| xf.li | 6c8fc1e | 2023-08-12 00:11:09 -0700 | [diff] [blame] | 1 | #!/usr/bin/env perl | 
|  | 2 | #*************************************************************************** | 
|  | 3 | #                                  _   _ ____  _ | 
|  | 4 | #  Project                     ___| | | |  _ \| | | 
|  | 5 | #                             / __| | | | |_) | | | 
|  | 6 | #                            | (__| |_| |  _ <| |___ | 
|  | 7 | #                             \___|\___/|_| \_\_____| | 
|  | 8 | # | 
|  | 9 | # Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. | 
|  | 10 | # | 
|  | 11 | # This software is licensed as described in the file COPYING, which | 
|  | 12 | # you should have received as part of this distribution. The terms | 
|  | 13 | # are also available at https://curl.se/docs/copyright.html. | 
|  | 14 | # | 
|  | 15 | # You may opt to use, copy, modify, merge, publish, distribute and/or sell | 
|  | 16 | # copies of the Software, and permit persons to whom the Software is | 
|  | 17 | # furnished to do so, under the terms of the COPYING file. | 
|  | 18 | # | 
|  | 19 | # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | 
|  | 20 | # KIND, either express or implied. | 
|  | 21 | # | 
|  | 22 | # SPDX-License-Identifier: curl | 
|  | 23 | # | 
|  | 24 | #*************************************************************************** | 
|  | 25 |  | 
|  | 26 | # Starts sshd for use in the SCP and SFTP curl test harness tests. | 
|  | 27 | # Also creates the ssh configuration files needed for these tests. | 
|  | 28 |  | 
|  | 29 | use strict; | 
|  | 30 | use warnings; | 
|  | 31 | use Cwd; | 
|  | 32 | use Cwd 'abs_path'; | 
|  | 33 | use Digest::MD5; | 
|  | 34 | use Digest::MD5 'md5_hex'; | 
|  | 35 | use Digest::SHA; | 
|  | 36 | use Digest::SHA 'sha256_base64'; | 
|  | 37 | use MIME::Base64; | 
|  | 38 |  | 
|  | 39 | #*************************************************************************** | 
|  | 40 | # Variables and subs imported from sshhelp module | 
|  | 41 | # | 
|  | 42 | use sshhelp qw( | 
|  | 43 | $sshdexe | 
|  | 44 | $sshexe | 
|  | 45 | $sftpsrvexe | 
|  | 46 | $sftpexe | 
|  | 47 | $sshkeygenexe | 
|  | 48 | $sshdconfig | 
|  | 49 | $sshconfig | 
|  | 50 | $sftpconfig | 
|  | 51 | $knownhosts | 
|  | 52 | $sshdlog | 
|  | 53 | $sshlog | 
|  | 54 | $sftplog | 
|  | 55 | $sftpcmds | 
|  | 56 | $hstprvkeyf | 
|  | 57 | $hstpubkeyf | 
|  | 58 | $hstpubmd5f | 
|  | 59 | $hstpubsha256f | 
|  | 60 | $cliprvkeyf | 
|  | 61 | $clipubkeyf | 
|  | 62 | display_sshdconfig | 
|  | 63 | display_sshconfig | 
|  | 64 | display_sftpconfig | 
|  | 65 | display_sshdlog | 
|  | 66 | display_sshlog | 
|  | 67 | display_sftplog | 
|  | 68 | dump_array | 
|  | 69 | find_sshd | 
|  | 70 | find_ssh | 
|  | 71 | find_sftpsrv | 
|  | 72 | find_sftp | 
|  | 73 | find_sshkeygen | 
|  | 74 | logmsg | 
|  | 75 | sshversioninfo | 
|  | 76 | ); | 
|  | 77 |  | 
|  | 78 | #*************************************************************************** | 
|  | 79 | # Subs imported from serverhelp module | 
|  | 80 | # | 
|  | 81 | use serverhelp qw( | 
|  | 82 | server_pidfilename | 
|  | 83 | server_logfilename | 
|  | 84 | ); | 
|  | 85 |  | 
|  | 86 | use pathhelp; | 
|  | 87 |  | 
|  | 88 | #*************************************************************************** | 
|  | 89 |  | 
|  | 90 | my $verbose = 0;              # set to 1 for debugging | 
|  | 91 | my $debugprotocol = 0;        # set to 1 for protocol debugging | 
|  | 92 | my $port = 8999;              # our default SCP/SFTP server port | 
|  | 93 | my $listenaddr = '127.0.0.1'; # default address on which to listen | 
|  | 94 | my $ipvnum = 4;               # default IP version of listener address | 
|  | 95 | my $idnum = 1;                # default ssh daemon instance number | 
|  | 96 | my $proto = 'ssh';            # protocol the ssh daemon speaks | 
|  | 97 | my $path = getcwd();          # current working directory | 
|  | 98 | my $logdir = $path .'/log';   # directory for log files | 
|  | 99 | my $username = $ENV{USER};    # default user | 
|  | 100 | my $pidfile;                  # ssh daemon pid file | 
|  | 101 | my $identity = 'curl_client_key'; # default identity file | 
|  | 102 |  | 
|  | 103 | my $error; | 
|  | 104 | my @cfgarr; | 
|  | 105 |  | 
|  | 106 |  | 
|  | 107 | #*************************************************************************** | 
|  | 108 | # Parse command line options | 
|  | 109 | # | 
|  | 110 | while(@ARGV) { | 
|  | 111 | if($ARGV[0] eq '--verbose') { | 
|  | 112 | $verbose = 1; | 
|  | 113 | } | 
|  | 114 | elsif($ARGV[0] eq '--debugprotocol') { | 
|  | 115 | $verbose = 1; | 
|  | 116 | $debugprotocol = 1; | 
|  | 117 | } | 
|  | 118 | elsif($ARGV[0] eq '--user') { | 
|  | 119 | if($ARGV[1]) { | 
|  | 120 | $username = $ARGV[1]; | 
|  | 121 | shift @ARGV; | 
|  | 122 | } | 
|  | 123 | } | 
|  | 124 | elsif($ARGV[0] eq '--id') { | 
|  | 125 | if($ARGV[1]) { | 
|  | 126 | if($ARGV[1] =~ /^(\d+)$/) { | 
|  | 127 | $idnum = $1 if($1 > 0); | 
