mirror of
https://github.com/libssh2/libssh2.git
synced 2025-07-04 09:22:28 +03:00
a459a25302
TL;DR: Sync test builds between autotools and CMake. Sync sshd
configuration between Docker and non-Docker fixtures. Bump up
sshd_config for recent OpenSSH releases.
This also opens up the path to have non-Docker tests that use a
local sshd process. Though sshd is practically unusable on Windows
CI machines out of the box, so this will need further efforts.
Details:
- cmake: run sshd fixture test just like autotool did already.
- sync tests and their order between autotools and CMake.
It makes `test_aa_warmup` the first test with both.
- cmake: load test lists from `Makefile.am`.
Needed to update the loader to throw away certain lines to keep the
converted output conform CMake syntax. Using regexp might be an
alternative way of doing this, but couldn't make it work.
- cmake: use the official way to configure test environment variables.
Switch to syntax that's extendable.
- cmake: allow to run the same test both under Docker and sshd fixture.
Useful for testing the sshd fixture runner, or how the same test
behaves in each fixture.
- update test fixture to read the username from `USER` envvar instead of
using the Dockfile-specific hardwired one, when running outside Docker.
- rework `ssh2.sh` into `sshd_fixture.sh`, to:
- allow running any tests (not just `test_ssh2`).
- configure Docker tests for running outside Docker.
- fixup `SSHD` path when running on Windows (e.g. in AppVeyor CI).
Fixes: `sshd re-exec requires execution with an absolute path`
- allow overriding `PUBKEY` and `PRIVKEY` envvars.
- allow overriding `ssh_config` via `SSHD_FIXTURE_CONFIG`.
- prepare support for running multiple tests via sshd_fixture.
Add a TAP runner for autotools and extend CMake logic. The TAP runner
loads the test list from `Makefile.am`.
Notice however that on Windows, `sshd_fixture.sh` is very flaky with
GitHub Actions. And consistently broken for subsequent tests in
AppVeyor CI:
'libssh2_session_handshake failed (-43): Failed getting banner'
Another way to try is a single sshd instance serving all tests.
For CMake this would probably mean using an external script.
- ed25519 test keys were identical for auth and host. Regenerate the
auth keypair to make them distinct.
- sync the sshd environment between Docker and sshd_fixture.
- use common via `openssh_server/sshd_config`.
- accept same auth keys.
- offer the same host keys.
- sync TrustedUserCAKeys.
- delete now unused keypairs: `etc/host*`, `etc/user*`.
- bump up startup delay for Windows (randomly, to 5 secs, from 3).
- delete `UsePrivilegeSeparation no` to avoid deprecation warnings.
`command-line line 0: Deprecated option UsePrivilegeSeparation`
- delete `Protocol 2` to avoid deprecation warnings.
It has been the default since OpenSSH 3.0 (2001-11-06).
- delete `StrictModes no` (CI tests work without it, Docker tests
never used it).
- bump `Dockerfile` base image to `testing-slim` (from `bullseye-slim`).
It needed `sshd_config` updates to keep things working with
OpenSSH 9.2 (compared to bullseye's 8.4).
- replace `ChallengeResponseAuthentication` alias with
`KbdInteractiveAuthentication`.
The former is no longer present in default `sshd_config` since
OpenSSH 8.7 (2021-08-20). This broke the `Dockerfile` script.
The new name is documented since OpenSSH 4.9 (2008-03-31)
- add `PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss,ssh-rsa-cert-v01@openssh.com`
and `HostKeyAlgorithms +ssh-rsa`.
Original-patch-by: Eric van Gyzen (@vangyzen on github)
Fixes #691
There is a new name for `PubkeyAcceptedKeyTypes`:
`PubkeyAcceptedAlgorithms`.
It requires OpenSSH 8.5 (2021-03-03) and breaks some envs so we're
not using it just yet.
- drop `rijndael-cbc@lysator.liu.se` tests and references from config.
This is a draft alias for `aes256-cbc`. No need to test it twice.
Also this alias is no longer recognized by OpenSSH 8.5 (2021-03-03).
