jmg
/
ggate
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
geom_gate userland utility improvements
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
168 Commits
3 Branches
1.1 MiB
 
 
 
 
Tree: 718dd008f3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '718dd008f3'
${ noResults }
ggate/tests/ggatessh_test.sh

397 lines
8.6 KiB
Raw Blame History 

  1. # $FreeBSD$

  2. 

  3. PIDFILE=ggatessh.pid

  4. TESTIMG="test.img"

  5. TEMPFILE="random.data"

  6. SFTPSERVER="/usr/libexec/sftp-server"

  7. PORT=2222

  8. 

  9. atf_test_case ggatessh cleanup

  10. ggatessh_head()

  11. {

  12. 	atf_set "descr" "ggatessh can proxy to sftp"

  13. 	atf_set "require.progs" "ggatessh"

  14. 	atf_set "require.user" "root"

  15. 	atf_set "timeout" 10

  16. }

  17. 

  18. ggatessh_body()

  19. {

  20. 	load_ggate

  21. 	us=$(alloc_ggate_dev)

  22. 

  23. 	n1mchunks=3

  24. 	secsize=4096

  25. 

  26. 	atf_check -e ignore -o ignore \

  27. 	    dd if=/dev/random of="$TEMPFILE" bs=1m count=$n1mchunks conv=notrunc

  28. 

  29. 	startup_sshd

  30. 

  31. 	truncate -s ${n1mchunks}m "$TESTIMG"

  32. 	# sshd authenticates and switches to USER

  33. 	chown "$USER" "$TESTIMG"

  34. 

  35. 	echo 'WARNING: ggatessh error messages goes to syslog' \

  36. 	     '(aka /var/log/messages)'

  37. 

  38. 	atf_check \

  39. 	    ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  40. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  41. 

  42. 	ggate_dev=/dev/ggate${us}

  43. 

  44. 	wait_for_ggate_device ${ggate_dev}

  45. 

  46. 	# make sure it has correct size and sector sizekj

  47. 	read _dev _secsize _size _nsecs _stripesize _stripeoff <<EOF

  48. $(diskinfo /dev/ggate$us)

  49. EOF

  50. 	atf_check_equal "$_secsize" $secsize

  51. 	atf_check_equal "$_size" $(($n1mchunks * 1024 * 1024))

  52. 	atf_check_equal "$_nsecs" $(($n1mchunks * 1024 * 1024 / $secsize))

  53. 

  54. 	# Test writing

  55. 	atf_check -e ignore -o ignore \

  56. 	    dd if="$TEMPFILE" of=${ggate_dev} bs=1m count=$n1mchunks \

  57. 	        conv=notrunc

  58. 

  59. 	# Test reading

  60. 	atf_check -e ignore -o ignore \

  61. 	    dd of="$TEMPFILE"2 if=${ggate_dev} bs=1m count=$n1mchunks \

  62. 	        conv=notrunc

  63. 

  64. 	# Verify that we read what we wrote

  65. 	atf_check cmp "$TEMPFILE" "$TEMPFILE"2

  66. 

  67. 	# Verify that the image matches

  68. 	atf_check cmp "$TEMPFILE" "$TESTIMG"

  69. 

  70. 	rm "$TEMPFILE" "$TEMPFILE"2

  71. }

  72. 

  73. ggatessh_cleanup()

  74. {

  75. 

  76. 	common_cleanup

  77. }

  78. 

  79. atf_test_case ggatessh_resize cleanup

  80. ggatessh_resize_head()

  81. {

  82. 	atf_set "descr" "ggatessh will resize the devices"

  83. 	atf_set "require.progs" "ggatessh"

  84. 	atf_set "require.user" "root"

  85. 	atf_set "timeout" 20

  86. }

  87. 

  88. ggatessh_resize_body()

  89. {

  90. 

  91. 	n1mchunks=4

  92. 	secsize=4096

  93. 	us=$(alloc_ggate_dev)

  94. 

