From b7131009fbf67e5ac6f1ce1db9e8ba9ab602454a Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Sat, 24 Mar 2007 01:01:28 +0000 Subject: Changed the test harness to attempt to gracefully shut down servers before resorting to the kill -9 hammer. Added test harness infrastructure to support scp/sftp tests, using OpenSSH as the server. --- tests/sshserver.pl | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 tests/sshserver.pl (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl new file mode 100644 index 000000000..07762c2b1 --- /dev/null +++ b/tests/sshserver.pl @@ -0,0 +1,138 @@ +#/usr/bin/env perl +# $Id$ +# Start sshd for use in the SCP and SFTP curl test harness tests + +# Options: +# -u user +# -v +# target_port + +use strict; +use File::Spec; + +my $verbose=0; # set to 1 for debugging + +my $port = 8999; # just our default, weird enough + +my $path = `pwd`; +chomp $path; + +my $exeext; +if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys' || $^O eq 'dos' || $^O eq 'os2') { + $exeext = '.exe'; +} + +# Where to look for sftp-server +my @sftppath=qw(/usr/lib/openssh /usr/libexec/openssh /usr/libexec /usr/local/libexec /opt/local/libexec /usr/lib/ssh /usr/libexec/ssh /usr/sbin /usr/lib /usr/lib/ssh/openssh /usr/lib64/ssh); + +my $username = $ENV{USER}; + +# Find a file somewhere in the given path +sub searchpath { + my $fn = $_[0] . $exeext; + shift; + my @path = @_; + foreach (@path) { + my $file = File::Spec->catfile($_, $fn); + if (-e $file) { + return $file; + } + } +} + +# Parse options +do { + if($ARGV[0] eq "-v") { + $verbose=1; + } + elsif($ARGV[0] eq "-u") { + $username=$ARGV[1]; + shift @ARGV; + } + elsif($ARGV[0] =~ /^(\d+)$/) { + $port = $1; + } +} while(shift @ARGV); + +my $conffile="curl_sshd_config"; # sshd configuration data + +# Search the PATH for sshd. sshd insists on being called with an absolute +# path for some reason. +my $sshd = searchpath("sshd", File::Spec->path()); +if (!$sshd) { + print "sshd is not available\n"; + exit 1; +} +if ($verbose) { + print STDERR "SSH server found at $sshd\n"; +} + +my $sftp = searchpath("sftp-server", @sftppath); +if (!$sftp) { + print "Could not find sftp-server plugin\n"; + exit 1; +} +if ($verbose) { + print STDERR "SFTP server plugin found at $sftp\n"; +} + +if (! -e "curl_client_key.pub") { + if ($verbose) { + print STDERR "Generating host and client keys...\n"; + } + # Make sure all files are gone so ssh-keygen doesn't complain + unlink("curl_host_dsa_key", "curl_client_key","curl_host_dsa_key.pub", "curl_client_key.pub"); + system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate key"; + system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; +} + +open(FILE, ">$conffile") || die "Could not write $conffile"; +print FILE < log/ssh.log 2>&1"; +$rc >>= 8; +if($rc) { + print STDERR "$sshd exited with $rc!\n"; +} + +unlink $conffile; + +exit $rc; -- cgit v1.2.1 From 282127fbfffefb2262cdb964bd29f660d05e3a95 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Tue, 27 Mar 2007 04:01:39 +0000 Subject: Tighten up a few more OpenSSH options --- tests/sshserver.pl | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 07762c2b1..83fdbc7af 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -91,6 +91,8 @@ print FILE < Date: Wed, 28 Mar 2007 04:05:55 +0000 Subject: Don't launch sshd as a daemon so its output can be logged. --- tests/sshserver.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 83fdbc7af..98e15d124 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -131,7 +131,7 @@ if (system "$sshd -t -q -f $conffile") { } # Start the server -my $rc = system "$sshd -e -f $conffile > log/ssh.log 2>&1"; +my $rc = system "$sshd -e -D -f $conffile > log/ssh.log 2>&1"; $rc >>= 8; if($rc) { print STDERR "$sshd exited with $rc!\n"; -- cgit v1.2.1 From 31b1e988f422d47c0c1726c0acbc60004fdae39d Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Wed, 28 Mar 2007 04:36:09 +0000 Subject: Only show exit status in verbose mode. --- tests/sshserver.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 98e15d124..b910fd9db 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -133,7 +133,7 @@ if (system "$sshd -t -q -f $conffile") { # Start the server my $rc = system "$sshd -e -D -f $conffile > log/ssh.log 2>&1"; $rc >>= 8; -if($rc) { +if($rc && $verbose) { print STDERR "$sshd exited with $rc!\n"; } -- cgit v1.2.1 From f776c1d2eb6d38849ee78b7c322bb435b439e5d8 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 29 Mar 2007 05:25:11 +0000 Subject: Abort if attempting to run as root. --- tests/sshserver.pl | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index b910fd9db..be0d0480c 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -76,6 +76,11 @@ if ($verbose) { print STDERR "SFTP server plugin found at $sftp\n"; } +if ($username eq "root") { + print "Will not run ssh daemon as root to mitigate security risks\n"; + exit 1; +} + if (! -e "curl_client_key.pub") { if ($verbose) { print STDERR "Generating host and client keys...\n"; -- cgit v1.2.1 From e37a49086ecea40f6dc839043caca6d2bf65355b Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 29 Mar 2007 18:46:09 +0000 Subject: Add another option to tighten the test environment. --- tests/sshserver.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index be0d0480c..367179402 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -112,6 +112,7 @@ IgnoreUserKnownHosts yes KeepAlive no PasswordAuthentication no PermitEmptyPasswords no +PermitUserEnvironment no PermitRootLogin no PrintLastLog no PrintMotd no @@ -121,7 +122,7 @@ UseLogin no X11Forwarding no UsePrivilegeSeparation no # Newer OpenSSH options -UsePam no +UsePAM no UseDNS no ChallengeResponseAuthentication no EOF -- cgit v1.2.1 From f55a1c3a6c1a7579692f529843ef3e5cce35edbe Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 30 Mar 2007 10:11:49 +0000 Subject: Searching for sshd and sftp-server will be done first in the PATH and afterwards in other common locations. --- tests/sshserver.pl | 61 +++++++++++++++++++++++++++++------------------------- 1 file changed, 33 insertions(+), 28 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 367179402..a50bdf07b 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -33,10 +33,10 @@ sub searchpath { shift; my @path = @_; foreach (@path) { - my $file = File::Spec->catfile($_, $fn); - if (-e $file) { - return $file; - } + my $file = File::Spec->catfile($_, $fn); + if (-e $file) { + return $file; + } } } @@ -54,41 +54,46 @@ do { } } while(shift @ARGV); -my $conffile="curl_sshd_config"; # sshd configuration data +my $conffile="curl_sshd_config"; # sshd configuration data -# Search the PATH for sshd. sshd insists on being called with an absolute -# path for some reason. -my $sshd = searchpath("sshd", File::Spec->path()); +# Searching for sshd and sftp-server will be done first +# in the PATH and afterwards in other common locations. +my @spath; +push(@spath, File::Spec->path()); +push(@spath, @sftppath); + +# sshd insists on being called with an absolute path. +my $sshd = searchpath("sshd", @spath); if (!$sshd) { - print "sshd is not available\n"; - exit 1; + print "sshd$exeext not found\n"; + exit 1; } if ($verbose) { - print STDERR "SSH server found at $sshd\n"; + print STDERR "SSH server found at $sshd\n"; } -my $sftp = searchpath("sftp-server", @sftppath); +my $sftp = searchpath("sftp-server", @spath); if (!$sftp) { - print "Could not find sftp-server plugin\n"; - exit 1; + print "Could not find sftp-server$exeext plugin\n"; + exit 1; } if ($verbose) { - print STDERR "SFTP server plugin found at $sftp\n"; + print STDERR "SFTP server plugin found at $sftp\n"; } if ($username eq "root") { - print "Will not run ssh daemon as root to mitigate security risks\n"; - exit 1; + print "Will not run ssh daemon as root to mitigate security risks\n"; + exit 1; } if (! -e "curl_client_key.pub") { - if ($verbose) { - print STDERR "Generating host and client keys...\n"; - } - # Make sure all files are gone so ssh-keygen doesn't complain - unlink("curl_host_dsa_key", "curl_client_key","curl_host_dsa_key.pub", "curl_client_key.pub"); - system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate key"; - system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; + if ($verbose) { + print STDERR "Generating host and client keys...\n"; + } + # Make sure all files are gone so ssh-keygen doesn't complain + unlink("curl_host_dsa_key", "curl_client_key","curl_host_dsa_key.pub", "curl_client_key.pub"); + system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate key"; + system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; } open(FILE, ">$conffile") || die "Could not write $conffile"; @@ -130,10 +135,10 @@ EOF close FILE; if (system "$sshd -t -q -f $conffile") { - # This is likely due to missing support for UsePam - print "$sshd is too old and is not supported\n"; - unlink $conffile; - exit 1; + # This is likely due to missing support for UsePam + print "$sshd is too old and is not supported\n"; + unlink $conffile; + exit 1; } # Start the server -- cgit v1.2.1 From fdc1b61507ae80bb4bfcec7a2ebac29e26059d43 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 31 Mar 2007 03:21:08 +0000 Subject: sshd might fail to start if given an unsupported configuration option. Try to avoid this problem checking for some possible unsupported options, and avoid using them in the configuration file. --- tests/sshserver.pl | 49 +++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 6 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index a50bdf07b..a00dbbcd8 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -86,6 +86,28 @@ if ($username eq "root") { exit 1; } +# Support for some options might have not been built into sshd. On some +# platforms specifying an unsupported option prevents sshd from starting. +# Check here for possible unsupported options, avoiding its use in sshd. +sub sshd_supports_opt($) { + my ($option) = @_; + my $err = 1; + chomp($err = qx($sshd -t -o $option=no 2>&1 | grep $option 2>&1 | wc -l)); + return !$err; +} + +my $supports_UsePAM = sshd_supports_opt('UsePAM'); +my $supports_UseDNS = sshd_supports_opt('UseDNS'); +my $supports_ChReAu = sshd_supports_opt('ChallengeResponseAuthentication'); +if ($verbose) { + print STDERR "sshd supports UsePAM: "; + print STDERR $supports_UsePAM ? "yes\n" : "no\n"; + print STDERR "sshd supports UseDNS: "; + print STDERR $supports_UseDNS ? "yes\n" : "no\n"; + print STDERR "sshd supports ChallengeResponseAuthentication: "; + print STDERR $supports_ChReAu ? "yes\n" : "no\n"; +} + if (! -e "curl_client_key.pub") { if ($verbose) { print STDERR "Generating host and client keys...\n"; @@ -96,8 +118,8 @@ if (! -e "curl_client_key.pub") { system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; } -open(FILE, ">$conffile") || die "Could not write $conffile"; -print FILE <$conffile") || die "Could not write $conffile"; +print $FILE <>$conffile")) { + print $FILE "$string\n"; + close $FILE; + } +} + +if ($supports_UsePAM) { + set_sshd_option('UsePAM no'); +} +if ($supports_UseDNS) { + set_sshd_option('UseDNS no'); +} +if ($supports_ChReAu) { + set_sshd_option('ChallengeResponseAuthentication no'); +} if (system "$sshd -t -q -f $conffile") { # This is likely due to missing support for UsePam -- cgit v1.2.1 From bdbaedc45222c0de88c40d8fd9dff98ada85ac3d Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 2 Apr 2007 01:21:57 +0000 Subject: verify ssh daemon version --- tests/sshserver.pl | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index a00dbbcd8..fefe1b557 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -86,6 +86,30 @@ if ($username eq "root") { exit 1; } +# Find out sshd version. +my $tmpstr; +my $ssh_daemon; +my $ssh_ver_major; +my $ssh_ver_minor; +my $ssh_ver_patch; +chomp($tmpstr = qx($sshd -V 2>&1 | grep OpenSSH)); +if ($tmpstr =~ /OpenSSH[_-](\d+)\.(\d+)(\.(\d+))*/) { + ($ssh_ver_major, $ssh_ver_minor, $ssh_ver_patch) = ($1, $2, $4); + $ssh_daemon = 'OpenSSH'; +} +if ($verbose) { + print STDERR "ssh_daemon: $ssh_daemon\n"; + print STDERR "ssh_ver_major: $ssh_ver_major\n"; + print STDERR "ssh_ver_minor: $ssh_ver_minor\n"; + print STDERR "ssh_ver_patch: $ssh_ver_patch\n"; +} + +# Verify minimum OpenSSH version. +if ($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37) + print "SCP and SFTP tests require OpenSSH 3.7 or later\n"; + exit 1; +} + # Support for some options might have not been built into sshd. On some # platforms specifying an unsupported option prevents sshd from starting. # Check here for possible unsupported options, avoiding its use in sshd. -- cgit v1.2.1 From b8c12fe658be792f852c1c4804a1538ff3ec197f Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 2 Apr 2007 04:14:59 +0000 Subject: fix error in previous commit --- tests/sshserver.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index fefe1b557..974891fcf 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -105,7 +105,7 @@ if ($verbose) { } # Verify minimum OpenSSH version. -if ($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37) +if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { print "SCP and SFTP tests require OpenSSH 3.7 or later\n"; exit 1; } -- cgit v1.2.1 From 4095c9de373eae19a696dfc3895a01bb4d4eab5a Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Tue, 3 Apr 2007 00:06:39 +0000 Subject: Eliminate the sshd option checking dependency on wc and make it faster. --- tests/sshserver.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 974891fcf..3295cca58 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -115,8 +115,7 @@ if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { # Check here for possible unsupported options, avoiding its use in sshd. sub sshd_supports_opt($) { my ($option) = @_; - my $err = 1; - chomp($err = qx($sshd -t -o $option=no 2>&1 | grep $option 2>&1 | wc -l)); + my $err = grep /$option/, qx($sshd -t -o $option=no 2>&1); return !$err; } -- cgit v1.2.1 From 161be66c8970084e5e7970353a1aef12a5f03022 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 3 Apr 2007 02:36:55 +0000 Subject: when detecting un/supported sshd options use curl's sshd config file. --- tests/sshserver.pl | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 3295cca58..178ea91e7 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -110,12 +110,18 @@ if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { exit 1; } +# Initialize sshd configuration file for curl's tests. +open(my $CONF, ">$conffile") || die "Could not write $conffile"; +print $CONF "# This is a generated file! Do not edit!\n"; +print $CONF "# OpenSSH sshd configuration file for curl testing\n"; +close $CONF; + # Support for some options might have not been built into sshd. On some # platforms specifying an unsupported option prevents sshd from starting. # Check here for possible unsupported options, avoiding its use in sshd. sub sshd_supports_opt($) { my ($option) = @_; - my $err = grep /$option/, qx($sshd -t -o $option=no 2>&1); + my $err = grep /Unsupported .