[src/trunk]: src/tests/lib/librumphijack Test that hijacked ssh/sshd work.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/tests/lib/librumphijack Test that hijacked ssh/sshd work.
From: pooka <pooka%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 20:00:21 +0000
details:   https://anonhg.NetBSD.org/src/rev/63aca726601d
branches:  trunk
changeset: 762054:63aca726601d
user:      pooka <pooka%NetBSD.org@localhost>
date:      Mon Feb 14 15:14:00 2011 +0000

description:
Test that hijacked ssh/sshd work.

Copypastes jmmv's sshd magic from fs/psshfs.
(dunno if it's worth sharing the code, or even what the
best practice for doing so would be)

diffstat:

 tests/lib/librumphijack/Makefile         |   8 ++-
 tests/lib/librumphijack/ssh_config.in    |  14 +++++
 tests/lib/librumphijack/ssh_host_key     |  15 +++++
 tests/lib/librumphijack/ssh_host_key.pub |   1 +
 tests/lib/librumphijack/sshd_config.in   |  39 ++++++++++++++
 tests/lib/librumphijack/t_tcpip.sh       |  87 +++++++++++++++++++++++++++++++-
 6 files changed, 161 insertions(+), 3 deletions(-)

diffs (216 lines):

diff -r 937cffb2a0be -r 63aca726601d tests/lib/librumphijack/Makefile
--- a/tests/lib/librumphijack/Makefile  Mon Feb 14 14:56:23 2011 +0000
+++ b/tests/lib/librumphijack/Makefile  Mon Feb 14 15:14:00 2011 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.2 2011/02/11 15:38:14 pooka Exp $
+#      $NetBSD: Makefile,v 1.3 2011/02/14 15:14:00 pooka Exp $
 #
 
 .include <bsd.own.mk>
@@ -13,6 +13,12 @@
 FILES=         netstat.expout index.html
 FILESDIR=      ${TESTSDIR}
 
+# ssh test
+FILES+=                ssh_config.in
+FILES+=                ssh_host_key
+FILES+=                ssh_host_key.pub
+FILES+=                sshd_config.in
+
 ATFFILE=       yes
 