  95. 	startup_sshd

  96. 

  97. 	truncate -s ${n1mchunks}m "$TESTIMG"

  98. 	# sshd authenticates and switches to USER

  99. 	chown "$USER" "$TESTIMG"

  100. 

  101. 	echo 'WARNING: ggatessh error messages goes to syslog' \

  102. 	    '(aka /var/log/messages)'

  103. 

  104. 	atf_check \

  105. 	    ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  106. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  107. 

  108. 	ggate_dev=/dev/ggate${us}

  109. 

  110. 	wait_for_ggate_device ${ggate_dev}

  111. 

  112. 	# make sure it has correct size and sector sizekj

  113. 	read _dev _secsize _size _nsecs _stripesize _stripeoff <<EOF

  114. $(diskinfo /dev/ggate$us)

  115. EOF

  116. 	atf_check_equal "$_secsize" $secsize

  117. 	atf_check_equal "$_size" $(($n1mchunks * 1024 * 1024))

  118. 	atf_check_equal "$_nsecs" $(($n1mchunks * 1024 * 1024 / $secsize))

  119. 

  120. 	# kill off old ggate

  121. 	pkill -F "$PIDFILE"

  122. 

  123. 	# Test resizing

  124. 	n1mchunks=6

  125. 	truncate -s ${n1mchunks}m "$TESTIMG"

  126. 

  127. 	ps auxwww | grep ggatessh

  128. 	cat "$PIDFILE"

  129. 

  130. 	sleep 1

  131. 

  132. 	# restart ggate

  133. 	atf_check \

  134. 	    ggatessh rescue -v -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  135. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG" &

  136. 

  137. 	sleep 1

  138. 

  139. 	# make sure it has correct size and sector size

  140. 	read _dev _secsize _size _nsecs _stripesize _stripeoff <<EOF

  141. $(diskinfo /dev/ggate$us)

  142. EOF

  143. 	atf_check_equal "$_secsize" $secsize

  144. 	atf_check_equal "$_size" $(($n1mchunks * 1024 * 1024))

  145. 	atf_check_equal "$_nsecs" $(($n1mchunks * 1024 * 1024 / $secsize))

  146. 

  147. 	dd if=/dev/ggate$us of=/dev/null bs=1m

  148. }

  149. 

  150. ggatessh_resize_cleanup()

  151. {

  152. 

  153. 	common_cleanup

  154. }

  155. 

  156. atf_test_case ggatessh_rowotest cleanup

  157. ggatessh_rowotest_head()

  158. {

  159. 	atf_set "descr" "ggatessh properly handles the -o flag"

  160. 	atf_set "require.progs" "ggatessh"

  161. 	atf_set "require.user" "root"

  162. 	atf_set "timeout" 10

  163. }

  164. 

  165. ggatessh_rowotest_body()

  166. {

  167. 

  168. 	n1mchunks=4

  169. 	secsize=4096

  170. 	us=$(alloc_ggate_dev)

  171. 

  172. 	startup_sshd

  173. 

  174. 	truncate -s ${n1mchunks}m "$TESTIMG"

  175. 	# sshd authenticates and switches to USER

  176. 	chmod 444 "$TESTIMG"

  177. 

  178. 	echo 'WARNING: ggatessh error messages goes to syslog' \

  179. 	    '(aka /var/log/messages)'

  180. 

  181. 	# make sure it fails in rw mode

  182. 	atf_check -s not-exit:0 \

  183. 	    ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  184. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  185. 

  186. 	# open it in read-only mode

  187. 	atf_check \

  188. 	    ggatessh create -o ro -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  189. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  190. 

  191. 	ggate_dev=/dev/ggate${us}

  192. 

  193. 	wait_for_ggate_device ${ggate_dev}

  194. 

