mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
To verify that the sftp server is actually running, responsive and that
all curl's tests generated configuration and key files are fine, a real connection is established to the test harness sftp server authenticating and running a simple sftp remote pwd command. The verification is done using OpenSSH's or SunSSH's sftp client tool with a configuration file with the same options as the test harness socks server with the exception that dynamic forwarding is not used for sftp.
This commit is contained in:
parent
05c191199d
commit
1a340de0e5
5
CHANGES
5
CHANGES
@ -6,6 +6,11 @@
|
|||||||
|
|
||||||
Changelog
|
Changelog
|
||||||
|
|
||||||
|
Yang Tse (8 Feb 2008)
|
||||||
|
- Improved test harness SCP/SFTP start up server verification, doing a real
|
||||||
|
connection to the sftp server, authenticating and running a simple sftp
|
||||||
|
pwd command using the test harness generated configuration and key files.
|
||||||
|
|
||||||
Daniel S (8 Feb 2008)
|
Daniel S (8 Feb 2008)
|
||||||
- Günter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and
|
- Günter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and
|
||||||
creates a suitable ca-bundle.crt file in PEM format for use with curl. The
|
creates a suitable ca-bundle.crt file in PEM format for use with curl. The
|
||||||
|
@ -5,11 +5,13 @@ log
|
|||||||
*.pid
|
*.pid
|
||||||
*.pdf
|
*.pdf
|
||||||
*.html
|
*.html
|
||||||
curl_client_knownhosts
|
|
||||||
curl_client_key
|
curl_client_key
|
||||||
curl_client_key.pub
|
curl_client_key.pub
|
||||||
|
curl_client_knownhosts
|
||||||
curl_host_dsa_key
|
curl_host_dsa_key
|
||||||
curl_host_dsa_key.pub
|
curl_host_dsa_key.pub
|
||||||
curl_sshd_config
|
curl_sftp_cmds
|
||||||
|
curl_sftp_config
|
||||||
curl_ssh_config
|
curl_ssh_config
|
||||||
|
curl_sshd_config
|
||||||
stunnel.conf
|
stunnel.conf
|
||||||
|
@ -69,14 +69,21 @@ use Cwd;
|
|||||||
use sshhelp qw(
|
use sshhelp qw(
|
||||||
$sshdexe
|
$sshdexe
|
||||||
$sshexe
|
$sshexe
|
||||||
|
$sftpexe
|
||||||
$sshconfig
|
$sshconfig
|
||||||
|
$sftpconfig
|
||||||
$sshlog
|
$sshlog
|
||||||
|
$sftplog
|
||||||
|
$sftpcmds
|
||||||
display_sshdconfig
|
display_sshdconfig
|
||||||
display_sshconfig
|
display_sshconfig
|
||||||
|
display_sftpconfig
|
||||||
display_sshdlog
|
display_sshdlog
|
||||||
display_sshlog
|
display_sshlog
|
||||||
|
display_sftplog
|
||||||
find_sshd
|
find_sshd
|
||||||
find_ssh
|
find_ssh
|
||||||
|
find_sftp
|
||||||
sshversioninfo
|
sshversioninfo
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -658,7 +665,9 @@ sub verifyftp {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#######################################################################
|
#######################################################################
|
||||||
# STUB for verifying scp/sftp
|
# Verify that the ssh server has written out its pidfile, recovering
|
||||||
|
# the pid from the file and returning it if a process with that pid is
|
||||||
|
# actually alive.
|
||||||
|
|
||||||
sub verifyssh {
|
sub verifyssh {
|
||||||
my ($proto, $ip, $port) = @_;
|
my ($proto, $ip, $port) = @_;
|
||||||
@ -680,6 +689,37 @@ sub verifyssh {
|
|||||||
return $pid;
