From 5f29ad789dda115b477d53fbedd3a71b64962e27 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 25 Oct 2008 14:17:34 -0400 Subject: test now has better sshd configuration. --- tests/basic | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index b9ae8f1..e3cc42e 100755 --- a/tests/basic +++ b/tests/basic @@ -81,9 +81,12 @@ gpgadmin --sign-key "$HOSTKEYID" echo "-- adding admin as certifier..." monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg +# initialize base sshd_config +cp etc/ssh/sshd_config "$TEMPDIR"/sshd_config # write the sshd_config -cat < "$TEMPDIR"/sshd_config +cat <> "$TEMPDIR"/sshd_config HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key +AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF # launch sshd with the new host key. -- cgit v1.2.3 From 2983d63efb6371cf7dc8815bfcdbefb42cadb1d3 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 14:58:36 -0400 Subject: more changes to test suite, and add admin/testuser gpg.conf files to use quick-random option --- tests/basic | 40 +++++++++++++++++++++++-------------- tests/home/admin/.gnupg/gpg.conf | 2 ++ tests/home/testuser/.gnupg/gpg.conf | 2 ++ 3 files changed, 29 insertions(+), 15 deletions(-) create mode 100644 tests/home/admin/.gnupg/gpg.conf create mode 100644 tests/home/testuser/.gnupg/gpg.conf (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index b9ae8f1..d73e162 100755 --- a/tests/basic +++ b/tests/basic @@ -24,7 +24,7 @@ cleanup() { # FIXME: stop the sshd process echo - echo "-- removing temp dir..." + echo "### removing temp dir..." rm -rf "$TEMPDIR" # FIXME: how should we clear out the temporary $VARLIB? @@ -42,6 +42,10 @@ export TESTDIR=$(pwd) # make temp dir TEMPDIR="$TESTDIR"/tmp +if [ -e "$TEMPDIR" ] ; then + echo "tempdir '$TEMPDIR' already exists." + exit 1 +fi mkdir "$TEMPDIR" # Use the local copy of executables first, instead of system ones. @@ -52,6 +56,9 @@ export MONKEYSPHERE_SYSDATADIR="$TEMPDIR" export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR" export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src export MONKEYSPHERE_MONKEYSPHERE_USER="$USER" +export MONKEYSPHERE_CHECK_KEYSERVER=false + +SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket ### SERVER TESTS @@ -60,15 +67,18 @@ export SOCKET="$TEMPDIR"/ssh-socket mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication +# add the quick-random option to the gpg host config +echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host.conf + # create a new host key -echo "-- generating server key..." -echo | monkeysphere-server gen-key --length 1024 --expire 0 +echo "### generating server key..." +echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) # certify it with the "Admin's Key". # (this would normally be done via keyservers) -echo "-- certifying server key..." +echo "### certifying server key..." monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import gpgadmin --sign-key "$HOSTKEYID" @@ -78,17 +88,17 @@ gpgadmin --sign-key "$HOSTKEYID" # indicate that the "Admin's" key is an identity certifier for the # host -echo "-- adding admin as certifier..." +echo "### adding admin as certifier..." monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg # write the sshd_config -cat < "$TEMPDIR"/sshd_config +cat < "$SSHD_CONFIG" HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key EOF -# launch sshd with the new host key. -echo "-- starting sshd..." -socat EXEC:'/usr/sbin/sshd -f '"$TEMPDIR"/sshd_config' -i -d -d -d -D -e' "UNIX-LISTEN:${TEMPDIR/socket}" & +# launch test sshd with the new host key. +echo "### starting sshd..." +socat EXEC:'/usr/sbin/sshd -f '"$SSHD_CONFIG"' -i -d -d -d -D -e' "UNIX-LISTEN:${SOCKET}" & ### TESTUSER TESTS @@ -97,17 +107,17 @@ socat EXEC:'/usr/sbin/sshd -f '"$TEMPDIR"/sshd_config' -i -d -d -d -D -e' "UNIX- cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ # generate an auth subkey for the test user -echo "-- generating key for testuser..." +echo "### generating key for testuser..." MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ monkeysphere gen-subkey --expire 0 -# connect to sample sshd host key, using monkeysphere to verify the -# identity before connection. - -## FIXME: implement! +# connect to test sshd, using monkeysphere to verify the identity +# before connection. +echo "### connecting to sshd socket..." +PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" +ssh -oProxyCommand="$PROXY_COMMAND" testhost # create a new client side key, certify it with the "CA", use it to # log in. ## FIXME: implement! - diff --git a/tests/home/admin/.gnupg/gpg.conf b/tests/home/admin/.gnupg/gpg.conf new file mode 100644 index 0000000..34bf93a --- /dev/null +++ b/tests/home/admin/.gnupg/gpg.conf @@ -0,0 +1,2 @@ +# command