jmg
/
ggate
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
geom_gate userland utility improvements
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
177 Commits
3 Branches
1.1 MiB
 
 
 
 
Branch: ssh-main
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ssh-main'
${ noResults }
ggate/tests/ggatessh_test.sh

477 lines
10 KiB
Raw Permalink Blame History 

  1. # $FreeBSD$

  2. 

  3. PIDFILE=ggatessh.pid

  4. TESTIMG="test.img"

  5. TEMPFILE="random.data"

  6. SFTPSERVER="/usr/libexec/sftp-server"

  7. PORT=2222

  8. 

  9. atf_test_case ggatessh cleanup

  10. ggatessh_head()

  11. {

  12. 	atf_set "descr" "ggatessh can proxy to sftp"

  13. 	atf_set "require.progs" "ggatessh"

  14. 	atf_set "require.user" "root"

  15. 	atf_set "timeout" 10

  16. }

  17. 

  18. ggatessh_body()

  19. {

  20. 	load_ggate

  21. 	us=$(alloc_ggate_dev)

  22. 

  23. 	n1mchunks=3

  24. 	secsize=4096

  25. 

  26. 	atf_check -e ignore -o ignore \

  27. 	    dd if=/dev/random of="$TEMPFILE" bs=1m count=$n1mchunks conv=notrunc

  28. 

  29. 	startup_sshd

  30. 

  31. 	truncate -s ${n1mchunks}m "$TESTIMG"

  32. 	# sshd authenticates and switches to USER

  33. 	chown "$USER" "$TESTIMG"

  34. 

  35. 	echo 'WARNING: ggatessh error messages goes to syslog' \

  36. 	     '(aka /var/log/messages)'

  37. 

  38. 	atf_check \

  39. 	    ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  40. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  41. 

  42. 	ggate_dev=/dev/ggate${us}

  43. 

  44. 	wait_for_ggate_device ${ggate_dev}

  45. 

  46. 	# make sure it has correct size and sector size

  47. 	read _dev _secsize _size _nsecs _stripesize _stripeoff <<EOF

  48. $(diskinfo /dev/ggate$us)

  49. EOF

  50. 	atf_check_equal "$_secsize" $secsize

  51. 	atf_check_equal "$_size" $(($n1mchunks * 1024 * 1024))

  52. 	atf_check_equal "$_nsecs" $(($n1mchunks * 1024 * 1024 / $secsize))

  53. 

  54. 	# Test writing

  55. 	atf_check -e ignore -o ignore \

  56. 	    dd if="$TEMPFILE" of=${ggate_dev} bs=1m count=$n1mchunks \

  57. 	        conv=notrunc

  58. 

  59. 	# Test reading

  60. 	atf_check -e ignore -o ignore \

  61. 	    dd of="$TEMPFILE"2 if=${ggate_dev} bs=1m count=$n1mchunks \

  62. 	        conv=notrunc

  63. 

  64. 	# Verify that we read what we wrote

  65. 	atf_check cmp "$TEMPFILE" "$TEMPFILE"2

  66. 

  67. 	# Verify that the image matches

  68. 	atf_check cmp "$TEMPFILE" "$TESTIMG"

  69. 

  70. 	rm "$TEMPFILE" "$TEMPFILE"2

  71. }

  72. 

  73. ggatessh_cleanup()

  74. {

  75. 

  76. 	common_cleanup

  77. }

  78. 

  79. atf_test_case ggatessh_resize cleanup

  80. ggatessh_resize_head()

  81. {

  82. 	atf_set "descr" "ggatessh will resize the devices"

  83. 	atf_set "require.progs" "ggatessh"

  84. 	atf_set "require.user" "root"

  85. 	atf_set "timeout" 20

  86. }

  87. 

  88. ggatessh_resize_body()

  89. {

  90. 

  91. 	n1mchunks=4

  92. 	secsize=4096

  93. 	us=$(alloc_ggate_dev)

  94. 

  95. 	startup_sshd

  96. 

  97. 	truncate -s ${n1mchunks}m "$TESTIMG"

  98. 	# sshd authenticates and switches to USER

  99. 	chown "$USER" "$TESTIMG"

  100. 

  101. 	echo 'WARNING: ggatessh error messages goes to syslog' \

  102. 	    '(aka /var/log/messages)'

  103. 

  104. 	atf_check \

  105. 	    ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  106. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  107. 

  108. 	ggate_dev=/dev/ggate${us}

  109. 

  110. 	wait_for_ggate_device ${ggate_dev}

  111. 

