moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity

test harness: non-stunnel https server integration overhaul

Browse Source
This commit is contained in:
Yang Tse 2011-10-06 20:26:42 +02:00
parent f7bfdbabf2
commit 1958fe5745
8 changed files with 377 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/FILEFORMAT
View File

@ -158,7 +158,8 @@ rtsp-ipv6
imap imap
pop3 pop3
smtp smtp
http+tls-srp httptls+srp
httptls+srp-ipv6
Give only one per line. This subsection is mandatory. Give only one per line. This subsection is mandatory.
</server> </server>
@ -183,6 +184,7 @@ SSL
socks socks
unittest unittest
debug debug
TLS-SRP
as well as each protocol that curl supports. A protocol only needs to be as well as each protocol that curl supports. A protocol only needs to be
specified if it is different from the server (useful when the server specified if it is different from the server (useful when the server

2
tests/data/test320
View File

@ -41,7 +41,7 @@ Accept: */*
# Client-side # Client-side
<client> <client>
<server> <server>
http+tls-srp httptls+srp
</server> </server>
<features> <features>
TLS-SRP TLS-SRP

2
tests/data/test321
View File

@ -10,7 +10,7 @@ FAILURE
# Client-side # Client-side
<client> <client>
<server> <server>
http+tls-srp httptls+srp
</server> </server>
<features> <features>
TLS-SRP TLS-SRP

2
tests/data/test322
View File

@ -10,7 +10,7 @@ FAILURE
# Client-side # Client-side
<client> <client>
<server> <server>
http+tls-srp httptls+srp
</server> </server>
<features> <features>
TLS-SRP TLS-SRP

2
tests/data/test324
View File

@ -10,7 +10,7 @@ FAILURE
# Client-side # Client-side
<client> <client>
<server> <server>
http+tls-srp httptls+srp
</server> </server>
<features> <features>
TLS-SRP TLS-SRP