|  | 128 | shift @ARGV; | 
|  | 129 | } | 
|  | 130 | } | 
|  | 131 | } | 
|  | 132 | elsif($ARGV[0] eq '--ipv4') { | 
|  | 133 | $ipvnum = 4; | 
|  | 134 | $listenaddr = '127.0.0.1' if($listenaddr eq '::1'); | 
|  | 135 | } | 
|  | 136 | elsif($ARGV[0] eq '--ipv6') { | 
|  | 137 | $ipvnum = 6; | 
|  | 138 | $listenaddr = '::1' if($listenaddr eq '127.0.0.1'); | 
|  | 139 | } | 
|  | 140 | elsif($ARGV[0] eq '--addr') { | 
|  | 141 | if($ARGV[1]) { | 
|  | 142 | my $tmpstr = $ARGV[1]; | 
|  | 143 | if($tmpstr =~ /^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/) { | 
|  | 144 | $listenaddr = "$1.$2.$3.$4" if($ipvnum == 4); | 
|  | 145 | shift @ARGV; | 
|  | 146 | } | 
|  | 147 | elsif($ipvnum == 6) { | 
|  | 148 | $listenaddr = $tmpstr; | 
|  | 149 | $listenaddr =~ s/^\[(.*)\]$/$1/; | 
|  | 150 | shift @ARGV; | 
|  | 151 | } | 
|  | 152 | } | 
|  | 153 | } | 
|  | 154 | elsif($ARGV[0] eq '--pidfile') { | 
|  | 155 | if($ARGV[1]) { | 
|  | 156 | $pidfile = "$path/". $ARGV[1]; | 
|  | 157 | shift @ARGV; | 
|  | 158 | } | 
|  | 159 | } | 
|  | 160 | elsif($ARGV[0] eq '--sshport') { | 
|  | 161 | if($ARGV[1]) { | 
|  | 162 | if($ARGV[1] =~ /^(\d+)$/) { | 
|  | 163 | $port = $1; | 
|  | 164 | shift @ARGV; | 
|  | 165 | } | 
|  | 166 | } | 
|  | 167 | } | 
|  | 168 | else { | 
|  | 169 | print STDERR "\nWarning: sshserver.pl unknown parameter: $ARGV[0]\n"; | 
|  | 170 | } | 
|  | 171 | shift @ARGV; | 
|  | 172 | } | 
|  | 173 |  | 
|  | 174 |  | 
|  | 175 | #*************************************************************************** | 
|  | 176 | # Default ssh daemon pid file name | 
|  | 177 | # | 
|  | 178 | if(!$pidfile) { | 
|  | 179 | $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum); | 
|  | 180 | } | 
|  | 181 |  | 
|  | 182 |  | 
|  | 183 | #*************************************************************************** | 
|  | 184 | # ssh and sftp server log file names | 
|  | 185 | # | 
|  | 186 | $sshdlog = server_logfilename($logdir, 'ssh', $ipvnum, $idnum); | 
|  | 187 | $sftplog = server_logfilename($logdir, 'sftp', $ipvnum, $idnum); | 
|  | 188 |  | 
|  | 189 |  | 
|  | 190 | #*************************************************************************** | 
|  | 191 | # Logging level for ssh server and client | 
|  | 192 | # | 
|  | 193 | my $loglevel = $debugprotocol?'DEBUG3':'DEBUG2'; | 
|  | 194 |  | 
|  | 195 |  | 
|  | 196 | #*************************************************************************** | 
|  | 197 | # Validate username | 
|  | 198 | # | 
|  | 199 | if(!$username) { | 
|  | 200 | $error = 'Will not run ssh server without a user name'; | 
|  | 201 | } | 
|  | 202 | elsif($username eq 'root') { | 
|  | 203 | $error = 'Will not run ssh server as root to mitigate security risks'; | 
|  | 204 | } | 
|  | 205 | if($error) { | 
|  | 206 | logmsg $error; | 
|  | 207 | exit 1; | 
|  | 208 | } | 
|  | 209 |  | 
|  | 210 |  | 
|  | 211 | #*************************************************************************** | 
|  | 212 | # Find out ssh daemon canonical file name | 
|  | 213 | # | 
|  | 214 | my $sshd = find_sshd(); | 
|  | 215 | if(!$sshd) { | 
|  | 216 | logmsg "cannot find $sshdexe"; | 
|  | 217 | exit 1; | 
|  | 218 | } | 
|  | 219 |  | 
|  | 220 |  | 
|  | 221 | #*************************************************************************** | 
|  | 222 | # Find out ssh daemon version info | 
|  | 223 | # | 
|  | 224 | my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd); | 
|  | 225 | if(!$sshdid) { | 
|  | 226 | # Not an OpenSSH or SunSSH ssh daemon | 
|  | 227 | logmsg $sshderror if($verbose); | 
|  | 228 | logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later'; | 
|  | 229 | exit 1; | 
|  | 230 | } | 
|  | 231 | logmsg "ssh server found $sshd is $sshdverstr" if($verbose); | 
|  | 232 |  | 
|  | 233 |  | 
|  | 234 | #*************************************************************************** | 
|  | 235 | #  ssh daemon command line options we might use and version support | 
|  | 236 | # | 
|  | 237 | #  -e:  log stderr           : OpenSSH 2.9.0 and later | 
|  | 238 | #  -f:  sshd config file     : OpenSSH 1.2.1 and later | 
|  | 239 | #  -D:  no daemon forking    : OpenSSH 2.5.0 and later | 
|  | 240 | #  -o:  command-line option  : OpenSSH 3.1.0 and later | 
|  | 241 | #  -t:  test config file     : OpenSSH 2.9.9 and later | 
|  | 242 | #  -?:  sshd version info    : OpenSSH 1.2.1 and later | 
|  | 243 | # | 
|  | 244 | #  -e:  log stderr           : SunSSH 1.0.0 and later | 
|  | 245 | #  -f:  sshd config file     : SunSSH 1.0.0 and later | 
|  | 246 | #  -D:  no daemon forking    : SunSSH 1.0.0 and later | 
|  | 247 | #  -o:  command-line option  : SunSSH 1.0.0 and later | 
|  | 248 | #  -t:  test config file     : SunSSH 1.0.0 and later | 
|  | 249 | #  -?:  sshd version info    : SunSSH 1.0.0 and later | 
|  | 250 |  | 
|  | 251 |  | 
|  | 252 | #*************************************************************************** | 
|  | 253 | # Verify minimum ssh daemon version | 
