1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00

To verify that the sftp server is actually running, responsive and that

all curl's tests generated configuration and key files are fine, a real
connection is established to the test harness sftp server authenticating
and running a simple sftp remote pwd command.

The verification is done using OpenSSH's or SunSSH's sftp client tool with
a configuration file with the same options as the test harness socks server
with the exception that dynamic forwarding is not used for sftp.
This commit is contained in:
Yang Tse 2008-02-08 13:54:02 +00:00
parent 05c191199d
commit 1a340de0e5
5 changed files with 176 additions and 12 deletions

View File

@ -6,6 +6,11 @@
Changelog Changelog
Yang Tse (8 Feb 2008)
- Improved test harness SCP/SFTP start up server verification, doing a real
connection to the sftp server, authenticating and running a simple sftp
pwd command using the test harness generated configuration and key files.
Daniel S (8 Feb 2008) Daniel S (8 Feb 2008)
- Günter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and - Günter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and
creates a suitable ca-bundle.crt file in PEM format for use with curl. The creates a suitable ca-bundle.crt file in PEM format for use with curl. The

View File

@ -5,11 +5,13 @@ log
*.pid *.pid
*.pdf *.pdf
*.html *.html
curl_client_knownhosts
curl_client_key curl_client_key
curl_client_key.pub curl_client_key.pub
curl_client_knownhosts
curl_host_dsa_key curl_host_dsa_key
curl_host_dsa_key.pub curl_host_dsa_key.pub
curl_sshd_config curl_sftp_cmds
curl_sftp_config
curl_ssh_config curl_ssh_config
curl_sshd_config
stunnel.conf stunnel.conf

View File

@ -69,14 +69,21 @@ use Cwd;
use sshhelp qw( use sshhelp qw(
$sshdexe $sshdexe
$sshexe $sshexe
$sftpexe
$sshconfig $sshconfig
$sftpconfig
$sshlog $sshlog
$sftplog
$sftpcmds
display_sshdconfig display_sshdconfig
display_sshconfig display_sshconfig
display_sftpconfig
display_sshdlog display_sshdlog
display_sshlog display_sshlog
display_sftplog
find_sshd find_sshd
find_ssh find_ssh
find_sftp
sshversioninfo sshversioninfo
); );
@ -658,7 +665,9 @@ sub verifyftp {
} }
####################################################################### #######################################################################
# STUB for verifying scp/sftp # Verify that the ssh server has written out its pidfile, recovering
# the pid from the file and returning it if a process with that pid is
# actually alive.
sub verifyssh { sub verifyssh {
my ($proto, $ip, $port) = @_; my ($proto, $ip, $port) = @_;
@ -680,6 +689,37 @@ sub verifyssh {
return $pid; return $pid;
} }
#######################################################################
# Verify that we can connect to the sftp server, properly authenticate
# with generated config and key files and run a simple remote pwd.
sub verifysftp {
my ($proto, $ip, $port) = @_;
my $verified = 0;
# Find out sftp client canonical file name
my $sftp = find_sftp();
if(!$sftp) {
logmsg "RUN: SFTP server cannot find $sftpexe\n";
return -1;
}
# Connect to sftp server, authenticate and run a remote pwd
# command using our generated configuration and key files
my $cmd = "$sftp -b $sftpcmds -F $sftpconfig $ip > $sftplog 2>&1";
my $res = runclient($cmd);
# Search for pwd command response in log file
if(open(SFTPLOGFILE, "<$sftplog")) {
while(<SFTPLOGFILE>) {
if(/^Remote working directory: /) {
$verified = 1;
last;
}
}
close(SFTPLOGFILE);
}
return $verified;
}
####################################################################### #######################################################################
# STUB for verifying socks # STUB for verifying socks
@ -716,6 +756,7 @@ my %protofunc = ('http' => \&verifyhttp,
'ftps' => \&verifyftp, 'ftps' => \&verifyftp,
'tftp' => \&verifyftp, 'tftp' => \&verifyftp,
'ssh' => \&verifyssh, 'ssh' => \&verifyssh,
'sftp' => \&verifysftp,
'socks' => \&verifysocks); 'socks' => \&verifysocks);
sub verifyserver { sub verifyserver {
@ -1122,19 +1163,35 @@ sub runsshserver {
return (0,0); return (0,0);
} }
# server verification allows some extra time for the server to start up # ssh server verification allows some extra time for the server to start up
# and gives us the opportunity of recovering the pid from the pidfile, # and gives us the opportunity of recovering the pid from the pidfile, when
# which will be assigned to pid2 ONLY if pid2 was not already positive. # this verification succeeds the recovered pid is assigned to pid2.
my $pid3 = verifyserver("ssh",$ip,$port); my $pid3 = verifyserver("ssh",$ip,$port);
if(!$pid3) { if(!$pid3) {
logmsg "RUN: SSH server failed verification\n"; logmsg "RUN: SSH server failed verification\n";
# failed to talk to it properly. Kill the server and return failure # failed to fetch server pid. Kill the server and return failure
stopserver("$sshpid $pid2");
$doesntrun{$pidfile} = 1;
return (0,0);
}
$pid2 = $pid3;
# once it is known that the ssh server is alive, sftp server verification
# is performed actually connecting to it, authenticating and performing a
# very simple remote command.
if(!verifyserver("sftp",$ip,$port)) {
logmsg "RUN: SFTP server failed verification\n";
# failed to talk to it properly. Kill the server and return failure
display_sftplog();
display_sftpconfig();
display_sshdlog();
display_sshdconfig();
stopserver("$sshpid $pid2"); stopserver("$sshpid $pid2");
$doesntrun{$pidfile} = 1; $doesntrun{$pidfile} = 1;
return (0,0); return (0,0);
} }
$pid2 = $pid3 if($pid2 <= 0);
if($verbose) { if($verbose) {
logmsg "RUN: SSH server is now running PID $pid2\n"; logmsg "RUN: SSH server is now running PID $pid2\n";

