summaryrefslogtreecommitdiff
path: root/tests/basic
blob: d82719df8ad9d1d4bf103e635a9e7c375a021682 (plain)
  1. #!/usr/bin/env bash
  2. # Tests to ensure that the monkeysphere is working
  3. # Authors:
  4. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  5. # Jameson Rollins <jrollins@fifthhorseman.net>
  6. # Copyright: 2008
  7. # License: GPL v3 or later
  8. # these tests should all be able to
  9. # as a non-privileged user.
  10. # all subcommands in this script should complete without failure:
  11. set -e
  12. # gpg command for test admin user
  13. gpgadmin() {
  14. GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
  15. }
  16. launch_sshd() {
  17. umask 0077
  18. socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
  19. export SSHD_PID=$!
  20. # wait until the socket is created before continuing
  21. while [ ! -S "$SOCKET" ] ; do
  22. sleep 1
  23. done
  24. }
  25. ssh_test() {
  26. ssh-agent bash -c \
  27. "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true"
  28. }
  29. failed_cleanup() {
  30. # FIXME: can we be more verbose here?
  31. echo 'FAILED!'
  32. read -p "press enter to cleanup and remove tmp:"
  33. cleanup
  34. }
  35. get_gpg_prng_arg() {
  36. if (gpg --quick-random --version >/dev/null 2>&1) ; then
  37. echo quick-random
  38. elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
  39. echo debug-quick-random
  40. fi
  41. }
  42. cleanup() {
  43. if [ "$SSHD_PID" ] && ( ps "$SSHD_PID" >/dev/null ) ; then
  44. echo "### stopping still-running sshd..."
  45. kill "$SSHD_PID"
  46. fi
  47. echo "### removing temp dir..."
  48. rm -rf "$TEMPDIR"
  49. wait
  50. }
  51. ## setup trap
  52. trap failed_cleanup EXIT
  53. ## set up some variables to ensure that we're operating strictly in
  54. ## the tests, not system-wide:
  55. export TESTDIR=$(pwd)
  56. # make temp dir
  57. TEMPDIR="$TESTDIR"/tmp
  58. if [ -e "$TEMPDIR" ] ; then
  59. echo "tempdir '$TEMPDIR' already exists."
  60. exit 1
  61. fi
  62. mkdir "$TEMPDIR"
  63. # Use the local copy of executables first, instead of system ones.
  64. # This should help us test without installing.
  65. export PATH="$TESTDIR"/../src:"$TESTDIR"/../src/keytrans:"$PATH"
  66. export MONKEYSPHERE_SYSDATADIR="$TEMPDIR"
  67. export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR"
  68. export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src
  69. export MONKEYSPHERE_MONKEYSPHERE_USER="$USER"
  70. export MONKEYSPHERE_CHECK_KEYSERVER=false
  71. export SSHD_CONFIG="$TEMPDIR"/sshd_config
  72. export SOCKET="$TEMPDIR"/ssh-socket
  73. export SSHD_PID=
  74. # copy in admin and testuser home to tmp
  75. echo "### copying admin and testuser homes..."
  76. cp -a "$TESTDIR"/home/admin "$TEMPDIR"/
  77. cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
  78. cat <<EOF >> "$TEMPDIR"/testuser/.ssh/config
  79. UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts
  80. IdentityFile $TEMPDIR/testuser/.ssh/no-such-identity
  81. ProxyCommand $TEMPDIR/testuser/.ssh/proxy-command %h %p $SOCKET
  82. EOF
  83. cat <<EOF >> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf
  84. KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts
  85. EOF
  86. get_gpg_prng_arg >> "$TEMPDIR"/testuser/.gnupg/gpg.conf
  87. # set up a simple default monkeysphere-server.conf
  88. cat <<EOF >> "$TEMPDIR"/monkeysphere-server.conf
  89. AUTHORIZED_USER_IDS="$TEMPDIR/testuser/.monkeysphere/authorized_user_ids"
  90. EOF
  91. ### SERVER TESTS
  92. # setup monkeysphere temp gnupghome directories
  93. mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host
  94. mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication
  95. mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authorized_keys
  96. cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf
  97. primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg
  98. keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg
  99. EOF
  100. # create a new host key
  101. echo "### generating server key..."
  102. # add gpg.conf with quick-random
  103. get_gpg_prng_arg >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
  104. echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost
  105. # remove the gpg.conf
  106. rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
  107. HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ )
  108. # certify it with the "Admin's Key".
  109. # (this would normally be done via keyservers)
  110. echo "### certifying server key..."
  111. monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import
  112. echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
  113. # FIXME: how can we test publish-key without flooding junk into the
  114. # keyservers?
  115. # add admin as identity certifier for testhost
  116. echo "### adding admin as certifier..."
  117. echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg
  118. # initialize base sshd_config
  119. cp etc/ssh/sshd_config "$SSHD_CONFIG"
  120. # write the sshd_config
  121. cat <<EOF >> "$SSHD_CONFIG"
  122. HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
  123. AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
  124. EOF
  125. # launch test sshd with the new host key.
  126. echo "### starting sshd..."
  127. launch_sshd
  128. ### TESTUSER TESTS
  129. # generate an auth subkey for the test user
  130. echo "### generating key for testuser..."
  131. export GNUPGHOME="$TEMPDIR"/testuser/.gnupg
  132. export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass
  133. export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere
  134. monkeysphere gen-subkey --expire 0
  135. # add server key to testuser keychain
  136. echo "### export server key to testuser..."
  137. gpgadmin --armor --export "$HOSTKEYID" | gpg --import
  138. # teach the "server" about the testuser's key
  139. echo "### export testuser key to server..."
  140. gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import
  141. echo "### update server authorized_keys file for this testuser..."
  142. monkeysphere-server update-users "$USER"
  143. # connect to test sshd, using monkeysphere-ssh-proxycommand to verify
  144. # the identity before connection. This should work in both directions!
  145. echo "### testuser connecting to sshd socket..."
  146. ssh_test
  147. # kill the previous sshd process if it's still running
  148. kill "$SSHD_PID"
  149. # now remove the testuser's authorized_user_ids file and reupdate
  150. # authorized_keys file...
  151. echo "### removing testuser authorized_user_ids and reupdating authorized_keys..."
  152. rm -f "$TEMPDIR"/testuser/.monkeysphere/authorized_user_ids
  153. monkeysphere-server update-users "$USER"
  154. # restart the sshd
  155. echo "### restarting sshd..."
  156. launch_sshd
  157. # and make sure the user can no longer connect
  158. echo "### testuser attempting to connect to sshd socket..."
  159. ssh_test || SSH_RETURN="$?"
  160. if [ "$SSH_RETURN" != '255' ] ; then
  161. exit
  162. fi
  163. trap - EXIT
  164. echo
  165. echo "Monkeysphere basic tests completed successfully!"
  166. echo
  167. cleanup