- update `mansyntax.sh` and `sshd_fixture.sh` to not rely on `srcdir`.
Hopefully this works with out-of-tree builds.
- fix `test_read_algos.test` to honor CRLF EOLs in their inputs
(necessary when running on Windows.)
- fix `test_read_algos.test` to honor `EXEEXT`. Might be useful when
running tests under cross-builds?
- `test_ssh2.c`:
- use libssh2 API to set blocking mode. This makes it support all
platforms.
- adapt socket open timeout logic from `openssh_fixture.c`.
Sadly this did not help fix flakiness on GHA Windows.
- tests: delete unused C headers and variable initialization.
- delete unused test files: `sshd_fixture.sh.in`, `sshdwrap`,
`etc/sshd_config`.
Ref: cf80f2f4b5
- autotools: delete stray `.c` test sources from `EXTRA_DIST` in tests.
- `tests/.gitignore`: drop two stray tests.
- autotools: fix passing `SSHD` containing space (Windows needs this).
- autotools: sort `EXTRA_DIST` in tests.
- cmake: fix to add `test_ssh2` to `TEST_TARGETS`.
- fix `authorized_key` order in `tests/gen_keys.sh`.
- silence shellcheck warning in `ci/checksrc.sh`.
- set `SSHD` for autotools on GitHub Actions Windows. [skipped]
Auto-detection doesn't work (maybe because sshd is installed via
Git for Windows and we're using MSYS2's shell.)
It enables running sshd fixture (non-Docker) tests in these jobs.
I did not include this in the final patch due to flakiness:
```
Connection to 127.0.0.1:4711 attempt #0 failed: retrying...
Connection to 127.0.0.1:4711 attempt #1 failed: retrying...
Connection to 127.0.0.1:4711 attempt #2 failed: retrying...
Failure establishing SSH session: -43
```
Can be enabled with:
`export SSHD='C:/Program Files/Git/usr/bin/sshd.exe'`
Closes #996
323 lines
8.5 KiB
C
323 lines
8.5 KiB
C
/* Copyright (C) 2022 Xaver Loppenstedt
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms,
|
|
* with or without modification, are permitted provided
|
|
* that the following conditions are met:
|
|
*
|
|
* Redistributions of source code must retain the above
|
|
* copyright notice, this list of conditions and the
|
|
* following disclaimer.
|
|
*
|
|
* Redistributions in binary form must reproduce the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer in the documentation and/or other materials
|
|
* provided with the distribution.
|
|
*
|
|
* Neither the name of the copyright holder nor the names
|
|
* of any other contributors may be used to endorse or
|
|
* promote products derived from this software without
|
|
* specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
|
|
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
|
|
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
|
|
* OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "libssh2_priv.h"
|
|
#include "userauth_kbd_packet.h"
|
|
|
|
#include <stdlib.h>
|
|
|
|
#define PASS 0
|
|
#define FAIL -1
|
|
|
|
struct expected {
|
|
int rc;
|
|
int last_error_code;
|
|
const char *last_error_message;
|
|
};
|
|
struct test_case {
|
|
const char *data;
|
|
int data_len;
|
|
struct expected expected;
|
|
};
|
|
|
|
#define TEST_CASES_LEN 16
|
|
static const struct test_case
|
|
test_cases[TEST_CASES_LEN] = {
|
|
/* too small */
|
|
