diff options
Diffstat (limited to 'tests/torture.c')
| -rw-r--r-- | tests/torture.c | 265 |
1 files changed, 160 insertions, 105 deletions
diff --git a/tests/torture.c b/tests/torture.c index cf5e4293..78edaae1 100644 --- a/tests/torture.c +++ b/tests/torture.c @@ -40,11 +40,6 @@ #include <unistd.h> #elif (defined _WIN32) || (defined _WIN64) #include <direct.h> -#include <io.h> -#define read _read -#define open _open -#define write _write -#define close _close #define chdir _chdir #endif @@ -53,6 +48,10 @@ #include "libssh/misc.h" #include "libssh/token.h" +#ifdef HAVE_VALGRIND_VALGRIND_H +#include <valgrind/valgrind.h> +#endif + #define TORTURE_SSHD_SRV_IPV4 "127.0.0.10" /* socket wrapper IPv6 prefix fd00::5357:5fxx */ #define TORTURE_SSHD_SRV_IPV6 "fd00::5357:5f0a" @@ -63,10 +62,6 @@ #define TORTURE_SSHD_CONFIG "sshd/sshd_config" #define TORTURE_PCAP_FILE "socket_trace.pcap" -#ifndef PATH_MAX -# define PATH_MAX 4096 -#endif - static const char torture_rsa_certauth_pub[]= "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnA2n5vHzZbs/GvRkGloJNV1CXHI" "S5Xnrm05HusUJSWyPq3I1iCMHdYA7oezHa9GCFYbIenaYPy+G6USQRjYQz8SvAZo06" @@ -81,6 +76,7 @@ static const char *pattern = NULL; #ifndef _WIN32 +/* TODO missing code coverage */ static int _torture_auth_kbdint(ssh_session session, const char *password) { const char *prompt; @@ -248,6 +244,13 @@ int torture_terminate_process(const char *pidfile) /* 10 ms */ usleep(10 * 1000); +#ifdef HAVE_VALGRIND_VALGRIND_H + if (RUNNING_ON_VALGRIND) { + SSH_LOG(SSH_LOG_INFO, "Running within Valgrind, wait one more " + "second for the server to clean up."); + usleep(1000 * 1000); + } +#endif /* HAVE_VALGRIND_VALGRIND_H */ rc = kill(pid, 0); if (rc != 0) { @@ -387,18 +390,12 @@ ssh_bind torture_ssh_bind(const char *addr, } switch (key_type) { -#ifdef HAVE_DSA - case SSH_KEYTYPE_DSS: - opts = SSH_BIND_OPTIONS_DSAKEY; - break; -#endif /* HAVE_DSA */ case SSH_KEYTYPE_RSA: - opts = SSH_BIND_OPTIONS_RSAKEY; - break; case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P384: case SSH_KEYTYPE_ECDSA_P521: - opts = SSH_BIND_OPTIONS_ECDSAKEY; + case SSH_KEYTYPE_ED25519: + opts = SSH_BIND_OPTIONS_HOSTKEY; break; default: goto out_free; @@ -426,7 +423,8 @@ ssh_bind torture_ssh_bind(const char *addr, #ifdef WITH_SFTP -struct torture_sftp *torture_sftp_session(ssh_session session) { +struct torture_sftp *torture_sftp_session_channel(ssh_session session, ssh_channel channel) +{ struct torture_sftp *t; char template[] = "/tmp/ssh_torture_XXXXXX"; char *p; @@ -442,9 +440,26 @@ struct torture_sftp *torture_sftp_session(ssh_session session) { } t->ssh = session; - t->sftp = sftp_new(session); - if (t->sftp == NULL) { - goto failed; + if (channel == NULL) { + t->sftp = sftp_new(session); + if (t->sftp == NULL) { + goto failed; + } + } else { + t->sftp = sftp_new_channel(session, channel); + if (t->sftp == NULL) { + goto failed; + } + + rc = ssh_channel_open_session(channel); + if (rc != SSH_OK) { + goto failed; + } + + rc = ssh_channel_request_sftp(channel); + if (rc != SSH_OK) { + goto failed; + } } rc = sftp_init(t->sftp); @@ -475,6 +490,11 @@ failed: return NULL; } +struct torture_sftp *torture_sftp_session(ssh_session session) +{ + return torture_sftp_session_channel(session, NULL); +} + void torture_sftp_close(struct torture_sftp *t) { if (t == NULL) { return; @@ -612,9 +632,6 @@ void torture_setup_create_libssh_config(void **state) { struct torture_state *s = *state; char ed25519_hostkey[1024] = {0}; -#ifdef HAVE_DSA - char dsa_hostkey[1024]; -#endif /* HAVE_DSA */ char rsa_hostkey[1024]; char ecdsa_hostkey[1024]; char sshd_config[2048]; @@ -628,9 +645,6 @@ void torture_setup_create_libssh_config(void **state) "%s %s\n" "%s %s\n" "%s %s\n" -#ifdef HAVE_DSA - "%s %s\n" -#endif /* HAVE_DSA */ "%s\n"; /* The space for test-specific options */ bool written = false; int rc; @@ -667,13 +681,6 @@ void torture_setup_create_libssh_config(void **state) "%s/sshd/ssh_host_ecdsa_key", s->socket_dir); -#ifdef HAVE_DSA - snprintf(dsa_hostkey, - sizeof(dsa_hostkey), - "%s/sshd/ssh_host_dsa_key", - s->socket_dir); -#endif /* HAVE_DSA */ - if (!written) { torture_write_file(ed25519_hostkey, torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0)); @@ -681,10 +688,6 @@ void torture_setup_create_libssh_config(void **state) torture_get_testkey(SSH_KEYTYPE_RSA, 0)); torture_write_file(ecdsa_hostkey, torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0)); -#ifdef HAVE_DSA - torture_write_file(dsa_hostkey, - torture_get_testkey(SSH_KEYTYPE_DSS, 0)); -#endif /* HAVE_DSA */ } additional_config = (s->srv_additional_config != NULL ? @@ -695,21 +698,16 @@ void torture_setup_create_libssh_config(void **state) "HostKey", ed25519_hostkey, "HostKey", rsa_hostkey, "HostKey", ecdsa_hostkey, -#ifdef HAVE_DSA - "HostKey", dsa_hostkey, -#endif /* HAVE_DSA */ additional_config); torture_write_file(s->srv_config, sshd_config); } +#ifdef SSHD_EXECUTABLE static void torture_setup_create_sshd_config(void **state, bool pam) { struct torture_state *s = *state; char ed25519_hostkey[1024] = {0}; -#ifdef HAVE_DSA - char dsa_hostkey[1024]; -#endif /* HAVE_DSA */ char rsa_hostkey[1024]; char ecdsa_hostkey[1024]; char trusted_ca_pubkey[1024]; @@ -727,10 +725,8 @@ static void torture_setup_create_sshd_config(void **state, bool pam) const char config_string[]= "Port 22\n" "ListenAddress 127.0.0.10\n" + "ListenAddress fd00::5357:5f0a\n" "%s %s\n" /* ed25519 HostKey */ -#ifdef HAVE_DSA - "%s %s\n" /* DSA HostKey */ -#endif /* HAVE_DSA */ "%s %s\n" /* RSA HostKey */ "%s %s\n" /* ECDSA HostKey */ "\n" @@ -744,7 +740,8 @@ static void torture_setup_create_sshd_config(void **state, bool pam) "\n" "StrictModes no\n" "\n" - "%s" /* Here comes UsePam */ + "%s\n" /* Here comes UsePam */ + "%s" /* The space for test-specific options */ "\n" /* add all supported algorithms */ "HostKeyAlgorithms " OPENSSH_KEYS "\n" @@ -759,12 +756,12 @@ static void torture_setup_create_sshd_config(void **state, bool pam) "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT\n" "AcceptEnv LC_IDENTIFICATION LC_ALL LC_LIBSSH\n" "\n" - "PidFile %s\n" - "%s\n"; /* The space for test-specific options */ + "PidFile %s\n"; /* FIPS config */ const char fips_config_string[]= "Port 22\n" "ListenAddress 127.0.0.10\n" + "ListenAddress fd00::5357:5f0a\n" "%s %s\n" /* RSA HostKey */ "%s %s\n" /* ECDSA HostKey */ "\n" @@ -778,7 +775,8 @@ static void torture_setup_create_sshd_config(void **state, bool pam) "\n" "StrictModes no\n" "\n" - "%s" /* UsePam */ + "%s\n" /* Here comes UsePam */ + "%s" /* The space for test-specific options */ "\n" "Ciphers " "aes256-gcm@openssh.com,aes256-ctr,aes256-cbc," @@ -807,8 +805,7 @@ static void torture_setup_create_sshd_config(void **state, bool pam) "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT\n" "AcceptEnv LC_IDENTIFICATION LC_ALL LC_LIBSSH\n" "\n" - "PidFile %s\n" /* PID file */ - "%s\n"; /* The space for test-specific options */ + "PidFile %s\n"; /* PID file */ const char usepam_yes[] = "UsePAM