380
tests/runtests.pl
View File

@ -100,7 +100,7 @@ use sshhelp qw(
find_sshd find_sshd
find_ssh find_ssh
find_sftp find_sftp
find_gnutls_serv find_httptlssrv
sshversioninfo sshversioninfo
); );
@ -117,10 +117,10 @@ my $base = 8990; # base port number
my $HTTPPORT; # HTTP server port my $HTTPPORT; # HTTP server port
my $HTTP6PORT; # HTTP IPv6 server port my $HTTP6PORT; # HTTP IPv6 server port
my $HTTPSPORT; # HTTPS server port my $HTTPSPORT; # HTTPS (stunnel) server port
my $FTPPORT; # FTP server port my $FTPPORT; # FTP server port
my $FTP2PORT; # FTP server 2 port my $FTP2PORT; # FTP server 2 port
my $FTPSPORT; # FTPS server port my $FTPSPORT; # FTPS (stunnel) server port
my $FTP6PORT; # FTP IPv6 server port my $FTP6PORT; # FTP IPv6 server port
my $TFTPPORT; # TFTP my $TFTPPORT; # TFTP
my $TFTP6PORT; # TFTP my $TFTP6PORT; # TFTP
@ -136,7 +136,8 @@ my $RTSPPORT; # RTSP
my $RTSP6PORT; # RTSP IPv6 server port my $RTSP6PORT; # RTSP IPv6 server port
my $GOPHERPORT; # Gopher my $GOPHERPORT; # Gopher
my $GOPHER6PORT; # Gopher IPv6 server port my $GOPHER6PORT; # Gopher IPv6 server port
my $HTTPTLSSRPPORT; # TLS-SRP HTTP port my $HTTPTLSPORT; # HTTP TLS (non-stunnel) server port
my $HTTPTLS6PORT; # HTTP TLS (non-stunnel) IPv6 server port
my $srcdir = $ENV{'srcdir'} || '.'; my $srcdir = $ENV{'srcdir'} || '.';
my $CURL="../src/curl".exe_ext(); # what curl executable to run on the tests my $CURL="../src/curl".exe_ext(); # what curl executable to run on the tests
@ -191,6 +192,7 @@ my $valgrind = checktestcmd("valgrind");
my $valgrind_logfile="--logfile"; my $valgrind_logfile="--logfile";
my $valgrind_tool; my $valgrind_tool;
my $gdb = checktestcmd("gdb"); my $gdb = checktestcmd("gdb");
my $httptlssrv = find_httptlssrv();
my $ssl_version; # set if libcurl is built with SSL support my $ssl_version; # set if libcurl is built with SSL support
my $large_file; # set if libcurl is built with large file support my $large_file; # set if libcurl is built with large file support
@ -220,7 +222,8 @@ my $ssllib; # name of the lib we use (for human presentation)
my $has_crypto; # set if libcurl is built with cryptographic support my $has_crypto; # set if libcurl is built with cryptographic support
my $has_textaware; # set if running on a system that has a text mode concept my $has_textaware; # set if running on a system that has a text mode concept
# on files. Windows for example # on files. Windows for example
my @protocols; # array of supported protocols
my @protocols; # array of lowercase supported protocol servers
my $skipped=0; # number of tests skipped; reported in main loop my $skipped=0; # number of tests skipped; reported in main loop
my %skipped; # skipped{reason}=counter, reasons for skip my %skipped; # skipped{reason}=counter, reasons for skip
@ -340,7 +343,7 @@ sub init_serverpidfile_hash {
} }
} }
} }
for my $proto (('tftp', 'sftp', 'socks', 'ssh', 'rtsp', 'gopher', 'http+tls-srp')) { for my $proto (('tftp', 'sftp', 'socks', 'ssh', 'rtsp', 'gopher', 'httptls')) {
for my $ipvnum ((4, 6)) { for my $ipvnum ((4, 6)) {
for my $idnum ((1, 2)) { for my $idnum ((1, 2)) {
my $serv = servername_id($proto, $ipvnum, $idnum); my $serv = servername_id($proto, $ipvnum, $idnum);
@ -393,7 +396,7 @@ sub startnew {
die "error: exec() has returned"; die "error: exec() has returned";
} }
# Ugly hack but ssh client doesn't support pid files # Ugly hack but ssh client and gnutls-serv don't support pid files
if ($fake) { if ($fake) {
if(open(OUT, ">$pidfile")) { if(open(OUT, ">$pidfile")) {
print OUT $child . "\n"; print OUT $child . "\n";
@ -632,20 +635,20 @@ sub stopserver {
# All servers relative to the given one must be stopped also # All servers relative to the given one must be stopped also
# #
my @killservers; my @killservers;
if($server =~ /^(ftp|http|imap|pop3|smtp)s(.*)$/) { if($server =~ /^(ftp|http|imap|pop3|smtp)s((\d*)(-ipv6|))$/) {
# given an ssl server, also kill non-ssl underlying one # given a stunnel based ssl server, also kill non-ssl underlying one
push @killservers, "${1}${2}"; push @killservers, "${1}${2}";
} }
elsif($server =~ /^(ftp|http|imap|pop3|smtp)(.*)$/) { elsif($server =~ /^(ftp|http|imap|pop3|smtp)((\d*)(-ipv6|))$/) {
# given a non-ssl server, also kill ssl piggybacking one # given a non-ssl server, also kill stunnel based ssl piggybacking one
push @killservers, "${1}s${2}"; push @killservers, "${1}s${2}";
} }
elsif($server =~ /^(socks)(.*)$/) { elsif($server =~ /^(socks)((\d*)(-ipv6|))$/) {
# given an socks server, also kill ssh underlying one # given a socks server, also kill ssh underlying one
push @killservers, "ssh${2}"; push @killservers, "ssh${2}";
} }
elsif($server =~ /^(ssh)(.*)$/) { elsif($server =~ /^(ssh)((\d*)(-ipv6|))$/) {
# given an ssh server, also kill socks piggybacking one # given a ssh server, also kill socks piggybacking one
push @killservers, "socks${2}"; push @killservers, "socks${2}";
} }
push @killservers, $server; push @killservers, $server;
@ -654,8 +657,7 @@ sub stopserver {
# #
foreach my $server (@killservers) { foreach my $server (@killservers) {
if($run{$server}) { if($run{$server}) {
# we must prepend a space since $pidlist may already contain # we must prepend a space since $pidlist may already contain a pid
# a pid
$pidlist .= " $run{$server}"; $pidlist .= " $run{$server}";
$run{$server} = 0; $run{$server} = 0;
} }
@ -680,8 +682,8 @@ sub stopserver {
# Verify that the server that runs on $ip, $port is our server. This also # Verify that the server that runs on $ip, $port is our server. This also
# implies that we can speak with it, as there might be occasions when the # implies that we can speak with it, as there might be occasions when the
# server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't # server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't
# assign requested address" # # assign requested address")
#
sub verifyhttp { sub verifyhttp {
my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my ($proto, $ipvnum, $idnum, $ip, $port) = @_;
my $server = servername_id($proto, $ipvnum, $idnum); my $server = servername_id($proto, $ipvnum, $idnum);
@ -760,8 +762,8 @@ sub verifyhttp {
# Verify that the server that runs on $ip, $port is our server. This also # Verify that the server that runs on $ip, $port is our server. This also
# implies that we can speak with it, as there might be occasions when the # implies that we can speak with it, as there might be occasions when the
# server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't # server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't
# assign requested address" # # assign requested address")
#
sub verifyftp { sub verifyftp {