to avoid depleting the system entropy +quick-random diff --git a/tests/home/testuser/.gnupg/gpg.conf b/tests/home/testuser/.gnupg/gpg.conf new file mode 100644 index 0000000..34bf93a --- /dev/null +++ b/tests/home/testuser/.gnupg/gpg.conf @@ -0,0 +1,2 @@ +# command to avoid depleting the system entropy +quick-random -- cgit v1.2.3 From 46aa44a14c0812905d3f13ebbd84981cd5f87fd2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 15:04:19 -0400 Subject: fix path to sshd_config in test script --- tests/basic | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 3f94856..e14b765 100755 --- a/tests/basic +++ b/tests/basic @@ -92,7 +92,7 @@ echo "### adding admin as certifier..." monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg # initialize base sshd_config -cp etc/ssh/sshd_config "$TEMPDIR"/sshd_config +cp etc/ssh/sshd_config "$SSHD_CONFIG" # write the sshd_config cat <> "$SSHD_CONFIG" HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key -- cgit v1.2.3 From 7b30291a2d162934c98e361256fd29b54c76854b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 15:50:59 -0400 Subject: more tweaks to test script. --- tests/basic | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index e14b765..fc7dfba 100755 --- a/tests/basic +++ b/tests/basic @@ -18,7 +18,6 @@ gpgadmin() { GNUPGHOME="$TESTDIR"/home/admin/.gnupg gpg "$@" } - # cleanup: cleanup() { # FIXME: stop the sshd process @@ -33,7 +32,7 @@ cleanup() { } ## setup trap -#trap cleanup EXIT +trap cleanup EXIT ## set up some variables to ensure that we're operating strictly in ## the tests, not system-wide: @@ -61,6 +60,7 @@ export MONKEYSPHERE_CHECK_KEYSERVER=false SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket + ### SERVER TESTS # create the temp gnupghome directories @@ -68,7 +68,7 @@ mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication # add the quick-random option to the gpg host config -echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host.conf +echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf # create a new host key echo "### generating server key..." @@ -114,6 +114,10 @@ echo "### generating key for testuser..." MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ monkeysphere gen-subkey --expire 0 +# add server key to testuser keychain +monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | \ + GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import + # connect to test sshd, using monkeysphere to verify the identity # before connection. echo "### connecting to sshd socket..." @@ -122,5 +126,8 @@ ssh -oProxyCommand="$PROXY_COMMAND" testhost # create a new client side key, certify it with the "CA", use it to # log in. - ## FIXME: implement! + + +### FINISH +read -p "press enter to cleanup tmp:" -- cgit v1.2.3 From fa4afa22523331e9d0325bdbb5b6f92115686bce Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 17:33:27 -0400 Subject: more work on test suite. --- etc/gnupg-authentication.conf | 2 +- tests/basic | 40 +++++++++++++++++++++++------------- tests/home/admin/.gnupg/gpg.conf | 2 -- tests/home/admin/.gnupg/pubring.gpg | Bin 421 -> 4331 bytes tests/home/admin/.gnupg/trustdb.gpg | Bin 1280 -> 1760 bytes tests/home/testuser/.gnupg/gpg.conf | 3 +++ 6 files changed, 30 insertions(+), 17 deletions(-) delete mode 100644 tests/home/admin/.gnupg/gpg.conf (limited to 'tests/basic') diff --git a/etc/gnupg-authentication.conf b/etc/gnupg-authentication.conf index e00d317..7e5620b 100644 --- a/etc/gnupg-authentication.conf +++ b/etc/gnupg-authentication.conf @@ -8,7 +8,7 @@ primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg # PGP keyserver to use for PGP queries. -keyserver hkp://pgp.mit.edu +keyserver hkp://pool.sks-keyservers.net # GPG list options. It is recommended that you have at least # "show-uid-validity". diff --git a/tests/basic b/tests/basic index fc7dfba..81f3b91 100755 --- a/tests/basic +++ b/tests/basic @@ -12,6 +12,9 @@ # NOTE: these tests have *not* themselves been tested yet # (2008-09-13). Please exercise with caution! +# fail on fail +set -e + # these tests assume a commonly-trusted "Admin's key", a fake key # permanently stored in ./home/admin/.gnupg: gpgadmin() { @@ -20,6 +23,9 @@ gpgadmin() { # cleanup: cleanup() { + + read -p "press enter to cleanup and remove tmp:" + # FIXME: stop the sshd process echo @@ -63,16 +69,21 @@ export SOCKET="$TEMPDIR"/ssh-socket ### SERVER TESTS -# create the temp gnupghome directories +# setup monkeysphere temp gnupghome directories mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication - -# add the quick-random option to the gpg host config -echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf +cat < "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf +primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg +keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg +EOF # create a new host key echo "### generating server key..." +# add gpg.conf with quick-random +echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost +# remove the gpg.conf +rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) @@ -80,7 +91,7 @@ HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) # (this would normally be done via keyservers) echo "### certifying server key..." monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import -gpgadmin --sign-key "$HOSTKEYID" +echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # FIXME: how can we test publish-key without flooding junk into the # keyservers? @@ -89,7 +100,7 @@ gpgadmin --sign-key "$HOSTKEYID" # host echo "### adding admin as certifier..." -monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg +echo y | monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg # initialize base sshd_config cp etc/ssh/sshd_config "$SSHD_CONFIG" @@ -101,12 +112,13 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." -socat EXEC:'/usr/sbin/sshd -f '"$SSHD_CONFIG"' -i -d -d -d -D -e' "UNIX-LISTEN:${SOCKET}" & +socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & ### TESTUSER TESTS # copy testuser home directory into temp dir +echo "### seting up testuser home..." cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ # generate an auth subkey for the test user @@ -115,19 +127,19 @@ MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ monkeysphere gen-subkey --expire 0 # add server key to testuser keychain -monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | \ +echo "### export server key to testuser..." +gpgadmin --armor --export "$HOSTKEYID" | \ GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import +#GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --list-keys +#read -p "?" + # connect to test sshd, using monkeysphere to verify the identity # before connection. -echo "### connecting to sshd socket..." +echo "### testuser connecting to sshd socket..." PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" -ssh -oProxyCommand="$PROXY_COMMAND" testhost +GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -oProxyCommand="$PROXY_COMMAND" testhost # create a new client side key, certify it with the "CA", use it to # log in. ## FIXME: implement! - - -### FINISH -read -p "press enter to cleanup tmp:" diff --git a/tests/home/admin/.gnupg/gpg.conf b/tests/home/admin/.gnupg/gpg.conf deleted file mode 100644 index 34bf93a..0000000 --- a/tests/home/admin/.gnupg/gpg.conf +++ /dev/null @@ -1,2 +0,0 @@ -# command to avoid depleting the system entropy -quick-random diff --git a/tests/home/admin/.gnupg/pubring.gpg b/tests/home/admin/.gnupg/pubring.gpg index ce19633..8e10c4a 100644 Binary files a/tests/home/admin/.gnupg/pubring.gpg and b/tests/home/admin/.gnupg/pubring.gpg differ diff --git a/tests/home/admin/.gnupg/trustdb.gpg b/tests/home/admin/.gnupg/trustdb.gpg index 77ef133..171a891 100644 Binary files a/tests/home/admin/.gnupg/trustdb.gpg and b/tests/home/admin/.gnupg/trustdb.gpg differ diff --git a/tests/home/testuser/.gnupg/gpg.conf b/tests/home/testuser/.gnupg/gpg.conf index 34bf93a..f65c71b 100644 --- a/tests/home/testuser/.gnupg/gpg.conf +++ b/tests/home/testuser/.gnupg/gpg.conf @@ -1,2 +1,5 @@ # command to avoid depleting the system entropy quick-random +# other options +verify-options show-uid-validity +list-options show-uid-validity -- cgit v1.2.3 From e836e3d6f26d1c2bd03d70a4b37a6cce26ebb69f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 18:16:38 -0400 Subject: more work on test suite. --- tests/basic | 17 +++++------------ tests/home/admin/.gnupg/pubring.gpg | Bin 4331 -> 5349 bytes tests/home/admin/.gnupg/trustdb.gpg | Bin 1760 -> 1920 bytes 3 files changed, 5 insertions(+), 12 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 81f3b91..83d6920 100755 --- a/tests/basic +++ b/tests/basic @@ -24,17 +24,14 @@ gpgadmin() { # cleanup: cleanup() { + echo read -p "press enter to cleanup and remove tmp:" - # FIXME: stop the sshd process + echo "### stop sshd..." + kill "$SSHD_PID" - echo echo "### removing temp dir..." rm -rf "$TEMPDIR" - - # FIXME: how should we clear out the temporary $VARLIB? - - # FIXME: clear out ssh client config file and known hosts. } ## setup trap @@ -96,9 +93,7 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # FIXME: how can we test publish-key without flooding junk into the # keyservers? -# indicate that the "Admin's" key is an identity certifier for the -# host - +# add admin as identity certifier for testhost echo "### adding admin as certifier..." echo y | monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg @@ -114,6 +109,7 @@ EOF echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & +export SSHD_PID=$! ### TESTUSER TESTS @@ -131,9 +127,6 @@ echo "### export server key to testuser..." gpgadmin --armor --export "$HOSTKEYID" | \ GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import -#GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --list-keys -#read -p "?" - # connect to test sshd, using monkeysphere to verify the identity # before connection. echo "### testuser connecting to sshd socket..." diff --git a/tests/home/admin/.gnupg/pubring.gpg b/tests/home/admin/.gnupg/pubring.gpg index 8e10c4a..d22babd 100644 Binary files a/tests/home/admin/.gnupg/pubring.gpg and b/tests/home/admin/.gnupg/pubring.gpg differ diff --git a/tests/home/admin/.gnupg/trustdb.gpg b/tests/home/admin/.gnupg/trustdb.gpg index 171a891..d46e25f 100644 Binary files a/tests/home/admin/.gnupg/trustdb.gpg and b/tests/home/admin/.gnupg/trustdb.gpg differ -- cgit v1.2.3 From 9719b46f11c197187551241fee4bd6cd733e0b24 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 18:48:32 -0400 Subject: more test suite fixes. --- tests/basic | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 83d6920..e97f998 100755 --- a/tests/basic +++ b/tests/basic @@ -15,10 +15,9 @@ # fail on fail set -e -# these tests assume a commonly-trusted "Admin's key", a fake key -# permanently stored in ./home/admin/.gnupg: +# gpg command for test admin user gpgadmin() { - GNUPGHOME="$TESTDIR"/home/admin/.gnupg gpg "$@" + GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" } # cleanup: @@ -63,6 +62,12 @@ export MONKEYSPHERE_CHECK_KEYSERVER=false SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket +# copy in admin and testuser home to tmp +echo "### copying admin and testuser homes..." +cp -r "$TESTDIR"/home/admin "$TEMPDIR"/ +cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ + + ### SERVER TESTS @@ -95,7 +100,7 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # add admin as identity certifier for testhost echo "### adding admin as certifier..." -echo y | monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg +echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg # initialize base sshd_config cp etc/ssh/sshd_config "$SSHD_CONFIG" @@ -108,14 +113,10 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & - export SSHD_PID=$! -### TESTUSER TESTS -# copy testuser home directory into temp dir -echo "### seting up testuser home..." -cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ +### TESTUSER TESTS # generate an auth subkey for the test user echo "### generating key for testuser..." -- cgit v1.2.3 From e0eab1b5b18a6f7ab21de7f91166d3b640fbf0f8 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 00:32:00 -0400 Subject: testing: transfer permissions of home directories for testuser and admin. --- tests/basic | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index e97f998..722b837 100755 --- a/tests/basic +++ b/tests/basic @@ -64,8 +64,8 @@ export SOCKET="$TEMPDIR"/ssh-socket # copy in admin and testuser home to tmp echo "### copying admin and testuser homes..." -cp -r "$TESTDIR"/home/admin "$TEMPDIR"/ -cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ +cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ +cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ -- cgit v1.2.3 From 0461219ac31b04250dd7ea0630ef6da4c6bc1065 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 00:42:35 -0400 Subject: testing: make final ssh command more verbose; supplying a default empty password for gen-subkey. --- tests/basic | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 722b837..b1f3493 100755 --- a/tests/basic +++ b/tests/basic @@ -121,6 +121,7 @@ export SSHD_PID=$! # generate an auth subkey for the test user echo "### generating key for testuser..." MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ +SSH_ASKPASS=echo \ monkeysphere gen-subkey --expire 0 # add server key to testuser keychain @@ -128,12 +129,10 @@ echo "### export server key to testuser..." gpgadmin --armor --export "$HOSTKEYID" | \ GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import -# connect to test sshd, using monkeysphere to verify the identity -# before connection. +# connect to test sshd, using monkeysphere-ssh-proxycommand to verify +# the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" -GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -oProxyCommand="$PROXY_COMMAND" testhost +GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost + -# create a new client side key, certify it with the "CA", use it to -# log in. -## FIXME: implement! -- cgit v1.2.3 From a718b8d343f7b7de02be1a27a9f98a0ae52f0071 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 00:58:33 -0400 Subject: testing: adding temporary monkeysphere