|
return $pid;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
# Verify that we can connect to the sftp server, properly authenticate
|
||||||
|
# with generated config and key files and run a simple remote pwd.
|
||||||
|
|
||||||
|
sub verifysftp {
|
||||||
|
my ($proto, $ip, $port) = @_;
|
||||||
|
my $verified = 0;
|
||||||
|
# Find out sftp client canonical file name
|
||||||
|
my $sftp = find_sftp();
|
||||||
|
if(!$sftp) {
|
||||||
|
logmsg "RUN: SFTP server cannot find $sftpexe\n";
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
# Connect to sftp server, authenticate and run a remote pwd
|
||||||
|
# command using our generated configuration and key files
|
||||||
|
my $cmd = "$sftp -b $sftpcmds -F $sftpconfig $ip > $sftplog 2>&1";
|
||||||
|
my $res = runclient($cmd);
|
||||||
|
# Search for pwd command response in log file
|
||||||
|
if(open(SFTPLOGFILE, "<$sftplog")) {
|
||||||
|
while(<SFTPLOGFILE>) {
|
||||||
|
if(/^Remote working directory: /) {
|
||||||
|
$verified = 1;
|
||||||
|
last;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
close(SFTPLOGFILE);
|
||||||
|
}
|
||||||
|
return $verified;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#######################################################################
|
#######################################################################
|
||||||
# STUB for verifying socks
|
# STUB for verifying socks
|
||||||
|
|
||||||
@ -716,6 +756,7 @@ my %protofunc = ('http' => \&verifyhttp,
|
|||||||
'ftps' => \&verifyftp,
|
'ftps' => \&verifyftp,
|
||||||
'tftp' => \&verifyftp,
|
'tftp' => \&verifyftp,
|
||||||
'ssh' => \&verifyssh,
|
'ssh' => \&verifyssh,
|
||||||
|
'sftp' => \&verifysftp,
|
||||||
'socks' => \&verifysocks);
|
'socks' => \&verifysocks);
|
||||||
|
|
||||||
sub verifyserver {
|
sub verifyserver {
|
||||||
@ -1122,19 +1163,35 @@ sub runsshserver {
|
|||||||
return (0,0);
|
return (0,0);
|
||||||
}
|
}
|
||||||
|
|
||||||
# server verification allows some extra time for the server to start up
|
# ssh server verification allows some extra time for the server to start up
|
||||||
# and gives us the opportunity of recovering the pid from the pidfile,
|
# and gives us the opportunity of recovering the pid from the pidfile, when
|
||||||
# which will be assigned to pid2 ONLY if pid2 was not already positive.
|
# this verification succeeds the recovered pid is assigned to pid2.
|
||||||
|
|
||||||
my $pid3 = verifyserver("ssh",$ip,$port);
|
my $pid3 = verifyserver("ssh",$ip,$port);
|
||||||
if(!$pid3) {
|
if(!$pid3) {
|
||||||
logmsg "RUN: SSH server failed verification\n";
|
logmsg "RUN: SSH server failed verification\n";
|
||||||
# failed to talk to it properly. Kill the server and return failure
|
# failed to fetch server pid. Kill the server and return failure
|
||||||
|
stopserver("$sshpid $pid2");
|
||||||
|
$doesntrun{$pidfile} = 1;
|
||||||
|
return (0,0);
|
||||||
|
}
|
||||||
|
$pid2 = $pid3;