my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my ($proto, $ipvnum, $idnum, $ip, $port) = @_;
my $server = servername_id($proto, $ipvnum, $idnum); my $server = servername_id($proto, $ipvnum, $idnum);
@ -832,8 +834,8 @@ sub verifyftp {
# Verify that the server that runs on $ip, $port is our server. This also # Verify that the server that runs on $ip, $port is our server. This also
# implies that we can speak with it, as there might be occasions when the # implies that we can speak with it, as there might be occasions when the
# server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't # server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't
# assign requested address" # # assign requested address")
#
sub verifyrtsp { sub verifyrtsp {
my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my ($proto, $ipvnum, $idnum, $ip, $port) = @_;
my $server = servername_id($proto, $ipvnum, $idnum); my $server = servername_id($proto, $ipvnum, $idnum);
@ -905,7 +907,7 @@ sub verifyrtsp {
# Verify that the ssh server has written out its pidfile, recovering # Verify that the ssh server has written out its pidfile, recovering
# the pid from the file and returning it if a process with that pid is # the pid from the file and returning it if a process with that pid is
# actually alive. # actually alive.
#
sub verifyssh { sub verifyssh {
my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my ($proto, $ipvnum, $idnum, $ip, $port) = @_;
my $server = servername_id($proto, $ipvnum, $idnum); my $server = servername_id($proto, $ipvnum, $idnum);
@ -931,7 +933,7 @@ sub verifyssh {
####################################################################### #######################################################################
# Verify that we can connect to the sftp server, properly authenticate # Verify that we can connect to the sftp server, properly authenticate
# with generated config and key files and run a simple remote pwd. # with generated config and key files and run a simple remote pwd.
#
sub verifysftp { sub verifysftp {
my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my ($proto, $ipvnum, $idnum, $ip, $port) = @_;
my $server = servername_id($proto, $ipvnum, $idnum); my $server = servername_id($proto, $ipvnum, $idnum);
@ -966,17 +968,16 @@ sub verifysftp {
} }
####################################################################### #######################################################################
# Verify that the TLS-SRP HTTP server that runs on $ip, $port is our server. # Verify that the non-stunnel HTTP TLS extensions capable server that runs
# This also implies that we can speak with it, as there might be occasions when # on $ip, $port is our server. This also implies that we can speak with it,
# the server runs fine but we cannot talk to it ("Failed to connect to ::1: # as there might be occasions when the server runs fine but we cannot talk
# Can't assign requested address" # # to it ("Failed to connect to ::1: Can't assign requested address")
#
sub verifyhttptlssrp { sub verifyhttptls {
my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my ($proto, $ipvnum, $idnum, $ip, $port) = @_;
my $server = servername_id($proto, $ipvnum, $idnum); my $server = servername_id($proto, $ipvnum, $idnum);
my $pidfile = server_pidfilename($proto, $ipvnum, $idnum); my $pidfile = server_pidfilename($proto, $ipvnum, $idnum);
my $pid = 0; my $pid = 0;
my $bonus="";
my $verifyout = "$LOGDIR/". my $verifyout = "$LOGDIR/".
servername_canon($proto, $ipvnum, $idnum) .'_verify.out'; servername_canon($proto, $ipvnum, $idnum) .'_verify.out';
@ -991,7 +992,9 @@ sub verifyhttptlssrp {
$flags .= "--verbose "; $flags .= "--verbose ";
$flags .= "--globoff "; $flags .= "--globoff ";
$flags .= "--insecure "; $flags .= "--insecure ";
$flags .= "--tlsauthtype SRP --tlsuser jsmith --tlspassword abc "; $flags .= "--tlsauthtype SRP ";
$flags .= "--tlsuser jsmith ";
$flags .= "--tlspassword abc ";
$flags .= "\"https://$ip:$port/verifiedserver\""; $flags .= "\"https://$ip:$port/verifiedserver\"";
my $cmd = "$VCURL $flags 2>$verifylog"; my $cmd = "$VCURL $flags 2>$verifylog";
@ -1027,6 +1030,16 @@ sub verifyhttptlssrp {
if($data && ($data =~ /GNUTLS/) && open(FILE, "<$pidfile")) { if($data && ($data =~ /GNUTLS/) && open(FILE, "<$pidfile")) {
$pid=0+<FILE>; $pid=0+<FILE>;
close(FILE); close(FILE);
if($pid > 0) {
# if we have a pid it is actually our httptls server,
# since runhttptlsserver() unlinks previous pidfile
if(!kill(0, $pid)) {
logmsg "RUN: $server server has died after starting up\n";
checkdied($pid);
unlink($pidfile);
$pid = -1;
}
}
return $pid; return $pid;
} }
elsif($res == 6) { elsif($res == 6) {
@ -1043,7 +1056,7 @@ sub verifyhttptlssrp {
####################################################################### #######################################################################
# STUB for verifying socks # STUB for verifying socks
#
sub verifysocks { sub verifysocks {
my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my ($proto, $ipvnum, $idnum, $ip, $port) = @_;
my $server = servername_id($proto, $ipvnum, $idnum); my $server = servername_id($proto, $ipvnum, $idnum);
@ -1072,6 +1085,11 @@ sub verifysocks {
# particular can take a long time to start if it needs to generate # particular can take a long time to start if it needs to generate
# keys on a slow or loaded host. # keys on a slow or loaded host.
# #
# Just for convenience, test harness uses 'https' and 'httptls' literals
# as values for 'proto' variable in order to differentiate different
# servers. 'https' literal is used for stunnel based https test servers,
# and 'httptls' is used for non-stunnel https test servers.
#
my %protofunc = ('http' => \&verifyhttp, my %protofunc = ('http' => \&verifyhttp,
'https' => \&verifyhttp, 'https' => \&verifyhttp,
@ -1085,7 +1103,7 @@ my %protofunc = ('http' => \&verifyhttp,
'ssh' => \&verifyssh, 'ssh' => \&verifyssh,
'socks' => \&verifysocks, 'socks' => \&verifysocks,
'gopher' => \&verifyhttp, 'gopher' => \&verifyhttp,
'http+tls-srp' => \&verifyhttptlssrp); 'httptls' => \&verifyhttptls);
sub verifyserver { sub verifyserver {
my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my ($proto, $ipvnum, $idnum, $ip, $port) = @_;
@ -1126,7 +1144,6 @@ sub runhttpserver {
my $logfile; my $logfile;
my $flags = ""; my $flags = "";
if($ipv6) { if($ipv6) {