  112. 	# make sure it has correct size and sector size

  113. 	read _dev _secsize _size _nsecs _stripesize _stripeoff <<EOF

  114. $(diskinfo /dev/ggate$us)

  115. EOF

  116. 	atf_check_equal "$_secsize" $secsize

  117. 	atf_check_equal "$_size" $(($n1mchunks * 1024 * 1024))

  118. 	atf_check_equal "$_nsecs" $(($n1mchunks * 1024 * 1024 / $secsize))

  119. 

  120. 	# kill off old ggate

  121. 	pkill -F "$PIDFILE"

  122. 

  123. 	# Test resizing

  124. 	n1mchunks=6

  125. 	truncate -s ${n1mchunks}m "$TESTIMG"

  126. 

  127. 	ps auxwww | grep ggatessh

  128. 	cat "$PIDFILE"

  129. 

  130. 	sleep 1

  131. 

  132. 	# restart ggate

  133. 	atf_check \

  134. 	    ggatessh rescue -v -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  135. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG" &

  136. 

  137. 	sleep 1

  138. 

  139. 	# make sure it has correct size and sector size

  140. 	read _dev _secsize _size _nsecs _stripesize _stripeoff <<EOF

  141. $(diskinfo /dev/ggate$us)

  142. EOF

  143. 	atf_check_equal "$_secsize" $secsize

  144. 	atf_check_equal "$_size" $(($n1mchunks * 1024 * 1024))

  145. 	atf_check_equal "$_nsecs" $(($n1mchunks * 1024 * 1024 / $secsize))

  146. 

  147. 	dd if=/dev/ggate$us of=/dev/null bs=1m

  148. }

  149. 

  150. ggatessh_resize_cleanup()

  151. {

  152. 

  153. 	common_cleanup

  154. }

  155. 

  156. atf_test_case ggatessh_multises cleanup

  157. ggatessh_multises_head()

  158. {

  159. 	atf_set "descr" "ggatessh will handle multiple sessions w/o looping"

  160. 	atf_set "require.progs" "ggatessh"

  161. 	atf_set "require.user" "root"

  162. 	atf_set "timeout" 20

  163. }

  164. 

  165. ggatessh_multises_body()

  166. {

  167. 

  168. 	n1mchunks=1

  169. 	secsize=4096

  170. 	us=$(alloc_ggate_dev)

  171. 

  172. 	startup_sshd

  173. 

  174. 	set -x

  175. 	truncate -s ${n1mchunks}m "$TESTIMG"

  176. 	# sshd authenticates and switches to USER

  177. 	chown "$USER" "$TESTIMG"

  178. 

  179. 	echo 'WARNING: ggatessh error messages goes to syslog' \

  180. 	    '(aka /var/log/messages)'

  181. 

  182. 	ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  183. 	    -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  184. 

  185. 	ggate_dev=/dev/ggate${us}

  186. 

  187. 	wait_for_ggate_device ${ggate_dev}

  188. 

  189. 	# kill off ggate so we can schedule I/O

  190. 	pkill -F "$PIDFILE"

  191. 

  192. 	# schedule some IO, to create a second session

  193. 	dd if=/dev/ggate$us of=/dev/null bs=1m &

  194. 	dd1pid="$!"

  195. 	dd if=/dev/ggate$us of=/dev/null bs=1m &

  196. 	dd2pid="$!"

  197. 

  198. 	# restart ggate

  199. 	ggatessh rescue -v -i "$(pwd)/id_rsa" -p "$PORT" \

  200. 	    -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG" > ggatessh.log &

  201. 	ggatepid="$!"

  202. 

  203. 	# This test will timeout if ggatessh exits before dd does, dump

  204. 	# the log to find out why

  205. 

  206. 	# wait for IO to complete

  207. 	wait "$dd1pid"

  208. 	echo "dd exit:" $?

  209. 

  210. 	wait "$dd2pid"

  211. 	echo "dd exit:" $?

  212. 

  213. 	# kill off ggate

  214. 	kill "$ggatepid"

  215. 	wait "$ggatepid"

  216. 

  217. 	#echo 'log:'

  218. 	#cat ggatessh.log

  219. 	#echo 'end of log'

  220. 

  221. 	# make sure the second session was successfully created

  222. 	cnt=$(grep "new session created" ggatessh.log | wc -l)

  223. 	if [ "$cnt" -ne 1 ]; then

  224. 		echo "not the correct number of new sessions: $cnt"

  225. 		return 1

  226. 	fi

  227. }

  228. 

  229. ggatessh_multises_cleanup()

  230. {

  231. 