|  | 254 | # | 
|  | 255 | if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) || | 
|  | 256 | (($sshdid =~ /SunSSH/)  && ($sshdvernum < 100))) { | 
|  | 257 | logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later'; | 
|  | 258 | exit 1; | 
|  | 259 | } | 
|  | 260 |  | 
|  | 261 |  | 
|  | 262 | #*************************************************************************** | 
|  | 263 | # Find out sftp server plugin canonical file name | 
|  | 264 | # | 
|  | 265 | my $sftpsrv = find_sftpsrv(); | 
|  | 266 | if(!$sftpsrv) { | 
|  | 267 | logmsg "cannot find $sftpsrvexe"; | 
|  | 268 | exit 1; | 
|  | 269 | } | 
|  | 270 | logmsg "sftp server plugin found $sftpsrv" if($verbose); | 
|  | 271 |  | 
|  | 272 |  | 
|  | 273 | #*************************************************************************** | 
|  | 274 | # Find out sftp client canonical file name | 
|  | 275 | # | 
|  | 276 | my $sftp = find_sftp(); | 
|  | 277 | if(!$sftp) { | 
|  | 278 | logmsg "cannot find $sftpexe"; | 
|  | 279 | exit 1; | 
|  | 280 | } | 
|  | 281 | logmsg "sftp client found $sftp" if($verbose); | 
|  | 282 |  | 
|  | 283 |  | 
|  | 284 | #*************************************************************************** | 
|  | 285 | # Find out ssh keygen canonical file name | 
|  | 286 | # | 
|  | 287 | my $sshkeygen = find_sshkeygen(); | 
|  | 288 | if(!$sshkeygen) { | 
|  | 289 | logmsg "cannot find $sshkeygenexe"; | 
|  | 290 | exit 1; | 
|  | 291 | } | 
|  | 292 | logmsg "ssh keygen found $sshkeygen" if($verbose); | 
|  | 293 |  | 
|  | 294 |  | 
|  | 295 | #*************************************************************************** | 
|  | 296 | # Find out ssh client canonical file name | 
|  | 297 | # | 
|  | 298 | my $ssh = find_ssh(); | 
|  | 299 | if(!$ssh) { | 
|  | 300 | logmsg "cannot find $sshexe"; | 
|  | 301 | exit 1; | 
|  | 302 | } | 
|  | 303 |  | 
|  | 304 |  | 
|  | 305 | #*************************************************************************** | 
|  | 306 | # Find out ssh client version info | 
|  | 307 | # | 
|  | 308 | my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh); | 
|  | 309 | if(!$sshid) { | 
|  | 310 | # Not an OpenSSH or SunSSH ssh client | 
|  | 311 | logmsg $ssherror if($verbose); | 
|  | 312 | logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later'; | 
|  | 313 | exit 1; | 
|  | 314 | } | 
|  | 315 | logmsg "ssh client found $ssh is $sshverstr" if($verbose); | 
|  | 316 |  | 
|  | 317 |  | 
|  | 318 | #*************************************************************************** | 
|  | 319 | #  ssh client command line options we might use and version support | 
|  | 320 | # | 
|  | 321 | #  -D:  dynamic app port forwarding  : OpenSSH 2.9.9 and later | 
|  | 322 | #  -F:  ssh config file              : OpenSSH 2.9.9 and later | 
|  | 323 | #  -N:  no shell/command             : OpenSSH 2.1.0 and later | 
|  | 324 | #  -p:  connection port              : OpenSSH 1.2.1 and later | 
|  | 325 | #  -v:  verbose messages             : OpenSSH 1.2.1 and later | 
|  | 326 | # -vv:  increase verbosity           : OpenSSH 2.3.0 and later | 
|  | 327 | #  -V:  ssh version info             : OpenSSH 1.2.1 and later | 
|  | 328 | # | 
|  | 329 | #  -D:  dynamic app port forwarding  : SunSSH 1.0.0 and later | 
|  | 330 | #  -F:  ssh config file              : SunSSH 1.0.0 and later | 
|  | 331 | #  -N:  no shell/command             : SunSSH 1.0.0 and later | 
|  | 332 | #  -p:  connection port              : SunSSH 1.0.0 and later | 
|  | 333 | #  -v:  verbose messages             : SunSSH 1.0.0 and later | 
|  | 334 | # -vv:  increase verbosity           : SunSSH 1.0.0 and later | 
|  | 335 | #  -V:  ssh version info             : SunSSH 1.0.0 and later | 
|  | 336 |  | 
|  | 337 |  | 
|  | 338 | #*************************************************************************** | 
|  | 339 | # Verify minimum ssh client version | 
|  | 340 | # | 
|  | 341 | if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) || | 
|  | 342 | (($sshid =~ /SunSSH/)  && ($sshvernum < 100))) { | 
|  | 343 | logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later'; | 
|  | 344 | exit 1; | 
|  | 345 | } | 
|  | 346 |  | 
|  | 347 |  | 
|  | 348 | #*************************************************************************** | 
|  | 349 | #  ssh keygen command line options we actually use and version support | 
|  | 350 | # | 
|  | 351 | #  -C:  identity comment : OpenSSH 1.2.1 and later | 
|  | 352 | #  -f:  key filename     : OpenSSH 1.2.1 and later | 
|  | 353 | #  -N:  new passphrase   : OpenSSH 1.2.1 and later | 
|  | 354 | #  -q:  quiet keygen     : OpenSSH 1.2.1 and later | 
|  | 355 | #  -t:  key type         : OpenSSH 2.5.0 and later | 
|  | 356 | # | 
|  | 357 | #  -C:  identity comment : SunSSH 1.0.0 and later | 
|  | 358 | #  -f:  key filename     : SunSSH 1.0.0 and later | 
|  | 359 | #  -N:  new passphrase   : SunSSH 1.0.0 and later | 
|  | 360 | #  -q:  quiet keygen     : SunSSH 1.0.0 and later | 
|  | 361 | #  -t:  key type         : SunSSH 1.0.0 and later | 