# if IPv6, use a different setup # if IPv6, use a different setup
$ipvnum = 6; $ipvnum = 6;
@ -1193,7 +1210,7 @@ sub runhttpserver {
} }
####################################################################### #######################################################################
# start the https server (or rather, tunnel) # start the https stunnel based server
# #
sub runhttpsserver { sub runhttpsserver {
my ($verbose, $ipv6, $certfile) = @_; my ($verbose, $ipv6, $certfile) = @_;
@ -1276,14 +1293,14 @@ sub runhttpsserver {
} }
####################################################################### #######################################################################
# start the TLS-SRP HTTP server # start the non-stunnel HTTP TLS extensions capable server
# #
sub runhttptlssrpserver { sub runhttptlsserver {
my ($verbose) = @_; my ($verbose, $ipv6) = @_;
my $proto = "http+tls-srp"; my $proto = "httptls";
my $ip = $HOSTIP; my $port = ($ipv6 && ($ipv6 =~ /6$/)) ? $HTTPTLS6PORT : $HTTPTLSPORT;
my $port = $HTTPTLSSRPPORT; my $ip = ($ipv6 && ($ipv6 =~ /6$/)) ? "$HOST6IP" : "$HOSTIP";
my $ipvnum = 4; my $ipvnum = ($ipv6 && ($ipv6 =~ /6$/)) ? 6 : 4;
my $idnum = 1; my $idnum = 1;
my $server; my $server;
my $srvrname; my $srvrname;
@ -1291,6 +1308,10 @@ sub runhttptlssrpserver {
my $logfile; my $logfile;
my $flags = ""; my $flags = "";
if(!$httptlssrv) {
return (0,0);
}
$server = servername_id($proto, $ipvnum, $idnum); $server = servername_id($proto, $ipvnum, $idnum);
$pidfile = $serverpidfile{$server}; $pidfile = $serverpidfile{$server};
@ -1310,23 +1331,16 @@ sub runhttptlssrpserver {
$logfile = server_logfilename($LOGDIR, $proto, $ipvnum, $idnum); $logfile = server_logfilename($LOGDIR, $proto, $ipvnum, $idnum);
$flags .= "--fork " if($forkserver);
$flags .= "--http "; $flags .= "--http ";
$flags .= "-d 1 " if($debugprotocol); $flags .= "--debug 1 " if($debugprotocol);
$flags .= "--port $port "; $flags .= "--port $port ";
$flags .= "--srppasswd certs/srp-verifier-db --srppasswdconf certs/srp-verifier-conf "; $flags .= "--srppasswd certs/srp-verifier-db ";
$flags .=" >log/gnutls.out 2>&1"; $flags .= "--srppasswdconf certs/srp-verifier-conf";
# Find gnutls-serv my $cmd = "$httptlssrv $flags > $logfile 2>&1";
my $gnutlsserv = find_gnutls_serv(); my ($httptlspid, $pid2) = startnew($cmd, $pidfile, 10, 1); # fake pidfile
if(!$gnutlsserv) {
logmsg "RUN: cannot find gnutls-serv\n";
return (0,0);
}
my $cmd = "$gnutlsserv $flags";
my ($httptlssrppid, $pid2) = startnew($cmd, $pidfile, 1, 1);
if($httptlssrppid <= 0 || !kill(0, $httptlssrppid)) { if($httptlspid <= 0 || !kill(0, $httptlspid)) {
# it is NOT alive # it is NOT alive
logmsg "RUN: failed to start the $srvrname server\n"; logmsg "RUN: failed to start the $srvrname server\n";
stopserver($server, "$pid2"); stopserver($server, "$pid2");
@ -1335,12 +1349,12 @@ sub runhttptlssrpserver {
return (0,0); return (0,0);
} }
# Server is up. Verify that we can speak to it. # Server is up. Verify that we can speak to it. PID is from fake pidfile
my $pid3 = verifyserver($proto, $ipvnum, $idnum, $ip, $port); my $pid3 = verifyserver($proto, $ipvnum, $idnum, $ip, $port);
if(!$pid3) { if(!$pid3) {
logmsg "RUN: $srvrname server failed verification\n"; logmsg "RUN: $srvrname server failed verification\n";
# failed to talk to it properly. Kill the server and return failure # failed to talk to it properly. Kill the server and return failure
stopserver($server, "$httptlssrppid $pid2"); stopserver($server, "$httptlspid $pid2");
displaylogs($testnumcheck); displaylogs($testnumcheck);
$doesntrun{$pidfile} = 1; $doesntrun{$pidfile} = 1;
return (0,0); return (0,0);
@ -1348,12 +1362,12 @@ sub runhttptlssrpserver {
$pid2 = $pid3; $pid2 = $pid3;
if($verbose) { if($verbose) {
logmsg "RUN: $srvrname server is now running PID $httptlssrppid\n"; logmsg "RUN: $srvrname server is now running PID $httptlspid\n";
} }
sleep(1); sleep(1);
return ($httptlssrppid, $pid2); return ($httptlspid, $pid2);
} }
####################################################################### #######################################################################
@ -1903,7 +1917,7 @@ sub runsocksserver {
# start our socks server # start our socks server
my $cmd="$ssh -N -F $sshconfig $ip > $sshlog 2>&1"; my $cmd="$ssh -N -F $sshconfig $ip > $sshlog 2>&1";
my ($sshpid, $pid2) = startnew($cmd, $pidfile, 30, 1); my ($sshpid, $pid2) = startnew($cmd, $pidfile, 30, 1); # fake pidfile
if($sshpid <= 0 || !kill(0, $sshpid)) { if($sshpid <= 0 || !kill(0, $sshpid)) {
# it is NOT alive # it is NOT alive
@ -1917,7 +1931,7 @@ sub runsocksserver {
return (0,0); return (0,0);
} }
# Ugly hack but ssh doesn't support pid files # Ugly hack but ssh doesn't support pid files. PID is from fake pidfile.
my $pid3 = verifyserver($proto, $ipvnum, $idnum, $ip, $port); my $pid3 = verifyserver($proto, $ipvnum, $idnum, $ip, $port);
if(!$pid3) { if(!$pid3) {
logmsg "RUN: $srvrname server failed verification\n"; logmsg "RUN: $srvrname server failed verification\n";
@ -1986,7 +2000,6 @@ sub filteroff {
# compare test results with the expected output, we might filter off # compare test results with the expected output, we might filter off
# some pattern that is allowed to differ, output test results # some pattern that is allowed to differ, output test results
# #
sub compare { sub compare {
# filter off patterns _before_ this comparison! # filter off patterns _before_ this comparison!
my ($subject, $firstref, $secondref)=@_; my ($subject, $firstref, $secondref)=@_;
@ -2125,22 +2138,15 @@ sub checksystem {
} }
elsif($_ =~ /^Protocols: (.*)/i) { elsif($_ =~ /^Protocols: (.*)/i) {
# these are the protocols compiled in to this libcurl # these are the protocols compiled in to this libcurl
@protocols = split(' ', $1); @protocols = split(' ', lc($1));
# Generate a "proto-ipv6" version of each protocol to match the # Generate a "proto-ipv6" version of each protocol to match the
# IPv6 <server> name. This works even if IPv6 support isn't # IPv6 <server> name. This works even if IPv6 support isn't
# compiled in because the <features> test will fail. # compiled in because the <features> test will fail.
push @protocols, map($_ . "-ipv6", @protocols); push @protocols, map($_ . '-ipv6', @protocols);
# Hack - we need a different, non-stunnel server to test HTTP
# TLS-SRP, but we don't want to add HTTP+TLS-SRP as a protocol
# throughout curl
if ($has_gnutls) {
push @protocols, ('http+tls-srp');
}
