librumphijack

Antti Kantee Mon, 14 Feb 2011 07:14:08 -0800

Module Name:    src
Committed By:   pooka
Date:           Mon Feb 14 15:14:00 UTC 2011


Modified Files:
        src/tests/lib/librumphijack: Makefile t_tcpip.sh
Added Files:
        src/tests/lib/librumphijack: ssh_config.in ssh_host_key
            ssh_host_key.pub sshd_config.in

Log Message:
Test that hijacked ssh/sshd work.

Copypastes jmmv's sshd magic from fs/psshfs.
(dunno if it's worth sharing the code, or even what the
best practice for doing so would be)


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/tests/lib/librumphijack/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/lib/librumphijack/ssh_config.in \
    src/tests/lib/librumphijack/ssh_host_key \
    src/tests/lib/librumphijack/ssh_host_key.pub \
    src/tests/lib/librumphijack/sshd_config.in
cvs rdiff -u -r1.1 -r1.2 src/tests/lib/librumphijack/t_tcpip.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/tests/lib/librumphijack/Makefile
diff -u src/tests/lib/librumphijack/Makefile:1.2 src/tests/lib/librumphijack/Makefile:1.3
--- src/tests/lib/librumphijack/Makefile:1.2	Fri Feb 11 15:38:14 2011
+++ src/tests/lib/librumphijack/Makefile	Mon Feb 14 15:14:00 2011
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.2 2011/02/11 15:38:14 pooka Exp $
+#	$NetBSD: Makefile,v 1.3 2011/02/14 15:14:00 pooka Exp $
 #
 
 .include <bsd.own.mk>
@@ -13,6 +13,12 @@
 FILES=		netstat.expout index.html
 FILESDIR=	${TESTSDIR}
 
+# ssh test
+FILES+=		ssh_config.in
+FILES+=		ssh_host_key
+FILES+=		ssh_host_key.pub
+FILES+=		sshd_config.in
+
 ATFFILE=	yes
 
 .include <bsd.test.mk>

Index: src/tests/lib/librumphijack/t_tcpip.sh
diff -u src/tests/lib/librumphijack/t_tcpip.sh:1.1 src/tests/lib/librumphijack/t_tcpip.sh:1.2
--- src/tests/lib/librumphijack/t_tcpip.sh:1.1	Sun Feb  6 18:44:30 2011
+++ src/tests/lib/librumphijack/t_tcpip.sh	Mon Feb 14 15:14:00 2011
@@ -1,4 +1,4 @@
-#       $NetBSD: t_tcpip.sh,v 1.1 2011/02/06 18:44:30 pooka Exp $
+#       $NetBSD: t_tcpip.sh,v 1.2 2011/02/14 15:14:00 pooka Exp $
 #
 # Copyright (c) 2011 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -42,7 +42,7 @@
 	export RUMPHIJACK_RETRY='die'
 
 	# start bozo in daemon mode
-	atf_check -s exit:0 -e ignore env LD_PRELOAD=/usr/lib/librumphijack.so \
+	atf_check -s exit:0 env LD_PRELOAD=/usr/lib/librumphijack.so \
 	    /usr/libexec/httpd -b -s $(atf_get_srcdir)
 
 	atf_check -s exit:0 -o file:"$(atf_get_srcdir)/netstat.expout" \
@@ -64,7 +64,90 @@
 	rump.halt
 }
 