|  | 362 |  | 
|  | 363 |  | 
|  | 364 | #*************************************************************************** | 
|  | 365 | # Generate host and client key files for curl's tests | 
|  | 366 | # | 
|  | 367 | if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || | 
|  | 368 | (! -e $hstpubkeyf) || (! -s $hstpubkeyf) || | 
|  | 369 | (! -e $hstpubmd5f) || (! -s $hstpubmd5f) || | 
|  | 370 | (! -e $hstpubsha256f) || (! -s $hstpubsha256f) || | 
|  | 371 | (! -e $cliprvkeyf) || (! -s $cliprvkeyf) || | 
|  | 372 | (! -e $clipubkeyf) || (! -s $clipubkeyf)) { | 
|  | 373 | # Make sure all files are gone so ssh-keygen doesn't complain | 
|  | 374 | unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $hstpubsha256f, | 
|  | 375 | $cliprvkeyf, $clipubkeyf); | 
|  | 376 | logmsg 'generating host keys...' if($verbose); | 
|  | 377 | if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") { | 
|  | 378 | logmsg 'Could not generate host key'; | 
|  | 379 | exit 1; | 
|  | 380 | } | 
|  | 381 | logmsg 'generating client keys...' if($verbose); | 
|  | 382 | if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") { | 
|  | 383 | logmsg 'Could not generate client key'; | 
|  | 384 | exit 1; | 
|  | 385 | } | 
|  | 386 | # Make sure that permissions are restricted so openssh doesn't complain | 
|  | 387 | system "chmod 600 $hstprvkeyf"; | 
|  | 388 | system "chmod 600 $cliprvkeyf"; | 
|  | 389 | # Save md5 and sha256 hashes of public host key | 
|  | 390 | open(RSAKEYFILE, "<$hstpubkeyf"); | 
|  | 391 | my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> }; | 
|  | 392 | close(RSAKEYFILE); | 
|  | 393 | if(!$rsahostkey[1]) { | 
|  | 394 | logmsg 'Failed parsing base64 encoded RSA host key'; | 
|  | 395 | exit 1; | 
|  | 396 | } | 
|  | 397 | open(PUBMD5FILE, ">$hstpubmd5f"); | 
|  | 398 | print PUBMD5FILE md5_hex(decode_base64($rsahostkey[1])); | 
|  | 399 | close(PUBMD5FILE); | 
|  | 400 | if((! -e $hstpubmd5f) || (! -s $hstpubmd5f)) { | 
|  | 401 | logmsg 'Failed writing md5 hash of RSA host key'; | 
|  | 402 | exit 1; | 
|  | 403 | } | 
|  | 404 | open(PUBSHA256FILE, ">$hstpubsha256f"); | 
|  | 405 | print PUBSHA256FILE sha256_base64(decode_base64($rsahostkey[1])); | 
|  | 406 | close(PUBSHA256FILE); | 
|  | 407 | if((! -e $hstpubsha256f) || (! -s $hstpubsha256f)) { | 
|  | 408 | logmsg 'Failed writing sha256 hash of RSA host key'; | 
|  | 409 | exit 1; | 
|  | 410 | } | 
|  | 411 | } | 
|  | 412 |  | 
|  | 413 |  | 
|  | 414 | #*************************************************************************** | 
|  | 415 | # Convert paths for curl's tests running on Windows with Cygwin/Msys OpenSSH | 
|  | 416 | # | 
|  | 417 | my $clipubkeyf_config = abs_path("$path/$clipubkeyf"); | 
|  | 418 | my $hstprvkeyf_config = abs_path("$path/$hstprvkeyf"); | 
|  | 419 | my $pidfile_config = $pidfile; | 
|  | 420 | my $sftpsrv_config = $sftpsrv; | 
|  | 421 |  | 
|  | 422 | if (pathhelp::os_is_win()) { | 
|  | 423 | # Ensure to use MinGW/Cygwin paths | 
|  | 424 | $clipubkeyf_config = pathhelp::build_sys_abs_path($clipubkeyf_config); | 
|  | 425 | $hstprvkeyf_config = pathhelp::build_sys_abs_path($hstprvkeyf_config); | 
|  | 426 | $pidfile_config = pathhelp::build_sys_abs_path($pidfile_config); | 
|  | 427 | $sftpsrv_config = "internal-sftp"; | 
|  | 428 | } | 
|  | 429 | if ($sshdid =~ /OpenSSH-Windows/) { | 
|  | 430 | # Ensure to use native Windows paths with OpenSSH for Windows | 
|  | 431 | $clipubkeyf_config = pathhelp::sys_native_abs_path($clipubkeyf); | 
|  | 432 | $hstprvkeyf_config = pathhelp::sys_native_abs_path($hstprvkeyf); | 
|  | 433 | $pidfile_config = pathhelp::sys_native_abs_path($pidfile); | 
|  | 434 | $sftpsrv_config = pathhelp::sys_native_abs_path($sftpsrv); | 
|  | 435 |  | 
|  | 436 | $sshdconfig = pathhelp::sys_native_abs_path($sshdconfig); | 
|  | 437 | $sshconfig = pathhelp::sys_native_abs_path($sshconfig); | 
|  | 438 | $sftpconfig = pathhelp::sys_native_abs_path($sftpconfig); | 
|  | 439 | } | 
|  | 440 |  | 
|  | 441 | #*************************************************************************** | 
|  | 442 | #  ssh daemon configuration file options we might use and version support | 
|  | 443 | # | 
|  | 444 | #  AFSTokenPassing                  : OpenSSH 1.2.1 and later [1] | 
|  | 445 | #  AddressFamily                    : OpenSSH 4.0.0 and later | 
|  | 446 | #  AllowTcpForwarding               : OpenSSH 2.3.0 and later | 
|  | 447 | #  AllowUsers                       : OpenSSH 1.2.1 and later | 
|  | 448 | #  AuthorizedKeysFile               : OpenSSH 2.9.9 and later | 
|  | 449 | #  AuthorizedKeysFile2              : OpenSSH 2.9.9 and later | 
|  | 450 | #  Banner                           : OpenSSH 2.5.0 and later | 
|  | 451 | #  ChallengeResponseAuthentication  : OpenSSH 2.5.0 and later | 
|  | 452 | #  Ciphers                          : OpenSSH 2.1.0 and later [3] | 
|  | 453 | #  ClientAliveCountMax              : OpenSSH 2.9.0 and later | 