{
|
|
NULL, 0,
|
|
{FAIL, -38,
|
|
"userauth keyboard data buffer too small to get length"}},
|
|
/* too small */
|
|
{
|
|
"1234", 4,
|
|
{FAIL, -38,
|
|
"userauth keyboard data buffer too small to get length"}},
|
|
/* smallest valid packet possible */
|
|
{
|
|
"<"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0", 17,
|
|
{PASS, 0, ""}},
|
|
/* overrun name */
|
|
{
|
|
"<"
|
|
"\0\0\0\x7f"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0", 17,
|
|
{FAIL, -6,
|
|
"Unable to decode keyboard-interactive 'name' request field"}},
|
|
/* overrun instruction */
|
|
{
|
|
"<"
|
|
"\0\0\0\0"
|
|
"\0\0\0\x7f"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0", 17,
|
|
{FAIL, -6,
|
|
"Unable to decode keyboard-interactive 'instruction' "
|
|
"request field"}},
|
|
/* overrun language */
|
|
{
|
|
"<"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\x7f"
|
|
"\0\0\0\0", 17,
|
|
{FAIL, -6, "Unable to decode keyboard-interactive 'language tag' "
|
|
"request field"}},
|
|
/* underrun prompt number */
|
|
{
|
|
"<"
|
|
"\0\0\0\x01"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0", 17,
|
|
{FAIL, -38,
|
|
"Unable to decode keyboard-interactive number of "
|
|
"keyboard prompts"}},
|
|
/* too many prompts */
|
|
{
|
|
"<"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\x7f", 17,
|
|
{FAIL, -41, "Too many replies for keyboard-interactive prompts"}},
|
|
/* empty prompt */
|
|
{
|
|
"<"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\0"
|
|
"\0\0\0\x01"
|
|
"\0\0\0\0"
|
|
"\0", 22, {PASS, 0, ""}},
|
|
/* copied from OpenSSH */
|
|
{
|
|
"<"
|
|
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"
|
|
"\0\0\0\x0aPassword: \0", 32, {PASS, 0, ""}},
|
|
/* overrun in prompt text */
|
|
{
|
|
"<"
|
|
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"
|
|
"\0\0\0\x7bPassword: \0", 32,
|
|
{FAIL, -6, "Unable to decode keyboard-interactive "
|
|
"prompt message"}},
|
|
/* no echo prompt boolean */
|
|
{
|
|
"<"
|
|
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"
|
|
"\0\0\0\x0bPassword: \0", 32,
|
|
{FAIL, -38, "Unable to decode user auth keyboard prompt echo"}},
|
|
/* two prompts */
|
|
{
|
|
"<"
|
|
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02"
|
|
"\0\0\0\x0aPassword: \0"
|
|
"\0\0\0\x07Token: \1", 44,
|
|
{PASS, 0, ""}},
|
|
/* example from RFC 4256 */
|
|
{
|
|
"<"
|
|
"\0\0\0\x19""CRYPTOCard Authentication"
|
|
"\0\0\0\x1b""The challenge is '14315716'"
|
|
"\0\0\0\x05""en-US"
|
|
"\0\0\0\x01"
|
|
"\0\0\0\x0aResponse: "
|
|
"\x01"
|
|
, 89, {PASS, 0, ""}},
|
|
/* three prompts, 3rd missing */
|
|
{
|
|
"<"
|
|
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03"
|
|
"\0\0\0\x0aPassword: \0"
|
|
"\0\0\0\x07Token: \1", 44,
|
|
{FAIL, -6,
|
|
"Unable to decode keyboard-interactive prompt message"}},
|
|
/* overflow language on 32 bit platform */
|
|
{
|
|
"<"
|
|
"\0\0\0\x19"
|
|
"\0\0\0\x01"
|
|
"\0\0\0\x05""PWN3D\0\1\2\3\4\5\6\7\1\2\3"
|
|
"\x01"
|
|
"\0\0\0\x1b""The challenge is '14315716'"
|
|
"\xff\xff\xff\xc4""en-US"
|
|
"\0\0\0\x01"
|
|
"\0\0\0\x0aResponse: "
|
|
"\x01",
|
|
89,
|
|
{FAIL, -6,
|
|
"Unable to decode keyboard-interactive 'language tag' "