# 'none' is used in test cases to mean no server # 'none' is used in test cases to mean no server
push @protocols, ('none'); push @protocols, 'none';
} }
elsif($_ =~ /^Features: (.*)/i) { elsif($_ =~ /^Features: (.*)/i) {
$feat = $1; $feat = $1;
@ -2187,6 +2193,27 @@ sub checksystem {
$has_tls_srp=1; $has_tls_srp=1;
} }
} }
#
# Test harness currently uses a non-stunnel server in order to
# run HTTP TLS-SRP tests required when curl is built with https
# protocol support and TLS-SRP feature enabled. For convenience
# 'httptls' may be included in the test harness protocols array
# to differentiate this from classic stunnel based 'https' test
# harness server.
#
if($has_tls_srp) {
my $add_httptls;
for(@protocols) {
if($_ =~ /^https(-ipv6|)$/) {
$add_httptls=1;
last;
}
}
if($add_httptls && (! grep /^httptls$/, @protocols)) {
push @protocols, 'httptls';
push @protocols, 'httptls-ipv6';
}
}
} }
if(!$curl) { if(!$curl) {
logmsg "unable to get curl's version, further details are:\n"; logmsg "unable to get curl's version, further details are:\n";
@ -2308,6 +2335,13 @@ sub checksystem {
logmsg sprintf("IMAP-IPv6/%d ", $IMAP6PORT); logmsg sprintf("IMAP-IPv6/%d ", $IMAP6PORT);
logmsg sprintf("SMTP-IPv6/%d\n", $SMTP6PORT); logmsg sprintf("SMTP-IPv6/%d\n", $SMTP6PORT);
} }
if($httptlssrv) {
logmsg sprintf("* HTTPTLS/%d ", $HTTPTLSPORT);
if($has_ipv6) {
logmsg sprintf("HTTPTLS-IPv6/%d ", $HTTPTLS6PORT);
}
logmsg "\n";
}
$has_textaware = ($^O eq 'MSWin32') || ($^O eq 'msys'); $has_textaware = ($^O eq 'MSWin32') || ($^O eq 'msys');
@ -2320,36 +2354,57 @@ sub checksystem {
# #
sub subVariables { sub subVariables {
my ($thing) = @_; my ($thing) = @_;
$$thing =~ s/%HOSTIP/$HOSTIP/g;
$$thing =~ s/%HTTPPORT/$HTTPPORT/g; # ports
$$thing =~ s/%HOST6IP/$HOST6IP/g;
$$thing =~ s/%HTTP6PORT/$HTTP6PORT/g;
$$thing =~ s/%HTTPSPORT/$HTTPSPORT/g;
$$thing =~ s/%FTPPORT/$FTPPORT/g;
$$thing =~ s/%FTP6PORT/$FTP6PORT/g; $$thing =~ s/%FTP6PORT/$FTP6PORT/g;
$$thing =~ s/%FTP2PORT/$FTP2PORT/g; $$thing =~ s/%FTP2PORT/$FTP2PORT/g;
$$thing =~ s/%FTPSPORT/$FTPSPORT/g; $$thing =~ s/%FTPSPORT/$FTPSPORT/g;
$$thing =~ s/%SRCDIR/$srcdir/g; $$thing =~ s/%FTPPORT/$FTPPORT/g;
$$thing =~ s/%PWD/$pwd/g;
$$thing =~ s/%TFTPPORT/$TFTPPORT/g;
$$thing =~ s/%TFTP6PORT/$TFTP6PORT/g;
$$thing =~ s/%SSHPORT/$SSHPORT/g;
$$thing =~ s/%SOCKSPORT/$SOCKSPORT/g;
$$thing =~ s/%POP3PORT/$POP3PORT/g;
$$thing =~ s/%POP36PORT/$POP36PORT/g;
$$thing =~ s/%IMAPPORT/$IMAPPORT/g;
$$thing =~ s/%IMAP6PORT/$IMAP6PORT/g;
$$thing =~ s/%SMTPPORT/$SMTPPORT/g;
$$thing =~ s/%SMTP6PORT/$SMTP6PORT/g;
$$thing =~ s/%CURL/$CURL/g;
$$thing =~ s/%USER/$USER/g;
$$thing =~ s/%CLIENTIP/$CLIENTIP/g;
$$thing =~ s/%CLIENT6IP/$CLIENT6IP/g;
$$thing =~ s/%RTSPPORT/$RTSPPORT/g;
$$thing =~ s/%RTSP6PORT/$RTSP6PORT/g;
$$thing =~ s/%GOPHERPORT/$GOPHERPORT/g;
$$thing =~ s/%GOPHER6PORT/$GOPHER6PORT/g; $$thing =~ s/%GOPHER6PORT/$GOPHER6PORT/g;
$$thing =~ s/%HTTPTLSSRPPORT/$HTTPTLSSRPPORT/g; $$thing =~ s/%GOPHERPORT/$GOPHERPORT/g;
$$thing =~ s/%HTTPTLS6PORT/$HTTPTLS6PORT/g;
$$thing =~ s/%HTTPTLSPORT/$HTTPTLSPORT/g;
$$thing =~ s/%HTTP6PORT/$HTTP6PORT/g;
$$thing =~ s/%HTTPSPORT/$HTTPSPORT/g;
$$thing =~ s/%HTTPPORT/$HTTPPORT/g;
$$thing =~ s/%IMAP6PORT/$IMAP6PORT/g;
$$thing =~ s/%IMAPPORT/$IMAPPORT/g;
$$thing =~ s/%POP36PORT/$POP36PORT/g;
$$thing =~ s/%POP3PORT/$POP3PORT/g;
$$thing =~ s/%RTSP6PORT/$RTSP6PORT/g;
$$thing =~ s/%RTSPPORT/$RTSPPORT/g;
$$thing =~ s/%SMTP6PORT/$SMTP6PORT/g;
$$thing =~ s/%SMTPPORT/$SMTPPORT/g;
$$thing =~ s/%SOCKSPORT/$SOCKSPORT/g;
$$thing =~ s/%SSHPORT/$SSHPORT/g;
$$thing =~ s/%TFTP6PORT/$TFTP6PORT/g;
$$thing =~ s/%TFTPPORT/$TFTPPORT/g;
# client IP addresses
$$thing =~ s/%CLIENT6IP/$CLIENT6IP/g;
$$thing =~ s/%CLIENTIP/$CLIENTIP/g;
# server IP addresses
$$thing =~ s/%HOST6IP/$HOST6IP/g;
$$thing =~ s/%HOSTIP/$HOSTIP/g;
# misc
$$thing =~ s/%CURL/$CURL/g;
$$thing =~ s/%PWD/$pwd/g;
$$thing =~ s/%SRCDIR/$srcdir/g;
$$thing =~ s/%USER/$USER/g;
# The purpose of FTPTIME2 and FTPTIME3 is to provide times that can be # The purpose of FTPTIME2 and FTPTIME3 is to provide times that can be
# used for time-out tests and that whould work on most hosts as these # used for time-out tests and that whould work on most hosts as these
@ -2550,7 +2605,7 @@ sub singletest {
next; next;
} }
# See if this "feature" is in the list of supported protocols # See if this "feature" is in the list of supported protocols
elsif (grep /^$f$/, @protocols) { elsif (grep /^\Q$f\E$/i, @protocols) {
next; next;
} }
@ -2987,6 +3042,10 @@ sub singletest {
# Test harness ssh server does not have this synchronization mechanism, # Test harness ssh server does not have this synchronization mechanism,
# this implies that some ssh server based tests might need a small delay # this implies that some ssh server based tests might need a small delay
# once that the client command has run to avoid false test failures. # once that the client command has run to avoid false test failures.
#
# gnutls-serv also lacks this synchronization mechanism, so gnutls-serv
# based tests might need a small delay once that the client command has
# run to avoid false test failures.
sleep($postcommanddelay) if($postcommanddelay); sleep($postcommanddelay) if($postcommanddelay);
@ -3004,20 +3063,20 @@ sub singletest {
my @killservers; my @killservers;
foreach my $server (@killtestservers) { foreach my $server (@killtestservers) {
chomp $server; chomp $server;
if($server =~ /^(ftp|http|imap|pop3|smtp)s(.*)$/) { if($server =~ /^(ftp|http|imap|pop3|smtp)s((\d*)(-ipv6|))$/) {
# given an ssl server, also kill non-ssl underlying one # given a stunnel ssl server, also kill non-ssl underlying one
push @killservers, "${1}${2}"; push @killservers, "${1}${2}";
} }
elsif($server =~ /^(ftp|http|imap|pop3|smtp)(.*)$/) { elsif($server =~ /^(ftp|http|imap|pop3|smtp)((\d*)(-ipv6|))$/) {
# given a non-ssl server, also kill ssl piggybacking one # given a non-ssl server, also kill stunnel piggybacking one
push @killservers, "${1}s${2}"; push @killservers, "${1}s${2}";
} }
elsif($server =~ /^(socks)(.*)$/) { elsif($server =~ /^(socks)((\d*)(-ipv6|))$/) {
# given an socks server, also kill ssh underlying one # given a socks server, also kill ssh underlying one
push @killservers, "ssh${2}"; push @killservers, "ssh${2}";
} }
elsif($server =~ /^(ssh)(.*)$/) { elsif($server =~ /^(ssh)((\d*)(-ipv6|))$/) {
# given an ssh server, also kill socks piggybacking one # given a ssh server, also kill socks piggybacking one
push @killservers, "socks${2}"; push @killservers, "socks${2}";
} }
push @killservers, $server; push @killservers, $server;