 .include <bsd.test.mk>
diff -r 937cffb2a0be -r 63aca726601d tests/lib/librumphijack/ssh_config.in
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/lib/librumphijack/ssh_config.in     Mon Feb 14 15:14:00 2011 +0000
@@ -0,0 +1,14 @@
+# $NetBSD: ssh_config.in,v 1.1 2011/02/14 15:14:00 pooka Exp $
+
+# Basic settings.
+Port 22
+Protocol 2
+
+# The temporary key used for login.
+IdentityFile @WORKDIR@/ssh_user_key
+
+# Prevent the client from complaining about unknown host keys.
+GlobalKnownHostsFile @WORKDIR@/known_hosts
+
+# Do not attempt password authentication in case keys fail.
+IdentitiesOnly yes
diff -r 937cffb2a0be -r 63aca726601d tests/lib/librumphijack/ssh_host_key
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/lib/librumphijack/ssh_host_key      Mon Feb 14 15:14:00 2011 +0000
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDJnMpSG1lGmApk8F7ZH7TGtjjP/WUs+vqHyFsyS2lilJzereen
+a/ME6S0d0HTOeCdKldjbtDpfNXbh+XnJMlJMEgEs4Mg1jluuEV0GOJoMt7cGzku2
+gAYGx++2+wqYw6Y+M8Tb1M4AO+PcxD/3BkdUyIKO63v6STl2VQn1BzsTQwIBIwKB
+gAuFTWPHDGpvFols0jhK9GMgWwSSIwnidLdNRwowMehgQ3pwVmFWoCwqlN0h2sn4
+PMJu9nL0WxtiJAzprzARgQuPI25t9LiKTF7scC/cNUiHPplUjvoDXA9ccY1eIf4R
+e6wwZz1jfCWen0eRsvMyoYvFmEH8hILAk1bY9heymOGLAkEA/WhC49n+gtloVMow
+iKQOO6+u3ouxTOTQ3sV2wCaLaO2pEbHP2//5SlUJLp6QrjC7bg9Kr+f56+zT2he9
+f6GCwwJBAMus3XizmZdJyJLnkCJRiT0/3Kf57fhWKRdnFkuRLyjET9MEWavRdJmr
+bx/lxmILi1iKwXiFEDM6MqYfmNImJYECQQCtw9YYlXtSaTGZOi/oqwJyEhGCqO6b
+II85q/moVPHhjQY4BOZNttbT4on0FPV+wlSjPa+OkHDcSp/mAaaDZ2+bAkEAujel
+6rLVkaKLfv+ZuPoXE22WivMityo0Mqdk12ArHfVQS+a4YpOdzlOYzLTSosi56o19
+sAShGOTAl+Jf1hQ/iwJAKpPviX5w292H/m5T0m4l0NRdQ3pRujOLMSVmY+/HFZTW
+GJMYLr1eBKNfLsKzJgB88GzuF2O/O8hNi3XSiOP+9w==
+-----END RSA PRIVATE KEY-----
diff -r 937cffb2a0be -r 63aca726601d tests/lib/librumphijack/ssh_host_key.pub
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/lib/librumphijack/ssh_host_key.pub  Mon Feb 14 15:14:00 2011 +0000
@@ -0,0 +1,1 @@
+ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAyZzKUhtZRpgKZPBe2R+0xrY4z/1lLPr6h8hbMktpYpSc3q3np2vzBOktHdB0zngnSpXY27Q6XzV24fl5yTJSTBIBLODINY5brhFdBjiaDLe3Bs5LtoAGBsfvtvsKmMOmPjPE29TOADvj3MQ/9wZHVMiCjut7+kk5dlUJ9Qc7E0M=
 test%test.example.net@localhost
diff -r 937cffb2a0be -r 63aca726601d tests/lib/librumphijack/sshd_config.in
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/lib/librumphijack/sshd_config.in    Mon Feb 14 15:14:00 2011 +0000
@@ -0,0 +1,39 @@
+# $NetBSD: sshd_config.in,v 1.1 2011/02/14 15:14:00 pooka Exp $
+
+# Basic settings.
+Port 22
+Protocol 2
+
+# Provide information to the user in case something goes wrong.
+LogLevel DEBUG1
+
+# The host key.  It lives in the work directory because we need to set
+# very strict permissions on it and cannot modify the copy on the source
+# directory.
+HostKey @WORKDIR@/ssh_host_key
+
+# The authorized keys file we set up during the test to allow the client
+# to safely log in.  We need to disable strict modes because ATF_WORKDIR
+# usually lives in /tmp, which has 1777 permissions and are not liked by
+# sshd.
+AuthorizedKeysFile @WORKDIR@/authorized_keys
+StrictModes no
+
+# Some settings to allow user runs of sshd.
+PidFile @WORKDIR@/sshd.pid
+UsePam no
+UsePrivilegeSeparation no
+
+# The root user should also be able to run the tests.
+PermitRootLogin yes
+
+# Be restrictive about access to the temporary server.  Only allow key-based
+# authentication.
+ChallengeResponseAuthentication no
+GSSAPIAuthentication no
+HostbasedAuthentication no
+KerberosAuthentication no
+MaxAuthTries 1
+MaxStartups 1
+PasswordAuthentication no
+PubkeyAuthentication yes
diff -r 937cffb2a0be -r 63aca726601d tests/lib/librumphijack/t_tcpip.sh
--- a/tests/lib/librumphijack/t_tcpip.sh        Mon Feb 14 14:56:23 2011 +0000
+++ b/tests/lib/librumphijack/t_tcpip.sh        Mon Feb 14 15:14:00 2011 +0000
@@ -1,4 +1,4 @@
-#       $NetBSD: t_tcpip.sh,v 1.1 2011/02/06 18:44:30 pooka Exp $
+#       $NetBSD: t_tcpip.sh,v 1.2 2011/02/14 15:14:00 pooka Exp $
 #
 # Copyright (c) 2011 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -42,7 +42,7 @@
        export RUMPHIJACK_RETRY='die'
 
        # start bozo in daemon mode
-       atf_check -s exit:0 -e ignore env LD_PRELOAD=/usr/lib/librumphijack.so \
+       atf_check -s exit:0 env LD_PRELOAD=/usr/lib/librumphijack.so \
            /usr/libexec/httpd -b -s $(atf_get_srcdir)
 
        atf_check -s exit:0 -o file:"$(atf_get_srcdir)/netstat.expout" \
@@ -64,7 +64,90 @@
        rump.halt
 }
 