|
||||||
|
|
||||||
|
# once it is known that the ssh server is alive, sftp server verification
|
||||||
|
# is performed actually connecting to it, authenticating and performing a
|
||||||
|
# very simple remote command.
|
||||||
|
|
||||||
|
if(!verifyserver("sftp",$ip,$port)) {
|
||||||
|
logmsg "RUN: SFTP server failed verification\n";
|
||||||
|
# failed to talk to it properly. Kill the server and return failure
|
||||||
|
display_sftplog();
|
||||||
|
display_sftpconfig();
|
||||||
|
display_sshdlog();
|
||||||
|
display_sshdconfig();
|
||||||
stopserver("$sshpid $pid2");
|
stopserver("$sshpid $pid2");
|
||||||
$doesntrun{$pidfile} = 1;
|
$doesntrun{$pidfile} = 1;
|
||||||
return (0,0);
|
return (0,0);
|
||||||
}
|
}
|
||||||
$pid2 = $pid3 if($pid2 <= 0);
|
|
||||||
|
|
||||||
if($verbose) {
|
if($verbose) {
|
||||||
logmsg "RUN: SSH server is now running PID $pid2\n";
|
logmsg "RUN: SSH server is now running PID $pid2\n";
|
||||||
|
@ -37,13 +37,17 @@ use vars qw(
|
|||||||
@EXPORT_OK
|
@EXPORT_OK
|
||||||
$sshdexe
|
$sshdexe
|
||||||
$sshexe
|
$sshexe
|
||||||
|
$sftpsrvexe
|
||||||
$sftpexe
|
$sftpexe
|
||||||
$sshkeygenexe
|
$sshkeygenexe
|
||||||
$sshdconfig
|
$sshdconfig
|
||||||
$sshconfig
|
$sshconfig
|
||||||
|
$sftpconfig
|
||||||
$knownhosts
|
$knownhosts
|
||||||
$sshdlog
|
$sshdlog
|
||||||
$sshlog
|
$sshlog
|
||||||
|
$sftplog
|
||||||
|
$sftpcmds
|
||||||
$hstprvkeyf
|
$hstprvkeyf
|
||||||
$hstpubkeyf
|
$hstpubkeyf
|
||||||
$cliprvkeyf
|
$cliprvkeyf
|
||||||
@ -64,24 +68,31 @@ use vars qw(
|
|||||||
@EXPORT_OK = qw(
|
@EXPORT_OK = qw(
|
||||||
$sshdexe
|
$sshdexe
|
||||||
$sshexe
|
$sshexe
|
||||||
|
$sftpsrvexe
|
||||||
$sftpexe
|
$sftpexe
|
||||||
$sshkeygenexe
|
$sshkeygenexe
|
||||||
$sshdconfig
|
$sshdconfig
|
||||||
$sshconfig
|
$sshconfig
|
||||||
|
$sftpconfig
|
||||||
$knownhosts
|
$knownhosts
|
||||||
$sshdlog
|
$sshdlog
|
||||||
$sshlog
|
$sshlog
|
||||||
|
$sftplog
|
||||||
|
$sftpcmds
|
||||||
$hstprvkeyf
|
$hstprvkeyf
|
||||||
$hstpubkeyf
|
$hstpubkeyf
|
||||||
$cliprvkeyf
|
$cliprvkeyf
|
||||||
$clipubkeyf
|
$clipubkeyf
|
||||||
display_sshdconfig
|
display_sshdconfig
|
||||||
display_sshconfig
|
display_sshconfig
|
||||||
|
display_sftpconfig
|
||||||
display_sshdlog
|
display_sshdlog
|
||||||
display_sshlog
|
display_sshlog
|
||||||
|
display_sftplog
|
||||||
dump_array
|
dump_array
|
||||||
find_sshd
|
find_sshd
|
||||||
find_ssh
|
find_ssh
|
||||||
|
find_sftpsrv
|
||||||
find_sftp
|
find_sftp
|
||||||
find_sshkeygen
|
find_sshkeygen
|
||||||
logmsg
|
logmsg
|
||||||
@ -94,12 +105,16 @@ use vars qw(
|
|||||||
#
|
#
|
||||||
$sshdexe = 'sshd' .exe_ext(); # base name and ext of ssh daemon
|
$sshdexe = 'sshd' .exe_ext(); # base name and ext of ssh daemon
|
||||||
$sshexe = 'ssh' .exe_ext(); # base name and ext of ssh client
|
$sshexe = 'ssh' .exe_ext(); # base name and ext of ssh client
|
||||||
$sftpexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server
|
$sftpsrvexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server
|
||||||
|
$sftpexe = 'sftp' .exe_ext(); # base name and ext of sftp client
|
||||||
$sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen
|
$sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen
|
||||||
$sshdconfig = 'curl_sshd_config'; # ssh daemon config file
|
$sshdconfig = 'curl_sshd_config'; # ssh daemon config file
|
||||||
$sshconfig = 'curl_ssh_config'; # ssh client config file
|
$sshconfig = 'curl_ssh_config'; # ssh client config file
|
||||||
|
$sftpconfig = 'curl_sftp_config'; # sftp client config file
|
||||||
$sshdlog = 'log/sshd.log'; # ssh daemon log file
|
$sshdlog = 'log/sshd.log'; # ssh daemon log file
|
||||||
$sshlog = 'log/ssh.log'; # ssh client log file
|
$sshlog = 'log/ssh.log'; # ssh client log file
|
||||||
|
$sftplog = 'log/sftp.log'; # sftp client log file
|
||||||
|
$sftpcmds = 'curl_sftp_cmds'; # sftp client commands batch file
|
||||||
$knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file
|
$knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file
|
||||||