yes\n" "KbdInteractiveAuthentication yes\n"; @@ -850,13 +847,6 @@ static void torture_setup_create_sshd_config(void **state, bool pam) "%s/sshd/ssh_host_ed25519_key", s->socket_dir); -#ifdef HAVE_DSA - snprintf(dsa_hostkey, - sizeof(dsa_hostkey), - "%s/sshd/ssh_host_dsa_key", - s->socket_dir); -#endif /* HAVE_DSA */ - snprintf(rsa_hostkey, sizeof(rsa_hostkey), "%s/sshd/ssh_host_rsa_key", @@ -875,10 +865,6 @@ static void torture_setup_create_sshd_config(void **state, bool pam) if (!written) { torture_write_file(ed25519_hostkey, torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0)); -#ifdef HAVE_DSA - torture_write_file(dsa_hostkey, - torture_get_testkey(SSH_KEYTYPE_DSS, 0)); -#endif /* HAVE_DSA */ torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0)); torture_write_file(ecdsa_hostkey, @@ -909,28 +895,25 @@ static void torture_setup_create_sshd_config(void **state, bool pam) trusted_ca_pubkey, sftp_server, usepam, - s->srv_pidfile, - additional_config); + additional_config, + s->srv_pidfile); } else { snprintf(sshd_config, sizeof(sshd_config), config_string, "HostKey", ed25519_hostkey, -#ifdef HAVE_DSA - "HostKey", dsa_hostkey, -#endif /* HAVE_DSA */ "HostKey", rsa_hostkey, "HostKey", ecdsa_hostkey, trusted_ca_pubkey, sftp_server, usepam, - s->srv_pidfile, - additional_config); + additional_config, + s->srv_pidfile); } torture_write_file(s->srv_config, sshd_config); } -static int torture_wait_for_daemon(unsigned int seconds) +int torture_wait_for_daemon(unsigned int seconds) { struct ssh_timestamp start; int rc; @@ -1013,11 +996,13 @@ void torture_setup_libssh_server(void **state, const char *server_path) } /* Write the environment setting */ + /* OPENSSL variable is needed to enable SHA1 */ printed = snprintf(env, sizeof(env), "SOCKET_WRAPPER_DIR=%s " "SOCKET_WRAPPER_DEFAULT_IFACE=10 " "LD_PRELOAD=%s " - "%s", + "%s " + "OPENSSL_ENABLE_SHA1_SIGNATURES=1", s->socket_dir, ld_preload, force_fips); if (printed < 0) { fail_msg("Failed to print env!"); @@ -1126,23 +1111,14 @@ void torture_setup_sshd_server(void **state, bool pam) assert_int_equal(rc, 0); } -void torture_setup_tokens(const char *temp_dir, - const char *filename, - const char object_name[], - const char *load_public) +void torture_free_state(struct torture_state *s) { - char token_setup_start_cmd[1024] = {0}; - int rc; - - snprintf(token_setup_start_cmd, sizeof(token_setup_start_cmd), - "%s/tests/pkcs11/setup-softhsm-tokens.sh %s %s %s %s", - BINARYDIR, - temp_dir, - filename, - object_name, load_public); - - rc = system(token_setup_start_cmd); - assert_return_code(rc, errno); + free(s->srv_config); + free(s->socket_dir); + free(s->pcap_file); + free(s->srv_pidfile); + free(s->srv_additional_config); + free(s); } void torture_teardown_socket_dir(void **state) @@ -1168,13 +1144,7 @@ void torture_teardown_socket_dir(void **state) } s->plain_pcap = NULL; #endif /* WITH_PCAP */ - - free(s->srv_config); - free(s->socket_dir); - free(s->pcap_file); - free(s->srv_pidfile); - free(s->srv_additional_config); - free(s); + torture_free_state(s); } static int @@ -1226,6 +1196,82 @@ void torture_teardown_sshd_server(void **state) torture_teardown_socket_dir(state); } +#endif /* SSHD_EXECUTABLE */ + +#ifdef WITH_PKCS11_URI +void torture_setup_tokens(const char *temp_dir, + const char *filename, + const char object_name[], + const char *load_public) +{ + char token_setup_start_cmd[1024] = {0}; + char socket_path[1204] = {0}; + char conf_path[1024] = {0}; + char *env = NULL; + int rc; + + rc = snprintf(token_setup_start_cmd, + sizeof(token_setup_start_cmd), + "%s/tests/pkcs11/setup-softhsm-tokens.sh %s %s %s %s %s %s", + BINARYDIR, + temp_dir, + filename, + object_name, + load_public, + SOFTHSM2_LIBRARY, +#ifdef WITH_PKCS11_PROVIDER + P11_KIT_CLIENT +#else + "" +#endif + ); + assert_int_not_equal(rc, sizeof(token_setup_start_cmd)); + + rc = system(token_setup_start_cmd); + assert_return_code(rc, errno); + +#ifdef WITH_PKCS11_PROVIDER + rc = snprintf(socket_path, + sizeof(socket_path), + "unix:path=%s/p11-kit-server.socket", + temp_dir); + assert_int_not_equal(rc, sizeof(socket_path)); + setenv("P11_KIT_SERVER_ADDRESS", socket_path, 1); + + setenv("PKCS11_PROVIDER_MODULE", P11_KIT_CLIENT, 1); + /* This is useful for debugging PKCS#11 calls */ + + env = getenv("TORTURE_PKCS11"); + if (env != NULL && env[0] != '\0') { +#ifdef PKCS11SPY + setenv("PKCS11SPY", P11_KIT_CLIENT, 1); + setenv("PKCS11_PROVIDER_MODULE", PKCS11SPY, 1); +#else + fprintf(stderr, "[ TORTURE ] >>> pkcs11-spy not found\n"); +#endif + } +#else + (void)env; + + snprintf(conf_path, sizeof(conf_path), "%s/softhsm.conf", temp_dir); + setenv("SOFTHSM2_CONF", conf_path, 1); +#endif /* WITH_PKCS11_PROVIDER */ +} + +void torture_cleanup_tokens(const char *temp_dir) +{ + char pidfile[1024] = {0}; + int rc; + pid_t pid; + +#ifdef WITH_PKCS11_PROVIDER + snprintf(pidfile, sizeof(pidfile), "%s/p11-kit-server.pid", temp_dir); + torture_terminate_process(pidfile); +#else + unsetenv("SOFTHSM2_CONF"); +#endif /* WITH_PKCS11_PROVIDER */ +} +#endif /* WITH_PKCS11_URI */ char *torture_make_temp_dir(const char *template) { @@ -1309,8 +1355,8 @@ end: char *torture_make_temp_dir(const char *template) { DWORD rc = 0; - char tmp_dir_path[MAX_PATH]; - char tmp_file_name[MAX_PATH]; + char tmp_dir_path[PATH_MAX]; + char tmp_file_name[PATH_MAX]; char *prefix = NULL; char *path = NULL; char *prefix_end = NULL; @@ -1338,8 +1384,8 @@ char *torture_make_temp_dir(const char *template) *prefix_end = '\0'; } - rc = GetTempPathA(MAX_PATH, tmp_dir_path); - if ((rc > MAX_PATH) || (rc == 0)) { + rc = GetTempPathA(PATH_MAX, tmp_dir_path); + if ((rc > PATH_MAX) || (rc == 0)) { goto free_prefix; } @@ -1380,7 +1426,7 @@ static int recursive_rm_dir_content(const char *path) DWORD last_error = 0; - char file_path[MAX_PATH]; + char file_path[PATH_MAX]; int rc = 0; BOOL removed; @@ -1488,8 +1534,8 @@ int torture_isdir(const char *path) char *torture_create_temp_file(const char *template) { DWORD rc = 0; - char tmp_dir_path[MAX_PATH]; - char tmp_file_name[MAX_PATH]; + char tmp_dir_path[PATH_MAX]; + char tmp_file_name[PATH_MAX]; char *prefix = NULL; char *path = NULL; char *prefix_end = NULL; @@ -1515,8 +1561,8 @@ char *torture_create_temp_file(const char *template) *prefix_end = '\0'; } - rc = GetTempPathA(MAX_PATH, tmp_dir_path); - if ((rc > MAX_PATH) || (rc == 0)) { + rc = GetTempPathA(PATH_MAX, tmp_dir_path); + if ((rc > PATH_MAX) || (rc == 0)) { goto free_prefix; } @@ -1606,6 +1652,15 @@ void torture_reset_config(ssh_session session) memset(session->opts.options_seen, 0, sizeof(session->opts.options_seen)); } +#if defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED) +__attribute__((weak)) int torture_run_tests(void) +{ + fail_msg("torture_run_tests from shared library called"); + + return -1; +} +#endif /* defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED) */ + int main(int argc, char **argv) { struct argument_s arguments; char *env = getenv("LIBSSH_VERBOSITY"); |