* $option/, qx($sshd -t -f $conffile -o $option=no 2>&1); return !$err; } @@ -141,10 +147,8 @@ if (! -e "curl_client_key.pub") { system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; } -open(my $FILE, ">$conffile") || die "Could not write $conffile"; +open(my $FILE, ">>$conffile") || die "Could not write $conffile"; print $FILE < Date: Tue, 5 Jun 2007 13:50:59 +0000 Subject: Daniel Black's test suite fixes and initial test cases for SOCKS4/5 using openssh --- tests/sshserver.pl | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 178ea91e7..e24352023 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -23,7 +23,7 @@ if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys' || $^O eq 'dos' || $^O } # Where to look for sftp-server -my @sftppath=qw(/usr/lib/openssh /usr/libexec/openssh /usr/libexec /usr/local/libexec /opt/local/libexec /usr/lib/ssh /usr/libexec/ssh /usr/sbin /usr/lib /usr/lib/ssh/openssh /usr/lib64/ssh); +my @sftppath=qw(/usr/lib/openssh /usr/libexec/openssh /usr/libexec /usr/local/libexec /opt/local/libexec /usr/lib/ssh /usr/libexec/ssh /usr/sbin /usr/lib /usr/lib/ssh/openssh /usr/lib64/ssh /usr/lib64/misc); my $username = $ENV{USER}; @@ -55,6 +55,8 @@ do { } while(shift @ARGV); my $conffile="curl_sshd_config"; # sshd configuration data +my $conffile_ssh="curl_ssh_config"; # ssh configuration data +my $knownhostsfile="curl_client_knownhosts"; # ssh knownhosts file # Searching for sshd and sftp-server will be done first # in the PATH and afterwards in other common locations. @@ -146,9 +148,21 @@ if (! -e "curl_client_key.pub") { system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate key"; system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; } - -open(my $FILE, ">>$conffile") || die "Could not write $conffile"; -print $FILE < }; +close $DSAKEYFILE || die "Could not close RSAKEYFILE"; +open(my $RSAKEYFILE, "<", "curl_host_dsa_key.pub") || die 'Could not read curl_host_dsa_key.pub'; +my @rsahostkey = do { local $/ = ' '; <$RSAKEYFILE> }; +close $RSAKEYFILE || die "Could not close RSAKEYFILE"; +open(my $KNOWNHOSTS, ">>", $knownhostsfile) || die "Could not write $knownhostsfile"; +print {$KNOWNHOSTS} "[127.0.0.1]:$port ssh-dss $dsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; +print {$KNOWNHOSTS} "[127.0.0.1]:$port ssh-rsa $rsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; +close $KNOWNHOSTS || die "Could not close KNOWNHOSTS"; + + +open(my $FILE, ">>", $conffile) || die "Could not write $conffile"; +print $FILE <>", $conffile_ssh) || die "Could not write $conffile_ssh"; +print $SSHFILE < Date: Thu, 7 Jun 2007 19:49:09 +0000 Subject: Fixed some problems in starting SSH for use in SOCKS. --- tests/sshserver.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index e24352023..e650e2893 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -108,7 +108,7 @@ if ($verbose) { # Verify minimum OpenSSH version. if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { - print "SCP and SFTP tests require OpenSSH 3.7 or later\n"; + print "SCP, SFTP and SOCKS tests require OpenSSH 3.7 or later\n"; exit 1; } -- cgit v1.2.1 From 073a6cea45d52dcd02e9d35644fa6d8b05ceede9 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 7 Jun 2007 21:42:33 +0000 Subject: Renamed the sshd log file to sshd.log. Added more options to the ssh config file to improve the consistency of the test environment. Force a rewrite of the ssh config files on every invocation. Changed the opens to work on older versions of perl. --- tests/sshserver.pl | 84 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 50 insertions(+), 34 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index e650e2893..a79ceb122 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -1,6 +1,8 @@ #/usr/bin/env perl # $Id$ -# Start sshd for use in the SCP and SFTP curl test harness tests +# Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests. +# Also creates the ssh configuration files (this could be moved to a +# separate script). # Options: # -u user @@ -113,10 +115,10 @@ if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { } # Initialize sshd configuration file for curl's tests. -open(my $CONF, ">$conffile") || die "Could not write $conffile"; -print $CONF "# This is a generated file! Do not edit!\n"; -print $CONF "# OpenSSH sshd configuration file for curl testing\n"; -close $CONF; +open(CONF, ">$conffile") || die "Could not write $conffile"; +print CONF "# This is a generated file! Do not edit!\n"; +print CONF "# OpenSSH sshd configuration file for curl testing\n"; +close CONF; # Support for some options might have not been built into sshd. On some # platforms specifying an unsupported option prevents sshd from starting. @@ -148,21 +150,9 @@ if (! -e "curl_client_key.pub") { system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate key"; system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; } -# setup knownhosts -open(my $DSAKEYFILE, "<", "curl_host_dsa_key.pub") || die 'Could not read curl_host_dsa_key.pub'; -my @dsahostkey = do { local $/ = ' '; <$DSAKEYFILE> }; -close $DSAKEYFILE || die "Could not close RSAKEYFILE"; -open(my $RSAKEYFILE, "<", "curl_host_dsa_key.pub") || die 'Could not read curl_host_dsa_key.pub'; -my @rsahostkey = do { local $/ = ' '; <$RSAKEYFILE> }; -close $RSAKEYFILE || die "Could not close RSAKEYFILE"; -open(my $KNOWNHOSTS, ">>", $knownhostsfile) || die "Could not write $knownhostsfile"; -print {$KNOWNHOSTS} "[127.0.0.1]:$port ssh-dss $dsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; -print {$KNOWNHOSTS} "[127.0.0.1]:$port ssh-rsa $rsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; -close $KNOWNHOSTS || die "Could not close KNOWNHOSTS"; - - -open(my $FILE, ">>", $conffile) || die "Could not write $conffile"; -print $FILE <>", $conffile) || die "Could not write $conffile"; +print FILE <>", $conffile_ssh) || die "Could not write $conffile_ssh"; -print $SSHFILE <>$conffile")) { - print $FILE "$string\n"; - close $FILE; + if (open(FILE, ">>$conffile")) { + print FILE "$string\n"; + close FILE; } } @@ -222,6 +203,41 @@ if ($supports_ChReAu) { set_sshd_option('ChallengeResponseAuthentication no'); } + +# Now, set up some configuration files for the ssh client +open(DSAKEYFILE, "<", "curl_host_dsa_key.pub") || die 'Could not read curl_host_dsa_key.pub'; +my @dsahostkey = do { local $/ = ' '; }; +close DSAKEYFILE || die "Could not close RSAKEYFILE"; + +open(RSAKEYFILE, "<", "curl_host_dsa_key.pub") || die 'Could not read curl_host_dsa_key.pub'; +my @rsahostkey = do { local $/ = ' '; }; +close RSAKEYFILE || die "Could not close RSAKEYFILE"; + +open(KNOWNHOSTS, ">", $knownhostsfile) || die "Could not write $knownhostsfile"; +print KNOWNHOSTS "[127.0.0.1]:$port ssh-dss $dsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; +print KNOWNHOSTS "[127.0.0.1]:$port ssh-rsa $rsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; +close KNOWNHOSTS || die "Could not close KNOWNHOSTS"; + +open(SSHFILE, ">", $conffile_ssh) || die "Could not write $conffile_ssh"; +print SSHFILE < log/ssh.log 2>&1"; +my $rc = system "$sshd -e -D -f $conffile > log/sshd.log 2>&1"; $rc >>= 8; if($rc && $verbose) { print STDERR "$sshd exited with $rc!\n"; -- cgit v1.2.1 From 6a84d492f194d0847acf7ecd2c871654cb2f5e17 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Fri, 8 Jun 2007 17:32:24 +0000 Subject: Improved compatibility with perl 5.0 on the 'open' calls. --- tests/sshserver.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index a79ceb122..bdc3073bb 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -151,7 +151,7 @@ if (! -e "curl_client_key.pub") { system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; } -open(FILE, ">>", $conffile) || die "Could not write $conffile"; +open(FILE, ">>$conffile") || die "Could not write $conffile"; print FILE < }; close DSAKEYFILE || die "Could not close RSAKEYFILE"; -open(RSAKEYFILE, "<", "curl_host_dsa_key.pub") || die 'Could not read curl_host_dsa_key.pub'; +open(RSAKEYFILE, " }; close RSAKEYFILE || die "Could not close RSAKEYFILE"; -open(KNOWNHOSTS, ">", $knownhostsfile) || die "Could not write $knownhostsfile"; +open(KNOWNHOSTS, ">$knownhostsfile") || die "Could not write $knownhostsfile"; print KNOWNHOSTS "[127.0.0.1]:$port ssh-dss $dsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; print KNOWNHOSTS "[127.0.0.1]:$port ssh-rsa $rsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; close KNOWNHOSTS || die "Could not close KNOWNHOSTS"; -open(SSHFILE, ">", $conffile_ssh) || die "Could not write $conffile_ssh"; +open(SSHFILE, ">$conffile_ssh") || die "Could not write $conffile_ssh"; print SSHFILE < Date: Mon, 11 Jun 2007 17:49:25 +0000 Subject: We do not use RSA keys in the test suite. --- tests/sshserver.pl | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index bdc3073bb..a2413bb07 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -147,8 +147,8 @@ if (! -e "curl_client_key.pub") { } # Make sure all files are gone so ssh-keygen doesn't complain unlink("curl_host_dsa_key", "curl_client_key","curl_host_dsa_key.pub", "curl_client_key.pub"); - system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate key"; - system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate key"; + system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate host key"; + system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate client key"; } open(FILE, ">>$conffile") || die "Could not write $conffile"; @@ -207,15 +207,10 @@ if ($supports_ChReAu) { # Now, set up some configuration files for the ssh client open(DSAKEYFILE, " }; -close DSAKEYFILE || die "Could not close RSAKEYFILE"; - -open(RSAKEYFILE, " }; -close RSAKEYFILE || die "Could not close RSAKEYFILE"; +close DSAKEYFILE || die "Could not close DSAKEYFILE"; open(KNOWNHOSTS, ">$knownhostsfile") || die "Could not write $knownhostsfile"; print KNOWNHOSTS "[127.0.0.1]:$port ssh-dss $dsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; -print KNOWNHOSTS "[127.0.0.1]:$port ssh-rsa $rsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; close KNOWNHOSTS || die "Could not close KNOWNHOSTS"; open(SSHFILE, ">$conffile_ssh") || die "Could not write $conffile_ssh"; -- cgit v1.2.1 From b0aa11fde7da951e3a0a4746fbc2601b02d2888c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 14 Jun 2007 21:16:08 +0000 Subject: Tom Regner added /usr/lib/misc to the path to scan for sftp to make the sftp tests run fine on gentoo --- tests/sshserver.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index a2413bb07..d6802ea38 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -25,7 +25,7 @@ if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys' || $^O eq 'dos' || $^O } # Where to look for sftp-server -my @sftppath=qw(/usr/lib/openssh /usr/libexec/openssh /usr/libexec /usr/local/libexec /opt/local/libexec /usr/lib/ssh /usr/libexec/ssh /usr/sbin /usr/lib /usr/lib/ssh/openssh /usr/lib64/ssh /usr/lib64/misc); +my @sftppath=qw(/usr/lib/openssh /usr/libexec/openssh /usr/libexec /usr/local/libexec /opt/local/libexec /usr/lib/ssh /usr/libexec/ssh /usr/sbin /usr/lib /usr/lib/ssh/openssh /usr/lib64/ssh /usr/lib64/misc /usr/lib/misc); my $username = $ENV{USER}; -- cgit v1.2.1 From 89d119646d124c642b5b4d39227e69314e2b7879 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Wed, 18 Jul 2007 00:27:13 +0000 Subject: Use 512 bit keys to reduce the time taken to generate them. This shouldn't really reduce security since in the common case of a daily automated build the keys are only used for a single test run lasting a few minutes before being deleted. --- tests/sshserver.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index d6802ea38..38e7e7780 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -147,8 +147,8 @@ if (! -e "curl_client_key.pub") { } # Make sure all files are gone so ssh-keygen doesn't complain unlink("curl_host_dsa_key", "curl_client_key","curl_host_dsa_key.pub", "curl_client_key.pub"); - system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate host key"; - system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate client key"; + system "ssh-keygen -q -t dsa -b 512 -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate host key"; + system "ssh-keygen -q -t dsa -b 512 -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate client key"; } open(FILE, ">>$conffile") || die "Could not write $conffile"; -- cgit v1.2.1 From c7db74fe73a41cf54fea68c68bc4caefbaa85083 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 19 Jul 2007 01:42:22 +0000 Subject: Revert the 512 change since newer versions of OpenSSH don't support DSA keys that small. --- tests/sshserver.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 38e7e7780..d6802ea38 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -147,8 +147,8 @@ if (! -e "curl_client_key.pub") { } # Make sure all files are gone so ssh-keygen doesn't complain unlink("curl_host_dsa_key", "curl_client_key","curl_host_dsa_key.pub", "curl_client_key.pub"); - system "ssh-keygen -q -t dsa -b 512 -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate host key"; - system "ssh-keygen -q -t dsa -b 512 -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate client key"; + system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate host key"; + system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate client key"; } open(FILE, ">>$conffile") || die "Could not write $conffile"; -- cgit v1.2.1 From 0ed57d370d5fa183f573c54167d57b4cd909eea1 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Mon, 17 Sep 2007 21:39:34 +0000 Subject: Allow setting the IP address on which to listen for connections. --- tests/sshserver.pl | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index d6802ea38..bdff5a9bb 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -15,6 +15,7 @@ use File::Spec; my $verbose=0; # set to 1 for debugging my $port = 8999; # just our default, weird enough +my $listenaddr = "127.0.0.1"; # address on which to listen my $path = `pwd`; chomp $path; @@ -51,6 +52,10 @@ do { $username=$ARGV[1]; shift @ARGV; } + elsif($ARGV[0] eq "-l") { + $listenaddr=$ARGV[1]; + shift @ARGV; + } elsif($ARGV[0] =~ /^(\d+)$/) { $port = $1; } @@ -160,7 +165,7 @@ AuthorizedKeysFile $path/curl_client_key.pub HostKey $path/curl_host_dsa_key PidFile $path/.ssh.pid Port $port -ListenAddress localhost +ListenAddress $listenaddr Protocol 2 AllowTcpForwarding yes GatewayPorts no @@ -210,7 +215,7 @@ my @dsahostkey = do { local $/ = ' '; }; close DSAKEYFILE || die "Could not close DSAKEYFILE"; open(KNOWNHOSTS, ">$knownhostsfile") || die "Could not write $knownhostsfile"; -print KNOWNHOSTS "[127.0.0.1]:$port ssh-dss $dsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; +print KNOWNHOSTS "[$listenaddr]:$port ssh-dss $dsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; close KNOWNHOSTS || die "Could not close KNOWNHOSTS"; open(SSHFILE, ">$conffile_ssh") || die "Could not write $conffile_ssh"; -- cgit v1.2.1 From 2b15823dab89d504eee57bf91f3757a90ab3497b Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 17 Nov 2007 02:28:54 +0000 Subject: Add /usr/local/sbin and /usr/freeware/bin to the sshd locations search list --- tests/sshserver.pl | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index bdff5a9bb..3a30fbe5e 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -26,7 +26,23 @@ if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys' || $^O eq 'dos' || $^O } # Where to look for sftp-server -my @sftppath=qw(/usr/lib/openssh /usr/libexec/openssh /usr/libexec /usr/local/libexec /opt/local/libexec /usr/lib/ssh /usr/libexec/ssh /usr/sbin /usr/lib /usr/lib/ssh/openssh /usr/lib64/ssh /usr/lib64/misc /usr/lib/misc); +my @sftppath = qw( + /usr/lib/openssh + /usr/libexec/openssh + /usr/libexec + /usr/local/libexec + /opt/local/libexec + /usr/lib/ssh + /usr/libexec/ssh + /usr/sbin + /usr/lib + /usr/lib/ssh/openssh + /usr/lib64/ssh + /usr/lib64/misc + /usr/lib/misc + /usr/local/sbin + /usr/freeware/bin + ); my $username = $ENV{USER}; -- cgit v1.2.1 From c4e5613a7d431ca547d9e5d63dbafe51e66c1613 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 17 Nov 2007 17:43:33 +0000 Subject: When unable to start test suite sshserver, log if OpenSSH has not been found or the OpenSSH version found --- tests/sshserver.pl | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 3a30fbe5e..d5b49afe4 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -131,7 +131,14 @@ if ($verbose) { # Verify minimum OpenSSH version. if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { - print "SCP, SFTP and SOCKS tests require OpenSSH 3.7 or later\n"; + my $info; + if(!