summaryrefslogtreecommitdiff
path: root/tests/basic
blob: cb3730daddc27bef1cfddaebbf77f5858d31a959 (plain) 
    

  1. #!/usr/bin/env bash
    2. 

  2. 

  3. # Tests to ensure that the monkeysphere is working
    4. 

  4. 

  5. # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    6. 

  6. # Date: 2008-09-13 13:40:15-0400
    7. 

  7. 

  8. # these tests might be best run under fakeroot, particularly the
    9. 

  9. # "server-side" tests.  Using fakeroot, they should be able to be run
    10. 

  10. # as a non-privileged user.
    11. 

  11. 

  12. # NOTE: these tests have *not* themselves been tested yet
    13. 

  13. # (2008-09-13).  Please exercise with caution!
    14. 

  14. 

  15. # fail on fail
    16. 

  16. set -e
    17. 

  17. 

  18. # gpg command for test admin user
    19. 

  19. gpgadmin() {
    20. 

  20.     GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
    21. 

  21. }
    22. 

  22. 

  23. # cleanup:
    24. 

  24. cleanup() {
    25. 

  25. 

  26.     echo
    27. 

  27.     read -p "press enter to cleanup and remove tmp:"
    28. 

  28. 

  29.     echo "### stop sshd..."
    30. 

  30.     kill %1
    31. 

  31. 

  32.     echo "### removing temp dir..."
    33. 

  33.     rm -rf "$TEMPDIR"
    34. 

  34. 

  35.     wait
    36. 

  36. }
    37. 

  37. 

  38. ## setup trap
    39. 

  39. trap cleanup EXIT
    40. 

  40. 

  41. ## set up some variables to ensure that we're operating strictly in
    42. 

  42. ## the tests, not system-wide:
    43. 

  43. 

  44. export TESTDIR=$(pwd)
    45. 

  45. 

  46. # make temp dir
    47. 

  47. TEMPDIR="$TESTDIR"/tmp
    48. 

  48. if [ -e "$TEMPDIR" ] ; then
    49. 

  49.     echo "tempdir '$TEMPDIR' already exists."
    50. 

  50.     exit 1
    51. 

  51. fi
    52. 

  52. mkdir "$TEMPDIR"
    53. 

  53. 

  54. # Use the local copy of executables first, instead of system ones.
    55. 

  55. # This should help us test without installing.
    56. 

  56. export PATH="$TESTDIR"/../src:"$TESTDIR"/../src/keytrans:"$PATH"
    57. 

  57. 

  58. export MONKEYSPHERE_SYSDATADIR="$TEMPDIR"
    59. 

  59. export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR"
    60. 

  60. export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src
    61. 

  61. export MONKEYSPHERE_MONKEYSPHERE_USER="$USER"
    62. 

  62. export MONKEYSPHERE_CHECK_KEYSERVER=false
    63. 

  63. 

  64. SSHD_CONFIG="$TEMPDIR"/sshd_config
    65. 

  65. export SOCKET="$TEMPDIR"/ssh-socket
    66. 

  66. 

  67. # copy in admin and testuser home to tmp
    68. 

  68. echo "### copying admin and testuser homes..."
    69. 

  69. cp -a "$TESTDIR"/home/admin "$TEMPDIR"/
    70. 

  70. cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
    71. 

  71. 

  72. cat <<EOF > "$TEMPDIR"/testuser/.ssh/config
    73. 

  73. UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts
    74. 

  74. EOF
    75. 

  75. 

  76. cat <<EOF > "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf
    77. 

  77. KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts
    78. 

  78. EOF
    79. 

  79. 

  80. 

  81. ### SERVER TESTS
    82. 

  82. 

  83. # setup monkeysphere temp gnupghome directories
    84. 

  84. mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host
    85. 

  85. mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication
    86. 

  86. cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf
    87. 

  87. primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg
    88. 

  88. keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg
    89. 

  89. EOF
    90. 

  90. 

  91. # create a new host key
    92. 

  92. echo "### generating server key..."
    93. 

  93. # add gpg.conf with quick-random
    94. 

  94. echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
    95. 

  95. echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost
    96. 

  96. # remove the gpg.conf
    97. 

  97. rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
    98. 

  98. 

  99. HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\  )
    100. 

  100. 

  101. # certify it with the "Admin's Key".
    102. 

  102. # (this would normally be done via keyservers)
    103. 

  103. echo "### certifying server key..."
    104. 

  104. monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import
    105. 

  105. echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
    106. 

  106. 

  107. # FIXME: how can we test publish-key without flooding junk into the
    108. 

  108. # keyservers?
    109. 

  109. 

  110. # add admin as identity certifier for testhost
    111. 

  111. echo "### adding admin as certifier..."
    112. 

  112. echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg
    113. 

  113. 

  114. # initialize base sshd_config
    115. 

  115. cp etc/ssh/sshd_config "$SSHD_CONFIG"
    116. 

  116. # write the sshd_config
    117. 

  117. cat <<EOF >> "$SSHD_CONFIG"
    118. 

  118. HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
    119. 

  119. AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
    120. 

  120. EOF
    121. 

  121. 

  122. # launch test sshd with the new host key.
    123. 

  123. echo "### starting sshd..."
    124. 

  124. socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
    125. 

  125. 

  126. ### TESTUSER TESTS
    127. 

  127. 

  128. # generate an auth subkey for the test user
    129. 

  129. echo "### generating key for testuser..."
    130. 

  130. MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \
    131. 

  131. SSH_ASKPASS=echo \
    132. 

  132.     monkeysphere gen-subkey --expire 0
    133. 

  133. 

  134. # add server key to testuser keychain
    135. 

  135. echo "### export server key to testuser..."
    136. 

  136. gpgadmin --armor --export "$HOSTKEYID" | \
    137. 

  137.     GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import
    138. 

  138. 

  139. # connect to test sshd, using monkeysphere-ssh-proxycommand to verify
    140. 

  140. # the identity before connection.  This should work in both directions!
    141. 

  141. echo "### testuser connecting to sshd socket..."
    142. 

  142. PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}"
    143. 

  143. GNUPGHOME="$TEMPDIR"/testuser/.gnupg \
    144. 

  144. MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \
    145. 

  145.  ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost
    146.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 21:01:25 +0000