$hstprvkeyf = 'curl_host_dsa_key'; # host private key file
|
$hstprvkeyf = 'curl_host_dsa_key'; # host private key file
|
||||||
$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file
|
$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file
|
||||||
@ -213,6 +228,14 @@ sub display_sshconfig {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#***************************************************************************
|
||||||
|
# Display contents of the sftp client config file
|
||||||
|
#
|
||||||
|
sub display_sftpconfig {
|
||||||
|
display_file($sftpconfig);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#***************************************************************************
|
#***************************************************************************
|
||||||
# Display contents of the ssh daemon log file
|
# Display contents of the ssh daemon log file
|
||||||
#
|
#
|
||||||
@ -229,6 +252,14 @@ sub display_sshlog {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#***************************************************************************
|
||||||
|
# Display contents of the sftp client log file
|
||||||
|
#
|
||||||
|
sub display_sftplog {
|
||||||
|
display_file($sftplog);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#***************************************************************************
|
#***************************************************************************
|
||||||
# Find a file somewhere in the given path
|
# Find a file somewhere in the given path
|
||||||
#
|
#
|
||||||
@ -276,6 +307,14 @@ sub find_ssh {
|
|||||||
#***************************************************************************
|
#***************************************************************************
|
||||||
# Find sftp-server plugin and return canonical filename
|
# Find sftp-server plugin and return canonical filename
|
||||||
#
|
#
|
||||||
|
sub find_sftpsrv {
|
||||||
|
return find_sfile($sftpsrvexe);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#***************************************************************************
|
||||||
|
# Find sftp client and return canonical filename
|
||||||
|
#
|
||||||
sub find_sftp {
|
sub find_sftp {
|
||||||
return find_sfile($sftpexe);
|
return find_sfile($sftpexe);
|
||||||
}
|
}
|
||||||
|
@ -44,24 +44,31 @@ use Cwd;
|
|||||||
use sshhelp qw(
|
use sshhelp qw(
|
||||||
$sshdexe
|
$sshdexe
|
||||||
$sshexe
|
$sshexe
|
||||||
|
$sftpsrvexe
|
||||||
$sftpexe
|
$sftpexe
|
||||||
$sshkeygenexe
|
$sshkeygenexe
|
||||||
$sshdconfig
|
$sshdconfig
|
||||||
$sshconfig
|
$sshconfig
|
||||||
|
$sftpconfig
|
||||||
$knownhosts
|
$knownhosts
|
||||||
$sshdlog
|
$sshdlog
|
||||||
$sshlog
|
$sshlog
|
||||||
|
$sftplog
|
||||||
|
$sftpcmds
|
||||||
$hstprvkeyf
|
$hstprvkeyf
|
||||||
$hstpubkeyf
|
$hstpubkeyf
|
||||||
$cliprvkeyf
|
$cliprvkeyf
|
||||||
$clipubkeyf
|
$clipubkeyf
|
||||||
display_sshdconfig
|
display_sshdconfig
|
||||||
display_sshconfig
|
display_sshconfig
|
||||||
|
display_sftpconfig
|
||||||
display_sshdlog
|
display_sshdlog
|
||||||
display_sshlog
|
display_sshlog
|
||||||
|
display_sftplog
|
||||||
dump_array
|
dump_array
|
||||||
find_sshd
|
find_sshd
|
||||||
find_ssh
|
find_ssh
|
||||||
|
find_sftpsrv
|
||||||
find_sftp
|
find_sftp
|
||||||
find_sshkeygen
|
find_sshkeygen
|
||||||
logmsg
|
logmsg
|
||||||
@ -193,12 +200,23 @@ if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
|
|||||||
#***************************************************************************
|
#***************************************************************************
|
||||||
# Find out sftp server plugin canonical file name
|
# Find out sftp server plugin canonical file name
|
||||||
#
|
#
|
||||||
|
my $sftpsrv = find_sftpsrv();
|
||||||
|
if(!$sftpsrv) {
|
||||||
|
logmsg "cannot find $sftpsrvexe";
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
|
logmsg "sftp server plugin found $sftpsrv" if($verbose);
|
||||||
|
|
||||||
|
|
||||||
|
#***************************************************************************
|
||||||
|
