diff options
Diffstat (limited to 'tests/CMakeLists.txt')
-rw-r--r-- | tests/CMakeLists.txt | 107 |
1 files changed, 79 insertions, 28 deletions
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 44d4f201..46c19ff7 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -6,9 +6,7 @@ endif (BSD OR SOLARIS OR OSX) set(TORTURE_LIBRARY torture) -include_directories(${OPENSSL_INCLUDE_DIR} - ${CMOCKA_INCLUDE_DIR} - ${ZLIB_INCLUDE_DIR} +include_directories(${CMOCKA_INCLUDE_DIR} ${libssh_BINARY_DIR}/include ${libssh_BINARY_DIR} ${libssh_SOURCE_DIR}/src @@ -28,10 +26,13 @@ add_library(${TORTURE_LIBRARY} torture_key.c torture_pki.c torture_cmocka.c) -target_link_libraries(${TORTURE_LIBRARY} ${TORTURE_LINK_LIBRARIES}) +target_link_libraries(${TORTURE_LIBRARY} PRIVATE ${TORTURE_LINK_LIBRARIES}) target_compile_options(${TORTURE_LIBRARY} PRIVATE -DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping" ) +if (WITH_COVERAGE) + append_coverage_compiler_flags_to_target(${TORTURE_LIBRARY}) +endif (WITH_COVERAGE) # The shared version of the library is only useful when client testing is # enabled @@ -39,10 +40,6 @@ if (CLIENT_TESTING) # create shared test library set(TORTURE_SHARED_LIBRARY torture_shared) - if (MINGW) - set(USE_ATTRIBUTE_WEAK "-DUSE_ATTRIBUTE_WEAK") - endif () - # Create a list of symbols that should be wrapped for override test set(WRAP_SYMBOLS "") list(APPEND WRAP_SYMBOLS @@ -66,20 +63,23 @@ if (CLIENT_TESTING) torture_pki.c torture_cmocka.c ) - target_link_libraries(${TORTURE_SHARED_LIBRARY} + target_link_libraries(${TORTURE_SHARED_LIBRARY} PUBLIC ${CMOCKA_LIBRARY} ssh::static ${WRAP_SYMBOLS} ) target_compile_options(${TORTURE_SHARED_LIBRARY} PRIVATE -DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping" - ${USE_ATTRIBUTE_WEAK} + -DTORTURE_SHARED ) + if (WITH_COVERAGE) + append_coverage_compiler_flags_to_target(${TORTURE_SHARED_LIBRARY}) + endif (WITH_COVERAGE) endif () -if (ARGP_LIBRARY) +if (ARGP_LIBRARIES) target_link_libraries(${TORTURE_LIBRARY} - ${ARGP_LIBRARY} + PUBLIC ${ARGP_LIBRARIES} ) endif() @@ -103,7 +103,7 @@ if (SSH_EXECUTABLE) set(OPENSSH_CIPHERS "aes128-ctr\naes192-ctr\naes256-ctr\narcfour256\narcfour128\naes128-gcm@openssh.com\naes256-gcm@openssh.com\naes128-cbc\n3des-cbc\nblowfish-cbc\ncast128-cbc\naes192-cbc\naes256-cbc\narcfour\nrijndael-cbc@lysator.liu.se\n") set(OPENSSH_MACS "hmac-md5-etm@openssh.com\nhmac-sha1-etm@openssh.com\numac-64-etm@openssh.com\numac-128-etm@openssh.com\nhmac-sha2-256-etm@openssh.com\nhmac-sha2-512-etm@openssh.com\nhmac-ripemd160-etm@openssh.com\nhmac-sha1-96-etm@openssh.com\nhmac-md5-96-etm@openssh.com\nhmac-md5\nhmac-sha1\numac-64@openssh.com\numac-128@openssh.com\nhmac-sha2-256\nhmac-sha2-512\nhmac-ripemd160\nhmac-ripemd160@openssh.com\nhmac-sha1-96\nhmac-md5-96\n") set(OPENSSH_KEX "ecdh-sha2-nistp256\necdh-sha2-nistp384\necdh-sha2-nistp521\ndiffie-hellman-group-exchange-sha256\ndiffie-hellman-group-exchange-sha1\ndiffie-hellman-group14-sha1\ndiffie-hellman-group1-sha1\n") - set(OPENSSH_KEYS "ssh-rsa\nssh-dss\necdsa-sha2-nistp256\n") + set(OPENSSH_KEYS "ssh-rsa\necdsa-sha2-nistp256\n") else() execute_process(COMMAND ${SSH_EXECUTABLE} -Q cipher OUTPUT_VARIABLE OPENSSH_CIPHERS) execute_process(COMMAND ${SSH_EXECUTABLE} -Q mac OUTPUT_VARIABLE OPENSSH_MACS) @@ -130,9 +130,9 @@ if (SSH_EXECUTABLE) diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256 curve25519-sha256@libssh.org - ssh-ed25519 ssh-ed25519-cert-v01@openssh.com ssh-rsa ssh-dss + ssh-ed25519 ssh-ed25519-cert-v01@openssh.com ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 - ssh-rsa-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com + ssh-rsa-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com ) @@ -169,13 +169,14 @@ if (CLIENT_TESTING OR SERVER_TESTING) find_package(nss_wrapper 1.1.2 REQUIRED) find_package(uid_wrapper 1.2.0 REQUIRED) find_package(pam_wrapper 1.0.1 REQUIRED) + find_package(priv_wrapper 1.0.0) if (NOT SSHD_EXECUTABLE) message(SEND_ERROR "Could not find sshd which is required for client testing") endif() - find_program(NC_EXECUTABLE + find_program(NCAT_EXECUTABLE NAME - nc + ncat PATHS /bin /usr/bin @@ -186,6 +187,20 @@ if (CLIENT_TESTING OR SERVER_TESTING) if (NOT SOFTHSM_FOUND) message(SEND_ERROR "Could not find softhsm module!") endif (NOT SOFTHSM_FOUND) + find_library(PKCS11SPY + NAMES + pkcs11-spy.so + ) + if (WITH_PKCS11_PROVIDER) + find_package(PkgConfig) + if (PKG_CONFIG_FOUND) + pkg_check_modules(P11_KIT p11-kit-1) + if (P11_KIT_FOUND) + pkg_get_variable(P11_MODULE_PATH p11-kit-1 p11_module_path) + set(P11_KIT_CLIENT ${P11_MODULE_PATH}/p11-kit-client.so) + endif (P11_KIT_FOUND) + endif (PKG_CONFIG_FOUND) + endif (WITH_PKCS11_PROVIDER) endif (WITH_PKCS11_URI) find_program(SSH_EXECUTABLE NAMES ssh) @@ -216,13 +231,28 @@ if (CLIENT_TESTING OR SERVER_TESTING) set(WITH_TIMEOUT "1") endif() - # chroot_wrapper - add_library(chroot_wrapper SHARED chroot_wrapper.c) - set(CHROOT_WRAPPER_LIBRARY ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chroot_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX}) + # For chroot() use priv_wrapper package if found, or internal chroot_wrapper + if (priv_wrapper_FOUND) + set(CHROOT_WRAPPER "${PRIV_WRAPPER_LIBRARY}") + else() + add_library(chroot_wrapper SHARED chroot_wrapper.c) + set(CHROOT_WRAPPER_LIBRARY ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chroot_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX}) + set(TEST_TARGET_LIBRARIES + ${TEST_TARGET_LIBRARIES} + chroot_wrapper + ) + set(CHROOT_WRAPPER "${CHROOT_WRAPPER_LIBRARY}") + endif() + + # chown wrapper + add_library(chown_wrapper SHARED chown_wrapper.c) + set(CHOWN_WRAPPER_LIBRARY + ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chown_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX}) set(TEST_TARGET_LIBRARIES ${TEST_TARGET_LIBRARIES} - chroot_wrapper + chown_wrapper ) + set(CHOWN_WRAPPER "${CHOWN_WRAPPER_LIBRARY}") # ssh_ping add_executable(ssh_ping ssh_ping.c) @@ -243,12 +273,19 @@ if (CLIENT_TESTING OR SERVER_TESTING) configure_file(etc/pam.d/sshd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d/sshd @ONLY) - set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER_LIBRARY}") + set(TORTURE_ENVIRONMENT + "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}:${CHOWN_WRAPPER}") + if (priv_wrapper_FOUND) + list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1) + list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL") + endif() list(APPEND TORTURE_ENVIRONMENT UID_WRAPPER=1 UID_WRAPPER_ROOT=1) list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_PASSWD=${CMAKE_CURRENT_BINARY_DIR}/etc/passwd) list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_SHADOW=${CMAKE_CURRENT_BINARY_DIR}/etc/shadow) list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_GROUP=${CMAKE_CURRENT_BINARY_DIR}/etc/group) list(APPEND TORTURE_ENVIRONMENT PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d) + list(APPEND TORTURE_ENVIRONMENT LSAN_OPTIONS=suppressions=${CMAKE_CURRENT_SOURCE_DIR}/suppressions/lsan.supp) + list(APPEND TORTURE_ENVIRONMENT OPENSSL_ENABLE_SHA1_SIGNATURES=1) # Give bob some keys file(COPY keys/id_rsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) @@ -285,16 +322,21 @@ if (CLIENT_TESTING OR SERVER_TESTING) file(READ keys/pkcs11/id_pkcs11_ecdsa_521_openssh.pub CONTENTS) file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys "${CONTENTS}") - # Copy the signed key to an alternative directory in bob's homedir. - file(COPY keys/certauth/id_rsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh_cert/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) - file(COPY keys/certauth/id_rsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh_cert/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) - file(COPY keys/certauth/id_rsa-cert.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh_cert/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) + # Copy the signed key to an doe's homedir. + file(COPY keys/certauth/id_rsa DESTINATION + ${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) + file(COPY keys/certauth/id_rsa.pub DESTINATION + ${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) + file(COPY keys/certauth/id_rsa-cert.pub DESTINATION + ${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) +endif () +if (WITH_PKCS11_URI) #Copy the script to setup PKCS11 tokens file(COPY pkcs11/setup-softhsm-tokens.sh DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/pkcs11 FILE_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE) +endif (WITH_PKCS11_URI) - message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}") -endif () +message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}") configure_file(tests_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/tests_config.h) @@ -317,3 +359,12 @@ endif () if (FUZZ_TESTING) add_subdirectory(fuzz) endif() + +add_custom_target(test_memcheck + # FIXME: The threads_pki_rsa test is skipped under valgrind as it times out + # Passing suppression file is also stupid so lets go with override here: + # https://stackoverflow.com/a/56116311 + COMMAND ${CMAKE_CTEST_COMMAND} -E torture_threads_pki_rsa -E pkd_hello_i1 + --output-on-failure --force-new-ctest-process --test-action memcheck + --overwrite MemoryCheckSuppressionFile=${CMAKE_SOURCE_DIR}/tests/valgrind.supp + WORKING_DIRECTORY "${CMAKE_BINARY_DIR}") |