  195. 	# make sure it has correct size and sector sizekj

  196. 	read _dev _secsize _size _nsecs _stripesize _stripeoff <<EOF

  197. $(diskinfo /dev/ggate$us)

  198. EOF

  199. 	atf_check_equal "$_secsize" $secsize

  200. 	atf_check_equal "$_size" $(($n1mchunks * 1024 * 1024))

  201. 	atf_check_equal "$_nsecs" $(($n1mchunks * 1024 * 1024 / $secsize))

  202. 

  203. 	# that we can read a read-only ggate device

  204. 	atf_check -e ignore \

  205. 	    dd if=${ggate_dev} of=/dev/null bs=1m count=$n1mchunks

  206. 

  207. 	# that we can not write a read-only ggate device

  208. 	atf_check -e ignore -s not-exit:0 \

  209. 	    dd of=${ggate_dev} if=/dev/zero bs=1m count=1

  210. 

  211. 	# kill off old ggate

  212. 	pkill -F "$PIDFILE"

  213. 	ggatessh destroy -f -u $us >/dev/null

  214. 

  215. 	# test write-only

  216. 	chmod 222 "$TESTIMG"

  217. 

  218. 	# make sure it fails in rw mode

  219. 	atf_check -s not-exit:0 \

  220. 	    ggatessh create -i "$(pwd)/id_rsa" -p "$PORT" -F "$PIDFILE" \

  221. 	        -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  222. 

  223. 	# open it in write-only mode

  224. 	atf_check \

  225. 	    ggatessh create -o wo -i "$(pwd)/id_rsa" -p "$PORT" \

  226. 	        -F "$PIDFILE" -u $us -l "$USER" 127.0.0.1 "$(pwd)/$TESTIMG"

  227. 

  228. 	ggate_dev=/dev/ggate${us}

  229. 

  230. 	wait_for_ggate_device ${ggate_dev}

  231. 

  232. 	# Note: diskinfo opens w/ read, can't verify device info

  233. 

  234. 	# that we can not read a write-only ggate device

  235. 	atf_check -e ignore -s not-exit:0 \

  236. 	    dd if=${ggate_dev} of=/dev/null bs=1m count=$n1mchunks

  237. 

  238. 	# that we can write a write-only ggate device

  239. 	atf_check -e ignore \

  240. 	    dd of=${ggate_dev} if=/dev/zero bs=1m count=1

  241. }

  242. 

  243. ggatessh_rowotest_cleanup()

  244. {

  245. 

  246. 	common_cleanup

  247. }

  248. 

  249. atf_init_test_cases()

  250. {

  251. 	atf_add_test_case ggatessh

  252. 	atf_add_test_case ggatessh_resize

  253. 	atf_add_test_case ggatessh_rowotest

  254. }

  255. 

  256. alloc_ggate_dev()

  257. {

  258. 	local us

  259. 

  260. 	us=0

  261. 	while [ -c /dev/ggate${us} ]; do

  262. 		: $(( us += 1 ))

  263. 	done

  264. 	echo ${us} > ggate.devs

  265. 	echo ${us}

  266. }

  267. 

  268. alloc_md()

  269. {

  270. 	local md

  271. 

  272. 	md=$(mdconfig -a -t malloc -s 1M) || \

  273. 		atf_fail "failed to allocate md device"

  274. 	echo ${md} >> md.devs

  275. 	echo ${md}

  276. }

  277. 

  278. # slightly modified from:

  279. # https://serverfault.com/questions/344295/is-it-possible-to-run-sshd-as-a-normal-user

  280. startup_sshd()

  281. {

  282. 	# ===============================================================

  283. 	# Note: using shorter keys to speed up tests, these are insecure.

  284. 	# ===============================================================

  285. 

  286. 	# Host keys

  287. 	ssh-keygen -f ssh_host_rsa_key -b 1024 -N '' -t rsa > /dev/null

  288. 

  289. 	# user key

  290. 	ssh-keygen -f id_rsa -b 1024 -N '' -t rsa > /dev/null

  291. 

