# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2011, 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
-# $Id$
#***************************************************************************
# Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests.
# Also creates the ssh configuration files needed for these tests.
-# Options:
-#
-# -v
-# -d
-# -u user
-# -l listen address
-# -p SCP/SFTP server port
-# -s SOCKS4/5 server port
-
use strict;
-#use warnings;
+use warnings;
use Cwd;
#***************************************************************************
sshversioninfo
);
+#***************************************************************************
+# Subs imported from serverhelp module
+#
+use serverhelp qw(
+ server_pidfilename
+ server_logfilename
+ );
+
#***************************************************************************
my $port = 8999; # our default SCP/SFTP server port
my $socksport = $port + 1; # our default SOCKS4/5 server port
my $listenaddr = '127.0.0.1'; # default address on which to listen
+my $ipvnum = 4; # default IP version of listener address
+my $idnum = 1; # dafault ssh daemon instance number
+my $proto = 'ssh'; # protocol the ssh daemon speaks
my $path = getcwd(); # current working directory
+my $logdir = $path .'/log'; # directory for log files
my $username = $ENV{USER}; # default user
+my $pidfile; # ssh daemon pid file
my $error;
my @cfgarr;
# Parse command line options
#
while(@ARGV) {
- if($ARGV[0] eq '-v') {
+ if($ARGV[0] eq '--verbose') {
$verbose = 1;
}
- elsif($ARGV[0] eq '-d') {
+ elsif($ARGV[0] eq '--debugprotocol') {
$verbose = 1;
$debugprotocol = 1;
}
- elsif($ARGV[0] eq '-u') {
- $username = $ARGV[1];
- shift @ARGV;
+ elsif($ARGV[0] eq '--user') {
+ if($ARGV[1]) {
+ $username = $ARGV[1];
+ shift @ARGV;
+ }
+ }
+ elsif($ARGV[0] eq '--id') {
+ if($ARGV[1]) {
+ if($ARGV[1] =~ /^(\d+)$/) {
+ $idnum = $1 if($1 > 0);
+ shift @ARGV;
+ }
+ }
+ }
+ elsif($ARGV[0] eq '--ipv4') {
+ $ipvnum = 4;
+ $listenaddr = '127.0.0.1' if($listenaddr eq '::1');
+ }
+ elsif($ARGV[0] eq '--ipv6') {
+ $ipvnum = 6;
+ $listenaddr = '::1' if($listenaddr eq '127.0.0.1');
+ }
+ elsif($ARGV[0] eq '--addr') {
+ if($ARGV[1]) {
+ my $tmpstr = $ARGV[1];
+ if($tmpstr =~ /^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/) {
+ $listenaddr = "$1.$2.$3.$4" if($ipvnum == 4);
+ shift @ARGV;
+ }
+ elsif($ipvnum == 6) {
+ $listenaddr = $tmpstr;
+ $listenaddr =~ s/^\[(.*)\]$/$1/;
+ shift @ARGV;
+ }
+ }
}
- elsif($ARGV[0] eq '-l') {
- $listenaddr = $ARGV[1];
- shift @ARGV;
+ elsif($ARGV[0] eq '--pidfile') {
+ if($ARGV[1]) {
+ $pidfile = "$path/". $ARGV[1];
+ shift @ARGV;
+ }
}
- elsif($ARGV[0] eq '-p') {
- if($ARGV[1] =~ /^(\d+)$/) {
- $port = $1;
+ elsif($ARGV[0] eq '--sshport') {
+ if($ARGV[1]) {
+ if($ARGV[1] =~ /^(\d+)$/) {
+ $port = $1;
+ shift @ARGV;
+ }
}
- shift @ARGV;
}
- elsif($ARGV[0] eq '-s') {
- if($ARGV[1] =~ /^(\d+)$/) {
- $socksport = $1;
+ elsif($ARGV[0] eq '--socksport') {
+ if($ARGV[1]) {
+ if($ARGV[1] =~ /^(\d+)$/) {
+ $socksport = $1;
+ shift @ARGV;
+ }
}
- shift @ARGV;
+ }
+ else {
+ print STDERR "\nWarning: sshserver.pl unknown parameter: $ARGV[0]\n";
}
shift @ARGV;
-};
+}
+
+
+#***************************************************************************
+# Default ssh daemon pid file name
+#
+if(!$pidfile) {
+ $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
+}
+
+
+#***************************************************************************
+# ssh, socks and sftp server log file names
+#
+$sshdlog = server_logfilename($logdir, 'ssh', $ipvnum, $idnum);