|  | 454 | #  ClientAliveInterval              : OpenSSH 2.9.0 and later | 
|  | 455 | #  Compression                      : OpenSSH 3.3.0 and later | 
|  | 456 | #  DenyUsers                        : OpenSSH 1.2.1 and later | 
|  | 457 | #  ForceCommand                     : OpenSSH 4.4.0 and later [3] | 
|  | 458 | #  GatewayPorts                     : OpenSSH 2.1.0 and later | 
|  | 459 | #  GSSAPIAuthentication             : OpenSSH 3.7.0 and later [1] | 
|  | 460 | #  GSSAPICleanupCredentials         : OpenSSH 3.8.0 and later [1] | 
|  | 461 | #  GSSAPIKeyExchange                :  SunSSH 1.0.0 and later [1] | 
|  | 462 | #  GSSAPIStoreDelegatedCredentials  :  SunSSH 1.0.0 and later [1] | 
|  | 463 | #  GSSCleanupCreds                  :  SunSSH 1.0.0 and later [1] | 
|  | 464 | #  GSSUseSessionCredCache           :  SunSSH 1.0.0 and later [1] | 
|  | 465 | #  HostbasedAuthentication          : OpenSSH 2.9.0 and later | 
|  | 466 | #  HostbasedUsesNameFromPacketOnly  : OpenSSH 2.9.0 and later | 
|  | 467 | #  HostKey                          : OpenSSH 1.2.1 and later | 
|  | 468 | #  IgnoreRhosts                     : OpenSSH 1.2.1 and later | 
|  | 469 | #  IgnoreUserKnownHosts             : OpenSSH 1.2.1 and later | 
|  | 470 | #  KbdInteractiveAuthentication     : OpenSSH 2.3.0 and later | 
|  | 471 | #  KeepAlive                        : OpenSSH 1.2.1 and later | 
|  | 472 | #  KerberosAuthentication           : OpenSSH 1.2.1 and later [1] | 
|  | 473 | #  KerberosGetAFSToken              : OpenSSH 3.8.0 and later [1] | 
|  | 474 | #  KerberosOrLocalPasswd            : OpenSSH 1.2.1 and later [1] | 
|  | 475 | #  KerberosTgtPassing               : OpenSSH 1.2.1 and later [1] | 
|  | 476 | #  KerberosTicketCleanup            : OpenSSH 1.2.1 and later [1] | 
|  | 477 | #  KeyRegenerationInterval          : OpenSSH 1.2.1 and later | 
|  | 478 | #  ListenAddress                    : OpenSSH 1.2.1 and later | 
|  | 479 | #  LoginGraceTime                   : OpenSSH 1.2.1 and later | 
|  | 480 | #  LogLevel                         : OpenSSH 1.2.1 and later | 
|  | 481 | #  LookupClientHostnames            :  SunSSH 1.0.0 and later | 
|  | 482 | #  MACs                             : OpenSSH 2.5.0 and later [3] | 
|  | 483 | #  Match                            : OpenSSH 4.4.0 and later [3] | 
|  | 484 | #  MaxAuthTries                     : OpenSSH 3.9.0 and later | 
|  | 485 | #  MaxStartups                      : OpenSSH 2.2.0 and later | 
|  | 486 | #  PAMAuthenticationViaKbdInt       : OpenSSH 2.9.0 and later [2] | 
|  | 487 | #  PasswordAuthentication           : OpenSSH 1.2.1 and later | 
|  | 488 | #  PermitEmptyPasswords             : OpenSSH 1.2.1 and later | 
|  | 489 | #  PermitOpen                       : OpenSSH 4.4.0 and later [3] | 
|  | 490 | #  PermitRootLogin                  : OpenSSH 1.2.1 and later | 
|  | 491 | #  PermitTunnel                     : OpenSSH 4.3.0 and later | 
|  | 492 | #  PermitUserEnvironment            : OpenSSH 3.5.0 and later | 
|  | 493 | #  PidFile                          : OpenSSH 2.1.0 and later | 
|  | 494 | #  Port                             : OpenSSH 1.2.1 and later | 
|  | 495 | #  PrintLastLog                     : OpenSSH 2.9.0 and later | 
|  | 496 | #  PrintMotd                        : OpenSSH 1.2.1 and later | 
|  | 497 | #  Protocol                         : OpenSSH 2.1.0 and later | 
|  | 498 | #  PubkeyAuthentication             : OpenSSH 2.5.0 and later | 
|  | 499 | #  RhostsAuthentication             : OpenSSH 1.2.1 and later | 
|  | 500 | #  RhostsRSAAuthentication          : OpenSSH 1.2.1 and later | 
|  | 501 | #  RSAAuthentication                : OpenSSH 1.2.1 and later | 
|  | 502 | #  ServerKeyBits                    : OpenSSH 1.2.1 and later | 
|  | 503 | #  SkeyAuthentication               : OpenSSH 1.2.1 and later [1] | 
|  | 504 | #  StrictModes                      : OpenSSH 1.2.1 and later | 
|  | 505 | #  Subsystem                        : OpenSSH 2.2.0 and later | 
|  | 506 | #  SyslogFacility                   : OpenSSH 1.2.1 and later | 
|  | 507 | #  TCPKeepAlive                     : OpenSSH 3.8.0 and later | 
|  | 508 | #  UseDNS                           : OpenSSH 3.7.0 and later | 
|  | 509 | #  UseLogin                         : OpenSSH 1.2.1 and later | 
|  | 510 | #  UsePAM                           : OpenSSH 3.7.0 and later [1][2] | 
|  | 511 | #  UsePrivilegeSeparation           : OpenSSH 3.2.2 and later | 
|  | 512 | #  VerifyReverseMapping             : OpenSSH 3.1.0 and later | 
|  | 513 | #  X11DisplayOffset                 : OpenSSH 1.2.1 and later [3] | 
|  | 514 | #  X11Forwarding                    : OpenSSH 1.2.1 and later | 
|  | 515 | #  X11UseLocalhost                  : OpenSSH 3.1.0 and later | 
|  | 516 | #  XAuthLocation                    : OpenSSH 2.1.1 and later [3] | 
|  | 517 | # | 
|  | 518 | #  [1] Option only available if activated at compile time | 
|  | 519 | #  [2] Option specific for portable versions | 
|  | 520 | #  [3] Option not used in our ssh server config file | 