+#
+# Starts a SSH server and sets up the client to access it.
+# Authentication is allowed and done using an RSA key exclusively, which
+# is generated on the fly as part of the test case.
+# XXX: Ideally, all the tests in this test program should be able to share
+# the generated key, because creating it can be a very slow process on some
+# machines.
+#
+# XXX2: copypasted from jmmv's sshd thingamob in the psshfs test.
+# ideally code (and keys, like jmmv notes above) could be shared
+#
+start_sshd() {
+       echo "Setting up SSH server configuration"
+       sed -e "s,@SRCDIR@,$(atf_get_srcdir),g" -e "s,@WORKDIR@,$(pwd),g" \
+           $(atf_get_srcdir)/sshd_config.in >sshd_config || \
+           atf_fail "Failed to create sshd_config"
+       atf_check -s ignore -o empty -e ignore \
+           cp $(atf_get_srcdir)/ssh_host_key .
+       atf_check -s ignore -o empty -e ignore \
+           cp $(atf_get_srcdir)/ssh_host_key.pub .
+       atf_check -s eq:0 -o empty -e empty chmod 400 ssh_host_key
+       atf_check -s eq:0 -o empty -e empty chmod 444 ssh_host_key.pub
+
+        env LD_PRELOAD=/usr/lib/librumphijack.so \
+           /usr/sbin/sshd -e -f ./sshd_config
+       while [ ! -f sshd.pid ]; do
+               sleep 0.01
+       done
+       echo "SSH server started (pid $(cat sshd.pid))"
+
+       echo "Setting up SSH client configuration"
+       atf_check -s eq:0 -o empty -e empty \
+           ssh-keygen -f ssh_user_key -t rsa -b 1024 -N "" -q
+       atf_check -s eq:0 -o empty -e empty \
+           cp ssh_user_key.pub authorized_keys
+       echo "127.0.0.1,localhost,::1 " \
+           "$(cat $(atf_get_srcdir)/ssh_host_key.pub)" >known_hosts || \
+           atf_fail "Failed to create known_hosts"
+       atf_check -s eq:0 -o empty -e empty chmod 600 authorized_keys
+       sed -e "s,@SRCDIR@,$(atf_get_srcdir),g" -e "s,@WORKDIR@,$(pwd),g" \
+           $(atf_get_srcdir)/ssh_config.in >ssh_config || \
+           atf_fail "Failed to create ssh_config"
+       
+       echo "sshd running"
+}
+
+atf_test_case ssh cleanup
+ssh_head()
+{
+        atf_set "descr" "Test that hijacked ssh/sshd works"
+}
+
+ssh_body()
+{
+
+       atf_check -s exit:0 ${rumpnetsrv} ${RUMP_SERVER}
+       # make sure clients die after we nuke the server
+       export RUMPHIJACK_RETRY='die'
+
+       export LD_LIBRARY_PATH=/home/pooka/src/nb5/src/lib/libssh
+
+       start_sshd
+
+       # create some sort of directory for us to "ls"
+       mkdir testdir
+       cd testdir
+       jot 11 | xargs touch
+       jot 11 12 | xargs mkdir
+       cd ..
+
+       atf_check -s exit:0 -o save:ssh.out                             \
+           env LD_PRELOAD=/usr/lib/librumphijack.so                    \
+           ssh -T -F ssh_config 127.0.0.1 ls -li $(pwd)/testdir
+       atf_check -s exit:0 -o file:ssh.out ls -li $(pwd)/testdir
+}
+
+ssh_cleanup()
+{
+       rump.halt
+       # sshd dies due to RUMPHIJACK_RETRY=1d6
+}
+
 atf_init_test_cases()
 {
        atf_add_test_case http
+       atf_add_test_case ssh
 }
Prev by Date: [src/trunk]: src/sys/dev/i2c ibmhawk_set: No need to set states ENVSYS_SWARNx...
Next by Date: [src/trunk]: src/lib A bunch of changes which essentially make sshd work with...
Previous by Thread: [src/trunk]: src/sys/dev/i2c ibmhawk_set: No need to set states ENVSYS_SWARNx...
Next by Thread: [src/trunk]: src/lib A bunch of changes which essentially make sshd work with...
Indexes:
Home | Main Index | Thread Index | Old Index