$ssh_daemon) { + $info = "OpenSSH not found"; + } + else { + $info = "Found OpenSSH $ssh_ver_major.$ssh_ver_minor" + } + print "$info: SCP, SFTP and SOCKS tests require OpenSSH 3.7 or later\n"; exit 1; } -- cgit v1.2.1 From 536f98a766143cf8c3222642cb5c00b4f994701a Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sun, 18 Nov 2007 01:16:44 +0000 Subject: Add /opt/ssh/sbin and /opt/ssh/libexec to the sshd locations search list. Improve wording of a couple of debug messages. --- tests/sshserver.pl | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index d5b49afe4..79fcd995b 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -42,6 +42,8 @@ my @sftppath = qw( /usr/lib/misc /usr/local/sbin /usr/freeware/bin + /opt/ssh/sbin + /opt/ssh/libexec ); my $username = $ENV{USER}; @@ -131,14 +133,13 @@ if ($verbose) { # Verify minimum OpenSSH version. if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { - my $info; if(!$ssh_daemon) { - $info = "OpenSSH not found"; + print "SSH server daemon found is not an OpenSSH daemon\n"; } else { - $info = "Found OpenSSH $ssh_ver_major.$ssh_ver_minor" + print "SSH server daemon found is OpenSSH $ssh_ver_major.$ssh_ver_minor\n"; } - print "$info: SCP, SFTP and SOCKS tests require OpenSSH 3.7 or later\n"; + print "SCP, SFTP and SOCKS tests require OpenSSH 3.7 or later\n"; exit 1; } -- cgit v1.2.1 From 968e943eac70f0c312247046dfb0afca6d1470a5 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 19 Nov 2007 01:49:28 +0000 Subject: Temporary change to help debugging string(s) returned by sshd -V when sshd is not being identified as an OpenSSH daemon --- tests/sshserver.pl | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 79fcd995b..d20ae6935 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -135,6 +135,8 @@ if ($verbose) { if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { if(!$ssh_daemon) { print "SSH server daemon found is not an OpenSSH daemon\n"; + chomp($tmpstr = qx($sshd -V 2>&1)); + print "$tmpstr\n"; } else { print "SSH server daemon found is OpenSSH $ssh_ver_major.$ssh_ver_minor\n"; -- cgit v1.2.1 From 5376d1047ce33e1e4ddf140bc9a5765462ee7673 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 19 Nov 2007 17:20:32 +0000 Subject: This is a temporary change to test if OpenSSH 3.6 and SunSSH 1.1 are good/compatible enough to run the test suite ssh server and socks tests --- tests/sshserver.pl | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index d20ae6935..563e9de72 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -124,6 +124,13 @@ if ($tmpstr =~ /OpenSSH[_-](\d+)\.(\d+)(\.(\d+))*/) { ($ssh_ver_major, $ssh_ver_minor, $ssh_ver_patch) = ($1, $2, $4); $ssh_daemon = 'OpenSSH'; } +if(!$ssh_daemon) { + chomp($tmpstr = qx($sshd -V 2>&1 | grep Sun_SSH)); + if($tmpstr =~ /Sun[_-]SSH[_-](\d+)\.(\d+)/) { + ($ssh_ver_major, $ssh_ver_minor) = ($1, $2); + $ssh_daemon = 'SunSSH'; + } +} if ($verbose) { print STDERR "ssh_daemon: $ssh_daemon\n"; print STDERR "ssh_ver_major: $ssh_ver_major\n"; @@ -131,16 +138,23 @@ if ($verbose) { print STDERR "ssh_ver_patch: $ssh_ver_patch\n"; } -# Verify minimum OpenSSH version. -if (($ssh_daemon !~ /OpenSSH/) || (10 * $ssh_ver_major + $ssh_ver_minor < 37)) { - if(!$ssh_daemon) { - print "SSH server daemon found is not an OpenSSH daemon\n"; - chomp($tmpstr = qx($sshd -V 2>&1)); - print "$tmpstr\n"; - } - else { - print "SSH server daemon found is OpenSSH $ssh_ver_major.$ssh_ver_minor\n"; - } +# Verify minimum SSH daemon version. +my $sshd_ver_ok = 1; +if(($ssh_daemon =~ /OpenSSH/) && (10 * $ssh_ver_major + $ssh_ver_minor < 36)) { + print "SSH server daemon found is OpenSSH $ssh_ver_major.$ssh_ver_minor\n"; + $sshd_ver_ok = 0; +} +if(($ssh_daemon =~ /SunSSH/) && (10 * $ssh_ver_major + $ssh_ver_minor < 11)) { + print "SSH server daemon found is SunSSH $ssh_ver_major.$ssh_ver_minor\n"; + $sshd_ver_ok = 0; +} +if(!$ssh_daemon) { + print "SSH server daemon found is not OpenSSH nor SunSSH\n"; + chomp($tmpstr = qx($sshd -V 2>&1)); + print "$tmpstr\n"; + $sshd_ver_ok = 0; +} +if(!$sshd_ver_ok) { print "SCP, SFTP and SOCKS tests require OpenSSH 3.7 or later\n"; exit 1; } -- cgit v1.2.1 From 258c4686b2a2e155bbc26015f9fc6e8821740cc5 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 20 Nov 2007 14:10:09 +0000 Subject: Improve detection of sshd un/supported options. Gather additional debug info when the test suite ssh server fails to start. --- tests/sshserver.pl | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 563e9de72..695b3728d 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -61,6 +61,19 @@ sub searchpath { } } +# Display contents of the given file. +sub displayfile { + my ($file) = @_; + print "=== Start of file $file\n"; + if(open(SINGLE, "<$file")) { + while(my $string = ) { + print "$string"; + } + close(SINGLE); + } + print "=== End of file $file\n"; +} + # Parse options do { if($ARGV[0] eq "-v") { @@ -170,7 +183,8 @@ close CONF; # Check here for possible unsupported options, avoiding its use in sshd. sub sshd_supports_opt($) { my ($option) = @_; - my $err = grep /Unsupported .* $option/, qx($sshd -t -f $conffile -o $option=no 2>&1); + my $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/, + qx($sshd -t -f $conffile -o $option=no 2>&1); return !$err; } @@ -278,9 +292,13 @@ EOFSSH close SSHFILE || die "Could not close $conffile_ssh"; -if (system "$sshd -t -q -f $conffile") { +# Verify that sshd supports our configuration file +if (system "$sshd -t -f $conffile > log/sshd.log 2>&1") { # This is likely due to missing support for UsePam print "$sshd is too old and is not supported\n"; + displayfile("log/sshd.log"); + displayfile("$conffile"); + unlink "log/sshd.log"; unlink $conffile; exit 1; } @@ -291,6 +309,11 @@ $rc >>= 8; if($rc && $verbose) { print STDERR "$sshd exited with $rc!\n"; } +if($rc) { + print "$sshd exited with $rc!\n"; + displayfile("log/sshd.log"); + displayfile("$conffile"); +} unlink $conffile; -- cgit v1.2.1 From 6dfb5b4e1f5e267af29660a3ce6718f147f6e234 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 20 Nov 2007 16:47:56 +0000 Subject: Don't gather additional debug info unless sshd actually fails --- tests/sshserver.pl | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 695b3728d..049200941 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -304,17 +304,24 @@ if (system "$sshd -t -f $conffile > log/sshd.log 2>&1") { } # Start the server -my $rc = system "$sshd -e -D -f $conffile > log/sshd.log 2>&1"; -$rc >>= 8; -if($rc && $verbose) { - print STDERR "$sshd exited with $rc!\n"; +my $cmdretval = system "$sshd -e -D -f $conffile > log/sshd.log 2>&1"; +my $cmdnoexec = $!; +if ($cmdretval == -1) { + print "$sshd failed with: \n"; + print "$cmdnoexec \n"; + displayfile("log/sshd.log"); + displayfile("$conffile"); } -if($rc) { - print "$sshd exited with $rc!\n"; +elsif ($cmdretval & 127) { + printf("$sshd died with signal %d, and %s coredump.\n", + ($cmdretval & 127), ($cmdretval & 128)?"a":"no"); displayfile("log/sshd.log"); displayfile("$conffile"); } +elsif ($verbose && ($cmdretval >> 8)) { + printf("$sshd exited with %d \n", $cmdretval >> 8); +} unlink $conffile; -exit $rc; +exit $cmdretval >> 8; -- cgit v1.2.1 From d59841618d79385ccc151025d8035ea11acbbdac Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 26 Nov 2007 02:45:24 +0000 Subject: Temporary change to better debug startup failures of test suite ssh and socks servers. --- tests/sshserver.pl | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 049200941..103ab142a 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -13,6 +13,7 @@ use strict; use File::Spec; my $verbose=0; # set to 1 for debugging +my $showfiles=0; my $port = 8999; # just our default, weird enough my $listenaddr = "127.0.0.1"; # address on which to listen @@ -136,12 +137,18 @@ chomp($tmpstr = qx($sshd -V 2>&1 | grep OpenSSH)); if ($tmpstr =~ /OpenSSH[_-](\d+)\.(\d+)(\.(\d+))*/) { ($ssh_ver_major, $ssh_ver_minor, $ssh_ver_patch) = ($1, $2, $4); $ssh_daemon = 'OpenSSH'; + if(10 * $ssh_ver_major + $ssh_ver_minor == 36) { + $showfiles=1; + } } if(!$ssh_daemon) { chomp($tmpstr = qx($sshd -V 2>&1 | grep Sun_SSH)); if($tmpstr =~ /Sun[_-]SSH[_-](\d+)\.(\d+)/) { ($ssh_ver_major, $ssh_ver_minor) = ($1, $2); $ssh_daemon = 'SunSSH'; + if(10 * $ssh_ver_major + $ssh_ver_minor == 11) { + $showfiles=1; + } } } if ($verbose) { @@ -322,6 +329,11 @@ elsif ($verbose && ($cmdretval >> 8)) { printf("$sshd exited with %d \n", $cmdretval >> 8); } +if($showfiles) { + displayfile("log/sshd.log"); + displayfile("$conffile"); +} + unlink $conffile; exit $cmdretval >> 8; -- cgit v1.2.1 From a418d290f14c8cec0764a3f8f7913b7e02e93831 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 27 Nov 2007 00:52:30 +0000 Subject: Explicitly disallow remote hosts to connect to local forwarded ports, the socks server port in the test suite. This is the default setting unless a tinkered built ssh is being used. --- tests/sshserver.pl | 1 + 1 file changed, 1 insertion(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 103ab142a..77cd1f542 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -290,6 +290,7 @@ CheckHostIP no Compression no ConnectTimeout 20 ForwardX11 no +GatewayPorts no HostbasedAuthentication yes NoHostAuthenticationForLocalhost no # Newer OpenSSH options -- cgit v1.2.1 From 0c367fef946fa8b53897fd51896790144ec70d3d Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 27 Nov 2007 20:57:22 +0000 Subject: ConnectTimeout requires OpenSSH 3.7 or later --- tests/sshserver.pl | 94 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 55 insertions(+), 39 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 77cd1f542..2ba61f1b2 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -12,12 +12,16 @@ use strict; use File::Spec; -my $verbose=0; # set to 1 for debugging +my $verbose=1; # set to 1 for debugging my $showfiles=0; my $port = 8999; # just our default, weird enough my $listenaddr = "127.0.0.1"; # address on which to listen +my $conffile="curl_sshd_config"; # sshd configuration data +my $conffile_ssh="curl_ssh_config"; # ssh configuration data +my $knownhostsfile="curl_client_knownhosts"; # ssh knownhosts file + my $path = `pwd`; chomp $path; @@ -75,6 +79,24 @@ sub displayfile { print "=== End of file $file\n"; } +# Append a string to sshd config file +sub set_sshd_option { + my ($string) = @_; + if (open(FILE, ">>$conffile")) { + print FILE "$string\n"; + close FILE; + } +} + +# Append a string to ssh config file +sub set_ssh_option { + my ($string) = @_; + if (open(FILE, ">>$conffile_ssh")) { + print FILE "$string\n"; + close FILE; + } +} + # Parse options do { if($ARGV[0] eq "-v") { @@ -93,10 +115,6 @@ do { } } while(shift @ARGV); -my $conffile="curl_sshd_config"; # sshd configuration data -my $conffile_ssh="curl_ssh_config"; # ssh configuration data -my $knownhostsfile="curl_client_knownhosts"; # ssh knownhosts file - # Searching for sshd and sftp-server will be done first # in the PATH and afterwards in other common locations. my @spath; @@ -133,45 +151,48 @@ my $ssh_daemon; my $ssh_ver_major; my $ssh_ver_minor; my $ssh_ver_patch; -chomp($tmpstr = qx($sshd -V 2>&1 | grep OpenSSH)); -if ($tmpstr =~ /OpenSSH[_-](\d+)\.(\d+)(\.(\d+))*/) { - ($ssh_ver_major, $ssh_ver_minor, $ssh_ver_patch) = ($1, $2, $4); - $ssh_daemon = 'OpenSSH'; - if(10 * $ssh_ver_major + $ssh_ver_minor == 36) { - $showfiles=1; +my $ssh_version; +foreach $tmpstr (qx($sshd -V 2>&1)) { + if($tmpstr =~ /OpenSSH[_-](\d+)\.(\d+)(\.(\d+))*/i) { + ($ssh_ver_major, $ssh_ver_minor, $ssh_ver_patch) = ($1, $2, $4); + $ssh_daemon = 'OpenSSH'; + $ssh_version = 10 * $ssh_ver_major + $ssh_ver_minor; + if($ssh_version == 36) { + $showfiles=1; + } + last; } -} -if(!$ssh_daemon) { - chomp($tmpstr = qx($sshd -V 2>&1 | grep Sun_SSH)); - if($tmpstr =~ /Sun[_-]SSH[_-](\d+)\.(\d+)/) { + if($tmpstr =~ /Sun[_-]SSH[_-](\d+)\.(\d+)/i) { ($ssh_ver_major, $ssh_ver_minor) = ($1, $2); $ssh_daemon = 'SunSSH'; - if(10 * $ssh_ver_major + $ssh_ver_minor == 11) { + $ssh_version = 10 * $ssh_ver_major + $ssh_ver_minor; + if($ssh_version == 11) { $showfiles=1; } + last; } } -if ($verbose) { - print STDERR "ssh_daemon: $ssh_daemon\n"; - print STDERR "ssh_ver_major: $ssh_ver_major\n"; - print STDERR "ssh_ver_minor: $ssh_ver_minor\n"; - print STDERR "ssh_ver_patch: $ssh_ver_patch\n"; -} # Verify minimum SSH daemon version. my $sshd_ver_ok = 1; -if(($ssh_daemon =~ /OpenSSH/) && (10 * $ssh_ver_major + $ssh_ver_minor < 36)) { - print "SSH server daemon found is OpenSSH $ssh_ver_major.$ssh_ver_minor\n"; +if(!$ssh_daemon) { + if($verbose) { + print STDERR "unsupported SSH server daemon found\n"; + chomp($tmpstr = qx($sshd -V 2>&1)); + print STDERR "$tmpstr\n"; + } $sshd_ver_ok = 0; } -if(($ssh_daemon =~ /SunSSH/) && (10 * $ssh_ver_major + $ssh_ver_minor < 11)) { - print "SSH server daemon found is SunSSH $ssh_ver_major.