|  | 521 |  | 
|  | 522 |  | 
|  | 523 | #*************************************************************************** | 
|  | 524 | # Initialize sshd config with options actually supported in OpenSSH 2.9.9 | 
|  | 525 | # | 
|  | 526 | logmsg 'generating ssh server config file...' if($verbose); | 
|  | 527 | @cfgarr = (); | 
|  | 528 | push @cfgarr, '# This is a generated file.  Do not edit.'; | 
|  | 529 | push @cfgarr, "# $sshdverstr sshd configuration file for curl testing"; | 
|  | 530 | push @cfgarr, '#'; | 
|  | 531 |  | 
|  | 532 | # AllowUsers and DenyUsers options should use lowercase on Windows | 
|  | 533 | # and do not support quotes around values for some unknown reason. | 
|  | 534 | if ($sshdid =~ /OpenSSH-Windows/) { | 
|  | 535 | my $username_lc = lc $username; | 
|  | 536 | if (exists $ENV{USERDOMAIN}) { | 
|  | 537 | my $userdomain_lc = lc $ENV{USERDOMAIN}; | 
|  | 538 | $username_lc = "$userdomain_lc\\$username_lc"; | 
|  | 539 | } | 
|  | 540 | $username_lc =~ s/ /\?/g; # replace space with ? | 
|  | 541 | push @cfgarr, "DenyUsers !$username_lc"; | 
|  | 542 | push @cfgarr, "AllowUsers $username_lc"; | 
|  | 543 | } else { | 
|  | 544 | push @cfgarr, "DenyUsers !$username"; | 
|  | 545 | push @cfgarr, "AllowUsers $username"; | 
|  | 546 | } | 
|  | 547 |  | 
|  | 548 | push @cfgarr, "AuthorizedKeysFile $clipubkeyf_config"; | 
|  | 549 | push @cfgarr, "AuthorizedKeysFile2 $clipubkeyf_config"; | 
|  | 550 | push @cfgarr, "HostKey $hstprvkeyf_config"; | 
|  | 551 | if ($sshdid !~ /OpenSSH-Windows/) { | 
|  | 552 | push @cfgarr, "PidFile $pidfile_config"; | 
|  | 553 | } | 
|  | 554 | push @cfgarr, '#'; | 
|  | 555 | push @cfgarr, "Port $port"; | 
|  | 556 | push @cfgarr, "ListenAddress $listenaddr"; | 
|  | 557 | push @cfgarr, 'Protocol 2'; | 
|  | 558 | push @cfgarr, '#'; | 
|  | 559 | push @cfgarr, 'AllowTcpForwarding yes'; | 
|  | 560 | push @cfgarr, 'Banner none'; | 
|  | 561 | push @cfgarr, 'ChallengeResponseAuthentication no'; | 
|  | 562 | push @cfgarr, 'ClientAliveCountMax 3'; | 
|  | 563 | push @cfgarr, 'ClientAliveInterval 0'; | 
|  | 564 | push @cfgarr, 'GatewayPorts no'; | 
|  | 565 | push @cfgarr, 'HostbasedAuthentication no'; | 
|  | 566 | push @cfgarr, 'HostbasedUsesNameFromPacketOnly no'; | 
|  | 567 | push @cfgarr, 'IgnoreRhosts yes'; | 
|  | 568 | push @cfgarr, 'IgnoreUserKnownHosts yes'; | 
|  | 569 | push @cfgarr, 'KeyRegenerationInterval 0'; | 
|  | 570 | push @cfgarr, 'LoginGraceTime 30'; | 
|  | 571 | push @cfgarr, "LogLevel $loglevel"; | 
|  | 572 | push @cfgarr, 'MaxStartups 5'; | 
|  | 573 | push @cfgarr, 'PasswordAuthentication no'; | 
|  | 574 | push @cfgarr, 'PermitEmptyPasswords no'; | 
|  | 575 | push @cfgarr, 'PermitRootLogin no'; | 
|  | 576 | push @cfgarr, 'PrintLastLog no'; | 
|  | 577 | push @cfgarr, 'PrintMotd no'; | 
|  | 578 | push @cfgarr, 'PubkeyAuthentication yes'; | 
|  | 579 | push @cfgarr, 'RhostsRSAAuthentication no'; | 
|  | 580 | push @cfgarr, 'RSAAuthentication no'; | 
|  | 581 | push @cfgarr, 'ServerKeyBits 768'; | 
|  | 582 | push @cfgarr, 'StrictModes no'; | 
|  | 583 | push @cfgarr, "Subsystem sftp \"$sftpsrv_config\""; | 
|  | 584 | push @cfgarr, 'SyslogFacility AUTH'; | 
|  | 585 | push @cfgarr, 'UseLogin no'; | 
|  | 586 | push @cfgarr, 'X11Forwarding no'; | 
|  | 587 | push @cfgarr, '#'; | 
|  | 588 |  | 
|  | 589 |  | 
|  | 590 | #*************************************************************************** | 
|  | 591 | # Write out initial sshd configuration file for curl's tests | 
|  | 592 | # | 
|  | 593 | $error = dump_array($sshdconfig, @cfgarr); | 
|  | 594 | if($error) { | 
|  | 595 | logmsg $error; | 
|  | 596 | exit 1; | 
|  | 597 | } | 
|  | 598 |  | 
|  | 599 |  | 
|  | 600 | #*************************************************************************** | 
|  | 601 | # Verifies at run time if sshd supports a given configuration file option | 
|  | 602 | # | 
|  | 603 | sub sshd_supports_opt { | 
|  | 604 | my ($option, $value) = @_; | 
|  | 605 | my $err; | 
|  | 606 | # | 
|  | 607 | if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) || | 
|  | 608 | ($sshdid =~ /SunSSH/)) { | 
|  | 609 | # ssh daemon supports command line options -t -f and -o | 
|  | 610 | $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/, | 
|  | 611 | qx("$sshd" -t -f $sshdconfig -o "$option=$value" 2>&1); | 
|  | 612 | return !$err; | 
|  | 613 | } | 
|  | 614 | if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) { | 
|  | 615 | # ssh daemon supports command line options -t and -f | 
|  | 616 | $err = dump_array($sshdconfig, (@cfgarr, "$option $value")); | 
|  | 617 | if($err) { | 
|  | 618 | logmsg $err; | 
|  | 619 | return 0; | 
|  | 620 | } | 
|  | 621 | $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/, | 
|  | 622 | qx("$sshd" -t -f $sshdconfig 2>&1); | 
|  | 623 | unlink $sshdconfig; | 
|  | 624 | return !$err; | 
|  | 625 | } | 
|  | 626 | return 0; | 
|  | 627 | } | 
|  | 628 |  | 
|  | 629 |  | 
|  | 630 | #*************************************************************************** | 