+#
+# Starts a SSH server and sets up the client to access it.
+# Authentication is allowed and done using an RSA key exclusively, which
+# is generated on the fly as part of the test case.
+# XXX: Ideally, all the tests in this test program should be able to share
+# the generated key, because creating it can be a very slow process on some
+# machines.
+#
+# XXX2: copypasted from jmmv's sshd thingamob in the psshfs test.
+# ideally code (and keys, like jmmv notes above) could be shared
+#
+start_sshd() {
+	echo "Setting up SSH server configuration"
+	sed -e "s,@SRCDIR@,$(atf_get_srcdir),g" -e "s,@WORKDIR@,$(pwd),g" \
+	    $(atf_get_srcdir)/sshd_config.in >sshd_config || \
+	    atf_fail "Failed to create sshd_config"
+	atf_check -s ignore -o empty -e ignore \
+	    cp $(atf_get_srcdir)/ssh_host_key .
+	atf_check -s ignore -o empty -e ignore \
+	    cp $(atf_get_srcdir)/ssh_host_key.pub .
+	atf_check -s eq:0 -o empty -e empty chmod 400 ssh_host_key
+	atf_check -s eq:0 -o empty -e empty chmod 444 ssh_host_key.pub
+
+        env LD_PRELOAD=/usr/lib/librumphijack.so \
+	    /usr/sbin/sshd -e -f ./sshd_config
+	while [ ! -f sshd.pid ]; do
+		sleep 0.01
+	done
+	echo "SSH server started (pid $(cat sshd.pid))"
+
+	echo "Setting up SSH client configuration"
+	atf_check -s eq:0 -o empty -e empty \
+	    ssh-keygen -f ssh_user_key -t rsa -b 1024 -N "" -q
+	atf_check -s eq:0 -o empty -e empty \
+	    cp ssh_user_key.pub authorized_keys
+	echo "127.0.0.1,localhost,::1 " \
+	    "$(cat $(atf_get_srcdir)/ssh_host_key.pub)" >known_hosts || \
+	    atf_fail "Failed to create known_hosts"
+	atf_check -s eq:0 -o empty -e empty chmod 600 authorized_keys
+	sed -e "s,@SRCDIR@,$(atf_get_srcdir),g" -e "s,@WORKDIR@,$(pwd),g" \
+	    $(atf_get_srcdir)/ssh_config.in >ssh_config || \
+	    atf_fail "Failed to create ssh_config"
+	
+	echo "sshd running"
+}
+
+atf_test_case ssh cleanup
+ssh_head()
+{
+        atf_set "descr" "Test that hijacked ssh/sshd works"
+}
+
+ssh_body()
+{
+
+	atf_check -s exit:0 ${rumpnetsrv} ${RUMP_SERVER}
+	# make sure clients die after we nuke the server
+	export RUMPHIJACK_RETRY='die'
+
+	export LD_LIBRARY_PATH=/home/pooka/src/nb5/src/lib/libssh
+
+	start_sshd
+
+	# create some sort of directory for us to "ls"
+	mkdir testdir
+	cd testdir
+	jot 11 | xargs touch
+	jot 11 12 | xargs mkdir
+	cd ..
+
+	atf_check -s exit:0 -o save:ssh.out				\
+	    env LD_PRELOAD=/usr/lib/librumphijack.so			\
+	    ssh -T -F ssh_config 127.0.0.1 ls -li $(pwd)/testdir
+	atf_check -s exit:0 -o file:ssh.out ls -li $(pwd)/testdir
+}
+
+ssh_cleanup()
+{
+	rump.halt
+	# sshd dies due to RUMPHIJACK_RETRY=1d6
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case http
+	atf_add_test_case ssh
 }

Added files:

Index: src/tests/lib/librumphijack/ssh_config.in
diff -u /dev/null src/tests/lib/librumphijack/ssh_config.in:1.1
--- /dev/null	Mon Feb 14 15:14:00 2011
+++ src/tests/lib/librumphijack/ssh_config.in	Mon Feb 14 15:14:00 2011
@@ -0,0 +1,14 @@
+# $NetBSD: ssh_config.in,v 1.1 2011/02/14 15:14:00 pooka Exp $
+
+# Basic settings.
+Port 22
+Protocol 2
+
+# The temporary key used for login.
+IdentityFile @WORKDIR@/ssh_user_key
+
+# Prevent the client from complaining about unknown host keys.
+GlobalKnownHostsFile @WORKDIR@/known_hosts
+
+# Do not attempt password authentication in case keys fail.
+IdentitiesOnly yes
Index: src/tests/lib/librumphijack/ssh_host_key
diff -u /dev/null src/tests/lib/librumphijack/ssh_host_key:1.1
--- /dev/null	Mon Feb 14 15:14:00 2011
+++ src/tests/lib/librumphijack/ssh_host_key	Mon Feb 14 15:14:00 2011
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDJnMpSG1lGmApk8F7ZH7TGtjjP/WUs+vqHyFsyS2lilJzereen
+a/ME6S0d0HTOeCdKldjbtDpfNXbh+XnJMlJMEgEs4Mg1jluuEV0GOJoMt7cGzku2
+gAYGx++2+wqYw6Y+M8Tb1M4AO+PcxD/3BkdUyIKO63v6STl2VQn1BzsTQwIBIwKB
+gAuFTWPHDGpvFols0jhK9GMgWwSSIwnidLdNRwowMehgQ3pwVmFWoCwqlN0h2sn4
+PMJu9nL0WxtiJAzprzARgQuPI25t9LiKTF7scC/cNUiHPplUjvoDXA9ccY1eIf4R
+e6wwZz1jfCWen0eRsvMyoYvFmEH8hILAk1bY9heymOGLAkEA/WhC49n+gtloVMow
+iKQOO6+u3ouxTOTQ3sV2wCaLaO2pEbHP2//5SlUJLp6QrjC7bg9Kr+f56+zT2he9
+f6GCwwJBAMus3XizmZdJyJLnkCJRiT0/3Kf57fhWKRdnFkuRLyjET9MEWavRdJmr
+bx/lxmILi1iKwXiFEDM6MqYfmNImJYECQQCtw9YYlXtSaTGZOi/oqwJyEhGCqO6b
+II85q/moVPHhjQY4BOZNttbT4on0FPV+wlSjPa+OkHDcSp/mAaaDZ2+bAkEAujel
+6rLVkaKLfv+ZuPoXE22WivMityo0Mqdk12ArHfVQS+a4YpOdzlOYzLTSosi56o19
+sAShGOTAl+Jf1hQ/iwJAKpPviX5w292H/m5T0m4l0NRdQ3pRujOLMSVmY+/HFZTW
+GJMYLr1eBKNfLsKzJgB88GzuF2O/O8hNi3XSiOP+9w==
+-----END RSA PRIVATE KEY-----
Index: src/tests/lib/librumphijack/ssh_host_key.pub
diff -u /dev/null src/tests/lib/librumphijack/ssh_host_key.pub:1.1
--- /dev/null	Mon Feb 14 15:14:00 2011
+++ src/tests/lib/librumphijack/ssh_host_key.pub	Mon Feb 14 15:14:00 2011
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyZzKUhtZRpgKZPBe2R+0xrY4z/1lLPr6h8hbMktpYpSc3q3np2vzBOktHdB0zngnSpXY27Q6XzV24fl5yTJSTBIBLODINY5brhFdBjiaDLe3Bs5LtoAGBsfvtvsKmMOmPjPE29TOADvj3MQ/9wZHVMiCjut7+kk5dlUJ9Qc7E0M= t...@test.example.net
Index: src/tests/lib/librumphijack/sshd_config.in
diff -u /dev/null src/tests/lib/librumphijack/sshd_config.in:1.1
--- /dev/null	Mon Feb 14 15:14:00 2011
+++ src/tests/lib/librumphijack/sshd_config.in	Mon Feb 14 15:14:00 2011
@@ -0,0 +1,39 @@
+# $NetBSD: sshd_config.in,v 1.1 2011/02/14 15:14:00 pooka Exp $
+
+# Basic settings.
+Port 22
+Protocol 2
+
+# Provide information to the user in case something goes wrong.
+LogLevel DEBUG1
+
+# The host key.  It lives in the work directory because we need to set
+# very strict permissions on it and cannot modify the copy on the source
+# directory.
+HostKey @WORKDIR@/ssh_host_key
+
+# The authorized keys file we set up during the test to allow the client
+# to safely log in.  We need to disable strict modes because ATF_WORKDIR
+# usually lives in /tmp, which has 1777 permissions and are not liked by
+# sshd.
+AuthorizedKeysFile @WORKDIR@/authorized_keys
+StrictModes no
+
+# Some settings to allow user runs of sshd.
+PidFile @WORKDIR@/sshd.pid
+UsePam no
+UsePrivilegeSeparation no
+
+# The root user should also be able to run the tests.
+PermitRootLogin yes
+
+# Be restrictive about access to the temporary server.  Only allow key-based
+# authentication.
+ChallengeResponseAuthentication no
+GSSAPIAuthentication no
+HostbasedAuthentication no
+KerberosAuthentication no
+MaxAuthTries 1
+MaxStartups 1
+PasswordAuthentication no
+PubkeyAuthentication yes

CVS commit: src/tests/lib/librumphijack

Reply via email to