+$sftplog = server_logfilename($logdir, 'sftp', $ipvnum, $idnum);
+$sshlog = server_logfilename($logdir, 'socks', $ipvnum, $idnum);
#***************************************************************************
#***************************************************************************
# Generate host and client key files for curl's tests
#
-if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) ||
- (! -e $cliprvkeyf) || (! -e $clipubkeyf)) {
+if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) ||
+ (! -e $hstpubkeyf) || (! -s $hstpubkeyf) ||
+ (! -e $cliprvkeyf) || (! -s $cliprvkeyf) ||
+ (! -e $clipubkeyf) || (! -s $clipubkeyf)) {
# Make sure all files are gone so ssh-keygen doesn't complain
unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf);
logmsg 'generating host keys...' if($verbose);
push @cfgarr, "AuthorizedKeysFile $path/$clipubkeyf";
push @cfgarr, "AuthorizedKeysFile2 $path/$clipubkeyf";
push @cfgarr, "HostKey $path/$hstprvkeyf";
-push @cfgarr, "PidFile $path/.ssh.pid";
+push @cfgarr, "PidFile $pidfile";
push @cfgarr, '#';
push @cfgarr, "Port $port";
push @cfgarr, "ListenAddress $listenaddr";
if(sshd_supports_opt('UsePAM','no')) {
push @cfgarr, 'UsePAM no';
}
-if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
- push @cfgarr, 'UsePrivilegeSeparation no';
+
+if($sshdid =~ /OpenSSH/) {
+ # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415
+ if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
+ push @cfgarr, 'UsePrivilegeSeparation no';
+ }
}
+
if(sshd_supports_opt('VerifyReverseMapping','no')) {
push @cfgarr, 'VerifyReverseMapping no';
}
#***************************************************************************
# Generate ssh client host key database file for curl's tests
#
-if(! -e $knownhosts) {
+if((! -e $knownhosts) || (! -s $knownhosts)) {
logmsg 'generating ssh client known hosts file...' if($verbose);
+ unlink($knownhosts);
if(open(DSAKEYFILE, "<$hstpubkeyf")) {
my @dsahostkey = do { local $/ = ' '; <DSAKEYFILE> };
if(close(DSAKEYFILE)) {
# ConnectTimeout : OpenSSH 3.7.0 and later
# ControlMaster : OpenSSH 3.9.0 and later
# ControlPath : OpenSSH 3.9.0 and later
+# DisableBanner : SunSSH 1.2.0 and later
# DynamicForward : OpenSSH 2.9.0 and later
# EnableSSHKeysign : OpenSSH 3.6.0 and later
# EscapeChar : OpenSSH 1.2.1 and later [3]
# HostName : OpenSSH 1.2.1 and later
# IdentitiesOnly : OpenSSH 3.9.0 and later
# IdentityFile : OpenSSH 1.2.1 and later
+# IgnoreIfUnknown : SunSSH 1.2.0 and later
# KeepAlive : OpenSSH 1.2.1 and later
# KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
# KbdInteractiveDevices : OpenSSH 2.3.0 and later [3]
push @cfgarr, 'PubkeyAuthentication yes';
push @cfgarr, 'RhostsRSAAuthentication no';
push @cfgarr, 'RSAAuthentication no';
-push @cfgarr, 'StrictHostKeyChecking yes';
+
+# Disabled StrictHostKeyChecking since it makes the tests fail on my
+# OpenSSH_6.0p1 on Debian Linux / Daniel
+push @cfgarr, 'StrictHostKeyChecking no';
push @cfgarr, 'UsePrivilegedPort no';
push @cfgarr, '#';
push @cfgarr, 'ControlPath none';
}
+if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
+ push @cfgarr, 'DisableBanner yes';
+}
+
if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) {
push @cfgarr, 'EnableSSHKeysign no';
}
push @cfgarr, 'IdentitiesOnly yes';
}
+if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
+ push @cfgarr, 'IgnoreIfUnknown no';
+}
+
if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) ||
($sshid =~ /SunSSH/)) {
push @cfgarr, 'KeepAlive no';