$ssh_ver_minor\n"; +elsif(($ssh_daemon =~ /OpenSSH/) && ($ssh_version < 36)) { + if($verbose) { + print STDERR "sshd found is $ssh_daemon $ssh_ver_major.$ssh_ver_minor\n"; + } $sshd_ver_ok = 0; } -if(!$ssh_daemon) { - print "SSH server daemon found is not OpenSSH nor SunSSH\n"; - chomp($tmpstr = qx($sshd -V 2>&1)); - print "$tmpstr\n"; +elsif(($ssh_daemon =~ /SunSSH/) && ($ssh_version < 11)) { + if($verbose) { + print STDERR "sshd found is $ssh_daemon $ssh_ver_major.$ssh_ver_minor\n"; + } $sshd_ver_ok = 0; } if(!$sshd_ver_ok) { @@ -251,14 +272,6 @@ EOFSSHD ; close FILE || die "Could not close $conffile"; -sub set_sshd_option { - my ($string) = @_; - if (open(FILE, ">>$conffile")) { - print FILE "$string\n"; - close FILE; - } -} - if ($supports_UsePAM) { set_sshd_option('UsePAM no'); } @@ -288,7 +301,6 @@ Protocol 2 BatchMode yes CheckHostIP no Compression no -ConnectTimeout 20 ForwardX11 no GatewayPorts no HostbasedAuthentication yes @@ -299,6 +311,10 @@ EOFSSH ; close SSHFILE || die "Could not close $conffile_ssh"; +if(($ssh_daemon =~ /OpenSSH/) && ($ssh_version >= 37)) { + set_ssh_option('ConnectTimeout 20'); # Supported in OpenSSH 3.7 and later +} + # Verify that sshd supports our configuration file if (system "$sshd -t -f $conffile > log/sshd.log 2>&1") { -- cgit v1.2.1 From cf806748ec03a63de9e299ed257d8779e8d8c77b Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 28 Nov 2007 01:46:28 +0000 Subject: To allow remote log inspection avoid redirecting messages to stderr. Cleanup some debugging messages. Unlink log file on exit. --- tests/sshserver.pl | 52 ++++++++++++++++++++-------------------------------- 1 file changed, 20 insertions(+), 32 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 2ba61f1b2..8cad2248b 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -128,7 +128,7 @@ if (!$sshd) { exit 1; } if ($verbose) { - print STDERR "SSH server found at $sshd\n"; + print "SSH server found is $sshd\n"; } my $sftp = searchpath("sftp-server", @spath); @@ -137,7 +137,7 @@ if (!$sftp) { exit 1; } if ($verbose) { - print STDERR "SFTP server plugin found at $sftp\n"; + print "SFTP server plugin found is $sftp\n"; } if ($username eq "root") { @@ -177,21 +177,21 @@ foreach $tmpstr (qx($sshd -V 2>&1)) { my $sshd_ver_ok = 1; if(!$ssh_daemon) { if($verbose) { - print STDERR "unsupported SSH server daemon found\n"; + print "unsupported SSH server daemon found\n"; chomp($tmpstr = qx($sshd -V 2>&1)); - print STDERR "$tmpstr\n"; + print "$tmpstr\n"; } $sshd_ver_ok = 0; } elsif(($ssh_daemon =~ /OpenSSH/) && ($ssh_version < 36)) { if($verbose) { - print STDERR "sshd found is $ssh_daemon $ssh_ver_major.$ssh_ver_minor\n"; + print "sshd found is $ssh_daemon $ssh_ver_major.$ssh_ver_minor\n"; } $sshd_ver_ok = 0; } elsif(($ssh_daemon =~ /SunSSH/) && ($ssh_version < 11)) { if($verbose) { - print STDERR "sshd found is $ssh_daemon $ssh_ver_major.$ssh_ver_minor\n"; + print "sshd found is $ssh_daemon $ssh_ver_major.$ssh_ver_minor\n"; } $sshd_ver_ok = 0; } @@ -203,7 +203,7 @@ if(!$sshd_ver_ok) { # Initialize sshd configuration file for curl's tests. open(CONF, ">$conffile") || die "Could not write $conffile"; print CONF "# This is a generated file! Do not edit!\n"; -print CONF "# OpenSSH sshd configuration file for curl testing\n"; +print CONF "# $ssh_daemon $ssh_ver_major.$ssh_ver_minor sshd configuration file for curl testing\n"; close CONF; # Support for some options might have not been built into sshd. On some @@ -219,18 +219,10 @@ sub sshd_supports_opt($) { my $supports_UsePAM = sshd_supports_opt('UsePAM'); my $supports_UseDNS = sshd_supports_opt('UseDNS'); my $supports_ChReAu = sshd_supports_opt('ChallengeResponseAuthentication'); -if ($verbose) { - print STDERR "sshd supports UsePAM: "; - print STDERR $supports_UsePAM ? "yes\n" : "no\n"; - print STDERR "sshd supports UseDNS: "; - print STDERR $supports_UseDNS ? "yes\n" : "no\n"; - print STDERR "sshd supports ChallengeResponseAuthentication: "; - print STDERR $supports_ChReAu ? "yes\n" : "no\n"; -} if (! -e "curl_client_key.pub") { if ($verbose) { - print STDERR "Generating host and client keys...\n"; + print "Generating host and client keys...\n"; } # Make sure all files are gone so ssh-keygen doesn't complain unlink("curl_host_dsa_key", "curl_client_key","curl_host_dsa_key.pub", "curl_client_key.pub"); @@ -318,8 +310,7 @@ if(($ssh_daemon =~ /OpenSSH/) && ($ssh_version >= 37)) { # Verify that sshd supports our configuration file if (system "$sshd -t -f $conffile > log/sshd.log 2>&1") { - # This is likely due to missing support for UsePam - print "$sshd is too old and is not supported\n"; + print "sshd configuration file failed verification\n"; displayfile("log/sshd.log"); displayfile("$conffile"); unlink "log/sshd.log"; @@ -328,22 +319,18 @@ if (system "$sshd -t -f $conffile > log/sshd.log 2>&1") { } # Start the server -my $cmdretval = system "$sshd -e -D -f $conffile > log/sshd.log 2>&1"; -my $cmdnoexec = $!; -if ($cmdretval == -1) { - print "$sshd failed with: \n"; - print "$cmdnoexec \n"; - displayfile("log/sshd.log"); - displayfile("$conffile"); +my $rc = system "$sshd -e -D -f $conffile > log/sshd.log 2>&1"; +if($rc == -1) { + print "$sshd failed with: $!\n"; + $showfiles=1; } -elsif ($cmdretval & 127) { +elsif($rc & 127) { printf("$sshd died with signal %d, and %s coredump.\n", - ($cmdretval & 127), ($cmdretval & 128)?"a":"no"); - displayfile("log/sshd.log"); - displayfile("$conffile"); + ($rc & 127), ($rc & 128)?"a":"no"); + $showfiles=1; } -elsif ($verbose && ($cmdretval >> 8)) { - printf("$sshd exited with %d \n", $cmdretval >> 8); +elsif($verbose && ($rc >> 8)) { + printf("$sshd exited with %d \n", $rc >> 8); } if($showfiles) { @@ -351,6 +338,7 @@ if($showfiles) { displayfile("$conffile"); } +unlink "log/sshd.log"; unlink $conffile; -exit $cmdretval >> 8; +exit $rc >> 8; -- cgit v1.2.1 From 9cd30c20120888ce08276ed00a11e858e44ff3f4 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Sat, 22 Dec 2007 18:25:43 +0000 Subject: Use getcwd() to get the directory, which works even if one of the directory components doesn't have read permission set. --- tests/sshserver.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 8cad2248b..dafa60e24 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -11,6 +11,7 @@ use strict; use File::Spec; +use Cwd; my $verbose=1; # set to 1 for debugging my $showfiles=0; @@ -22,8 +23,7 @@ my $conffile="curl_sshd_config"; # sshd configuration data my $conffile_ssh="curl_ssh_config"; # ssh configuration data my $knownhostsfile="curl_client_knownhosts"; # ssh knownhosts file -my $path = `pwd`; -chomp $path; +my $path = getcwd(); my $exeext; if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys' || $^O eq 'dos' || $^O eq 'os2') { -- cgit v1.2.1 From fd8d862c3762cb9ec51a81b3917483e04dea9840 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Thu, 3 Jan 2008 20:48:22 +0000 Subject: Modify test harness so that the minimum SSH version required to run SCP, SFTP and SOCKS4 tests is now OpenSSH 2.9.9 or SunSSH 1.0 For SOCKS5 tests minimum versions are OpenSSH 3.7 or SunSSH 1.0 --- tests/sshserver.pl | 1082 ++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 797 insertions(+), 285 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index dafa60e24..2d95ea3ee 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -1,344 +1,856 @@ -#/usr/bin/env perl +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at http://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# # $Id$ +#*************************************************************************** + # Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests. -# Also creates the ssh configuration files (this could be moved to a -# separate script). +# Also creates the ssh configuration files needed for these tests. # Options: -# -u user +# # -v -# target_port +# -d +# -u user +# -l listen address +# -p SCP/SFTP server port +# -s SOCKS4/5 server port use strict; -use File::Spec; +#use warnings; use Cwd; -my $verbose=1; # set to 1 for debugging -my $showfiles=0; - -my $port = 8999; # just our default, weird enough -my $listenaddr = "127.0.0.1"; # address on which to listen - -my $conffile="curl_sshd_config"; # sshd configuration data -my $conffile_ssh="curl_ssh_config"; # ssh configuration data -my $knownhostsfile="curl_client_knownhosts"; # ssh knownhosts file - -my $path = getcwd(); - -my $exeext; -if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys' || $^O eq 'dos' || $^O eq 'os2') { - $exeext = '.exe'; -} - -# Where to look for sftp-server -my @sftppath = qw( - /usr/lib/openssh - /usr/libexec/openssh - /usr/libexec - /usr/local/libexec - /opt/local/libexec - /usr/lib/ssh - /usr/libexec/ssh - /usr/sbin - /usr/lib - /usr/lib/ssh/openssh - /usr/lib64/ssh - /usr/lib64/misc - /usr/lib/misc - /usr/local/sbin - /usr/freeware/bin - /opt/ssh/sbin - /opt/ssh/libexec +#*************************************************************************** +# Variables and subs imported from sshhelp module +# +use sshhelp qw( + $sshdexe + $sshexe + $sftpexe + $sshkeygenexe + $sshdconfig + $sshconfig + $knownhosts + $sshdlog + $sshlog + $hstprvkeyf + $hstpubkeyf + $cliprvkeyf + $clipubkeyf + display_sshdconfig + display_sshconfig + display_sshdlog + display_sshlog + dump_array + find_sshd + find_ssh + find_sftp + find_sshkeygen + logmsg + sshversioninfo ); -my $username = $ENV{USER}; - -# Find a file somewhere in the given path -sub searchpath { - my $fn = $_[0] . $exeext; - shift; - my @path = @_; - foreach (@path) { - my $file = File::Spec->catfile($_, $fn); - if (-e $file) { - return $file; - } - } -} - -# Display contents of the given file. -sub displayfile { - my ($file) = @_; - print "=== Start of file $file\n"; - if(open(SINGLE, "<$file")) { - while(my $string = ) { - print "$string"; - } - close(SINGLE); - } - print "=== End of file $file\n"; -} +#*************************************************************************** -# Append a string to sshd config file -sub set_sshd_option { - my ($string) = @_; - if (open(FILE, ">>$conffile")) { - print FILE "$string\n"; - close FILE; - } -} +my $verbose = 1; # set to 1 for debugging +my $debugprotocol = 0; # set to 1 for protocol debugging +my $port = 8999; # our default SCP/SFTP server port +my $socksport = $port + 1; # our default SOCKS4/5 server port +my $listenaddr = '127.0.0.1'; # default address on which to listen +my $path = getcwd(); # current working directory +my $username = $ENV{USER}; # default user + +my $error; +my @cfgarr; -# Append a string to ssh config file -sub set_ssh_option { - my ($string) = @_; - if (open(FILE, ">>$conffile_ssh")) { - print FILE "$string\n"; - close FILE; - } -} -# Parse options -do { - if($ARGV[0] eq "-v") { - $verbose=1; +#*************************************************************************** +# Parse command line options +# +while(@ARGV) { + if($ARGV[0] eq '-v') { + $verbose = 1; + } + elsif($ARGV[0] eq '-d') { + $verbose = 1; + $debugprotocol = 1; + } + elsif($ARGV[0] eq '-u') { + $username = $ARGV[1]; + shift @ARGV; } - elsif($ARGV[0] eq "-u") { - $username=$ARGV[1]; + elsif($ARGV[0] eq '-l') { + $listenaddr = $ARGV[1]; shift @ARGV; } - elsif($ARGV[0] eq "-l") { - $listenaddr=$ARGV[1]; + elsif($ARGV[0] eq '-p') { + if($ARGV[1] =~ /^(\d+)$/) { + $port = $1; + } shift @ARGV; } - elsif($ARGV[0] =~ /^(\d+)$/) { - $port = $1; + elsif($ARGV[0] eq '-s') { + if($ARGV[1] =~ /^(\d+)$/) { + $socksport = $1; + } + shift @ARGV; } -} while(shift @ARGV); - -# Searching for sshd and sftp-server will be done first -# in the PATH and afterwards in other common locations. -my @spath; -push(@spath, File::Spec->path()); -push(@spath, @sftppath); - -# sshd insists on being called with an absolute path. -my $sshd = searchpath("sshd", @spath); -if (!$sshd) { - print "sshd$exeext not found\n"; + shift @ARGV; +}; + + +#*************************************************************************** +# Logging level for ssh server and client +# +my $loglevel = $debugprotocol?'DEBUG2':'INFO'; + + +#*************************************************************************** +# Validate username +# +if(!$username) { + $error = 'Will not run ssh server without a user name'; +} +elsif($username eq 'root') { + $error = 'Will not run ssh server as root to mitigate security risks'; +} +if($error) { + logmsg $error; exit 1; } -if ($verbose) { - print "SSH server found is $sshd\n"; + + +#*************************************************************************** +# Find out ssh daemon canonical file name +# +my $sshd = find_sshd(); +if(!$sshd) { + logmsg "cannot find $sshdexe"; + exit 1; } -my $sftp = searchpath("sftp-server", @spath); -if (!$sftp) { - print "Could not find sftp-server$exeext plugin\n"; + +#*************************************************************************** +# Find out ssh daemon version info +# +my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd); +if(!$sshdid) { + # Not an OpenSSH or SunSSH ssh daemon + logmsg $sshderror if($verbose); + logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later'; exit 1; } -if ($verbose) { - print "SFTP server plugin found is $sftp\n"; +logmsg "ssh server found $sshd is $sshdverstr" if($verbose); + + +#*************************************************************************** +# ssh daemon command line options we might use and version support +# +# -e: log stderr : OpenSSH 2.9.0 and later +# -f: sshd config file : OpenSSH 1.2.1 and later +# -D: no daemon forking : OpenSSH 2.5.0 and later +# -o: command-line option : OpenSSH 3.1.0 and later +# -t: test config file : OpenSSH 2.9.9 and later +# -?: sshd version info : OpenSSH 1.2.1 and later +# +# -e: log stderr : SunSSH 1.0.0 and later +# -f: sshd config file : SunSSH 1.0.0 and later +# -D: no daemon forking : SunSSH 1.0.0 and later +# -o: command-line option : SunSSH 1.0.0 and later +# -t: test config file : SunSSH 1.0.0 and later +# -?: sshd version info : SunSSH 1.0.0 and later + + +#*************************************************************************** +# Verify minimum ssh daemon version +# +if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) || + (($sshdid =~ /SunSSH/) && ($sshdvernum < 100))) { + logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later'; + exit 1; } -if ($username eq "root") { - print "Will not run ssh daemon as root to mitigate security risks\n"; + +#*************************************************************************** +# Find out sftp server plugin canonical file name +# +my $sftp = find_sftp(); +if(!$sftp) { + logmsg "cannot find $sftpexe"; exit 1; } +logmsg "sftp server plugin found $sftp" if($verbose); -# Find out sshd version. -my $tmpstr; -my $ssh_daemon; -my $ssh_ver_major; -my $ssh_ver_minor; -my $ssh_ver_patch; -my $ssh_version; -foreach $tmpstr (qx($sshd -V 2>&1)) { - if($tmpstr =~ /OpenSSH[_-](\d+)\.(\d+)(\.