|  | 631 | # Kerberos Authentication support may have not been built into sshd | 
|  | 632 | # | 
|  | 633 | if(sshd_supports_opt('KerberosAuthentication','no')) { | 
|  | 634 | push @cfgarr, 'KerberosAuthentication no'; | 
|  | 635 | } | 
|  | 636 | if(sshd_supports_opt('KerberosGetAFSToken','no')) { | 
|  | 637 | push @cfgarr, 'KerberosGetAFSToken no'; | 
|  | 638 | } | 
|  | 639 | if(sshd_supports_opt('KerberosOrLocalPasswd','no')) { | 
|  | 640 | push @cfgarr, 'KerberosOrLocalPasswd no'; | 
|  | 641 | } | 
|  | 642 | if(sshd_supports_opt('KerberosTgtPassing','no')) { | 
|  | 643 | push @cfgarr, 'KerberosTgtPassing no'; | 
|  | 644 | } | 
|  | 645 | if(sshd_supports_opt('KerberosTicketCleanup','yes')) { | 
|  | 646 | push @cfgarr, 'KerberosTicketCleanup yes'; | 
|  | 647 | } | 
|  | 648 |  | 
|  | 649 |  | 
|  | 650 | #*************************************************************************** | 
|  | 651 | # Andrew File System support may have not been built into sshd | 
|  | 652 | # | 
|  | 653 | if(sshd_supports_opt('AFSTokenPassing','no')) { | 
|  | 654 | push @cfgarr, 'AFSTokenPassing no'; | 
|  | 655 | } | 
|  | 656 |  | 
|  | 657 |  | 
|  | 658 | #*************************************************************************** | 
|  | 659 | # S/Key authentication support may have not been built into sshd | 
|  | 660 | # | 
|  | 661 | if(sshd_supports_opt('SkeyAuthentication','no')) { | 
|  | 662 | push @cfgarr, 'SkeyAuthentication no'; | 
|  | 663 | } | 
|  | 664 |  | 
|  | 665 |  | 
|  | 666 | #*************************************************************************** | 
|  | 667 | # GSSAPI Authentication support may have not been built into sshd | 
|  | 668 | # | 
|  | 669 | my $sshd_builtwith_GSSAPI; | 
|  | 670 | if(sshd_supports_opt('GSSAPIAuthentication','no')) { | 
|  | 671 | push @cfgarr, 'GSSAPIAuthentication no'; | 
|  | 672 | $sshd_builtwith_GSSAPI = 1; | 
|  | 673 | } | 
|  | 674 | if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) { | 
|  | 675 | push @cfgarr, 'GSSAPICleanupCredentials yes'; | 
|  | 676 | } | 
|  | 677 | if(sshd_supports_opt('GSSAPIKeyExchange','no')) { | 
|  | 678 | push @cfgarr, 'GSSAPIKeyExchange no'; | 
|  | 679 | } | 
|  | 680 | if(sshd_supports_opt('GSSAPIStoreDelegatedCredentials','no')) { | 
|  | 681 | push @cfgarr, 'GSSAPIStoreDelegatedCredentials no'; | 
|  | 682 | } | 
|  | 683 | if(sshd_supports_opt('GSSCleanupCreds','yes')) { | 
|  | 684 | push @cfgarr, 'GSSCleanupCreds yes'; | 
|  | 685 | } | 
|  | 686 | if(sshd_supports_opt('GSSUseSessionCredCache','no')) { | 
|  | 687 | push @cfgarr, 'GSSUseSessionCredCache no'; | 
|  | 688 | } | 
|  | 689 | push @cfgarr, '#'; | 
|  | 690 |  | 
|  | 691 |  | 
|  | 692 | #*************************************************************************** | 
|  | 693 | # Options that might be supported or not in sshd OpenSSH 2.9.9 and later | 
|  | 694 | # | 
|  | 695 | if(sshd_supports_opt('AddressFamily','any')) { | 
|  | 696 | # Address family must be specified before ListenAddress | 
|  | 697 | splice @cfgarr, 14, 0, 'AddressFamily any'; | 
|  | 698 | } | 
|  | 699 | if(sshd_supports_opt('Compression','no')) { | 
|  | 700 | push @cfgarr, 'Compression no'; | 
|  | 701 | } | 
|  | 702 | if(sshd_supports_opt('KbdInteractiveAuthentication','no')) { | 
|  | 703 | push @cfgarr, 'KbdInteractiveAuthentication no'; | 
|  | 704 | } | 
|  | 705 | if(sshd_supports_opt('KeepAlive','no')) { | 
|  | 706 | push @cfgarr, 'KeepAlive no'; | 
|  | 707 | } | 
|  | 708 | if(sshd_supports_opt('LookupClientHostnames','no')) { | 
|  | 709 | push @cfgarr, 'LookupClientHostnames no'; | 
|  | 710 | } | 
|  | 711 | if(sshd_supports_opt('MaxAuthTries','10')) { | 
|  | 712 | push @cfgarr, 'MaxAuthTries 10'; | 
|  | 713 | } | 
|  | 714 | if(sshd_supports_opt('PAMAuthenticationViaKbdInt','no')) { | 
|  | 715 | push @cfgarr, 'PAMAuthenticationViaKbdInt no'; | 
|  | 716 | } | 
|  | 717 | if(sshd_supports_opt('PermitTunnel','no')) { | 
|  | 718 | push @cfgarr, 'PermitTunnel no'; | 
|  | 719 | } | 
|  | 720 | if(sshd_supports_opt('PermitUserEnvironment','no')) { | 
|  | 721 | push @cfgarr, 'PermitUserEnvironment no'; | 
|  | 722 | } | 
|  | 723 | if(sshd_supports_opt('RhostsAuthentication','no')) { | 
|  | 724 | push @cfgarr, 'RhostsAuthentication no'; | 
|  | 725 | } | 
|  | 726 | if(sshd_supports_opt('TCPKeepAlive','no')) { | 
|  | 727 | push @cfgarr, 'TCPKeepAlive no'; | 
|  | 728 | } | 
|  | 729 | if(sshd_supports_opt('UseDNS','no')) { | 
|  | 730 | push @cfgarr, 'UseDNS no'; | 
|  | 731 | } | 
|  | 732 | if(sshd_supports_opt('UsePAM','no')) { | 
|  | 733 | push @cfgarr, 'UsePAM no'; | 
|  | 734 | } | 
|  | 735 |  | 
|  | 736 | if($sshdid =~ /OpenSSH/) { | 
|  | 737 | # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415 | 
|  | 738 | if(sshd_supports_opt('UsePrivilegeSeparation','no')) { | 
|  | 739 | push @cfgarr, 'UsePrivilegeSeparation no'; | 
|  | 740 | } | 
|  | 741 | } | 
|  | 742 |  | 
|  | 743 | if(sshd_supports_opt('VerifyReverseMapping','no')) { | 
