summaryrefslogtreecommitdiff
path: root/tests/basic
blob: 2befac2ed5e6b43807588bac144ac76accaa287d (plain)
  1. #!/usr/bin/env bash
  2. # Tests to ensure that the monkeysphere is working
  3. # Authors:
  4. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  5. # Jameson Rollins <jrollins@fifthhorseman.net>
  6. # Copyright: 2008
  7. # License: GPL v3 or later
  8. # these tests should all be able to
  9. # as a non-privileged user.
  10. # all subcommands in this script should complete without failure:
  11. set -e
  12. # gpg command for test admin user
  13. gpgadmin() {
  14. GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
  15. }
  16. failed_cleanup() {
  17. # FIXME: can we be more verbose here?
  18. echo 'FAILED!'
  19. read -p "press enter to cleanup and remove tmp:"
  20. cleanup
  21. }
  22. # cleanup:
  23. cleanup() {
  24. if ( ps "$SSHD_PID" >/dev/null ) ; then
  25. echo "### stopping still-running sshd..."
  26. kill "$SSHD_PID"
  27. fi
  28. echo "### removing temp dir..."
  29. rm -rf "$TEMPDIR"
  30. wait
  31. }
  32. ## setup trap
  33. trap failed_cleanup EXIT
  34. ## set up some variables to ensure that we're operating strictly in
  35. ## the tests, not system-wide:
  36. export TESTDIR=$(pwd)
  37. # make temp dir
  38. TEMPDIR="$TESTDIR"/tmp
  39. if [ -e "$TEMPDIR" ] ; then
  40. echo "tempdir '$TEMPDIR' already exists."
  41. exit 1
  42. fi
  43. mkdir "$TEMPDIR"
  44. # Use the local copy of executables first, instead of system ones.
  45. # This should help us test without installing.
  46. export PATH="$TESTDIR"/../src:"$TESTDIR"/../src/keytrans:"$PATH"
  47. export MONKEYSPHERE_SYSDATADIR="$TEMPDIR"
  48. export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR"
  49. export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src
  50. export MONKEYSPHERE_MONKEYSPHERE_USER="$USER"
  51. export MONKEYSPHERE_CHECK_KEYSERVER=false
  52. SSHD_CONFIG="$TEMPDIR"/sshd_config
  53. export SOCKET="$TEMPDIR"/ssh-socket
  54. # copy in admin and testuser home to tmp
  55. echo "### copying admin and testuser homes..."
  56. cp -a "$TESTDIR"/home/admin "$TEMPDIR"/
  57. cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
  58. cat <<EOF >> "$TEMPDIR"/testuser/.ssh/config
  59. UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts
  60. ProxyCommand $TEMPDIR/testuser/.ssh/proxy-command %h %p $SOCKET
  61. EOF
  62. cat <<EOF >> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf
  63. KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts
  64. EOF
  65. # set up a simple default monkeysphere-server.conf
  66. cat <<EOF >> "$TEMPDIR"/monkeysphere-server.conf
  67. AUTHORIZED_USER_IDS="$TEMPDIR/testuser/.monkeysphere/authorized_user_ids"
  68. EOF
  69. ### SERVER TESTS
  70. # setup monkeysphere temp gnupghome directories
  71. mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host
  72. mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication
  73. mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authorized_keys
  74. cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf
  75. primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg
  76. keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg
  77. EOF
  78. # create a new host key
  79. echo "### generating server key..."
  80. # add gpg.conf with quick-random
  81. echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
  82. echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost
  83. # remove the gpg.conf
  84. rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
  85. HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ )
  86. # certify it with the "Admin's Key".
  87. # (this would normally be done via keyservers)
  88. echo "### certifying server key..."
  89. monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import
  90. echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
  91. # FIXME: how can we test publish-key without flooding junk into the
  92. # keyservers?
  93. # add admin as identity certifier for testhost
  94. echo "### adding admin as certifier..."
  95. echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg
  96. # initialize base sshd_config
  97. cp etc/ssh/sshd_config "$SSHD_CONFIG"
  98. # write the sshd_config
  99. cat <<EOF >> "$SSHD_CONFIG"
  100. HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
  101. AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
  102. EOF
  103. # launch test sshd with the new host key.
  104. echo "### starting sshd..."
  105. socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
  106. export SSHD_PID=$!
  107. ### TESTUSER TESTS
  108. # generate an auth subkey for the test user
  109. echo "### generating key for testuser..."
  110. export GNUPGHOME="$TEMPDIR"/testuser/.gnupg
  111. export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass
  112. export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere
  113. monkeysphere gen-subkey --expire 0
  114. # add server key to testuser keychain
  115. echo "### export server key to testuser..."
  116. gpgadmin --armor --export "$HOSTKEYID" | gpg --import
  117. # teach the "server" about the testuser's key
  118. echo "### export testuser key to server..."
  119. gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import
  120. echo "### update server authorized_keys file for this testuser..."
  121. monkeysphere-server update-users "$USER"
  122. # connect to test sshd, using monkeysphere-ssh-proxycommand to verify
  123. # the identity before connection. This should work in both directions!
  124. echo "### testuser connecting to sshd socket..."
  125. ssh-agent bash -c \
  126. "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true"
  127. trap - EXIT
  128. echo
  129. echo "Monkeysphere basic tests completed successfully!"
  130. echo
  131. cleanup