  232. 	common_cleanup

  233. }

  234. 

  235. atf_test_case ggatessh_rowotest cleanup

  236. ggatessh_rowotest_head()

  237. {

  238. 	atf_set "descr" "ggatessh properly handles the -o flag"

  239. 	atf_set "require.progs" "ggatessh"

  240. 	atf_set "require.user" "root"

  241. 	atf_set "timeout" 10

  242. }

  243. 

  244. ggatessh_rowotest_body()

  245. {

  246. 

  247. 	n1mchunks=4

  248. 	secsize=4096

  249. 	us=$(alloc_ggate_dev)

  250. 

  251. 	startup_sshd

  252. 

  253. 	truncate -s ${n1mchunks}m "$TESTIMG"

  254. 	# sshd authenticates and switches to USER

  255. 	chmod 444 "$TESTIMG"

  256. 

  257. 	echo 'WARNING: ggatessh error messages goes to syslog' \

  258. 	    '(aka /var/log/messages)'

  259. 

  260. 	# make sure it fails in rw mode

  261. 	atf_check -s not-exit:0 \

  262. 	    ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  263. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  264. 

  265. 	# open it in read-only mode

  266. 	atf_check \

  267. 	    ggatessh create -o ro -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  268. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  269. 

  270. 	ggate_dev=/dev/ggate${us}

  271. 

  272. 	wait_for_ggate_device ${ggate_dev}

  273. 

  274. 	# make sure it has correct size and sector size

  275. 	read _dev _secsize _size _nsecs _stripesize _stripeoff <<EOF

  276. $(diskinfo /dev/ggate$us)

  277. EOF

  278. 	atf_check_equal "$_secsize" $secsize

  279. 	atf_check_equal "$_size" $(($n1mchunks * 1024 * 1024))

  280. 	atf_check_equal "$_nsecs" $(($n1mchunks * 1024 * 1024 / $secsize))

  281. 

  282. 	# that we can read a read-only ggate device

  283. 	atf_check -e ignore \

  284. 	    dd if=${ggate_dev} of=/dev/null bs=1m count=$n1mchunks

  285. 

  286. 	# that we can not write a read-only ggate device

  287. 	atf_check -e ignore -s not-exit:0 \

  288. 	    dd of=${ggate_dev} if=/dev/zero bs=1m count=1

  289. 

  290. 	# kill off old ggate

  291. 	pkill -F "$PIDFILE"

  292. 	ggatessh destroy -f -u $us >/dev/null

  293. 

  294. 	# test write-only

  295. 	chmod 222 "$TESTIMG"

  296. 

  297. 	# make sure it fails in rw mode

  298. 	atf_check -s not-exit:0 \

  299. 	    ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  300. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  301. 

  302. 	# open it in write-only mode

  303. 	atf_check \

  304. 	    ggatessh create -o wo -i "$(pwd)/id_rsa" -p "$PORT" \

  305. 	        -F "$PIDFILE" -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  306. 

  307. 	ggate_dev=/dev/ggate${us}

  308. 

  309. 	wait_for_ggate_device ${ggate_dev}

  310. 

  311. 	# Note: diskinfo opens w/ read, can't verify device info

  312. 

  313. 	# that we can not read a write-only ggate device

  314. 	atf_check -e ignore -s not-exit:0 \

  315. 	    dd if=${ggate_dev} of=/dev/null bs=1m count=$n1mchunks

  316. 

  317. 	# that we can write a write-only ggate device

  318. 	atf_check -e ignore \

  319. 	    dd of=${ggate_dev} if=/dev/zero bs=1m count=1

  320. }

  321. 

  322. ggatessh_rowotest_cleanup()

  323. {

  324. 

  325. 	common_cleanup

  326. }

  327. 

  328. atf_init_test_cases()

  329. {

  330. 	atf_add_test_case ggatessh

  331. 	atf_add_test_case ggatessh_resize

  332. 	atf_add_test_case ggatessh_multises

  333. 	atf_add_test_case ggatessh_rowotest

  334. }

  335. 

  336. alloc_ggate_dev()

  337. {

  338. 	local us

  339. 

  340. 	us=0

  341. 	while [ -c /dev/ggate${us} ]; do

  342. 		: $(( us += 1 ))

  343. 	done

  344. 	echo ${us} > ggate.devs

  345. 	echo ${us}

  346. }

  347. 

  348. alloc_md()

  349. {

  350. 	local md

  351. 

  352. 	md=$(mdconfig -a -t malloc -s 1M) || \

  353. 		atf_fail "failed to allocate md device"

  354. 	echo ${md} >> md.devs

  355. 	echo ${md}

  356. }

  357. 