View File

@ -37,13 +37,17 @@ use vars qw(
@EXPORT_OK @EXPORT_OK
$sshdexe $sshdexe
$sshexe $sshexe
$sftpsrvexe
$sftpexe $sftpexe
$sshkeygenexe $sshkeygenexe
$sshdconfig $sshdconfig
$sshconfig $sshconfig
$sftpconfig
$knownhosts $knownhosts
$sshdlog $sshdlog
$sshlog $sshlog
$sftplog
$sftpcmds
$hstprvkeyf $hstprvkeyf
$hstpubkeyf $hstpubkeyf
$cliprvkeyf $cliprvkeyf
@ -64,24 +68,31 @@ use vars qw(
@EXPORT_OK = qw( @EXPORT_OK = qw(
$sshdexe $sshdexe
$sshexe $sshexe
$sftpsrvexe
$sftpexe $sftpexe
$sshkeygenexe $sshkeygenexe
$sshdconfig $sshdconfig
$sshconfig $sshconfig
$sftpconfig
$knownhosts $knownhosts
$sshdlog $sshdlog
$sshlog $sshlog
$sftplog
$sftpcmds
$hstprvkeyf $hstprvkeyf
$hstpubkeyf $hstpubkeyf
$cliprvkeyf $cliprvkeyf
$clipubkeyf $clipubkeyf
display_sshdconfig display_sshdconfig
display_sshconfig display_sshconfig
display_sftpconfig
display_sshdlog display_sshdlog
display_sshlog display_sshlog
display_sftplog
dump_array dump_array
find_sshd find_sshd
find_ssh find_ssh
find_sftpsrv
find_sftp find_sftp
find_sshkeygen find_sshkeygen
logmsg logmsg
@ -94,12 +105,16 @@ use vars qw(
# #
$sshdexe = 'sshd' .exe_ext(); # base name and ext of ssh daemon $sshdexe = 'sshd' .exe_ext(); # base name and ext of ssh daemon
$sshexe = 'ssh' .exe_ext(); # base name and ext of ssh client $sshexe = 'ssh' .exe_ext(); # base name and ext of ssh client
$sftpexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server $sftpsrvexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server
$sftpexe = 'sftp' .exe_ext(); # base name and ext of sftp client
$sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen $sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen
$sshdconfig = 'curl_sshd_config'; # ssh daemon config file $sshdconfig = 'curl_sshd_config'; # ssh daemon config file
$sshconfig = 'curl_ssh_config'; # ssh client config file $sshconfig = 'curl_ssh_config'; # ssh client config file
$sftpconfig = 'curl_sftp_config'; # sftp client config file
$sshdlog = 'log/sshd.log'; # ssh daemon log file $sshdlog = 'log/sshd.log'; # ssh daemon log file
$sshlog = 'log/ssh.log'; # ssh client log file $sshlog = 'log/ssh.log'; # ssh client log file
$sftplog = 'log/sftp.log'; # sftp client log file
$sftpcmds = 'curl_sftp_cmds'; # sftp client commands batch file
$knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file $knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file
$hstprvkeyf = 'curl_host_dsa_key'; # host private key file $hstprvkeyf = 'curl_host_dsa_key'; # host private key file
$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file $hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file
@ -213,6 +228,14 @@ sub display_sshconfig {
} }
#***************************************************************************
# Display contents of the sftp client config file
#
sub display_sftpconfig {
display_file($sftpconfig);
}
#*************************************************************************** #***************************************************************************
# Display contents of the ssh daemon log file # Display contents of the ssh daemon log file
# #
@ -229,6 +252,14 @@ sub display_sshlog {
} }
#***************************************************************************
# Display contents of the sftp client log file
#
sub display_sftplog {
display_file($sftplog);
}
#*************************************************************************** #***************************************************************************
# Find a file somewhere in the given path # Find a file somewhere in the given path
# #
@ -276,6 +307,14 @@ sub find_ssh {
#*************************************************************************** #***************************************************************************
# Find sftp-server plugin and return canonical filename # Find sftp-server plugin and return canonical filename
# #
sub find_sftpsrv {
return find_sfile($sftpsrvexe);
}
#***************************************************************************
# Find sftp client and return canonical filename
#
sub find_sftp { sub find_sftp {
return find_sfile($sftpexe); return find_sfile($sftpexe);
} }