(\d+))*/i) { - ($ssh_ver_major, $ssh_ver_minor, $ssh_ver_patch) = ($1, $2, $4); - $ssh_daemon = 'OpenSSH'; - $ssh_version = 10 * $ssh_ver_major + $ssh_ver_minor; - if($ssh_version == 36) { - $showfiles=1; - } - last; + +#*************************************************************************** +# Find out ssh keygen canonical file name +# +my $sshkeygen = find_sshkeygen(); +if(!$sshkeygen) { + logmsg "cannot find $sshkeygenexe"; + exit 1; +} +logmsg "ssh keygen found $sshkeygen" if($verbose); + + +#*************************************************************************** +# Find out ssh client canonical file name +# +my $ssh = find_ssh(); +if(!$ssh) { + logmsg "cannot find $sshexe"; + exit 1; +} + + +#*************************************************************************** +# Find out ssh client version info +# +my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh); +if(!$sshid) { + # Not an OpenSSH or SunSSH ssh client + logmsg $ssherror if($verbose); + logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later'; + exit 1; +} +logmsg "ssh client found $ssh is $sshverstr" if($verbose); + + +#*************************************************************************** +# ssh client command line options we might use and version support +# +# -D: dynamic app port forwarding : OpenSSH 2.9.9 and later +# -F: ssh config file : OpenSSH 2.9.9 and later +# -N: no shell/command : OpenSSH 2.1.0 and later +# -p: connection port : OpenSSH 1.2.1 and later +# -v: verbose messages : OpenSSH 1.2.1 and later +# -vv: increase verbosity : OpenSSH 2.3.0 and later +# -V: ssh version info : OpenSSH 1.2.1 and later +# +# -D: dynamic app port forwarding : SunSSH 1.0.0 and later +# -F: ssh config file : SunSSH 1.0.0 and later +# -N: no shell/command : SunSSH 1.0.0 and later +# -p: connection port : SunSSH 1.0.0 and later +# -v: verbose messages : SunSSH 1.0.0 and later +# -vv: increase verbosity : SunSSH 1.0.0 and later +# -V: ssh version info : SunSSH 1.0.0 and later + + +#*************************************************************************** +# Verify minimum ssh client version +# +if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) || + (($sshid =~ /SunSSH/) && ($sshvernum < 100))) { + logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later'; + exit 1; +} + + +#*************************************************************************** +# ssh keygen command line options we actually use and version support +# +# -C: identity comment : OpenSSH 1.2.1 and later +# -f: key filename : OpenSSH 1.2.1 and later +# -N: new passphrase : OpenSSH 1.2.1 and later +# -q: quiet keygen : OpenSSH 1.2.1 and later +# -t: key type : OpenSSH 2.5.0 and later +# +# -C: identity comment : SunSSH 1.0.0 and later +# -f: key filename : SunSSH 1.0.0 and later +# -N: new passphrase : SunSSH 1.0.0 and later +# -q: quiet keygen : SunSSH 1.0.0 and later +# -t: key type : SunSSH 1.0.0 and later + + +#*************************************************************************** +# Generate host and client key files for curl's tests +# +if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || + (! -e $cliprvkeyf) || (! -e $clipubkeyf)) { + # Make sure all files are gone so ssh-keygen doesn't complain + unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf); + logmsg 'generating host keys...' if($verbose); + if(system "$sshkeygen -q -t dsa -f $hstprvkeyf -C 'curl test server' -N ''") { + logmsg 'Could not generate host key'; + exit 1; } - if($tmpstr =~ /Sun[_-]SSH[_-](\d+)\.(\d+)/i) { - ($ssh_ver_major, $ssh_ver_minor) = ($1, $2); - $ssh_daemon = 'SunSSH'; - $ssh_version = 10 * $ssh_ver_major + $ssh_ver_minor; - if($ssh_version == 11) { - $showfiles=1; - } - last; + logmsg 'generating client keys...' if($verbose); + if(system "$sshkeygen -q -t dsa -f $cliprvkeyf -C 'curl test client' -N ''") { + logmsg 'Could not generate client key'; + exit 1; } } -# Verify minimum SSH daemon version. -my $sshd_ver_ok = 1; -if(!$ssh_daemon) { - if($verbose) { - print "unsupported SSH server daemon found\n"; - chomp($tmpstr = qx($sshd -V 2>&1)); - print "$tmpstr\n"; - } - $sshd_ver_ok = 0; + +#*************************************************************************** +# ssh daemon configuration file options we might use and version support +# +# AFSTokenPassing : OpenSSH 1.2.1 and later [1] +# AcceptEnv : OpenSSH 3.9.0 and later +# AddressFamily : OpenSSH 4.0.0 and later +# AllowGroups : OpenSSH 1.2.1 and later +# AllowTcpForwarding : OpenSSH 2.3.0 and later +# AllowUsers : OpenSSH 1.2.1 and later +# AuthorizedKeysFile : OpenSSH 2.9.9 and later +# Banner : OpenSSH 2.5.0 and later +# ChallengeResponseAuthentication : OpenSSH 2.5.0 and later +# Ciphers : OpenSSH 2.1.0 and later [3] +# ClientAliveCountMax : OpenSSH 2.9.0 and later +# ClientAliveInterval : OpenSSH 2.9.0 and later +# Compression : OpenSSH 3.3.0 and later +# DenyGroups : OpenSSH 1.2.1 and later +# DenyUsers : OpenSSH 1.2.1 and later +# ForceCommand : OpenSSH 4.4.0 and later [3] +# GatewayPorts : OpenSSH 2.1.0 and later +# GSSAPIAuthentication : OpenSSH 3.7.0 and later [1] +# GSSAPICleanupCredentials : OpenSSH 3.8.0 and later [1] +# HostbasedAuthentication : OpenSSH 2.9.0 and later +# HostbasedUsesNameFromPacketOnly : OpenSSH 2.9.0 and later +# HostKey : OpenSSH 1.2.1 and later +# IgnoreRhosts : OpenSSH 1.2.1 and later +# IgnoreUserKnownHosts : OpenSSH 1.2.1 and later +# KeepAlive : OpenSSH 1.2.1 and later +# KerberosAuthentication : OpenSSH 1.2.1 and later [1] +# KerberosGetAFSToken : OpenSSH 3.8.0 and later [1] +# KerberosOrLocalPasswd : OpenSSH 1.2.1 and later [1] +# KerberosTgtPassing : OpenSSH 1.2.1 and later [1] +# KerberosTicketCleanup : OpenSSH 1.2.1 and later [1] +# KeyRegenerationInterval : OpenSSH 1.2.1 and later +# ListenAddress : OpenSSH 1.2.1 and later +# LoginGraceTime : OpenSSH 1.2.1 and later +# LogLevel : OpenSSH 1.2.1 and later +# MACs : OpenSSH 2.5.0 and later [3] +# Match : OpenSSH 4.4.0 and later [3] +# MaxAuthTries : OpenSSH 3.9.0 and later +# MaxStartups : OpenSSH 2.2.0 and later +# PasswordAuthentication : OpenSSH 1.2.1 and later +# PermitEmptyPasswords : OpenSSH 1.2.1 and later +# PermitOpen : OpenSSH 4.4.0 and later [3] +# PermitRootLogin : OpenSSH 1.2.1 and later +# PermitTunnel : OpenSSH 4.3.0 and later +# PermitUserEnvironment : OpenSSH 3.5.0 and later +# PidFile : OpenSSH 2.1.0 and later +# Port : OpenSSH 1.2.1 and later +# PrintLastLog : OpenSSH 2.9.0 and later +# PrintMotd : OpenSSH 1.2.1 and later +# Protocol : OpenSSH 2.1.0 and later +# PubkeyAuthentication : OpenSSH 2.5.0 and later +# RhostsRSAAuthentication : OpenSSH 1.2.1 and later +# RSAAuthentication : OpenSSH 1.2.1 and later +# ServerKeyBits : OpenSSH 1.2.1 and later +# SkeyAuthentication : OpenSSH 1.2.1 and later [1] +# StrictModes : OpenSSH 1.2.1 and later +# Subsystem : OpenSSH 2.2.0 and later +# SyslogFacility : OpenSSH 1.2.1 and later +# TCPKeepAlive : OpenSSH 3.8.0 and later +# UseDNS : OpenSSH 3.7.0 and later +# UseLogin : OpenSSH 1.2.1 and later +# UsePAM : OpenSSH 3.7.0 and later [1][2] +# UsePrivilegeSeparation : OpenSSH 3.2.2 and later +# X11DisplayOffset : OpenSSH 1.2.1 and later [3] +# X11Forwarding : OpenSSH 1.2.1 and later +# X11UseLocalhost : OpenSSH 3.1.0 and later +# XAuthLocation : OpenSSH 2.1.1 and later [3] +# +# [1] Option only available if activated at compile time +# [2] Option specific for portable versions +# [3] Option not used in our ssh server config file + + +#*************************************************************************** +# Initialize sshd config with options actually supported in OpenSSH 2.9.9 +# +logmsg 'generating ssh server config file...' if($verbose); +@cfgarr = (); +push @cfgarr, '# This is a generated file. Do not edit.'; +push @cfgarr, "# $sshdverstr sshd configuration file for curl testing"; +push @cfgarr, '#'; +push @cfgarr, "DenyUsers !$username"; +push @cfgarr, "AllowUsers $username"; +push @cfgarr, 'DenyGroups'; +push @cfgarr, 'AllowGroups'; +push @cfgarr, '#'; +push @cfgarr, "AuthorizedKeysFile $path/$clipubkeyf"; +push @cfgarr, "HostKey $path/$hstprvkeyf"; +push @cfgarr, "PidFile $path/.ssh.pid"; +push @cfgarr, '#'; +push @cfgarr, "Port $port"; +push @cfgarr, "ListenAddress $listenaddr"; +push @cfgarr, 'Protocol 2'; +push @cfgarr, '#'; +push @cfgarr, 'AllowTcpForwarding yes'; +push @cfgarr, 'Banner none'; +push @cfgarr, 'ChallengeResponseAuthentication no'; +push @cfgarr, 'ClientAliveCountMax 3'; +push @cfgarr, 'ClientAliveInterval 0'; +push @cfgarr, 'GatewayPorts no'; +push @cfgarr, 'HostbasedAuthentication no'; +push @cfgarr, 'HostbasedUsesNameFromPacketOnly no'; +push @cfgarr, 'IgnoreRhosts yes'; +push @cfgarr, 'IgnoreUserKnownHosts yes'; +push @cfgarr, 'KeyRegenerationInterval 0'; +push @cfgarr, 'LoginGraceTime 30'; +push @cfgarr, "LogLevel $loglevel"; +push @cfgarr, 'MaxStartups 5'; +push @cfgarr, 'PasswordAuthentication no'; +push @cfgarr, 'PermitEmptyPasswords no'; +push @cfgarr, 'PermitRootLogin no'; +push @cfgarr, 'PrintLastLog no'; +push @cfgarr, 'PrintMotd no'; +push @cfgarr, 'PubkeyAuthentication yes'; +push @cfgarr, 'RhostsRSAAuthentication no'; +push @cfgarr, 'RSAAuthentication no'; +push @cfgarr, 'ServerKeyBits 768'; +push @cfgarr, 'StrictModes no'; +push @cfgarr, "Subsystem sftp $sftp"; +push @cfgarr, 'SyslogFacility AUTH'; +push @cfgarr, 'UseLogin no'; +push @cfgarr, 'X11Forwarding no'; +push @cfgarr, '#'; + + +#*************************************************************************** +# Write out initial sshd configuration file for curl's tests +# +$error = dump_array($sshdconfig, @cfgarr); +if($error) { + logmsg $error; + exit 1; } -elsif(($ssh_daemon =~ /OpenSSH/) && ($ssh_version < 36)) { - if($verbose) { - print "sshd found is $ssh_daemon $ssh_ver_major.$ssh_ver_minor\n"; + + +#*************************************************************************** +# Verifies at run time if sshd supports a given configuration file option +# +sub sshd_supports_opt { + my ($option, $value) = @_; + my $err; + # + if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) || + ($sshdid =~ /SunSSH/)) { + # ssh daemon supports command line options -t -f and -o + $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/, + qx($sshd -t -f $sshdconfig -o $option=$value 2>&1); + return !$err; } - $sshd_ver_ok = 0; -} -elsif(($ssh_daemon =~ /SunSSH/) && ($ssh_version < 11)) { - if($verbose) { - print "sshd found is $ssh_daemon $ssh_ver_major.$ssh_ver_minor\n"; + if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) { + # ssh daemon supports command line options -t and -f + $err = dump_array($sshdconfig, (@cfgarr, "$option $value")); + if($err) { + logmsg $err; + return 0; + } + $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/, + qx($sshd -t -f $sshdconfig 2>&1); + unlink $sshdconfig; + return !$err; } - $sshd_ver_ok = 0; + return 0; +} + + +#*************************************************************************** +# Kerberos Authentication support may have not been built into sshd +# +if(sshd_supports_opt('KerberosAuthentication','no')) { + push @cfgarr, 'KerberosAuthentication no'; +} +if(sshd_supports_opt('KerberosGetAFSToken','no')) { + push @cfgarr, 'KerberosGetAFSToken no'; +} +if(sshd_supports_opt('KerberosOrLocalPasswd','no')) { + push @cfgarr, 'KerberosOrLocalPasswd no'; +} +if(sshd_supports_opt('KerberosTgtPassing','no')) { + push @cfgarr, 'KerberosTgtPassing no'; +} +if(sshd_supports_opt('KerberosTicketCleanup','yes')) { + push @cfgarr, 'KerberosTicketCleanup yes'; +} + + +#*************************************************************************** +# Andrew File System support may have not been built into sshd +# +if(sshd_supports_opt('AFSTokenPassing','no')) { + push @cfgarr, 'AFSTokenPassing no'; +} + + +#*************************************************************************** +# S/Key authentication support may have not been built into sshd +# +if(sshd_supports_opt('SkeyAuthentication','no')) { + push @cfgarr, 'SkeyAuthentication no'; +} + + +#*************************************************************************** +# GSSAPI Authentication support may have not been built into sshd +# +if(sshd_supports_opt('GSSAPIAuthentication','no')) { + push @cfgarr, 'GSSAPIAuthentication no'; +} +if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) { + push @cfgarr, 'GSSAPICleanupCredentials yes'; +} +push @cfgarr, '#'; + + +#*************************************************************************** +# Options that might be supported or not in sshd OpenSSH 2.9.9 and later +# +if(sshd_supports_opt('AcceptEnv','')) { + push @cfgarr, 'AcceptEnv'; +} +if(sshd_supports_opt('AddressFamily','any')) { + # Address family must be specified before ListenAddress + splice @cfgarr, 13, 0, 'AddressFamily any'; +} +if(sshd_supports_opt('Compression','no')) { + push @cfgarr, 'Compression no'; +} +if(sshd_supports_opt('KeepAlive','no')) { + push @cfgarr, 'KeepAlive no'; +} +if(sshd_supports_opt('MaxAuthTries','0')) { + push @cfgarr, 'MaxAuthTries 0'; +} +if(sshd_supports_opt('PermitTunnel','no')) { + push @cfgarr, 'PermitTunnel no'; +} +if(sshd_supports_opt('PermitUserEnvironment','no')) { + push @cfgarr, 'PermitUserEnvironment no'; +} +if(sshd_supports_opt('TCPKeepAlive','no')) { + push @cfgarr, 'TCPKeepAlive no'; +} +if(sshd_supports_opt('UseDNS','no')) { + push @cfgarr, 'UseDNS no'; +} +if(sshd_supports_opt('UsePAM','no')) { + push @cfgarr, 'UsePAM no'; +} +if(sshd_supports_opt('UsePrivilegeSeparation','no')) { + push @cfgarr, 'UsePrivilegeSeparation no'; +} +if(sshd_supports_opt('X11UseLocalhost','yes')) { + push @cfgarr, 'X11UseLocalhost yes'; } -if(!$sshd_ver_ok) { - print "SCP, SFTP and SOCKS tests require OpenSSH 3.7 or later\n"; +push @cfgarr, '#'; + + +#*************************************************************************** +# Write out resulting sshd configuration file for curl's tests +# +$error = dump_array($sshdconfig, @cfgarr); +if($error) { + logmsg $error; exit 1; } -# Initialize sshd configuration file for curl's tests. -open(CONF, ">$conffile") || die "Could not write $conffile"; -print CONF "# This is a generated file! Do not edit!\n"; -print CONF "# $ssh_daemon $ssh_ver_major.$ssh_ver_minor sshd configuration file for curl testing\n"; -close CONF; -# Support for some options might have not been built into sshd. On some -# platforms specifying an unsupported option prevents sshd from starting. -# Check here for possible unsupported options, avoiding its use in sshd. -sub sshd_supports_opt($) { - my ($option) = @_; - my $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/, - qx($sshd -t -f $conffile -o $option=no 2>&1); - return !