Changelog
+Yang Tse (8 Feb 2008)
+- Improved test harness SCP/SFTP start up server verification, doing a real
+ connection to the sftp server, authenticating and running a simple sftp
+ pwd command using the test harness generated configuration and key files.
+
Daniel S (8 Feb 2008)
- Günter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and
creates a suitable ca-bundle.crt file in PEM format for use with curl. The
*.pid
*.pdf
*.html
-curl_client_knownhosts
curl_client_key
curl_client_key.pub
+curl_client_knownhosts
curl_host_dsa_key
curl_host_dsa_key.pub
-curl_sshd_config
+curl_sftp_cmds
+curl_sftp_config
curl_ssh_config
+curl_sshd_config
stunnel.conf
use sshhelp qw(
$sshdexe
$sshexe
+ $sftpexe
$sshconfig
+ $sftpconfig
$sshlog
+ $sftplog
+ $sftpcmds
display_sshdconfig
display_sshconfig
+ display_sftpconfig
display_sshdlog
display_sshlog
+ display_sftplog
find_sshd
find_ssh
+ find_sftp
sshversioninfo
);
}
#######################################################################
-# STUB for verifying scp/sftp
+# Verify that the ssh server has written out its pidfile, recovering
+# the pid from the file and returning it if a process with that pid is
+# actually alive.
sub verifyssh {
my ($proto, $ip, $port) = @_;
}
#######################################################################
+# Verify that we can connect to the sftp server, properly authenticate
+# with generated config and key files and run a simple remote pwd.
+
+sub verifysftp {
+ my ($proto, $ip, $port) = @_;
+ my $verified = 0;
+ # Find out sftp client canonical file name
+ my $sftp = find_sftp();
+ if(!$sftp) {
+ logmsg "RUN: SFTP server cannot find $sftpexe\n";
+ return -1;
+ }
+ # Connect to sftp server, authenticate and run a remote pwd
+ # command using our generated configuration and key files
+ my $cmd = "$sftp -b $sftpcmds -F $sftpconfig $ip > $sftplog 2>&1";
+ my $res = runclient($cmd);
+ # Search for pwd command response in log file
+ if(open(SFTPLOGFILE, "<$sftplog")) {
+ while(<SFTPLOGFILE>) {
+ if(/^Remote working directory: /) {
+ $verified = 1;
+ last;
+ }
+ }
+ close(SFTPLOGFILE);
+ }
+ return $verified;
+}
+
+
+#######################################################################
# STUB for verifying socks
sub verifysocks {
'ftps' => \&verifyftp,
'tftp' => \&verifyftp,
'ssh' => \&verifyssh,
+ 'sftp' => \&verifysftp,
'socks' => \&verifysocks);
sub verifyserver {
return (0,0);
}
- # server verification allows some extra time for the server to start up
- # and gives us the opportunity of recovering the pid from the pidfile,
- # which will be assigned to pid2 ONLY if pid2 was not already positive.
+ # ssh server verification allows some extra time for the server to start up
+ # and gives us the opportunity of recovering the pid from the pidfile, when
+ # this verification succeeds the recovered pid is assigned to pid2.
my $pid3 = verifyserver("ssh",$ip,$port);
if(!$pid3) {
logmsg "RUN: SSH server failed verification\n";
+ # failed to fetch server pid. Kill the server and return failure
+ stopserver("$sshpid $pid2");
+ $doesntrun{$pidfile} = 1;
+ return (0,0);
+ }
+ $pid2 = $pid3;
+
+ # once it is known that the ssh server is alive, sftp server verification
+ # is performed actually connecting to it, authenticating and performing a
+ # very simple remote command.