  358. # slightly modified from:

  359. # https://serverfault.com/questions/344295/is-it-possible-to-run-sshd-as-a-normal-user

  360. startup_sshd()

  361. {

  362. 	# ===============================================================

  363. 	# Note: using shorter keys to speed up tests, these are insecure.

  364. 	# ===============================================================

  365. 

  366. 	# Host keys

  367. 	ssh-keygen -f ssh_host_rsa_key -b 1024 -N '' -t rsa > /dev/null

  368. 

  369. 	# user key

  370. 	ssh-keygen -f id_rsa -b 1024 -N '' -t rsa > /dev/null

  371. 

  372. 	(echo -n 'command="/usr/libexec/sftp-server" '; cat id_rsa.pub) > authorized_keys

  373. 

  374. 	cat > sshd_config <<EOF

  375. ListenAddress 127.0.0.1:$PORT

  376. HostKey /home/freebsd/custom_ssh/ssh_host_rsa_key

  377. AuthorizedKeysFile  $(pwd)/authorized_keys

  378. ChallengeResponseAuthentication no

  379. PasswordAuthentication no

  380. # to allow writable tmp w/ sticky bit

  381. StrictModes no

  382. UsePAM no

  383. Subsystem   sftp    ${SFTPSERVER}

  384. PidFile $(pwd)/sshd.pid

  385. EOF

  386. 

  387. 	if ! :; then

  388. 		/usr/sbin/sshd -dD -f $(pwd)/sshd_config &

  389. 		sleep .2

  390. 	else

  391. 		/usr/sbin/sshd -f $(pwd)/sshd_config

  392. 		while ! [ -f sshd.pid ]; do

  393. 			sleep .2

  394. 		done

  395. 	fi

  396. }

  397. 

  398. checksum()

  399. {

  400. 	local src work

  401. 	src=$1

  402. 	work=$2

  403. 

  404. 	src_checksum=$(md5 -q $src)

  405. 	work_checksum=$(md5 -q $work)

  406. 

  407. 	if [ "$work_checksum" != "$src_checksum" ]; then

  408. 		atf_fail "work md5 checksum didn't match"

  409. 	fi

  410. 

  411. 	ggate_checksum=$(md5 -q /dev/ggate${us})

  412. 	if [ "$ggate_checksum" != "$src_checksum" ]; then

  413. 		atf_fail "ggate md5 checksum didn't match"

  414. 	fi

  415. }

  416. 

  417. common_cleanup()

  418. {

  419. 	if [ -f "ggate.devs" ]; then

  420. 		while read test_ggate; do

  421. 			ggatessh destroy -f -u $test_ggate >/dev/null

  422. 		done < ggate.devs

  423. 		rm ggate.devs

  424. 	fi

  425. 

  426. 	if [ -f "sshd.pid" ]; then

  427. 		pkill -F sshd.pid

  428. 		# clean up after startup_sshd

  429. 		rm ssh_host_rsa_key

  430. 		rm id_rsa id_rsa.pub

  431. 		rm authorized_keys

  432. 	fi

  433. 

  434. 	if [ -f "$PIDFILE" ]; then

  435. 		pkill -F "$PIDFILE"

  436. 		rm $PIDFILE

  437. 	fi

  438. 

  439. 	if [ -f "PLAINFILES" ]; then

  440. 		while read f; do

  441. 			rm -f ${f}

  442. 		done < ${PLAINFILES}

  443. 		rm ${PLAINFILES}

  444. 	fi

  445. 

  446. 	if [ -f "md.devs" ]; then

  447. 		while read test_md; do

  448. 			mdconfig -d -u $test_md 2>/dev/null

  449. 		done < md.devs

  450. 		rm md.devs

  451. 	fi

  452. 	true

  453. }

  454. 

  455. load_ggate()

  456. {

  457. 	local class=gate

  458. 

  459. 	# If the geom class isn't already loaded, try loading it.

  460. 	if ! kldstat -q -m g_${class}; then

  461. 		if ! geom ${class} load; then

  462. 			atf_skip "could not load module for geom class=${class}"

  463. 		fi

  464. 	fi

  465. }

  466. 

  467. # Bug 204616: ggatel(8) creates /dev/ggate* asynchronously if `ggatel create`

  468. #             isn't called with `-v`.

  469. wait_for_ggate_device()

  470. {

  471. 	ggate_device=$1

  472. 

  473. 	while [ ! -c $ggate_device ]; do

  474. 		sleep 0.5

  475. 	done

  476. }