@ -3402,6 +3461,7 @@ sub singletest {
####################################################################### #######################################################################
# Stop all running test servers # Stop all running test servers
#
sub stopservers { sub stopservers {
my $verbose = $_[0]; my $verbose = $_[0];
# #
@ -3449,17 +3509,17 @@ sub stopservers {
# startservers() starts all the named servers # startservers() starts all the named servers
# #
# Returns: string with error reason or blank for success # Returns: string with error reason or blank for success
#
sub startservers { sub startservers {
my @what = @_; my @what = @_;
my ($pid, $pid2); my ($pid, $pid2);
for(@what) { for(@what) {
my (@whatlist) = split(/\s+/,$_); my (@whatlist) = split(/\s+/,$_);
my $what = lc($whatlist[0]); my $what = lc($whatlist[0]);
$what =~ s/[^a-z0-9-+]//g; $what =~ s/[^a-z0-9-]//g;
my $certfile; my $certfile;
if($what =~ /^(ftp|http|imap|pop3|smtp)s(.*)$/) { if($what =~ /^(ftp|http|imap|pop3|smtp)s((\d*)(-ipv6|))$/) {
$certfile = ($whatlist[1]) ? $whatlist[1] : 'stunnel.pem'; $certfile = ($whatlist[1]) ? $whatlist[1] : 'stunnel.pem';
} }
@ -3564,7 +3624,6 @@ sub startservers {
$run{'rtsp-ipv6'}="$pid $pid2"; $run{'rtsp-ipv6'}="$pid $pid2";
} }
} }
elsif($what eq "ftps") { elsif($what eq "ftps") {
if(!$stunnel) { if(!$stunnel) {
# we can't run ftps tests without stunnel # we can't run ftps tests without stunnel
@ -3601,11 +3660,11 @@ sub startservers {
} }
elsif($what eq "https") { elsif($what eq "https") {
if(!$stunnel) { if(!$stunnel) {
# we can't run ftps tests without stunnel # we can't run https tests without stunnel
return "no stunnel"; return "no stunnel";
} }
if(!$ssl_version) { if(!$ssl_version) {
# we can't run ftps tests if libcurl is SSL-less # we can't run https tests if libcurl is SSL-less
return "curl lacks SSL support"; return "curl lacks SSL support";
} }
if($runcert{'https'} && ($runcert{'https'} ne $certfile)) { if($runcert{'https'} && ($runcert{'https'} ne $certfile)) {
@ -3631,18 +3690,34 @@ sub startservers {
$run{'https'}="$pid $pid2"; $run{'https'}="$pid $pid2";
} }
} }
elsif($what eq "http+tls-srp") { elsif($what eq "httptls") {
if(!$has_gnutls) { if(!$httptlssrv) {
return "no GnuTLS"; # for now, we can't run http TLS-EXT tests without gnutls-serv
return "no gnutls-serv";
} }
if(!$run{'http+tls-srp'}) { if(!$run{'httptls'}) {
($pid, $pid2) = runhttptlssrpserver($verbose); ($pid, $pid2) = runhttptlsserver($verbose, "IPv4");
if($pid <= 0) { if($pid <= 0) {
return "failed starting HTTP+TLS-SRP server (gnutls-serv)"; return "failed starting HTTPTLS server (gnutls-serv)";
} }
logmsg sprintf("* pid http+tls-srp => %d %d\n", $pid, $pid2) logmsg sprintf("* pid httptls => %d %d\n", $pid, $pid2)
if($verbose); if($verbose);
$run{'http+tls-srp'}="$pid $pid2"; $run{'httptls'}="$pid $pid2";
}
}
elsif($what eq "httptls-ipv6") {
if(!$httptlssrv) {
# for now, we can't run http TLS-EXT tests without gnutls-serv
return "no gnutls-serv";
}
if(!$run{'httptls-ipv6'}) {
($pid, $pid2) = runhttptlsserver($verbose, "IPv6");
if($pid <= 0) {
return "failed starting HTTPTLS-IPv6 server (gnutls-serv)";
}
logmsg sprintf("* pid httptls-ipv6 => %d %d\n", $pid, $pid2)
if($verbose);
$run{'httptls-ipv6'}="$pid $pid2";
} }
} }
elsif($what eq "tftp") { elsif($what eq "tftp") {
@ -3720,7 +3795,6 @@ sub startservers {
# #
# Returns: a string, blank if everything is fine or a reason why it failed # Returns: a string, blank if everything is fine or a reason why it failed
# #
sub serverfortest { sub serverfortest {
my ($testnum)=@_; my ($testnum)=@_;
@ -3731,14 +3805,28 @@ sub serverfortest {
return "no server specified"; return "no server specified";
} }
for (@what) { for(my $i = scalar(@what) - 1; $i >= 0; $i--) {
my $proto = lc($_); my $srvrline = $what[$i];
chomp $proto; chomp $srvrline if($srvrline);
$proto =~ s/\s.*//g; # take first word if($srvrline =~ /^(\S+)((\s*)(.*))/) {
if (! grep /^\Q$proto\E$/, @protocols) { my $server = "${1}";
if (substr($proto,0,5) ne "socks") { my $lnrest = "${2}";
return "curl lacks $proto support"; my $tlsext;
if($server =~ /^(httptls)(\+)(ext|srp)(\d*)(-ipv6|)$/) {
$server = "${1}${4}${5}";
$tlsext = uc("TLS-${3}");
} }
if(! grep /^\Q$server\E$/, @protocols) {
if(substr($server,0,5) ne "socks") {
if($tlsext) {
return "curl lacks $tlsext support";
}
else {
return "curl lacks $server support";
}
}
}
$what[$i] = "$server$lnrest" if($tlsext);
} }
} }
@ -4102,28 +4190,28 @@ if ($gdbthis) {
} }
$HTTPPORT = $base++; # HTTP server port $HTTPPORT = $base++; # HTTP server port
$HTTPSPORT = $base++; # HTTPS server port $HTTPSPORT = $base++; # HTTPS (stunnel) server port
$FTPPORT = $base++; # FTP server port $FTPPORT = $base++; # FTP server port
$FTPSPORT = $base++; # FTPS server port $FTPSPORT = $base++; # FTPS (stunnel) server port
$HTTP6PORT = $base++; # HTTP IPv6 server port (different IP protocol $HTTP6PORT = $base++; # HTTP IPv6 server port
# but we follow the same port scheme anyway)
$FTP2PORT = $base++; # FTP server 2 port $FTP2PORT = $base++; # FTP server 2 port
$FTP6PORT = $base++; # FTP IPv6 port $FTP6PORT = $base++; # FTP IPv6 port
$TFTPPORT = $base++; # TFTP (UDP) port $TFTPPORT = $base++; # TFTP (UDP) port
$TFTP6PORT = $base++; # TFTP IPv6 (UDP) port $TFTP6PORT = $base++; # TFTP IPv6 (UDP) port
$SSHPORT = $base++; # SSH (SCP/SFTP) port $SSHPORT = $base++; # SSH (SCP/SFTP) port
$SOCKSPORT = $base++; # SOCKS port $SOCKSPORT = $base++; # SOCKS port
$POP3PORT = $base++; $POP3PORT = $base++; # POP3 server port
$POP36PORT = $base++; $POP36PORT = $base++; # POP3 IPv6 server port
$IMAPPORT = $base++; $IMAPPORT = $base++; # IMAP server port
$IMAP6PORT = $base++; $IMAP6PORT = $base++; # IMAP IPv6 server port
$SMTPPORT = $base++; $SMTPPORT = $base++; # SMTP server port
$SMTP6PORT = $base++; $SMTP6PORT = $base++; # SMTP IPv6 server port
$RTSPPORT = $base++; $RTSPPORT = $base++; # RTSP server port
$RTSP6PORT = $base++; $RTSP6PORT = $base++; # RTSP IPv6 server port
$GOPHERPORT =$base++; $GOPHERPORT = $base++; # Gopher IPv4 server port
$GOPHER6PORT=$base++; $GOPHER6PORT = $base++; # Gopher IPv6 server port
$HTTPTLSSRPPORT=$base++; $HTTPTLSPORT = $base++; # HTTP TLS (non-stunnel) server port
$HTTPTLS6PORT = $base++; # HTTP TLS (non-stunnel) IPv6 server port
####################################################################### #######################################################################
# clear and create logging directory: # clear and create logging directory:

33
tests/serverhelp.pm
View File

@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@ -62,6 +62,13 @@ use vars qw(
); );
#***************************************************************************
# Just for convenience, test harness uses 'https' and 'httptls' literals as
# values for 'proto' variable in order to differentiate different servers.
# 'https' literal is used for stunnel based https test servers, and 'httptls'
# is used for non-stunnel https test servers.
#*************************************************************************** #***************************************************************************
# Return server characterization factors given a server id string. # Return server characterization factors given a server id string.
# #
@ -71,18 +78,20 @@ sub serverfactors {
my $ipvnum; my $ipvnum;
my $idnum; my $idnum;
if($server =~ /^((ftp|http|imap|pop3|smtp)s?)(\d*)(-ipv6|)$/) { if($server =~
/^((ftp|http|imap|pop3|smtp)s?)(\d*)(-ipv6|)$/) {
$proto = $1; $proto = $1;
$idnum = ($3 && ($3 > 1)) ? $3 : 1; $idnum = ($3 && ($3 > 1)) ? $3 : 1;
$ipvnum = ($4 && ($4 =~ /6$/)) ? 6 : 4; $ipvnum = ($4 && ($4 =~ /6$/)) ? 6 : 4;
} }
elsif($server =~ /^(tftp|sftp|socks|ssh|rtsp)(\d*)(-ipv6|)$/) { elsif($server =~
/^(tftp|sftp|socks|ssh|rtsp|gopher|httptls)(\d*)(-ipv6|)$/) {
$proto = $1; $proto = $1;
$idnum = ($2 && ($2 > 1)) ? $2 : 1; $idnum = ($2 && ($2 > 1)) ? $2 : 1;
$ipvnum = ($3 && ($3 =~ /6$/)) ? 6 : 4; $ipvnum = ($3 && ($3 =~ /6$/)) ? 6 : 4;
} }
else { else {
die "invalid server id: $server" die "invalid server id: '$server'"
} }
return($proto, $ipvnum, $idnum); return($proto, $ipvnum, $idnum);
} }
@ -95,16 +104,16 @@ sub servername_str {
my ($proto, $ipver, $idnum) = @_; my ($proto, $ipver, $idnum) = @_;
$proto = uc($proto) if($proto); $proto = uc($proto) if($proto);
die "unsupported protocol: $proto" unless($proto && die "unsupported protocol: '$proto'" unless($proto &&
($proto =~ /^(((FTP|HTTP|IMAP|POP3|SMTP)S?)|(TFTP|SFTP|SOCKS|SSH|RTSP|GOPHER|HTTP\+TLS-SRP))$/)); ($proto =~ /^(((FTP|HTTP|IMAP|POP3|SMTP)S?)|(TFTP|SFTP|SOCKS|SSH|RTSP|GOPHER|HTTPTLS))$/));
$ipver = (not $ipver) ? 'ipv4' : lc($ipver); $ipver = (not $ipver) ? 'ipv4' : lc($ipver);
die "unsupported IP version: $ipver" unless($ipver && die "unsupported IP version: '$ipver'" unless($ipver &&
($ipver =~ /^(4|6|ipv4|ipv6|-ipv4|-ipv6)$/)); ($ipver =~ /^(4|6|ipv4|ipv6|-ipv4|-ipv6)$/));
$ipver = ($ipver =~ /6$/) ? '-IPv6' : ''; $ipver = ($ipver =~ /6$/) ? '-IPv6' : '';
$idnum = 1 if(not $idnum); $idnum = 1 if(not $idnum);
die "unsupported ID number: $idnum" unless($idnum && die "unsupported ID number: '$idnum'" unless($idnum &&
($idnum =~ /^(\d+)$/)); ($idnum =~ /^(\d+)$/));
$idnum = '' unless($idnum > 1); $idnum = '' unless($idnum > 1);
@ -188,7 +197,7 @@ sub server_outputfilename {
# #
sub mainsockf_pidfilename { sub mainsockf_pidfilename {
my ($proto, $ipver, $idnum) = @_; my ($proto, $ipver, $idnum) = @_;
die "unsupported protocol: $proto" unless($proto && die "unsupported protocol: '$proto'" unless($proto &&
(lc($proto) =~ /^(ftp|imap|pop3|smtp)s?$/)); (lc($proto) =~ /^(ftp|imap|pop3|smtp)s?$/));
my $trailer = (lc($proto) =~ /^ftps?$/) ? '_sockctrl.pid':'_sockfilt.pid'; my $trailer = (lc($proto) =~ /^ftps?$/) ? '_sockctrl.pid':'_sockfilt.pid';
return '.'. servername_canon($proto, $ipver, $idnum) ."$trailer"; return '.'. servername_canon($proto, $ipver, $idnum) ."$trailer";
@ -200,7 +209,7 @@ sub mainsockf_pidfilename {
# #
sub mainsockf_logfilename { sub mainsockf_logfilename {
my ($logdir, $proto, $ipver, $idnum) = @_; my ($logdir, $proto, $ipver, $idnum) = @_;
die "unsupported protocol: $proto" unless($proto && die "unsupported protocol: '$proto'" unless($proto &&
(lc($proto) =~ /^(ftp|imap|pop3|smtp)s?$/)); (lc($proto) =~ /^(ftp|imap|pop3|smtp)s?$/));
my $trailer = (lc($proto) =~ /^ftps?$/) ? '_sockctrl.log':'_sockfilt.log'; my $trailer = (lc($proto) =~ /^ftps?$/) ? '_sockctrl.log':'_sockfilt.log';
return "${logdir}/". servername_canon($proto, $ipver, $idnum) ."$trailer"; return "${logdir}/". servername_canon($proto, $ipver, $idnum) ."$trailer";
@ -212,7 +221,7 @@ sub mainsockf_logfilename {
# #
sub datasockf_pidfilename { sub datasockf_pidfilename {
my ($proto, $ipver, $idnum) = @_; my ($proto, $ipver, $idnum) = @_;
die "unsupported protocol: $proto" unless($proto && die "unsupported protocol: '$proto'" unless($proto &&
(lc($proto) =~ /^ftps?$/)); (lc($proto) =~ /^ftps?$/));
my $trailer = '_sockdata.pid'; my $trailer = '_sockdata.pid';
return '.'. servername_canon($proto, $ipver, $idnum) ."$trailer"; return '.'. servername_canon($proto, $ipver, $idnum) ."$trailer";
@ -224,7 +233,7 @@ sub datasockf_pidfilename {
# #
sub datasockf_logfilename { sub datasockf_logfilename {
my ($logdir, $proto, $ipver, $idnum) = @_; my ($logdir, $proto, $ipver, $idnum) = @_;
die "unsupported protocol: $proto" unless($proto && die "unsupported protocol: '$proto'" unless($proto &&
(lc($proto) =~ /^ftps?$/)); (lc($proto) =~ /^ftps?$/));
my $trailer = '_sockdata.log'; my $trailer = '_sockdata.log';
return "${logdir}/". servername_canon($proto, $ipver, $idnum) ."$trailer"; return "${logdir}/". servername_canon($proto, $ipver, $idnum) ."$trailer";