+
+ if(!verifyserver("sftp",$ip,$port)) {
+ logmsg "RUN: SFTP server failed verification\n";
# failed to talk to it properly. Kill the server and return failure
+ display_sftplog();
+ display_sftpconfig();
+ display_sshdlog();
+ display_sshdconfig();
stopserver("$sshpid $pid2");
$doesntrun{$pidfile} = 1;
return (0,0);
}
- $pid2 = $pid3 if($pid2 <= 0);
if($verbose) {
logmsg "RUN: SSH server is now running PID $pid2\n";
@EXPORT_OK
$sshdexe
$sshexe
+ $sftpsrvexe
$sftpexe
$sshkeygenexe
$sshdconfig
$sshconfig
+ $sftpconfig
$knownhosts
$sshdlog
$sshlog
+ $sftplog
+ $sftpcmds
$hstprvkeyf
$hstpubkeyf
$cliprvkeyf
@EXPORT_OK = qw(
$sshdexe
$sshexe
+ $sftpsrvexe
$sftpexe
$sshkeygenexe
$sshdconfig
$sshconfig
+ $sftpconfig
$knownhosts
$sshdlog
$sshlog
+ $sftplog
+ $sftpcmds
$hstprvkeyf
$hstpubkeyf
$cliprvkeyf
$clipubkeyf
display_sshdconfig
display_sshconfig
+ display_sftpconfig
display_sshdlog
display_sshlog
+ display_sftplog
dump_array
find_sshd
find_ssh
+ find_sftpsrv
find_sftp
find_sshkeygen
logmsg
#
$sshdexe = 'sshd' .exe_ext(); # base name and ext of ssh daemon
$sshexe = 'ssh' .exe_ext(); # base name and ext of ssh client
-$sftpexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server
+$sftpsrvexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server
+$sftpexe = 'sftp' .exe_ext(); # base name and ext of sftp client
$sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen
$sshdconfig = 'curl_sshd_config'; # ssh daemon config file
$sshconfig = 'curl_ssh_config'; # ssh client config file
+$sftpconfig = 'curl_sftp_config'; # sftp client config file
$sshdlog = 'log/sshd.log'; # ssh daemon log file
$sshlog = 'log/ssh.log'; # ssh client log file
+$sftplog = 'log/sftp.log'; # sftp client log file
+$sftpcmds = 'curl_sftp_cmds'; # sftp client commands batch file
$knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file
$hstprvkeyf = 'curl_host_dsa_key'; # host private key file
$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file
#***************************************************************************
+# Display contents of the sftp client config file
+#
+sub display_sftpconfig {
+ display_file($sftpconfig);
+}
+
+
+#***************************************************************************
# Display contents of the ssh daemon log file
#
sub display_sshdlog {
#***************************************************************************
+# Display contents of the sftp client log file
+#
+sub display_sftplog {
+ display_file($sftplog);
+}
+
+
+#***************************************************************************
# Find a file somewhere in the given path
#
sub find_file {
#***************************************************************************
# Find sftp-server plugin and return canonical filename
#
+sub find_sftpsrv {
+ return find_sfile($sftpsrvexe);
+}
+
+
+#***************************************************************************
+# Find sftp client and return canonical filename
+#
sub find_sftp {
return find_sfile($sftpexe);
}
use sshhelp qw(
$sshdexe
$sshexe
+ $sftpsrvexe
$sftpexe
$sshkeygenexe
$sshdconfig
$sshconfig
+ $sftpconfig
$knownhosts
$sshdlog
$sshlog
+ $sftplog
+ $sftpcmds
$hstprvkeyf
$hstpubkeyf
$cliprvkeyf
$clipubkeyf
display_sshdconfig
display_sshconfig
+ display_sftpconfig
display_sshdlog
display_sshlog
+ display_sftplog
dump_array
find_sshd
find_ssh
+ find_sftpsrv
find_sftp
find_sshkeygen
logmsg
#***************************************************************************
# Find out sftp server plugin canonical file name
#
+my $sftpsrv = find_sftpsrv();
+if(!$sftpsrv) {
+ logmsg "cannot find $sftpsrvexe";
+ exit 1;
+}
+logmsg "sftp server plugin found $sftpsrv" if($verbose);
+
+
+#***************************************************************************
+# Find out sftp client canonical file name
+#
my $sftp = find_sftp();
if(!$sftp) {
logmsg "cannot find $sftpexe";
exit 1;
}
-logmsg "sftp server plugin found $sftp" if($verbose);
+logmsg "sftp client found $sftp" if($verbose);
#***************************************************************************
push @cfgarr, 'RSAAuthentication no';
push @cfgarr, 'ServerKeyBits 768';
push @cfgarr, 'StrictModes no';
-push @cfgarr, "Subsystem sftp $sftp";
+push @cfgarr, "Subsystem sftp $sftpsrv -f AUTH -l $loglevel";
push @cfgarr, 'SyslogFacility AUTH';
push @cfgarr, 'UseLogin no';
push @cfgarr, 'X11Forwarding no';
logmsg $error;
exit 1;
}
+
+
+#***************************************************************************
+# Initialize client sftp config with options actually supported.
+#
+logmsg 'generating sftp client config file...' if($verbose);
+splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing";
+#
+for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) {
+ if($cfgarr[$i] =~ /^DynamicForward/) {
+ splice @cfgarr, $i, 1;
+ next;
+ }
+ if($cfgarr[$i] =~ /^ClearAllForwardings/) {
+ splice @cfgarr, $i, 1, "ClearAllForwardings yes";
+ next;
+ }
+}
+
+
+#***************************************************************************
+# Write out resulting sftp client configuration file for curl's tests
+#
+$error = dump_array($sftpconfig, @cfgarr);
+if($error) {
+ logmsg $error;
+ exit 1;
+}
+@cfgarr = ();
+
+
+#***************************************************************************
+# Generate client sftp commands batch file for sftp server verification
+#
+logmsg 'generating sftp client commands file...' if($verbose);
+push @cfgarr, 'pwd';
+push @cfgarr, 'quit';
+$error = dump_array($sftpcmds, @cfgarr);
+if($error) {
+ logmsg $error;
+ exit 1;
+}
@cfgarr = ();
#***************************************************************************
# Start the ssh server daemon without forking it
#
+logmsg "SCP/SFTP server listening on port $port" if($verbose);
my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1";
if($rc == -1) {
logmsg "$sshd failed with: $!";
# Clean up once the server has stopped
#
unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts);
-unlink($sshdconfig, $sshconfig);
+unlink($sshdconfig, $sshconfig, $sftpconfig);
exit 0;
projects / platform / upstream / curl.git / commitdiff