|
|
"request field"}},
|
|
};
|
|
|
|
#define FAILED_MALLOC_TEST_CASES_LEN 2
|
|
static const struct test_case
|
|
failed_malloc_test_cases[FAILED_MALLOC_TEST_CASES_LEN] = {
|
|
/* malloc fail */
|
|
{
|
|
"<"
|
|
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"
|
|
"\0\0\0\x0aPassword: \0", 32,
|
|
{FAIL, -6,
|
|
"Unable to allocate memory for "
|
|
"keyboard-interactive prompts array"}},
|
|
/* malloc fail */
|
|
{
|
|
"<"
|
|
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"
|
|
"\0\0\0\x0aPassword: \0", 32,
|
|
{FAIL, -6,
|
|
"Unable to allocate memory for "
|
|
"keyboard-interactive responses array"
|
|
}}
|
|
};
|
|
|
|
static int alloc_count = 0;
|
|
static int free_count = 0;
|
|
|
|
/* libssh2_default_alloc
|
|
*/
|
|
static
|
|
LIBSSH2_ALLOC_FUNC(test_alloc)
|
|
{
|
|
int *threshold_int_ptr = *abstract;
|
|
alloc_count++;
|
|
if(*abstract && *threshold_int_ptr == alloc_count) {
|
|
return NULL;
|
|
}
|
|
|
|
return malloc(count);
|
|
}
|
|
|
|
/* libssh2_default_free
|
|
*/
|
|
static
|
|
LIBSSH2_FREE_FUNC(test_free)
|
|
{
|
|
(void)abstract;
|
|
free_count++;
|
|
free(ptr);
|
|
}
|
|
|
|
static
|
|
int test_case(int num,
|
|
const char *data, int data_len, void *abstract,
|
|
struct expected expected)
|
|
{
|
|
int rc;
|
|
char *message;
|
|
int error_code;
|
|
LIBSSH2_SESSION *session;
|
|
|
|
alloc_count = 0;
|
|
free_count = 0;
|
|
|
|
session = libssh2_session_init_ex(test_alloc, test_free, NULL, abstract);
|
|
if(!session) {
|
|
fprintf(stderr, "libssh2_session_init_ex failed\n");
|
|
return 1;
|
|
}
|
|
|
|
session->userauth_kybd_data = LIBSSH2_ALLOC(session, data_len);
|
|
session->userauth_kybd_data_len = data_len;
|
|
memcpy(session->userauth_kybd_data, data, data_len);
|
|
|
|
rc = userauth_keyboard_interactive_decode_info_request(session);
|
|
|
|
if(rc != expected.rc) {
|
|
fprintf(stdout,
|
|
"Test case %d: expected return code to be %d got %d\n",
|
|
num, expected.rc, rc);
|
|
return 1;
|
|
}
|
|
|
|
error_code = libssh2_session_last_error(session, &message, NULL, 0);
|
|
|
|
if(expected.last_error_code != error_code) {
|
|
fprintf(stdout,
|
|
"Test case %d: expected last error code to be "
|
|
"\"%d\" got \"%d\"\n",
|
|
num, expected.last_error_code, error_code);
|
|
return 1;
|
|
}
|
|
|
|
if(strcmp(expected.last_error_message, message) != 0) {
|
|
fprintf(stdout,
|
|
"Test case %d: expected last error message to be "
|
|
"\"%s\" got \"%s\"\n",
|
|
num, expected.last_error_message, message);
|
|
return 1;
|
|
}
|
|
libssh2_session_free(session);
|
|
|
|
fprintf(stderr, "Test case %d passed\n", num);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int main(void)
|
|
{
|
|
int i;
|
|
|
|
for(i = 0; i < TEST_CASES_LEN; i++) {
|
|
test_case(i + 1,
|
|
test_cases[i].data,
|
|
test_cases[i].data_len,
|
|
NULL,
|
|
test_cases[i].expected);
|
|
}
|
|
|
|
for(i = 0; i < FAILED_MALLOC_TEST_CASES_LEN; i++) {
|
|
int tc = i + TEST_CASES_LEN + 1;
|
|
int malloc_call_num = 3 + i;
|
|
test_case(tc,
|
|
failed_malloc_test_cases[i].data,
|
|
failed_malloc_test_cases[i].data_len,
|
|
&malloc_call_num,
|
|
failed_malloc_test_cases[i].expected);
|
|
}
|
|
|
|
return 0;
|
|
}
|