VG_TEST=`basename $SCRIPT .sh`
162 # Some tests are difficult to fix.
164 connect-privsep|reexec)
168 if [ x"$VG_SKIP" = "x" ]; then
169 VG_LEAK="--leak-check=no"
170 if [ x"$VALGRIND_CHECK_LEAKS" != "x" ]; then
171 VG_LEAK="--leak-check=full"
173 VG_IGNORE="/bin/*,/sbin/*,/usr/*,/var/*"
174 VG_LOG="$OBJ/valgrind-out/${VG_TEST}."
175 VG_OPTS="--track-origins=yes $VG_LEAK"
176 VG_OPTS="$VG_OPTS --trace-children=yes"
177 VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}"
179 if [ "x$VALGRIND_PATH" != "x" ]; then
180 VG_PATH="$VALGRIND_PATH"
182 VG="$VG_PATH $VG_OPTS"
183 SSH="$VG --log-file=${VG_LOG}ssh.%p $SSH"
184 SSHD="$VG --log-file=${VG_LOG}sshd.%p $SSHD"
185 SSHAGENT="$VG --log-file=${VG_LOG}ssh-agent.%p $SSHAGENT"
186 SSHADD="$VG --log-file=${VG_LOG}ssh-add.%p $SSHADD"
187 SSHKEYGEN="$VG --log-file=${VG_LOG}ssh-keygen.%p $SSHKEYGEN"
188 SSHKEYSCAN="$VG --log-file=${VG_LOG}ssh-keyscan.%p $SSHKEYSCAN"
189 SFTP="$VG --log-file=${VG_LOG}sftp.%p ${SFTP}"
190 SCP="$VG --log-file=${VG_LOG}scp.%p $SCP"
191 cat > $OBJ/valgrind-sftp-server.sh << EOF
193 exec $VG --log-file=${VG_LOG}sftp-server.%p $SFTPSERVER "\$@"
195 chmod a+rx $OBJ/valgrind-sftp-server.sh
196 SFTPSERVER="$OBJ/valgrind-sftp-server.sh"
201 # SSH_LOGFILE should be the debug output of ssh(1) only
202 # SSHD_LOGFILE should be the debug output of sshd(8) only
203 # REGRESS_LOGFILE is the output of the test itself stdout and stderr
204 if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
205 TEST_SSH_LOGFILE=$OBJ/ssh.log
207 if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
208 TEST_SSHD_LOGFILE=$OBJ/sshd.log
210 if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
211 TEST_REGRESS_LOGFILE=$OBJ/regress.log
217 >$TEST_REGRESS_LOGFILE
219 # Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..."
220 # because sftp and scp don't handle spaces in arguments.
221 SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
222 echo "#!/bin/sh" > $SSHLOGWRAP
223 echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
225 chmod a+rx $OBJ/ssh-log-wrapper.sh
229 # Some test data. We make a copy because some tests will overwrite it.
230 # The tests may assume that $DATA exists and is writable and $COPY does
231 # not exist. Tests requiring larger data files can call increase_datafile_size
232 # [kbytes] to ensure the file is at least that large.
234 DATA=$OBJ/${DATANAME}
235 cat ${SSHAGENT_BIN} >${DATA}
240 increase_datafile_size()
242 while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
243 cat ${SSHAGENT_BIN} >>${DATA}
247 # these should be used in tests
248 export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
249 #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
251 # Portable specific functions
258 if [ -x $i/$1 ]; then
268 awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
271 # Check whether preprocessor symbols are defined in config.h.
275 while test "x$2" != "x" ; do
279 egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
283 if have_prog md5sum; then
285 elif have_prog openssl; then
287 elif have_prog cksum; then
289 elif have_prog sum; then
295 # End of portable specific functions
299 if [ -f $PIDFILE ]; then
300 pid=`$SUDO cat $PIDFILE`
301 if [ "X$pid" = "X" ]; then
304 if [ $pid -lt 2 ]; then
305 echo bad pid for sshd: $pid
308 trace "wait for sshd to exit"
310 while [ -f $PIDFILE -a $i -lt 5 ]; do
314 if test -f $PIDFILE; then
315 if $SUDO kill -0 $pid; then
316 echo "sshd didn't exit " \
317 "port $PORT pid $pid"
319 echo "sshd died without cleanup"
330 SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
331 fatal "failed to create temporary directory"
337 if [ "x$SSH_PID" != "x" ]; then
338 if [ $SSH_PID -lt 2 ]; then
339 echo bad pid for ssh: $SSH_PID
344 if [ "x$SSH_REGRESS_TMP" != "x" ]; then
345 rm -rf "$SSH_REGRESS_TMP"
352 echo "trace: $@" >$TEST_REGRESS_LOGFILE
353 echo "trace: $@" >$TEST_SSH_LOGFILE
354 echo "trace: $@" >$TEST_SSHD_LOGFILE
359 echo $@ >>$TEST_REGRESS_LOGFILE
360 echo $@ >>$TEST_SSH_LOGFILE
361 echo $@ >>$TEST_SSHD_LOGFILE
362 (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
363 (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
364 (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
370 if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
378 if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
385 echo "WARNING: $@" >>$TEST_SSH_LOGFILE
391 save_debug_log "FAIL: $@"
394 if test "x$TEST_SSH_FAIL_FATAL" != "x" ; then
402 save_debug_log "FATAL: $@"
414 # create server config
415 cat << EOF > $OBJ/sshd_config
419 ListenAddress 127.0.0.1
422 AuthorizedKeysFile $OBJ/authorized_keys_%u
424 AcceptEnv _XXX_TEST_*
426 Subsystem sftp $SFTPSERVER
429 # This may be necessary if /usr/src and/or /usr/obj are group-writable,
430 # but if you aren't careful with permissions then the unit tests could
431 # be abused to locally escalate privileges.