View File

@ -44,24 +44,31 @@ use Cwd;
use sshhelp qw( use sshhelp qw(
$sshdexe $sshdexe
$sshexe $sshexe
$sftpsrvexe
$sftpexe $sftpexe
$sshkeygenexe $sshkeygenexe
$sshdconfig $sshdconfig
$sshconfig $sshconfig
$sftpconfig
$knownhosts $knownhosts
$sshdlog $sshdlog
$sshlog $sshlog
$sftplog
$sftpcmds
$hstprvkeyf $hstprvkeyf
$hstpubkeyf $hstpubkeyf
$cliprvkeyf $cliprvkeyf
$clipubkeyf $clipubkeyf
display_sshdconfig display_sshdconfig
display_sshconfig display_sshconfig
display_sftpconfig
display_sshdlog display_sshdlog
display_sshlog display_sshlog
display_sftplog
dump_array dump_array
find_sshd find_sshd
find_ssh find_ssh
find_sftpsrv
find_sftp find_sftp
find_sshkeygen find_sshkeygen
logmsg logmsg
@ -193,12 +200,23 @@ if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
#*************************************************************************** #***************************************************************************
# Find out sftp server plugin canonical file name # Find out sftp server plugin canonical file name
# #
my $sftpsrv = find_sftpsrv();
if(!$sftpsrv) {
logmsg "cannot find $sftpsrvexe";
exit 1;
}
logmsg "sftp server plugin found $sftpsrv" if($verbose);
#***************************************************************************
# Find out sftp client canonical file name
#
my $sftp = find_sftp(); my $sftp = find_sftp();
if(!$sftp) { if(!$sftp) {
logmsg "cannot find $sftpexe"; logmsg "cannot find $sftpexe";
exit 1; exit 1;
} }
logmsg "sftp server plugin found $sftp" if($verbose); logmsg "sftp client found $sftp" if($verbose);
#*************************************************************************** #***************************************************************************
@ -428,7 +446,7 @@ push @cfgarr, 'RhostsRSAAuthentication no';
push @cfgarr, 'RSAAuthentication no'; push @cfgarr, 'RSAAuthentication no';
push @cfgarr, 'ServerKeyBits 768'; push @cfgarr, 'ServerKeyBits 768';
push @cfgarr, 'StrictModes no'; push @cfgarr, 'StrictModes no';
push @cfgarr, "Subsystem sftp $sftp"; push @cfgarr, "Subsystem sftp $sftpsrv -f AUTH -l $loglevel";
push @cfgarr, 'SyslogFacility AUTH'; push @cfgarr, 'SyslogFacility AUTH';
push @cfgarr, 'UseLogin no'; push @cfgarr, 'UseLogin no';
push @cfgarr, 'X11Forwarding no'; push @cfgarr, 'X11Forwarding no';
@ -861,12 +879,55 @@ if($error) {
logmsg $error; logmsg $error;
exit 1; exit 1;
} }
#***************************************************************************
# Initialize client sftp config with options actually supported.
#
logmsg 'generating sftp client config file...' if($verbose);
splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing";
#
for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) {
if($cfgarr[$i] =~ /^DynamicForward/) {
splice @cfgarr, $i, 1;
next;
}
if($cfgarr[$i] =~ /^ClearAllForwardings/) {
splice @cfgarr, $i, 1, "ClearAllForwardings yes";
next;
}
}
#***************************************************************************
# Write out resulting sftp client configuration file for curl's tests
#
$error = dump_array($sftpconfig, @cfgarr);
if($error) {
logmsg $error;
exit 1;
}
@cfgarr = ();
#***************************************************************************
# Generate client sftp commands batch file for sftp server verification
#
logmsg 'generating sftp client commands file...' if($verbose);
push @cfgarr, 'pwd';
push @cfgarr, 'quit';
$error = dump_array($sftpcmds, @cfgarr);
if($error) {
logmsg $error;
exit 1;
}
@cfgarr = (); @cfgarr = ();
#*************************************************************************** #***************************************************************************
# Start the ssh server daemon without forking it # Start the ssh server daemon without forking it
# #
logmsg "SCP/SFTP server listening on port $port" if($verbose);
my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1"; my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1";
if($rc == -1) { if($rc == -1) {
logmsg "$sshd failed with: $!"; logmsg "$sshd failed with: $!";
@ -884,7 +945,7 @@ elsif($verbose && ($rc >> 8)) {
# Clean up once the server has stopped # Clean up once the server has stopped
# #
unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts); unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts);
unlink($sshdconfig, $sshconfig); unlink($sshdconfig, $sshconfig, $sftpconfig);
exit 0; exit 0;