$err; +#*************************************************************************** +# Verify that sshd actually supports our generated configuration file +# +if(system "$sshd -t -f $sshdconfig > $sshdlog 2>&1") { + logmsg "sshd configuration file $sshdconfig failed verification"; + display_sshdlog(); + display_sshdconfig(); + exit 1; } -my $supports_UsePAM = sshd_supports_opt('UsePAM'); -my $supports_UseDNS = sshd_supports_opt('UseDNS'); -my $supports_ChReAu = sshd_supports_opt('ChallengeResponseAuthentication'); -if (! -e "curl_client_key.pub") { - if ($verbose) { - print "Generating host and client keys...\n"; +#*************************************************************************** +# Generate ssh client host key database file for curl's tests +# +if(! -e $knownhosts) { + logmsg 'generating ssh client known hosts file...' if($verbose); + if(open(DSAKEYFILE, "<$hstpubkeyf")) { + my @dsahostkey = do { local $/ = ' '; }; + if(close(DSAKEYFILE)) { + if(open(KNOWNHOSTS, ">$knownhosts")) { + print KNOWNHOSTS "$listenaddr ssh-dss $dsahostkey[1]\n"; + if(!close(KNOWNHOSTS)) { + $error = "Error: cannot close file $knownhosts"; + } + } + else { + $error = "Error: cannot write file $knownhosts"; + } + } + else { + $error = "Error: cannot close file $hstpubkeyf"; + } } - # Make sure all files are gone so ssh-keygen doesn't complain - unlink("curl_host_dsa_key", "curl_client_key","curl_host_dsa_key.pub", "curl_client_key.pub"); - system "ssh-keygen -q -t dsa -f curl_host_dsa_key -C 'curl test server' -N ''" and die "Could not generate host key"; - system "ssh-keygen -q -t dsa -f curl_client_key -C 'curl test client' -N ''" and die "Could not generate client key"; -} - -open(FILE, ">>$conffile") || die "Could not write $conffile"; -print FILE < }; -close DSAKEYFILE || die "Could not close DSAKEYFILE"; - -open(KNOWNHOSTS, ">$knownhostsfile") || die "Could not write $knownhostsfile"; -print KNOWNHOSTS "[$listenaddr]:$port ssh-dss $dsahostkey[1]\n" || die 'Could not write to KNOWNHOSTS'; -close KNOWNHOSTS || die "Could not close KNOWNHOSTS"; - -open(SSHFILE, ">$conffile_ssh") || die "Could not write $conffile_ssh"; -print SSHFILE <= 37)) { - set_ssh_option('ConnectTimeout 20'); # Supported in OpenSSH 3.7 and later -} - - -# Verify that sshd supports our configuration file -if (system "$sshd -t -f $conffile > log/sshd.log 2>&1") { - print "sshd configuration file failed verification\n"; - displayfile("log/sshd.log"); - displayfile("$conffile"); - unlink "log/sshd.log"; - unlink $conffile; + else { + $error = "Error: cannot read file $hstpubkeyf"; + } + if($error) { + logmsg $error; + exit 1; + } +} + +#*************************************************************************** +# ssh client configuration file options we might use and version support +# +# AddressFamily : OpenSSH 3.7.0 and later +# BatchMode : OpenSSH 1.2.1 and later +# BindAddress : OpenSSH 2.9.9 and later +# ChallengeResponseAuthentication : OpenSSH 2.5.0 and later +# CheckHostIP : OpenSSH 1.2.1 and later +# Cipher : OpenSSH 1.2.1 and later [3] +# Ciphers : OpenSSH 2.1.0 and later [3] +# ClearAllForwardings : OpenSSH 2.9.9 and later +# Compression : OpenSSH 1.2.1 and later +# CompressionLevel : OpenSSH 1.2.1 and later [3] +# ConnectionAttempts : OpenSSH 1.2.1 and later +# ConnectTimeout : OpenSSH 3.7.0 and later +# ControlMaster : OpenSSH 3.9.0 and later +# ControlPath : OpenSSH 3.9.0 and later +# DynamicForward : OpenSSH 2.9.0 and later +# EnableSSHKeysign : OpenSSH 3.6.0 and later +# EscapeChar : OpenSSH 1.2.1 and later [3] +# ExitOnForwardFailure : OpenSSH 4.4.0 and later +# ForwardAgent : OpenSSH 1.2.1 and later +# ForwardX11 : OpenSSH 1.2.1 and later +# ForwardX11Trusted : OpenSSH 3.8.0 and later +# GatewayPorts : OpenSSH 1.2.1 and later +# GlobalKnownHostsFile : OpenSSH 1.2.1 and later +# GSSAPIAuthentication : OpenSSH 3.7.0 and later [1][3] +# GSSAPIDelegateCredentials : OpenSSH 3.7.0 and later [1][3] +# HashKnownHosts : OpenSSH 4.0.0 and later +# Host : OpenSSH 1.2.1 and later +# HostbasedAuthentication : OpenSSH 2.9.0 and later +# HostKeyAlgorithms : OpenSSH 2.9.0 and later [3] +# HostKeyAlias : OpenSSH 2.5.0 and later [3] +# HostName : OpenSSH 1.2.1 and later +# IdentitiesOnly : OpenSSH 3.9.0 and later +# IdentityFile : OpenSSH 1.2.1 and later +# KeepAlive : OpenSSH 1.2.1 and later +# KbdInteractiveAuthentication : OpenSSH 2.3.0 and later +# KbdInteractiveDevices : OpenSSH 2.3.0 and later [3] +# LocalCommand : OpenSSH 4.3.0 and later +# LocalForward : OpenSSH 1.2.1 and later [3] +# LogLevel : OpenSSH 1.2.1 and later +# MACs : OpenSSH 2.5.0 and later [3] +# NoHostAuthenticationForLocalhost : OpenSSH 3.0.0 and later +# NumberOfPasswordPrompts : OpenSSH 1.2.1 and later +# PasswordAuthentication : OpenSSH 1.2.1 and later +# PermitLocalCommand : OpenSSH 4.3.0 and later +# Port : OpenSSH 1.2.1 and later +# PreferredAuthentications : OpenSSH 2.5.2 and later +# Protocol : OpenSSH 2.1.0 and later +# ProxyCommand : OpenSSH 1.2.1 and later [3] +# PubkeyAuthentication : OpenSSH 2.5.0 and later +# RekeyLimit : OpenSSH 3.7.0 and later +# RemoteForward : OpenSSH 1.2.1 and later [3] +# RhostsRSAAuthentication : OpenSSH 1.2.1 and later +# RSAAuthentication : OpenSSH 1.2.1 and later +# SendEnv : OpenSSH 3.9.0 and later +# ServerAliveCountMax : OpenSSH 3.8.0 and later +# ServerAliveInterval : OpenSSH 3.8.0 and later +# SmartcardDevice : OpenSSH 2.9.9 and later [1][3] +# StrictHostKeyChecking : OpenSSH 1.2.1 and later +# TCPKeepAlive : OpenSSH 3.8.0 and later +# Tunnel : OpenSSH 4.3.0 and later +# TunnelDevice : OpenSSH 4.3.0 and later [3] +# UsePAM : OpenSSH 3.7.0 and later [1][2][3] +# UsePrivilegedPort : OpenSSH 1.2.1 and later +# User : OpenSSH 1.2.1 and later +# UserKnownHostsFile : OpenSSH 1.2.1 and later +# VerifyHostKeyDNS : OpenSSH 3.8.0 and later +# XAuthLocation : OpenSSH 2.1.1 and later [3] +# +# [1] Option only available if activated at compile time +# [2] Option specific for portable versions +# [3] Option not used in our ssh client config file + + +#*************************************************************************** +# Initialize ssh config with options actually supported in OpenSSH 2.9.9 +# +logmsg 'generating ssh client config file...' if($verbose); +@cfgarr = (); +push @cfgarr, '# This is a generated file. Do not edit.'; +push @cfgarr, "# $sshverstr ssh client configuration file for curl testing"; +push @cfgarr, '#'; +push @cfgarr, 'Host *'; +push @cfgarr, '#'; +push @cfgarr, "Port $port"; +push @cfgarr, "HostName $listenaddr"; +push @cfgarr, "User $username"; +push @cfgarr, 'Protocol 2'; +push @cfgarr, '#'; +push @cfgarr, "BindAddress $listenaddr"; +push @cfgarr, "DynamicForward $socksport"; +push @cfgarr, '#'; +push @cfgarr, "IdentityFile $path/curl_client_key"; +push @cfgarr, "UserKnownHostsFile $path/$knownhosts"; +push @cfgarr, '#'; +push @cfgarr, 'BatchMode yes'; +push @cfgarr, 'ChallengeResponseAuthentication no'; +push @cfgarr, 'CheckHostIP no'; +push @cfgarr, 'ClearAllForwardings no'; +push @cfgarr, 'Compression no'; +push @cfgarr, 'ConnectionAttempts 3'; +push @cfgarr, 'ForwardAgent no'; +push @cfgarr, 'ForwardX11 no'; +push @cfgarr, 'GatewayPorts no'; +push @cfgarr, 'GlobalKnownHostsFile /dev/null'; +push @cfgarr, 'HostbasedAuthentication no'; +push @cfgarr, 'KbdInteractiveAuthentication no'; +push @cfgarr, "LogLevel $loglevel"; +push @cfgarr, 'NumberOfPasswordPrompts 0'; +push @cfgarr, 'PasswordAuthentication no'; +push @cfgarr, 'PreferredAuthentications publickey'; +push @cfgarr, 'PubkeyAuthentication yes'; +push @cfgarr, 'RhostsRSAAuthentication no'; +push @cfgarr, 'RSAAuthentication no'; +push @cfgarr, 'StrictHostKeyChecking yes'; +push @cfgarr, 'UsePrivilegedPort no'; +push @cfgarr, '#'; + + +#*************************************************************************** +# Options supported in ssh client newer than OpenSSH 2.9.9 +# + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) { + push @cfgarr, 'AddressFamily any'; +} + +if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) || + ($sshid =~ /SunSSH/)) { + push @cfgarr, 'ConnectTimeout 30'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { + push @cfgarr, 'ControlMaster no'; + push @cfgarr, 'ControlPath none'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) { + push @cfgarr, 'EnableSSHKeysign no'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) { + push @cfgarr, 'ExitOnForwardFailure yes'; +} + +if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) || + ($sshid =~ /SunSSH/)) { + push @cfgarr, 'ForwardX11Trusted no'; +} + +if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) || + ($sshid =~ /SunSSH/)) { + push @cfgarr, 'HashKnownHosts no'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { + push @cfgarr, 'IdentitiesOnly yes'; +} + +if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) || + ($sshid =~ /SunSSH/)) { + push @cfgarr, 'KeepAlive no'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) { + push @cfgarr, 'LocalCommand'; +} + +if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) || + ($sshid =~ /SunSSH/)) { + push @cfgarr, 'NoHostAuthenticationForLocalhost no'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) { + push @cfgarr, 'PermitLocalCommand no'; +} + +if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) || + ($sshid =~ /SunSSH/)) { + push @cfgarr, 'RekeyLimit 1G'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { + push @cfgarr, 'SendEnv'; +} + +if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) || + ($sshid =~ /SunSSH/)) { + push @cfgarr, 'ServerAliveCountMax 3'; + push @cfgarr, 'ServerAliveInterval 0'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) { + push @cfgarr, 'TCPKeepAlive no'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) { + push @cfgarr, 'Tunnel no'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) { + push @cfgarr, 'VerifyHostKeyDNS no'; +} + +push @cfgarr, '#'; + + +#*************************************************************************** +# Write out resulting ssh client configuration file for curl's tests +# +$error = dump_array($sshconfig, @cfgarr); +if($error) { + logmsg $error; exit 1; } +@cfgarr = (); + -# Start the server -my $rc = system "$sshd -e -D -f $conffile > log/sshd.log 2>&1"; +#*************************************************************************** +# Start the ssh server daemon without forking it +# +my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1"; if($rc == -1) { - print "$sshd failed with: $!\n"; - $showfiles=1; + logmsg "$sshd failed with: $!"; } elsif($rc & 127) { - printf("$sshd died with signal %d, and %s coredump.\n", - ($rc & 127), ($rc & 128)?"a":"no"); - $showfiles=1; + logmsg sprintf("$sshd died with signal %d, and %s coredump", + ($rc & 127), ($rc & 128)?'a':'no'); } elsif($verbose && ($rc >> 8)) { - printf("$sshd exited with %d \n", $rc >> 8); + logmsg sprintf("$sshd exited with %d", $rc >> 8); } -if($showfiles) { - displayfile("log/sshd.log"); - displayfile("$conffile"); -} -unlink "log/sshd.log"; -unlink $conffile; +#*************************************************************************** +# Clean up once the server has stopped +# +unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts); +unlink($sshdconfig, $sshconfig); + -exit $rc >> 8; +exit 0; -- cgit v1.2.1 From f5da1e5484d2f634698df46f2c356a448f067fff Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 4 Jan 2008 03:04:30 +0000 Subject: 'LocalCommand' no longer used for ssh client config file. When used it requires a non blank argument. --- tests/sshserver.pl | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 2d95ea3ee..bec1d9f74 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -649,7 +649,7 @@ if(! -e $knownhosts) { # KeepAlive : OpenSSH 1.2.1 and later # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later # KbdInteractiveDevices : OpenSSH 2.3.0 and later [3] -# LocalCommand : OpenSSH 4.3.0 and later +# LocalCommand : OpenSSH 4.3.0 and later [3] # LocalForward : OpenSSH 1.2.1 and later [3] # LogLevel : OpenSSH 1.2.1 and later # MACs : OpenSSH 2.5.0 and later [3] @@ -776,10 +776,6 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) || push @cfgarr, 'KeepAlive no'; } -if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) { - push @cfgarr, 'LocalCommand'; -} - if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) || ($sshid =~ /SunSSH/)) { push @cfgarr, 'NoHostAuthenticationForLocalhost no'; -- cgit v1.2.1 From c479c643332b08eedcf9b7caa98b25e7f542d9c8 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 4 Jan 2008 13:24:17 +0000 Subject: SunSSH 1.1 ssh client does not support config file options: ConnectTimeout ForwardX11Trusted HashKnownHosts RekeyLimit ServerAliveCountMax ServerAliveInterval --- tests/sshserver.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index bec1d9f74..dac46a9f4 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -740,7 +740,7 @@ if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) { } if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) || - ($sshid =~ /SunSSH/)) { + (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { push @cfgarr, 'ConnectTimeout 30'; } @@ -758,12 +758,12 @@ if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) { } if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) || - ($sshid =~ /SunSSH/)) { + (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { push @cfgarr, 'ForwardX11Trusted no'; } if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) || - ($sshid =~ /SunSSH/)) { + (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { push @cfgarr, 'HashKnownHosts no'; } @@ -786,7 +786,7 @@ if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) { } if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) || - ($sshid =~ /SunSSH/)) { + (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { push @cfgarr, 'RekeyLimit 1G'; } @@ -795,7 +795,7 @@ if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { } if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) || - ($sshid =~ /SunSSH/)) { + (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { push @cfgarr, 'ServerAliveCountMax 3'; push @cfgarr, 'ServerAliveInterval 0'; } -- cgit v1.2.1 From 61a2d5ea75706520ccafd48aa7d4c6d35f92204e Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 4 Jan 2008 14:12:10 +0000 Subject: 'ControlPath' ssh client configuration file option requires OpenSSH 4.2 or later to accept 'none' as an indication to disable connection multiplexing --- tests/sshserver.pl | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index dac46a9f4..f651e0714 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -746,6 +746,9 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) || if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { push @cfgarr, 'ControlMaster no'; +} + +if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) { push @cfgarr, 'ControlPath none'; } -- cgit v1.2.1 From 9c6533d28720b38e52827ccd6d2f831553e73442 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sun, 6 Jan 2008 02:02:55 +0000 Subject: Increase MaxAuthTries from 0 to 10. Using a value of 0 is too restrictive --- tests/sshserver.