432 if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
433 echo "StrictModes no" >> $OBJ/sshd_config
436 if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
437 trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
438 echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
441 # server config for proxy connects
442 cp $OBJ/sshd_config $OBJ/sshd_proxy
444 # allow group-writable directories in proxy-mode
445 echo 'StrictModes no' >> $OBJ/sshd_proxy
447 # create client config
448 cat << EOF > $OBJ/ssh_config
451 HostKeyAlias localhost-with-alias
454 GlobalKnownHostsFile $OBJ/known_hosts
455 UserKnownHostsFile $OBJ/known_hosts
456 PubkeyAuthentication yes
457 ChallengeResponseAuthentication no
458 HostbasedAuthentication no
459 PasswordAuthentication no
461 StrictHostKeyChecking yes
465 if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
466 trace "adding ssh_config option $TEST_SSH_SSH_CONFOPTS"
467 echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
470 rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
472 SSH_KEYTYPES="rsa ed25519"
474 trace "generate keys"
475 for t in ${SSH_KEYTYPES}; do
477 if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then
479 ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\
480 fail "ssh-keygen for $t failed"
483 # known hosts file for client
485 printf 'localhost-with-alias,127.0.0.1,::1 '
487 ) >> $OBJ/known_hosts
489 # setup authorized keys
490 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
491 echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
493 # use key as host key, too
494 $SUDO cp $OBJ/$t $OBJ/host.$t
495 echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
497 # don't use SUDO for proxy connect
498 echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
500 chmod 644 $OBJ/authorized_keys_$USER
502 # Activate Twisted Conch tests if the binary is present
503 REGRESS_INTEROP_CONCH=no
504 if test -x "$CONCH" ; then
505 REGRESS_INTEROP_CONCH=yes
508 # If PuTTY is present and we are running a PuTTY test, prepare keys and
510 REGRESS_INTEROP_PUTTY=no
511 if test -x "$PUTTYGEN" -a -x "$PLINK" ; then
512 REGRESS_INTEROP_PUTTY=yes
516 *) REGRESS_INTEROP_PUTTY=no ;;
519 if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
520 mkdir -p ${OBJ}/.putty
522 # Add a PuTTY key to authorized_keys
523 rm -f ${OBJ}/putty.rsa2
524 if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \
525 --random-device=/dev/urandom \
526 --new-passphrase /dev/null < /dev/null > /dev/null; then
527 echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2
528 puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
530 puttygen -O public-openssh ${OBJ}/putty.rsa2 \
531 >> $OBJ/authorized_keys_$USER
533 # Convert rsa2 host key to PuTTY format
534 cp $OBJ/rsa $OBJ/rsa_oldfmt
535 ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null
536 ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa_oldfmt > \
537 ${OBJ}/.putty/sshhostkeys
538 ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa_oldfmt >> \
539 ${OBJ}/.putty/sshhostkeys
540 rm -f $OBJ/rsa_oldfmt
542 # Setup proxied session
543 mkdir -p ${OBJ}/.putty/sessions
544 rm -f ${OBJ}/.putty/sessions/localhost_proxy
545 echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy
546 echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
547 echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
548 echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
549 echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
550 echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
552 PUTTYDIR=${OBJ}/.putty
555 REGRESS_INTEROP_PUTTY=yes
558 # create a proxy version of the client config
561 echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy
565 ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"
570 $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
571 $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
573 trace "wait for sshd"
575 while [ ! -f $PIDFILE -a $i -lt 10 ]; do
580 test -f $PIDFILE || fatal "no sshd running on port $PORT"
588 if [ $RESULT -eq 0 ]; then