83
tests/sshhelp.pm
View File

@ -39,6 +39,7 @@ use vars qw(
$sftpsrvexe $sftpsrvexe
$sftpexe $sftpexe
$sshkeygenexe $sshkeygenexe
$httptlssrvexe
$sshdconfig $sshdconfig
$sshconfig $sshconfig
$sftpconfig $sftpconfig
@ -52,6 +53,7 @@ use vars qw(
$cliprvkeyf $cliprvkeyf
$clipubkeyf $clipubkeyf
@sftppath @sftppath
@httptlssrvpath
); );
@ -95,7 +97,7 @@ use vars qw(
find_sftpsrv find_sftpsrv
find_sftp find_sftp
find_sshkeygen find_sshkeygen
find_gnutls_serv find_httptlssrv
logmsg logmsg
sshversioninfo sshversioninfo
); );
@ -109,6 +111,7 @@ $sshexe = 'ssh' .exe_ext(); # base name and ext of ssh client
$sftpsrvexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server $sftpsrvexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server
$sftpexe = 'sftp' .exe_ext(); # base name and ext of sftp client $sftpexe = 'sftp' .exe_ext(); # base name and ext of sftp client
$sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen $sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen
$httptlssrvexe = 'gnutls-serv' .exe_ext(); # base name and ext of gnutls-serv
$sshdconfig = 'curl_sshd_config'; # ssh daemon config file $sshdconfig = 'curl_sshd_config'; # ssh daemon config file
$sshconfig = 'curl_ssh_config'; # ssh client config file $sshconfig = 'curl_ssh_config'; # ssh client config file
$sftpconfig = 'curl_sftp_config'; # sftp client config file $sftpconfig = 'curl_sftp_config'; # sftp client config file
@ -124,7 +127,7 @@ $clipubkeyf = 'curl_client_key.pub'; # client public key file
#*************************************************************************** #***************************************************************************
# Absolute paths where to look for sftp-server plugin # Absolute paths where to look for sftp-server plugin, when not in PATH
# #
@sftppath = qw( @sftppath = qw(
/usr/lib/openssh /usr/lib/openssh
@ -149,6 +152,30 @@ $clipubkeyf = 'curl_client_key.pub'; # client public key file
); );
#***************************************************************************
# Absolute paths where to look for httptlssrv (gnutls-serv), when not in PATH
#
@httptlssrvpath = qw(
/usr/sbin
/usr/libexec
/usr/lib
/usr/lib/misc
/usr/lib64/misc
/usr/local/bin
/usr/local/sbin
/usr/local/libexec
/opt/local/bin
/opt/local/sbin
/opt/local/libexec
/usr/freeware/bin
/usr/freeware/sbin
/usr/freeware/libexec
/opt/gnutls/bin
/opt/gnutls/sbin
/opt/gnutls/libexec
);
#*************************************************************************** #***************************************************************************
# Return file extension for executable files on this operating system # Return file extension for executable files on this operating system
# #
@ -273,17 +300,35 @@ sub find_file {
my @path = @_; my @path = @_;
foreach (@path) { foreach (@path) {
my $file = File::Spec->catfile($_, $fn); my $file = File::Spec->catfile($_, $fn);
if(-e $file) { if(-e $file && ! -d $file) {
return $file; return $file;
} }
} }
} }
#***************************************************************************
# Find an executable file somewhere in the given path
#
sub find_exe_file {
my $fn = $_[0];
shift;
my @path = @_;
my $xext = exe_ext();
foreach (@path) {
my $file = File::Spec->catfile($_, $fn);
if(-e $file && ! -d $file) {
return $file if(-x $file);
return $file if(($xext) && (lc($file) =~ /\Q$xext\E$/));
}
}
}
#*************************************************************************** #***************************************************************************
# Find a file in environment path or in our sftppath # Find a file in environment path or in our sftppath
# #
sub find_sfile { sub find_file_spath {
my $filename = $_[0]; my $filename = $_[0];
my @spath; my @spath;
push(@spath, File::Spec->path()); push(@spath, File::Spec->path());
@ -291,18 +336,24 @@ sub find_sfile {
return find_file($filename, @spath); return find_file($filename, @spath);
} }
#*************************************************************************** #***************************************************************************
# Find gnutls-serv and return canonical filename # Find an executable file in environment path or in our httptlssrvpath
# #
sub find_gnutls_serv { sub find_exe_file_hpath {
return find_file("gnutls-serv", split(':', $ENV{PATH})); my $filename = $_[0];
my @hpath;
push(@hpath, File::Spec->path());
push(@hpath, @httptlssrvpath);
return find_exe_file($filename, @hpath);
} }
#*************************************************************************** #***************************************************************************
# Find ssh daemon and return canonical filename # Find ssh daemon and return canonical filename
# #
sub find_sshd { sub find_sshd {
return find_sfile($sshdexe); return find_file_spath($sshdexe);
} }
@ -310,7 +361,7 @@ sub find_sshd {
# Find ssh client and return canonical filename # Find ssh client and return canonical filename
# #
sub find_ssh { sub find_ssh {
return find_sfile($sshexe); return find_file_spath($sshexe);
} }
@ -318,7 +369,7 @@ sub find_ssh {
# Find sftp-server plugin and return canonical filename # Find sftp-server plugin and return canonical filename
# #
sub find_sftpsrv { sub find_sftpsrv {
return find_sfile($sftpsrvexe); return find_file_spath($sftpsrvexe);
} }
@ -326,7 +377,7 @@ sub find_sftpsrv {
# Find sftp client and return canonical filename # Find sftp client and return canonical filename
# #
sub find_sftp { sub find_sftp {
return find_sfile($sftpexe); return find_file_spath($sftpexe);
} }
@ -334,7 +385,15 @@ sub find_sftp {
# Find ssh-keygen and return canonical filename # Find ssh-keygen and return canonical filename
# #
sub find_sshkeygen { sub find_sshkeygen {
return find_sfile($sshkeygenexe); return find_file_spath($sshkeygenexe);
}
#***************************************************************************
# Find httptlssrv (gnutls-serv) and return canonical filename
#
sub find_httptlssrv {
return find_exe_file_hpath($httptlssrvexe);
} }