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index f651e0714..22b83c945 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -531,8 +531,8 @@ if(sshd_supports_opt('Compression','no')) { if(sshd_supports_opt('KeepAlive','no')) { push @cfgarr, 'KeepAlive no'; } -if(sshd_supports_opt('MaxAuthTries','0')) { - push @cfgarr, 'MaxAuthTries 0'; +if(sshd_supports_opt('MaxAuthTries','10')) { + push @cfgarr, 'MaxAuthTries 10'; } if(sshd_supports_opt('PermitTunnel','no')) { push @cfgarr, 'PermitTunnel no'; -- cgit v1.2.1 From 34d02d1969c9cd0902e21e4d794030799d1c332f Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 8 Jan 2008 00:40:02 +0000 Subject: Increase loglevel to debug autobuild's publickey authentication failures when using OpenSSH 2.9.9 or SunSSH --- tests/sshserver.pl | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 22b83c945..af618529d 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -375,6 +375,16 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # [3] Option not used in our ssh server config file +#*************************************************************************** +# Increased loglevel to debug autobuild's publickey authentication +# failures when using OpenSSH 2.9.9 or SunSSH +# +if((($sshdid =~ /OpenSSH/) && ($sshvernum == 299)) || + ($sshdid =~ /SunSSH/)) { + $loglevel = 'DEBUG3'; +} + + #*************************************************************************** # Initialize sshd config with options actually supported in OpenSSH 2.9.9 # -- cgit v1.2.1 From 1c0a19ad53febccc915d58c4c03b7aee9d952bdd Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 8 Jan 2008 19:18:25 +0000 Subject: Remove increased loglevel intended to debug autobuild's publickey authentication failures when using OpenSSH 2.9.9 or SunSSH. Verified fact: Even when only using publickey authentication, OpenSSH and SunSSH first validate the user, this implies that if the user validation fails, 'invalid user', the publickey authentication will not be allowed to complete. --- tests/sshserver.pl | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index af618529d..043b8a931 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -68,6 +68,7 @@ use sshhelp qw( sshversioninfo ); + #*************************************************************************** my $verbose = 1; # set to 1 for debugging @@ -375,16 +376,6 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # [3] Option not used in our ssh server config file -#*************************************************************************** -# Increased loglevel to debug autobuild's publickey authentication -# failures when using OpenSSH 2.9.9 or SunSSH -# -if((($sshdid =~ /OpenSSH/) && ($sshvernum == 299)) || - ($sshdid =~ /SunSSH/)) { - $loglevel = 'DEBUG3'; -} - - #*************************************************************************** # Initialize sshd config with options actually supported in OpenSSH 2.9.9 # @@ -620,6 +611,7 @@ if(! -e $knownhosts) { } } + #*************************************************************************** # ssh client configuration file options we might use and version support # -- cgit v1.2.1 From 14ff7e75e09d5a9388f219c684ccb9edea467044 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Thu, 10 Jan 2008 16:19:14 +0000 Subject: Temporary change to help debugging SSH server verification failures --- tests/sshserver.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 043b8a931..8ac738004 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -830,7 +830,7 @@ if($error) { } @cfgarr = (); - +logmsg "TRACESSH:sshserver.pl: sshd will use pidfile $path/.ssh.pid"; #*************************************************************************** # Start the ssh server daemon without forking it # -- cgit v1.2.1 From 50045296854e9ce1d60e4925e433d29a0d36f049 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 12 Jan 2008 04:32:03 +0000 Subject: Remove hardcoded verbosity --- tests/sshserver.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 8ac738004..88f3727fc 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -71,7 +71,7 @@ use sshhelp qw( #*************************************************************************** -my $verbose = 1; # set to 1 for debugging +my $verbose = 0; # set to 1 for debugging my $debugprotocol = 0; # set to 1 for protocol debugging my $port = 8999; # our default SCP/SFTP server port my $socksport = $port + 1; # our default SOCKS4/5 server port @@ -121,7 +121,7 @@ while(@ARGV) { #*************************************************************************** # Logging level for ssh server and client # -my $loglevel = $debugprotocol?'DEBUG2':'INFO'; +my $loglevel = $debugprotocol?'DEBUG3':'DEBUG2'; #*************************************************************************** @@ -830,7 +830,7 @@ if($error) { } @cfgarr = (); -logmsg "TRACESSH:sshserver.pl: sshd will use pidfile $path/.ssh.pid"; + #*************************************************************************** # Start the ssh server daemon without forking it # -- cgit v1.2.1 From e9490fdbd9b8c13fd924dcc46d04dbb72cc4f6ad Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sun, 20 Jan 2008 04:05:25 +0000 Subject: Also disable GSSAPIAuthentication for the test harness ssh client --- tests/sshserver.pl | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 88f3727fc..5f001fef4 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -507,8 +507,10 @@ if(sshd_supports_opt('SkeyAuthentication','no')) { #*************************************************************************** # GSSAPI Authentication support may have not been built into sshd # +my $sshd_builtwith_GSSAPI; if(sshd_supports_opt('GSSAPIAuthentication','no')) { push @cfgarr, 'GSSAPIAuthentication no'; + $sshd_builtwith_GSSAPI = 1; } if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) { push @cfgarr, 'GSSAPICleanupCredentials yes'; @@ -638,8 +640,8 @@ if(! -e $knownhosts) { # ForwardX11Trusted : OpenSSH 3.8.0 and later # GatewayPorts : OpenSSH 1.2.1 and later # GlobalKnownHostsFile : OpenSSH 1.2.1 and later -# GSSAPIAuthentication : OpenSSH 3.7.0 and later [1][3] -# GSSAPIDelegateCredentials : OpenSSH 3.7.0 and later [1][3] +# GSSAPIAuthentication : OpenSSH 3.7.0 and later [1] +# GSSAPIDelegateCredentials : OpenSSH 3.7.0 and later [1] # HashKnownHosts : OpenSSH 4.0.0 and later # Host : OpenSSH 1.2.1 and later # HostbasedAuthentication : OpenSSH 2.9.0 and later @@ -767,6 +769,15 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) || push @cfgarr, 'ForwardX11Trusted no'; } +if(($sshd_builtwith_GSSAPI) && ($sshdid eq $sshid) && + ($sshdvernum == $sshvernum)) { + push @cfgarr, 'GSSAPIAuthentication no'; + push @cfgarr, 'GSSAPIDelegateCredentials no'; + if($sshid =~ /SunSSH/) { + push @cfgarr, 'GSSAPIKeyExchange no'; + } +} + if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) || (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { push @cfgarr, 'HashKnownHosts no'; -- cgit v1.2.1 From 8fca5c2e6908c6dee497d4fe25b8aa66ef0ecdf8 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sun, 27 Jan 2008 02:35:20 +0000 Subject: Dont rely on PAMAuthenticationViaKbdInt default being 'no' --- tests/sshserver.pl | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 5f001fef4..b141cb424 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -342,6 +342,7 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # Match : OpenSSH 4.4.0 and later [3] # MaxAuthTries : OpenSSH 3.9.0 and later # MaxStartups : OpenSSH 2.2.0 and later +# PAMAuthenticationViaKbdInt # PasswordAuthentication : OpenSSH 1.2.1 and later # PermitEmptyPasswords : OpenSSH 1.2.1 and later # PermitOpen : OpenSSH 4.4.0 and later [3] @@ -537,6 +538,9 @@ if(sshd_supports_opt('KeepAlive','no')) { if(sshd_supports_opt('MaxAuthTries','10')) { push @cfgarr, 'MaxAuthTries 10'; } +if(sshd_supports_opt('PAMAuthenticationViaKbdInt','no')) { + push @cfgarr, 'PAMAuthenticationViaKbdInt no'; +} if(sshd_supports_opt('PermitTunnel','no')) { push @cfgarr, 'PermitTunnel no'; } -- cgit v1.2.1 From 03bbf4de482853e70e0abe04ccf18ea4fb0e79c6 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Thu, 31 Jan 2008 16:37:16 +0000 Subject: When possible, use additional config options for test harness ssh server, which are deprecated in recent OpenSSH versions but are current for SunSSH. --- tests/sshserver.pl | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index b141cb424..e94125343 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -311,6 +311,7 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # AllowTcpForwarding : OpenSSH 2.3.0 and later # AllowUsers : OpenSSH 1.2.1 and later # AuthorizedKeysFile : OpenSSH 2.9.9 and later +# AuthorizedKeysFile2 : OpenSSH 2.9.9 and later # Banner : OpenSSH 2.5.0 and later # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later # Ciphers : OpenSSH 2.1.0 and later [3] @@ -328,6 +329,7 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # HostKey : OpenSSH 1.2.1 and later # IgnoreRhosts : OpenSSH 1.2.1 and later # IgnoreUserKnownHosts : OpenSSH 1.2.1 and later +# KbdInteractiveAuthentication : OpenSSH 2.3.0 and later # KeepAlive : OpenSSH 1.2.1 and later # KerberosAuthentication : OpenSSH 1.2.1 and later [1] # KerberosGetAFSToken : OpenSSH 3.8.0 and later [1] @@ -338,11 +340,12 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # ListenAddress : OpenSSH 1.2.1 and later # LoginGraceTime : OpenSSH 1.2.1 and later # LogLevel : OpenSSH 1.2.1 and later +# LookupClientHostnames : SunSSH 1.0.0 and later # MACs : OpenSSH 2.5.0 and later [3] # Match : OpenSSH 4.4.0 and later [3] # MaxAuthTries : OpenSSH 3.9.0 and later # MaxStartups : OpenSSH 2.2.0 and later -# PAMAuthenticationViaKbdInt +# PAMAuthenticationViaKbdInt : OpenSSH 2.9.0 and later [2] # PasswordAuthentication : OpenSSH 1.2.1 and later # PermitEmptyPasswords : OpenSSH 1.2.1 and later # PermitOpen : OpenSSH 4.4.0 and later [3] @@ -355,6 +358,7 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # PrintMotd : OpenSSH 1.2.1 and later # Protocol : OpenSSH 2.1.0 and later # PubkeyAuthentication : OpenSSH 2.5.0 and later +# RhostsAuthentication : OpenSSH 1.2.1 and later # RhostsRSAAuthentication : OpenSSH 1.2.1 and later # RSAAuthentication : OpenSSH 1.2.1 and later # ServerKeyBits : OpenSSH 1.2.1 and later @@ -367,6 +371,7 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # UseLogin : OpenSSH 1.2.1 and later # UsePAM : OpenSSH 3.7.0 and later [1][2] # UsePrivilegeSeparation : OpenSSH 3.2.2 and later +# VerifyReverseMapping : OpenSSH 3.1.0 and later # X11DisplayOffset : OpenSSH 1.2.1 and later [3] # X11Forwarding : OpenSSH 1.2.1 and later # X11UseLocalhost : OpenSSH 3.1.0 and later @@ -391,6 +396,7 @@ push @cfgarr, 'DenyGroups'; push @cfgarr, 'AllowGroups'; push @cfgarr, '#'; push @cfgarr, "AuthorizedKeysFile $path/$clipubkeyf"; +push @cfgarr, "AuthorizedKeysFile2 $path/$clipubkeyf"; push @cfgarr, "HostKey $path/$hstprvkeyf"; push @cfgarr, "PidFile $path/.ssh.pid"; push @cfgarr, '#'; @@ -527,14 +533,20 @@ if(sshd_supports_opt('AcceptEnv','')) { } if(sshd_supports_opt('AddressFamily','any')) { # Address family must be specified before ListenAddress - splice @cfgarr, 13, 0, 'AddressFamily any'; + splice @cfgarr, 14, 0, 'AddressFamily any'; } if(sshd_supports_opt('Compression','no')) { push @cfgarr, 'Compression no'; } +if(sshd_supports_opt('KbdInteractiveAuthentication','no')) { + push @cfgarr, 'KbdInteractiveAuthentication no'; +} if(sshd_supports_opt('KeepAlive','no')) { push @cfgarr, 'KeepAlive no'; } +if(sshd_supports_opt('LookupClientHostnames','no')) { + push @cfgarr, 'LookupClientHostnames no'; +} if(sshd_supports_opt('MaxAuthTries','10')) { push @cfgarr, 'MaxAuthTries 10'; } @@ -547,6 +559,9 @@ if(sshd_supports_opt('PermitTunnel','no')) { if(sshd_supports_opt('PermitUserEnvironment','no')) { push @cfgarr, 'PermitUserEnvironment no'; } +if(sshd_supports_opt('RhostsAuthentication','no')) { + push @cfgarr, 'RhostsAuthentication no'; +} if(sshd_supports_opt('TCPKeepAlive','no')) { push @cfgarr, 'TCPKeepAlive no'; } @@ -559,6 +574,9 @@ if(sshd_supports_opt('UsePAM','no')) { if(sshd_supports_opt('UsePrivilegeSeparation','no')) { push @cfgarr, 'UsePrivilegeSeparation no'; } +if(sshd_supports_opt('VerifyReverseMapping','no')) { + push @cfgarr, 'VerifyReverseMapping no'; +} if(sshd_supports_opt('X11UseLocalhost','yes')) { push @cfgarr, 'X11UseLocalhost yes'; } -- cgit v1.2.1 From 1a340de0e5f378e58130dd86955e6bcee47b6f19 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 8 Feb 2008 13:54:02 +0000 Subject: To verify that the sftp server is actually running, responsive and that all curl's tests generated configuration and key files are fine, a real connection is established to the test harness sftp server authenticating and running a simple sftp remote pwd command. The verification is done using OpenSSH's or SunSSH's sftp client tool with a configuration file with the same options as the test harness socks server with the exception that dynamic forwarding is not used for sftp. --- tests/sshserver.pl | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 64 insertions(+), 3 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index e94125343..3eb57a643 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -44,24 +44,31 @@ use Cwd; use sshhelp qw( $sshdexe $sshexe + $sftpsrvexe $sftpexe $sshkeygenexe $sshdconfig $sshconfig + $sftpconfig $knownhosts $sshdlog $sshlog + $sftplog + $sftpcmds $hstprvkeyf $hstpubkeyf $cliprvkeyf $clipubkeyf display_sshdconfig display_sshconfig + display_sftpconfig display_sshdlog display_sshlog + display_sftplog dump_array find_sshd find_ssh + find_sftpsrv find_sftp find_sshkeygen logmsg @@ -193,12 +200,23 @@ if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) || #*************************************************************************** # Find out sftp server plugin canonical file name # +my $sftpsrv = find_sftpsrv(); +if(!$sftpsrv) { + logmsg "cannot find $sftpsrvexe"; + exit 1; +} +logmsg "sftp server plugin found $sftpsrv" if($verbose); + + +#*************************************************************************** +# Find out sftp client canonical file name +# my $sftp = find_sftp(); if(!