summaryrefslogtreecommitdiff
path: root/tests/basic
blob: a04cc0ef367d78a27ba5355d164ca836a18a08c1 (plain) 
    

  1. #!/usr/bin/env bash
    2. 

  2. 

  3. # Tests to ensure that the monkeysphere is working
    4. 

  4. 

  5. # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    6. 

  6. # Date: 2008-09-13 13:40:15-0400
    7. 

  7. 

  8. # these tests might be best run under fakeroot, particularly the
    9. 

  9. # "server-side" tests.  Using fakeroot, they should be able to be run
    10. 

  10. # as a non-privileged user.
    11. 

  11. 

  12. # NOTE: these tests have *not* themselves been tested yet
    13. 

  13. # (2008-09-13).  Please exercise with caution!
    14. 

  14. 

  15. # fail on fail
    16. 

  16. set -e
    17. 

  17. 

  18. # gpg command for test admin user
    19. 

  19. gpgadmin() {
    20. 

  20.     GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
    21. 

  21. }
    22. 

  22. 

  23. # cleanup:
    24. 

  24. cleanup() {
    25. 

  25. 

  26.     echo
    27. 

  27.     read -p "press enter to cleanup and remove tmp:"
    28. 

  28. 

  29.     if ( ps $SSHD_PID >/dev/null ) ; then 
    30. 

  30.     echo "### stopping still-running sshd..."
    31. 

  31.     kill $SSHD_PID
    32. 

  32.     fi
    33. 

  33. 

  34.     echo "### removing temp dir..."
    35. 

  35.     rm -rf "$TEMPDIR"
    36. 

  36. 

  37.     wait
    38. 

  38. }
    39. 

  39. 

  40. ## setup trap
    41. 

  41. trap cleanup EXIT
    42. 

  42. 

  43. ## set up some variables to ensure that we're operating strictly in
    44. 

  44. ## the tests, not system-wide:
    45. 

  45. 

  46. export TESTDIR=$(pwd)
    47. 

  47. 

  48. # make temp dir
    49. 

  49. TEMPDIR="$TESTDIR"/tmp
    50. 

  50. if [ -e "$TEMPDIR" ] ; then
    51. 

  51.     echo "tempdir '$TEMPDIR' already exists."
    52. 

  52.     exit 1
    53. 

  53. fi
    54. 

  54. mkdir "$TEMPDIR"
    55. 

  55. 

  56. # Use the local copy of executables first, instead of system ones.
    57. 

  57. # This should help us test without installing.
    58. 

  58. export PATH="$TESTDIR"/../src:"$TESTDIR"/../src/keytrans:"$PATH"
    59. 

  59. 

  60. export MONKEYSPHERE_SYSDATADIR="$TEMPDIR"
    61. 

  61. export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR"
    62. 

  62. export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src
    63. 

  63. export MONKEYSPHERE_MONKEYSPHERE_USER="$USER"
    64. 

  64. export MONKEYSPHERE_CHECK_KEYSERVER=false
    65. 

  65. 

  66. SSHD_CONFIG="$TEMPDIR"/sshd_config
    67. 

  67. export SOCKET="$TEMPDIR"/ssh-socket
    68. 

  68. 

  69. # copy in admin and testuser home to tmp
    70. 

  70. echo "### copying admin and testuser homes..."
    71. 

  71. cp -a "$TESTDIR"/home/admin "$TEMPDIR"/
    72. 

  72. cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
    73. 

  73. 

  74. cat <<EOF > "$TEMPDIR"/testuser/.ssh/config
    75. 

  75. UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts
    76. 

  76. EOF
    77. 

  77. 

  78. cat <<EOF > "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf
    79. 

  79. KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts
    80. 

  80. EOF
    81. 

  81. 

  82. 

  83. ### SERVER TESTS
    84. 

  84. 

  85. # setup monkeysphere temp gnupghome directories
    86. 

  86. mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host
    87. 

  87. mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication
    88. 

  88. cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf
    89. 

  89. primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg
    90. 

  90. keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg
    91. 

  91. EOF
    92. 

  92. 

  93. # create a new host key
    94. 

  94. echo "### generating server key..."
    95. 

  95. # add gpg.conf with quick-random
    96. 

  96. echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
    97. 

  97. echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost
    98. 

  98. # remove the gpg.conf
    99. 

  99. rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
    100. 

  100. 

  101. HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\  )
    102. 

  102. 

  103. # certify it with the "Admin's Key".
    104. 

  104. # (this would normally be done via keyservers)
    105. 

  105. echo "### certifying server key..."
    106. 

  106. monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import
    107. 

  107. echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
    108. 

  108. 

  109. # FIXME: how can we test publish-key without flooding junk into the
    110. 

  110. # keyservers?
    111. 

  111. 

  112. # add admin as identity certifier for testhost
    113. 

  113. echo "### adding admin as certifier..."
    114. 

  114. echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg
    115. 

  115. 

  116. # initialize base sshd_config
    117. 

  117. cp etc/ssh/sshd_config "$SSHD_CONFIG"
    118. 

  118. # write the sshd_config
    119. 

  119. cat <<EOF >> "$SSHD_CONFIG"
    120. 

  120. HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
    121. 

  121. AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
    122. 

  122. EOF
    123. 

  123. 

  124. # launch test sshd with the new host key.
    125. 

  125. echo "### starting sshd..."
    126. 

  126. socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
    127. 

  127. export SSHD_PID=$!
    128. 

  128. 

  129. ### TESTUSER TESTS
    130. 

  130. 

  131. # generate an auth subkey for the test user
    132. 

  132. echo "### generating key for testuser..."
    133. 

  133. MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \
    134. 

  134. SSH_ASKPASS=echo \
    135. 

  135.     monkeysphere gen-subkey --expire 0
    136. 

  136. 

  137. # add server key to testuser keychain
    138. 

  138. echo "### export server key to testuser..."
    139. 

  139. gpgadmin --armor --export "$HOSTKEYID" | \
    140. 

  140.     GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import
    141. 

  141. 

  142. # connect to test sshd, using monkeysphere-ssh-proxycommand to verify
    143. 

  143. # the identity before connection.  This should work in both directions!
    144. 

  144. echo "### testuser connecting to sshd socket..."
    145. 

  145. PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}"
    146. 

  146. GNUPGHOME="$TEMPDIR"/testuser/.gnupg \
    147. 

  147. MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \
    148. 

  148.  ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost
    149.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 20:42:13 +0000