  292. 	(echo -n 'command="/usr/libexec/sftp-server" '; cat id_rsa.pub) > authorized_keys

  293. 

  294. 	cat > sshd_config <<EOF

  295. ListenAddress 127.0.0.1:$PORT

  296. HostKey /home/freebsd/custom_ssh/ssh_host_rsa_key

  297. AuthorizedKeysFile  $(pwd)/authorized_keys

  298. ChallengeResponseAuthentication no

  299. PasswordAuthentication no

  300. # to allow writable tmp w/ sticky bit

  301. StrictModes no

  302. UsePAM no

  303. Subsystem   sftp    ${SFTPSERVER}

  304. PidFile $(pwd)/sshd.pid

  305. EOF

  306. 

  307. 	if ! :; then

  308. 		/usr/sbin/sshd -dD -f $(pwd)/sshd_config &

  309. 		sleep .2

  310. 	else

  311. 		/usr/sbin/sshd -f $(pwd)/sshd_config

  312. 		while ! [ -f sshd.pid ]; do

  313. 			sleep .2

  314. 		done

  315. 	fi

  316. }

  317. 

  318. checksum()

  319. {

  320. 	local src work

  321. 	src=$1

  322. 	work=$2

  323. 

  324. 	src_checksum=$(md5 -q $src)

  325. 	work_checksum=$(md5 -q $work)

  326. 

  327. 	if [ "$work_checksum" != "$src_checksum" ]; then

  328. 		atf_fail "work md5 checksum didn't match"

  329. 	fi

  330. 

  331. 	ggate_checksum=$(md5 -q /dev/ggate${us})

  332. 	if [ "$ggate_checksum" != "$src_checksum" ]; then

  333. 		atf_fail "ggate md5 checksum didn't match"

  334. 	fi

  335. }

  336. 

  337. common_cleanup()

  338. {

  339. 	if [ -f "ggate.devs" ]; then

  340. 		while read test_ggate; do

  341. 			ggatessh destroy -f -u $test_ggate >/dev/null

  342. 		done < ggate.devs

  343. 		rm ggate.devs

  344. 	fi

  345. 

  346. 	if [ -f "sshd.pid" ]; then

  347. 		pkill -F sshd.pid

  348. 		# clean up after startup_sshd

  349. 		rm ssh_host_rsa_key

  350. 		rm id_rsa id_rsa.pub

  351. 		rm authorized_keys

  352. 	fi

  353. 

  354. 	if [ -f "$PIDFILE" ]; then

  355. 		pkill -F "$PIDFILE"

  356. 		rm $PIDFILE

  357. 	fi

  358. 

  359. 	if [ -f "PLAINFILES" ]; then

  360. 		while read f; do

  361. 			rm -f ${f}

  362. 		done < ${PLAINFILES}

  363. 		rm ${PLAINFILES}

  364. 	fi

  365. 

  366. 	if [ -f "md.devs" ]; then

  367. 		while read test_md; do

  368. 			mdconfig -d -u $test_md 2>/dev/null

  369. 		done < md.devs

  370. 		rm md.devs

  371. 	fi

  372. 	true

  373. }

  374. 

  375. load_ggate()

  376. {

  377. 	local class=gate

  378. 

  379. 	# If the geom class isn't already loaded, try loading it.

  380. 	if ! kldstat -q -m g_${class}; then

  381. 		if ! geom ${class} load; then

  382. 			atf_skip "could not load module for geom class=${class}"

  383. 		fi

  384. 	fi

  385. }

  386. 

  387. # Bug 204616: ggatel(8) creates /dev/ggate* asynchronously if `ggatel create`

  388. #             isn't called with `-v`.

  389. wait_for_ggate_device()

  390. {

  391. 	ggate_device=$1

  392. 

  393. 	while [ ! -c $ggate_device ]; do

  394. 		sleep 0.5

  395. 	done

  396. }