# Find out sftp client canonical file name
|
||||||
|
#
|
||||||
my $sftp = find_sftp();
|
my $sftp = find_sftp();
|
||||||
if(!$sftp) {
|
if(!$sftp) {
|
||||||
logmsg "cannot find $sftpexe";
|
logmsg "cannot find $sftpexe";
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
logmsg "sftp server plugin found $sftp" if($verbose);
|
logmsg "sftp client found $sftp" if($verbose);
|
||||||
|
|
||||||
|
|
||||||
#***************************************************************************
|
#***************************************************************************
|
||||||
@ -428,7 +446,7 @@ push @cfgarr, 'RhostsRSAAuthentication no';
|
|||||||
push @cfgarr, 'RSAAuthentication no';
|
push @cfgarr, 'RSAAuthentication no';
|
||||||
push @cfgarr, 'ServerKeyBits 768';
|
push @cfgarr, 'ServerKeyBits 768';
|
||||||
push @cfgarr, 'StrictModes no';
|
push @cfgarr, 'StrictModes no';
|
||||||
push @cfgarr, "Subsystem sftp $sftp";
|
push @cfgarr, "Subsystem sftp $sftpsrv -f AUTH -l $loglevel";
|
||||||
push @cfgarr, 'SyslogFacility AUTH';
|
push @cfgarr, 'SyslogFacility AUTH';
|
||||||
push @cfgarr, 'UseLogin no';
|
push @cfgarr, 'UseLogin no';
|
||||||
push @cfgarr, 'X11Forwarding no';
|
push @cfgarr, 'X11Forwarding no';
|
||||||
@ -861,12 +879,55 @@ if($error) {
|
|||||||
logmsg $error;
|
logmsg $error;
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#***************************************************************************
|
||||||
|
# Initialize client sftp config with options actually supported.
|
||||||
|
#
|
||||||
|
logmsg 'generating sftp client config file...' if($verbose);
|
||||||
|
splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing";
|
||||||
|
#
|
||||||
|
for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) {
|
||||||
|
if($cfgarr[$i] =~ /^DynamicForward/) {
|
||||||
|
splice @cfgarr, $i, 1;
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
if($cfgarr[$i] =~ /^ClearAllForwardings/) {
|
||||||
|
splice @cfgarr, $i, 1, "ClearAllForwardings yes";
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#***************************************************************************
|
||||||
|
# Write out resulting sftp client configuration file for curl's tests
|
||||||
|
#
|
||||||
|
$error = dump_array($sftpconfig, @cfgarr);
|
||||||
|
if($error) {
|
||||||
|
logmsg $error;
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
|
@cfgarr = ();
|
||||||
|
|
||||||
|
|
||||||
|
#***************************************************************************
|
||||||
|
# Generate client sftp commands batch file for sftp server verification
|
||||||
|
#
|
||||||
|
logmsg 'generating sftp client commands file...' if($verbose);
|
||||||
|
push @cfgarr, 'pwd';
|
||||||
|
push @cfgarr, 'quit';
|
||||||
|
$error = dump_array($sftpcmds, @cfgarr);
|
||||||
|
if($error) {
|
||||||
|
logmsg $error;
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
@cfgarr = ();
|
@cfgarr = ();
|
||||||
|
|
||||||
|
|
||||||
#***************************************************************************
|
#***************************************************************************
|
||||||
# Start the ssh server daemon without forking it
|
# Start the ssh server daemon without forking it
|
||||||
#
|
#
|
||||||
|
logmsg "SCP/SFTP server listening on port $port" if($verbose);
|
||||||
my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1";
|
my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1";
|
||||||
if($rc == -1) {
|
if($rc == -1) {
|
||||||
logmsg "$sshd failed with: $!";
|
logmsg "$sshd failed with: $!";
|
||||||
@ -884,7 +945,7 @@ elsif($verbose && ($rc >> 8)) {
|
|||||||
# Clean up once the server has stopped
|
# Clean up once the server has stopped
|
||||||
#
|
#
|
||||||
unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts);
|
unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts);
|
||||||
unlink($sshdconfig, $sshconfig);
|
unlink($sshdconfig, $sshconfig, $sftpconfig);
|
||||||
|
|
||||||
|
|
||||||
exit 0;
|
exit 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user