$sftp) { logmsg "cannot find $sftpexe"; exit 1; } -logmsg "sftp server plugin found $sftp" if($verbose); +logmsg "sftp client found $sftp" if($verbose); #*************************************************************************** @@ -428,7 +446,7 @@ push @cfgarr, 'RhostsRSAAuthentication no'; push @cfgarr, 'RSAAuthentication no'; push @cfgarr, 'ServerKeyBits 768'; push @cfgarr, 'StrictModes no'; -push @cfgarr, "Subsystem sftp $sftp"; +push @cfgarr, "Subsystem sftp $sftpsrv -f AUTH -l $loglevel"; push @cfgarr, 'SyslogFacility AUTH'; push @cfgarr, 'UseLogin no'; push @cfgarr, 'X11Forwarding no'; @@ -861,12 +879,55 @@ if($error) { logmsg $error; exit 1; } + + +#*************************************************************************** +# Initialize client sftp config with options actually supported. +# +logmsg 'generating sftp client config file...' if($verbose); +splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing"; +# +for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) { + if($cfgarr[$i] =~ /^DynamicForward/) { + splice @cfgarr, $i, 1; + next; + } + if($cfgarr[$i] =~ /^ClearAllForwardings/) { + splice @cfgarr, $i, 1, "ClearAllForwardings yes"; + next; + } +} + + +#*************************************************************************** +# Write out resulting sftp client configuration file for curl's tests +# +$error = dump_array($sftpconfig, @cfgarr); +if($error) { + logmsg $error; + exit 1; +} +@cfgarr = (); + + +#*************************************************************************** +# Generate client sftp commands batch file for sftp server verification +# +logmsg 'generating sftp client commands file...' if($verbose); +push @cfgarr, 'pwd'; +push @cfgarr, 'quit'; +$error = dump_array($sftpcmds, @cfgarr); +if($error) { + logmsg $error; + exit 1; +} @cfgarr = (); #*************************************************************************** # Start the ssh server daemon without forking it # +logmsg "SCP/SFTP server listening on port $port" if($verbose); my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1"; if($rc == -1) { logmsg "$sshd failed with: $!"; @@ -884,7 +945,7 @@ elsif($verbose && ($rc >> 8)) { # Clean up once the server has stopped # unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts); -unlink($sshdconfig, $sshconfig); +unlink($sshdconfig, $sshconfig, $sftpconfig); exit 0; -- cgit v1.2.1 From 405e192b8cf35a0a44f85cedb9e21c97b34b1078 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 8 Feb 2008 17:32:58 +0000 Subject: Get rid of sftp subsystem additional parameters, they aren't widely supported --- tests/sshserver.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 3eb57a643..e43875cf2 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -446,7 +446,7 @@ push @cfgarr, 'RhostsRSAAuthentication no'; push @cfgarr, 'RSAAuthentication no'; push @cfgarr, 'ServerKeyBits 768'; push @cfgarr, 'StrictModes no'; -push @cfgarr, "Subsystem sftp $sftpsrv -f AUTH -l $loglevel"; +push @cfgarr, "Subsystem sftp $sftpsrv"; push @cfgarr, 'SyslogFacility AUTH'; push @cfgarr, 'UseLogin no'; push @cfgarr, 'X11Forwarding no'; -- cgit v1.2.1 From 8f9e0357dd65d04a1fad968e77115a0edfe1b024 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 11 Feb 2008 14:28:48 +0000 Subject: Additional SunSSH 1.1 ssh server options --- tests/sshserver.pl | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index e43875cf2..97ed079b5 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -342,6 +342,10 @@ if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || # GatewayPorts : OpenSSH 2.1.0 and later # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1] # GSSAPICleanupCredentials : OpenSSH 3.8.0 and later [1] +# GSSAPIKeyExchange : SunSSH 1.0.0 and later [1] +# GSSAPIStoreDelegatedCredentials : SunSSH 1.0.0 and later [1] +# GSSCleanupCreds : SunSSH 1.0.0 and later [1] +# GSSUseSessionCredCache : SunSSH 1.0.0 and later [1] # HostbasedAuthentication : OpenSSH 2.9.0 and later # HostbasedUsesNameFromPacketOnly : OpenSSH 2.9.0 and later # HostKey : OpenSSH 1.2.1 and later @@ -540,6 +544,18 @@ if(sshd_supports_opt('GSSAPIAuthentication','no')) { if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) { push @cfgarr, 'GSSAPICleanupCredentials yes'; } +if(sshd_supports_opt('GSSAPIKeyExchange','no')) { + push @cfgarr, 'GSSAPIKeyExchange no'; +} +if(sshd_supports_opt('GSSAPIStoreDelegatedCredentials','no')) { + push @cfgarr, 'GSSAPIStoreDelegatedCredentials no'; +} +if(sshd_supports_opt('GSSCleanupCreds','yes')) { + push @cfgarr, 'GSSCleanupCreds yes'; +} +if(sshd_supports_opt('GSSUseSessionCredCache','no')) { + push @cfgarr, 'GSSUseSessionCredCache no'; +} push @cfgarr, '#'; -- cgit v1.2.1 From 5788719988617f6da188d8f7454b033ea6f5f27c Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 4 Apr 2008 14:08:36 +0000 Subject: SunSSH 1.2 options sync --- tests/sshserver.pl | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 97ed079b5..9af868c0e 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -605,9 +605,15 @@ if(sshd_supports_opt('UseDNS','no')) { if(sshd_supports_opt('UsePAM','no')) { push @cfgarr, 'UsePAM no'; } -if(sshd_supports_opt('UsePrivilegeSeparation','no')) { + +if($sshdid =~ /SunSSH/) { + # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415 + push @cfgarr, '# UsePrivilegeSeparation yes'; +} +elsif(sshd_supports_opt('UsePrivilegeSeparation','no')) { push @cfgarr, 'UsePrivilegeSeparation no'; } + if(sshd_supports_opt('VerifyReverseMapping','no')) { push @cfgarr, 'VerifyReverseMapping no'; } @@ -687,6 +693,7 @@ if(! -e $knownhosts) { # ConnectTimeout : OpenSSH 3.7.0 and later # ControlMaster : OpenSSH 3.9.0 and later # ControlPath : OpenSSH 3.9.0 and later +# DisableBanner : SunSSH 1.2.0 and later # DynamicForward : OpenSSH 2.9.0 and later # EnableSSHKeysign : OpenSSH 3.6.0 and later # EscapeChar : OpenSSH 1.2.1 and later [3] @@ -706,6 +713,7 @@ if(! -e $knownhosts) { # HostName : OpenSSH 1.2.1 and later # IdentitiesOnly : OpenSSH 3.9.0 and later # IdentityFile : OpenSSH 1.2.1 and later +# IgnoreIfUnknown : SunSSH 1.2.0 and later # KeepAlive : OpenSSH 1.2.1 and later # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later # KbdInteractiveDevices : OpenSSH 2.3.0 and later [3] @@ -812,6 +820,10 @@ if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) { push @cfgarr, 'ControlPath none'; } +if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) { + push @cfgarr, 'DisableBanner yes'; +} + if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) { push @cfgarr, 'EnableSSHKeysign no'; } @@ -843,6 +855,10 @@ if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { push @cfgarr, 'IdentitiesOnly yes'; } +if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) { + push @cfgarr, 'IgnoreIfUnknown no'; +} + if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) || ($sshid =~ /SunSSH/)) { push @cfgarr, 'KeepAlive no'; -- cgit v1.2.1 From 532d4b5106137d70810333fccdf8aebb186ca70a Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 4 Apr 2008 14:47:32 +0000 Subject: SunSSH sshd ignores UsePrivilegeSeparation option --- tests/sshserver.pl | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 9af868c0e..564e61550 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -606,12 +606,11 @@ if(sshd_supports_opt('UsePAM','no')) { push @cfgarr, 'UsePAM no'; } -if($sshdid =~ /SunSSH/) { +if($sshdid =~ /OpenSSH/) { # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415 - push @cfgarr, '# UsePrivilegeSeparation yes'; -} -elsif(sshd_supports_opt('UsePrivilegeSeparation','no')) { - push @cfgarr, 'UsePrivilegeSeparation no'; + if(sshd_supports_opt('UsePrivilegeSeparation','no')) { + push @cfgarr, 'UsePrivilegeSeparation no'; + } } if(sshd_supports_opt('VerifyReverseMapping','no')) { -- cgit v1.2.1 From ada2774ab2bfeff84110a7076e539a926ce900c0 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 15 Jan 2010 18:55:01 +0000 Subject: Start using the centralized pidfile and logfile name generation subroutines for ssh and socks test suite servers. --- tests/sshserver.pl | 119 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 90 insertions(+), 29 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 564e61550..f0290e224 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -25,17 +25,8 @@ # Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests. # Also creates the ssh configuration files needed for these tests. -# Options: -# -# -v -# -d -# -u user -# -l listen address -# -p SCP/SFTP server port -# -s SOCKS4/5 server port - use strict; -#use warnings; +use warnings; use Cwd; #*************************************************************************** @@ -75,6 +66,14 @@ use sshhelp qw( sshversioninfo ); +#*************************************************************************** +# Subs imported from serverhelp module +# +use serverhelp qw( + server_pidfilename + server_logfilename + ); + #*************************************************************************** @@ -83,8 +82,13 @@ my $debugprotocol = 0; # set to 1 for protocol debugging my $port = 8999; # our default SCP/SFTP server port my $socksport = $port + 1; # our default SOCKS4/5 server port my $listenaddr = '127.0.0.1'; # default address on which to listen +my $ipvnum = 4; # default IP version of listener address +my $idnum = 1; # dafault ssh daemon instance number +my $proto = 'ssh'; # protocol the ssh daemon speaks my $path = getcwd(); # current working directory +my $logdir = $path .'/log'; # directory for log files my $username = $ENV{USER}; # default user +my $pidfile; # ssh daemon pid file my $error; my @cfgarr; @@ -94,35 +98,92 @@ my @cfgarr; # Parse command line options # while(@ARGV) { - if($ARGV[0] eq '-v') { + if($ARGV[0] eq '--verbose') { $verbose = 1; } - elsif($ARGV[0] eq '-d') { + elsif($ARGV[0] eq '--debugprotocol') { $verbose = 1; $debugprotocol = 1; } - elsif($ARGV[0] eq '-u') { - $username = $ARGV[1]; - shift @ARGV; + elsif($ARGV[0] eq '--user') { + if($ARGV[1]) { + $username = $ARGV[1]; + shift @ARGV; + } + } + elsif($ARGV[0] eq '--id') { + if($ARGV[1]) { + if($ARGV[1] =~ /^(\d+)$/) { + $idnum = $1 if($1 > 0); + shift @ARGV; + } + } + } + elsif($ARGV[0] eq '--ipv4') { + $ipvnum = 4; + $listenaddr = '127.0.0.1' if($listenaddr eq '::1'); + } + elsif($ARGV[0] eq '--ipv6') { + $ipvnum = 6; + $listenaddr = '::1' if($listenaddr eq '127.0.0.1'); } - elsif($ARGV[0] eq '-l') { - $listenaddr = $ARGV[1]; - shift @ARGV; + elsif($ARGV[0] eq '--addr') { + if($ARGV[1]) { + my $tmpstr = $ARGV[1]; + if($tmpstr =~ /^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/) { + $listenaddr = "$1.$2.$3.$4" if($ipvnum == 4); + shift @ARGV; + } + elsif($ipvnum == 6) { + $listenaddr = $tmpstr; + $listenaddr =~ s/^\[(.*)\]$/$1/; + shift @ARGV; + } + } } - elsif($ARGV[0] eq '-p') { - if($ARGV[1] =~ /^(\d+)$/) { - $port = $1; + elsif($ARGV[0] eq '--pidfile') { + if($ARGV[1]) { + $pidfile = "$path/". $ARGV[1]; + shift @ARGV; } - shift @ARGV; } - elsif($ARGV[0] eq '-s') { - if($ARGV[1] =~ /^(\d+)$/) { - $socksport = $1; + elsif($ARGV[0] eq '--sshport') { + if($ARGV[1]) { + if($ARGV[1] =~ /^(\d+)$/) { + $port = $1; + shift @ARGV; + } } - shift @ARGV; + } + elsif($ARGV[0] eq '--socksport') { + if($ARGV[1]) { + if($ARGV[1] =~ /^(\d+)$/) { + $socksport = $1; + shift @ARGV; + } + } + } + else { + print STDERR "\nWarning: sshserver.pl unknown parameter: $ARGV[0]\n"; } shift @ARGV; -}; +} + + +#*************************************************************************** +# Default ssh daemon pid file name +# +if(!$pidfile) { + $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum); +} + + +#*************************************************************************** +# ssh, socks and sftp server log file names +# +$sshdlog = server_logfilename($logdir, 'ssh', $ipvnum, $idnum); +$sftplog = server_logfilename($logdir, 'sftp', $ipvnum, $idnum); +$sshlog = server_logfilename($logdir, 'socks', $ipvnum, $idnum); #*************************************************************************** @@ -420,7 +481,7 @@ push @cfgarr, '#'; push @cfgarr, "AuthorizedKeysFile $path/$clipubkeyf"; push @cfgarr, "AuthorizedKeysFile2 $path/$clipubkeyf"; push @cfgarr, "HostKey $path/$hstprvkeyf"; -push @cfgarr, "PidFile $path/.ssh.pid"; +push @cfgarr, "PidFile $pidfile"; push @cfgarr, '#'; push @cfgarr, "Port $port"; push @cfgarr, "ListenAddress $listenaddr"; -- cgit v1.2.1 From 2309b4e330b96bc2e1f8e36b6184015e59544037 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 Mar 2010 11:02:54 +0100 Subject: remove the CVSish $Id$ lines --- tests/sshserver.pl | 1 - 1 file changed, 1 deletion(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index f0290e224..b4390158d 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -19,7 +19,6 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # -# $Id$ #*************************************************************************** # Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests. -- cgit v1.2.1 From be28825b2d3e213439eab5ce5423a3caca79bc46 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 Mar 2010 11:07:35 +0100 Subject: restore executable bits on some files --- tests/sshserver.pl | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/sshserver.pl (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl old mode 100644 new mode 100755 -- cgit v1.2.1 From 38fff918f93408ed71e16bc8cdb5fd45251470bb Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 31 Aug 2011 18:16:14 +0200 Subject: test harness: fix detection of test harness host and client key files Regenerate curl's tests host and client key files also when, somehow, any of these files are empty. --- tests/sshserver.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index b4390158d..5fda35fa5 100755 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -362,8 +362,10 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) || #*************************************************************************** # Generate host and client key files for curl's tests # -if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) || - (! -e $cliprvkeyf) || (! -e $clipubkeyf)) { +if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || + (! -e $hstpubkeyf) || (! -s $hstpubkeyf) || + (! -e $cliprvkeyf) || (! -s $cliprvkeyf) || + (! -e $clipubkeyf) || (! -s $clipubkeyf)) { # Make sure all files are gone so ssh-keygen doesn't complain unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf); logmsg 'generating host keys...' if($verbose); -- cgit v1.2.1 From 437848d75443aa1a189cb81dfaaad9f19d0cc60b Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 31 Aug 2011 19:59:26 +0200 Subject: test harness: fix detection of test harness client knownhosts file Regenerate curl's tests client knownhosts file also when, somehow, this file is empty. --- tests/sshserver.pl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 5fda35fa5..8bb8bcdcf 100755 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -708,8 +708,9 @@ if(system "$sshd -t -f $sshdconfig > $sshdlog 2>&1") { #*************************************************************************** # Generate ssh client host key database file for curl's tests # -if(! -e $knownhosts) { +if((! -e $knownhosts) || (! -s $knownhosts)) { logmsg 'generating ssh client known hosts file...' if($verbose); + unlink($knownhosts); if(open(DSAKEYFILE, "<$hstpubkeyf")) { my @dsahostkey = do { local $/ = ' '; }; if(close(DSAKEYFILE)) { -- cgit v1.2.1