config and ssh config. --- tests/basic | 13 ++++++++++--- tests/home/testuser/.monkeysphere/monkeysphere.conf | 3 +++ tests/home/testuser/.ssh/config | 9 +++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 tests/home/testuser/.monkeysphere/monkeysphere.conf create mode 100644 tests/home/testuser/.ssh/config (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index b1f3493..2314684 100755 --- a/tests/basic +++ b/tests/basic @@ -67,6 +67,13 @@ echo "### copying admin and testuser homes..." cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ +cat < "$TEMPDIR"/testuser/.ssh/config +UserKnownHosts $TEMPDIR/testuser/.ssh/known_hosts +EOF + +cat < "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf +KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts +EOF ### SERVER TESTS @@ -133,6 +140,6 @@ gpgadmin --armor --export "$HOSTKEYID" | \ # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" -GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost - - +GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ +MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \ + ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost diff --git a/tests/home/testuser/.monkeysphere/monkeysphere.conf b/tests/home/testuser/.monkeysphere/monkeysphere.conf new file mode 100644 index 0000000..59cc0cf --- /dev/null +++ b/tests/home/testuser/.monkeysphere/monkeysphere.conf @@ -0,0 +1,3 @@ +# monkeysphere config for testuser in monkeysphere test suite + +# KNOWN_HOSTS will be dynamically defined after creation. diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config new file mode 100644 index 0000000..566d1c0 --- /dev/null +++ b/tests/home/testuser/.ssh/config @@ -0,0 +1,9 @@ +# ssh config file for testuser for monkeysphere test suite. +Host * +PasswordAuthentication no +KbdInteractiveAuthentication no +RSAAuthentication no +GSSAPIAuthentication no +StrictHostKeyChecking yes + +# UserKnownHosts file will be filled in dynamically. -- cgit v1.2.3 From f0fc313acc49c2f24cfc4d7e0a49fb7c1e3755f7 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:07:41 -0400 Subject: testing: fix ssh_config var UserKnownHosts to UserKnownHostsFile. --- tests/basic | 2 +- tests/home/testuser/.ssh/config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 2314684..30c6d17 100755 --- a/tests/basic +++ b/tests/basic @@ -68,7 +68,7 @@ cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ cat < "$TEMPDIR"/testuser/.ssh/config -UserKnownHosts $TEMPDIR/testuser/.ssh/known_hosts +UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts EOF cat < "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config index 566d1c0..8610bc9 100644 --- a/tests/home/testuser/.ssh/config +++ b/tests/home/testuser/.ssh/config @@ -6,4 +6,4 @@ RSAAuthentication no GSSAPIAuthentication no StrictHostKeyChecking yes -# UserKnownHosts file will be filled in dynamically. +# UserKnownHostsFile will be filled in dynamically. -- cgit v1.2.3 From 5e6fa0164c6003d09434e8e1b806a3d9ab8a2fcf Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:12:05 -0400 Subject: testing: using jobspec instead of SSHD_PID --- tests/basic | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 30c6d17..cb3730d 100755 --- a/tests/basic +++ b/tests/basic @@ -27,10 +27,12 @@ cleanup() { read -p "press enter to cleanup and remove tmp:" echo "### stop sshd..." - kill "$SSHD_PID" + kill %1 echo "### removing temp dir..." rm -rf "$TEMPDIR" + + wait } ## setup trap @@ -120,8 +122,6 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & -export SSHD_PID=$! - ### TESTUSER TESTS -- cgit v1.2.3 From af628454baaa110b31521a4d524d8690450defac Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:14:49 -0400 Subject: testing: only try to kill backgrounded sshd if process exists. --- tests/basic | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index cb3730d..a917f9f 100755 --- a/tests/basic +++ b/tests/basic @@ -26,8 +26,10 @@ cleanup() { echo read -p "press enter to cleanup and remove tmp:" - echo "### stop sshd..." - kill %1 + if ( jobs %1 >/dev/null 2>/dev/null ) ; then + echo "### stopping still-running sshd..." + kill %1 + fi echo "### removing temp dir..." rm -rf "$TEMPDIR" -- cgit v1.2.3 From 485b28a03e3f53361a4084921b1d3c68c0fda968 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:23:21 -0400 Subject: testing switching back to SSHD_PID, since the jobspec does not seem to work through a trap. --- tests/basic | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index a917f9f..a04cc0e 100755 --- a/tests/basic +++ b/tests/basic @@ -26,9 +26,9 @@ cleanup() { echo read -p "press enter to cleanup and remove tmp:" - if ( jobs %1 >/dev/null 2>/dev/null ) ; then + if ( ps $SSHD_PID >/dev/null ) ; then echo "### stopping still-running sshd..." - kill %1 + kill $SSHD_PID fi echo "### removing temp dir..." @@ -124,6 +124,7 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & +export SSHD_PID=$! ### TESTUSER TESTS -- cgit v1.2.3 From 8859ba489c1234a3920cb121c177d06b3b8779f7 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:51:13 -0400 Subject: testing: move ProxyCommand into a simple shell script to ease invocation (shell logical operators do not work directly in ProxyCommand argument). --- tests/basic | 9 ++++----- tests/home/testuser/.ssh/config | 2 +- tests/home/testuser/.ssh/proxy-command | 8 ++++++++ 3 files changed, 13 insertions(+), 6 deletions(-) create mode 100755 tests/home/testuser/.ssh/proxy-command (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index a04cc0e..d497d84 100755 --- a/tests/basic +++ b/tests/basic @@ -71,15 +71,15 @@ echo "### copying admin and testuser homes..." cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ -cat < "$TEMPDIR"/testuser/.ssh/config +cat <> "$TEMPDIR"/testuser/.ssh/config UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts +ProxyCommand $TEMPDIR/testuser/.ssh/proxy-command %h %p $SOCKET EOF -cat < "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf +cat <> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts EOF - ### SERVER TESTS # setup monkeysphere temp gnupghome directories @@ -142,7 +142,6 @@ gpgadmin --armor --export "$HOSTKEYID" | \ # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." -PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \ - ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost + ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v testhost diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config index 8610bc9..113a511 100644 --- a/tests/home/testuser/.ssh/config +++ b/tests/home/testuser/.ssh/config @@ -6,4 +6,4 @@ RSAAuthentication no GSSAPIAuthentication no StrictHostKeyChecking yes -# UserKnownHostsFile will be filled in dynamically. +# UserKnownHostsFile and ProxyCommand will be filled in dynamically. diff --git a/tests/home/testuser/.ssh/proxy-command b/tests/home/testuser/.ssh/proxy-command new file mode 100755 index 0000000..630327d --- /dev/null +++ b/tests/home/testuser/.ssh/proxy-command @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +# simple socket-based proxy-command wrapper for testing monkeysphere. + +# pass this thing the host, the port, and the socket. + +monkeysphere-ssh-proxycommand --no-connect "$1" "$2" && \ +socat STDIO UNIX:"$3" -- cgit v1.2.3 From 74b446aef77a46302430ee8aac7124f40d9bf1b4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:59:55 -0400 Subject: testing: moved the LogLevel debugging for ssh into config files, added an ssh-agent to the final ssh invocation. --- tests/basic | 31 ++++++++++++++++++++----------- tests/etc/ssh/sshd_config | 1 + tests/home/testuser/.ssh/config | 1 + 3 files changed, 22 insertions(+), 11 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index d497d84..751dec4 100755 --- a/tests/basic +++ b/tests/basic @@ -2,17 +2,16 @@ # Tests to ensure that the monkeysphere is working -# Author: Daniel Kahn Gillmor -# Date: 2008-09-13 13:40:15-0400 +# Authors: +# Daniel Kahn Gillmor +# Jameson Rollins +# Copyright: 2008 +# License: GPL v3 or later -# these tests might be best run under fakeroot, particularly the -# "server-side" tests. Using fakeroot, they should be able to be run +# these tests should all be able to # as a non-privileged user. -# NOTE: these tests have *not* themselves been tested yet -# (2008-09-13). Please exercise with caution! - -# fail on fail +# all subcommands in this script should complete without failure: set -e # gpg command for test admin user @@ -20,6 +19,12 @@ gpgadmin() { GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" } +failed_cleanup() { +# FIXME: can we be more verbose here? + echo 'FAILED!' + cleanup +} + # cleanup: cleanup() { @@ -38,7 +43,7 @@ cleanup() { } ## setup trap -trap cleanup EXIT +trap failed_cleanup EXIT ## set up some variables to ensure that we're operating strictly in ## the tests, not system-wide: @@ -123,7 +128,7 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." -socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & +socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & export SSHD_PID=$! ### TESTUSER TESTS @@ -144,4 +149,8 @@ gpgadmin --armor --export "$HOSTKEYID" | \ echo "### testuser connecting to sshd socket..." GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \ - ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v testhost + ssh-agent bash -c \ + 'monkeysphere subkey-to-ssh-agent && ssh -F "$TEMPDIR"/testuser/.ssh/config testhost' + +trap - EXIT +cleanup diff --git a/tests/etc/ssh/sshd_config b/tests/etc/ssh/sshd_config index 15b980c..82c72b9 100644 --- a/tests/etc/ssh/sshd_config +++ b/tests/etc/ssh/sshd_config @@ -20,3 +20,4 @@ TCPKeepAlive no AcceptEnv LANG LC_* UsePAM no UsePrivilegeSeparation no +LogLevel DEBUG diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config index 113a511..1da2344 100644 --- a/tests/home/testuser/.ssh/config +++ b/tests/home/testuser/.ssh/config @@ -5,5 +5,6 @@ KbdInteractiveAuthentication no RSAAuthentication no GSSAPIAuthentication no StrictHostKeyChecking yes +LogLevel DEBUG # UserKnownHostsFile and ProxyCommand will be filled in dynamically. -- cgit v1.2.3 From c4a5813c6847201ae55ab8d3d49b6b4bb9691561 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:24:01 -0400 Subject: testing: added a passphrase (abc123) for the testuser private key; supplied a phony SSH_ASKPASS to provide the password when needed. --- tests/basic | 16 ++++++++-------- tests/home/testuser/.gnupg/random_seed | Bin 600 -> 600 bytes tests/home/testuser/.gnupg/secring.gpg | Bin 737 -> 775 bytes tests/home/testuser/.ssh/askpass | 6 ++++++ 4 files changed, 14 insertions(+), 8 deletions(-) create mode 100755 tests/home/testuser/.ssh/askpass (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 751dec4..10b3c31 100755 --- a/tests/basic +++ b/tests/basic @@ -135,21 +135,21 @@ export SSHD_PID=$! # generate an auth subkey for the test user echo "### generating key for testuser..." -MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ -SSH_ASKPASS=echo \ - monkeysphere gen-subkey --expire 0 +export GNUPGHOME="$TEMPDIR"/testuser/.gnupg +export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass +export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere + +monkeysphere gen-subkey --expire 0 # add server key to testuser keychain echo "### export server key to testuser..." -gpgadmin --armor --export "$HOSTKEYID" | \ - GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import +gpgadmin --armor --export "$HOSTKEYID" | gpg --import # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." -GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ -MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \ - ssh-agent bash -c \ + +ssh-agent bash -c \ 'monkeysphere subkey-to-ssh-agent && ssh -F "$TEMPDIR"/testuser/.ssh/config testhost' trap - EXIT diff --git a/tests/home/testuser/.gnupg/random_seed b/tests/home/testuser/.gnupg/random_seed index 40ab6a6..230b315 100644 Binary files a/tests/home/testuser/.gnupg/random_seed and b/tests/home/testuser/.gnupg/random_seed differ diff --git a/tests/home/testuser/.gnupg/secring.gpg b/tests/home/testuser/.gnupg/secring.gpg index a5519a6..26cf230 100644 Binary files a/tests/home/testuser/.gnupg/secring.gpg and b/tests/home/testuser/.gnupg/secring.gpg differ diff --git a/tests/home/testuser/.ssh/askpass b/tests/home/testuser/.ssh/askpass new file mode 100755 index 0000000..5b7b059 --- /dev/null +++ b/tests/home/testuser/.ssh/askpass @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +# phony/automatic askpass, to provide the passphrase for the +# testuser's GPG key. + +echo abc123 -- cgit v1.2.3 From deff162a515d6cbd4a657f62d8137c4e82ca7d30 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:28:45 -0400 Subject: testing: fixing some bash escaping, adding in one last FIXME --- tests/basic | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 10b3c31..832b33a 100755 --- a/tests/basic +++ b/tests/basic @@ -126,6 +126,9 @@ HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF +# FIXME: teach the "server" about the testuser's key, and update the +# fake authorized_keys file for testuser! + # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & @@ -150,7 +153,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import echo "### testuser connecting to sshd socket..." ssh-agent bash -c \ - 'monkeysphere subkey-to-ssh-agent && ssh -F "$TEMPDIR"/testuser/.ssh/config testhost' + "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost" trap - EXIT cleanup -- cgit v1.2.3 From a40dd55ec85e64d3cc86bf7dc3eb14f4475cccaf Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:37:18 -0400 Subject: testing: setting up the authorized_keys for testuser. --- tests/basic | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 832b33a..3ef5c6c 100755 --- a/tests/basic +++ b/tests/basic @@ -90,6 +90,7 @@ EOF # setup monkeysphere temp gnupghome directories mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication +mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authorized_keys cat < "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg @@ -126,8 +127,11 @@ HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF -# FIXME: teach the "server" about the testuser's key, and update the -# fake authorized_keys file for testuser! +# teach the "server" about the testuser's key +GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --export testuser | \ + monkeysphere-server gpg-authentication-cmd --import + +monkeysphere-server update-users testuser # launch test sshd with the new host key. echo "### starting sshd..." -- cgit v1.2.3 From e3864891de9261409297d4d6a959bce89ef5f42a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:40:29 -0400 Subject: testing: change order of operations to make sure that authentication subkey is available during authorized_keys update. --- tests/basic | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 3ef5c6c..9f4d02e 100755 --- a/tests/basic +++ b/tests/basic @@ -127,12 +127,6 @@ HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF -# teach the "server" about the testuser's key -GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --export testuser | \ - monkeysphere-server gpg-authentication-cmd --import - -monkeysphere-server update-users testuser - # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & @@ -152,6 +146,12 @@ monkeysphere gen-subkey --expire 0 echo "### export server key to testuser..." gpgadmin --armor --export "$HOSTKEYID" | gpg --import +# teach the "server" about the testuser's key +echo "### export testuser key to server..." +gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import +echo "### update server authorized_keys file for testuser..." +monkeysphere-server update-users testuser + # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." -- cgit v1.2.3 From 6b5b0fdfc95625892df654e4ae057a798e59d588 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:56:03 -0400 Subject: testing: setting up the fake testuser account with an authorized_user_id. --- tests/basic | 9 +++++++-- tests/home/testuser/.monkeysphere/authorized_user_ids | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 tests/home/testuser/.monkeysphere/authorized_user_ids (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 9f4d02e..8d2b8f8 100755 --- a/tests/basic +++ b/tests/basic @@ -85,6 +85,11 @@ cat <> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts EOF +# set up a simple default monkeysphere-server.conf +cat <> "$TEMPDIR"/monkeysphere-server.conf +AUTHORIZED_USER_IDS="$TEMPDIR/testuser/.monkeysphere/authorized_user_ids" +EOF + ### SERVER TESTS # setup monkeysphere temp gnupghome directories @@ -149,8 +154,8 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo "### export testuser key to server..." gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import -echo "### update server authorized_keys file for testuser..." -monkeysphere-server update-users testuser +echo "### update server authorized_keys file for this testuser..." +monkeysphere-server update-users "$USER" # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! diff --git a/tests/home/testuser/.monkeysphere/authorized_user_ids b/tests/home/testuser/.monkeysphere/authorized_user_ids new file mode 100644 index 0000000..4b51eaf --- /dev/null +++ b/tests/home/testuser/.monkeysphere/authorized_user_ids @@ -0,0 +1 @@ +Monkeysphere Test Suite Test User (DO NOT USE!!!) -- cgit v1.2.3 From 96ac22cf25565e62b5a8a2dae820b074cb5ab32d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 03:02:11 -0400 Subject: testing: A bit more fine-tuning, so that the test suite should successfully complete without any user interaction. --- tests/basic | 17 ++++++++++------- tests/home/testuser/.ssh/proxy-command | 2 +- 2 files changed, 11 insertions(+), 8 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 8d2b8f8..2befac2 100755 --- a/tests/basic +++ b/tests/basic @@ -22,18 +22,16 @@ gpgadmin() { failed_cleanup() { # FIXME: can we be more verbose here? echo 'FAILED!' + read -p "press enter to cleanup and remove tmp:" + cleanup } # cleanup: cleanup() { - - echo - read -p "press enter to cleanup and remove tmp:" - - if ( ps $SSHD_PID >/dev/null ) ; then + if ( ps "$SSHD_PID" >/dev/null ) ; then echo "### stopping still-running sshd..." - kill $SSHD_PID + kill "$SSHD_PID" fi echo "### removing temp dir..." @@ -162,7 +160,12 @@ monkeysphere-server update-users "$USER" echo "### testuser connecting to sshd socket..." ssh-agent bash -c \ - "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost" + "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true" trap - EXIT + +echo +echo "Monkeysphere basic tests completed successfully!" +echo + cleanup diff --git a/tests/home/testuser/.ssh/proxy-command b/tests/home/testuser/.ssh/proxy-command index 630327d..21c66fa 100755 --- a/tests/home/testuser/.ssh/proxy-command +++ b/tests/home/testuser/.ssh/proxy-command @@ -5,4 +5,4 @@ # pass this thing the host, the port, and the socket. monkeysphere-ssh-proxycommand --no-connect "$1" "$2" && \ -socat STDIO UNIX:"$3" +exec socat STDIO UNIX:"$3" -- cgit v1.2.3