|  | 744 | push @cfgarr, 'VerifyReverseMapping no'; | 
|  | 745 | } | 
|  | 746 | if(sshd_supports_opt('X11UseLocalhost','yes')) { | 
|  | 747 | push @cfgarr, 'X11UseLocalhost yes'; | 
|  | 748 | } | 
|  | 749 | push @cfgarr, '#'; | 
|  | 750 |  | 
|  | 751 |  | 
|  | 752 | #*************************************************************************** | 
|  | 753 | # Write out resulting sshd configuration file for curl's tests | 
|  | 754 | # | 
|  | 755 | $error = dump_array($sshdconfig, @cfgarr); | 
|  | 756 | if($error) { | 
|  | 757 | logmsg $error; | 
|  | 758 | exit 1; | 
|  | 759 | } | 
|  | 760 |  | 
|  | 761 |  | 
|  | 762 | #*************************************************************************** | 
|  | 763 | # Verify that sshd actually supports our generated configuration file | 
|  | 764 | # | 
|  | 765 | if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") { | 
|  | 766 | logmsg "sshd configuration file $sshdconfig failed verification"; | 
|  | 767 | display_sshdlog(); | 
|  | 768 | display_sshdconfig(); | 
|  | 769 | exit 1; | 
|  | 770 | } | 
|  | 771 |  | 
|  | 772 |  | 
|  | 773 | #*************************************************************************** | 
|  | 774 | # Generate ssh client host key database file for curl's tests | 
|  | 775 | # | 
|  | 776 | if((! -e $knownhosts) || (! -s $knownhosts)) { | 
|  | 777 | logmsg 'generating ssh client known hosts file...' if($verbose); | 
|  | 778 | unlink($knownhosts); | 
|  | 779 | if(open(RSAKEYFILE, "<$hstpubkeyf")) { | 
|  | 780 | my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> }; | 
|  | 781 | if(close(RSAKEYFILE)) { | 
|  | 782 | if(open(KNOWNHOSTS, ">$knownhosts")) { | 
|  | 783 | print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n"; | 
|  | 784 | if(!close(KNOWNHOSTS)) { | 
|  | 785 | $error = "Error: cannot close file $knownhosts"; | 
|  | 786 | } | 
|  | 787 | } | 
|  | 788 | else { | 
|  | 789 | $error = "Error: cannot write file $knownhosts"; | 
|  | 790 | } | 
|  | 791 | } | 
|  | 792 | else { | 
|  | 793 | $error = "Error: cannot close file $hstpubkeyf"; | 
|  | 794 | } | 
|  | 795 | } | 
|  | 796 | else { | 
|  | 797 | $error = "Error: cannot read file $hstpubkeyf"; | 
|  | 798 | } | 
|  | 799 | if($error) { | 
|  | 800 | logmsg $error; | 
|  | 801 | exit 1; | 
|  | 802 | } | 
|  | 803 | } | 
|  | 804 |  | 
|  | 805 |  | 
|  | 806 | #*************************************************************************** | 
|  | 807 | # Convert paths for curl's tests running on Windows using Cygwin OpenSSH | 
|  | 808 | # | 
|  | 809 | my $identity_config = abs_path("$path/$identity"); | 
|  | 810 | my $knownhosts_config = abs_path("$path/$knownhosts"); | 
|  | 811 |  | 
|  | 812 | if (pathhelp::os_is_win()) { | 
|  | 813 | # Ensure to use MinGW/Cygwin paths | 
|  | 814 | $identity_config = pathhelp::build_sys_abs_path($identity_config); | 
|  | 815 | $knownhosts_config = pathhelp::build_sys_abs_path($knownhosts_config); | 
|  | 816 | } | 
|  | 817 | if ($sshdid =~ /OpenSSH-Windows/) { | 
|  | 818 | # Ensure to use native Windows paths with OpenSSH for Windows | 
|  | 819 | $identity_config = pathhelp::sys_native_abs_path($identity); | 
|  | 820 | $knownhosts_config = pathhelp::sys_native_abs_path($knownhosts); | 
|  | 821 | } | 
|  | 822 |  | 
|  | 823 | #*************************************************************************** | 
|  | 824 | #  ssh client configuration file options we might use and version support | 
|  | 825 | # | 
|  | 826 | #  AddressFamily                     : OpenSSH 3.7.0 and later | 
|  | 827 | #  BatchMode                         : OpenSSH 1.2.1 and later | 
|  | 828 | #  BindAddress                       : OpenSSH 2.9.9 and later | 
|  | 829 | #  ChallengeResponseAuthentication   : OpenSSH 2.5.0 and later | 
|  | 830 | #  CheckHostIP                       : OpenSSH 1.2.1 and later | 
|  | 831 | #  Cipher                            : OpenSSH 1.2.1 and later [3] | 
|  | 832 | #  Ciphers                           : OpenSSH 2.1.0 and later [3] | 
|  | 833 | #  ClearAllForwardings               : OpenSSH 2.9.9 and later | 
|  | 834 | #  Compression                       : OpenSSH 1.2.1 and later | 
|  | 835 | #  CompressionLevel                  : OpenSSH 1.2.1 and later [3] | 
|  | 836 | #  ConnectionAttempts                : OpenSSH 1.2.1 and later | 
|  | 837 | #  ConnectTimeout                    : OpenSSH 3.7.0 and later | 
|  | 838 | #  ControlMaster                     : OpenSSH 3.9.0 and later | 
|  | 839 | #  ControlPath                       : OpenSSH 3.9.0 and later | 
|  | 840 | #  DisableBanner                     :  SunSSH 1.2.0 and later | 
|  | 841 | #  DynamicForward                    : OpenSSH 2.9.0 and later | 
|  | 842 | #  EnableSSHKeysign                  : OpenSSH 3.6.0 and later | 
|  | 843 | #  EscapeChar                        : OpenSSH 1.2.1 and later [3] | 
|  | 844 | #  ExitOnForwardFailure              : OpenSSH 4.4.0 and later | 
|  | 845 | #  ForwardAgent                      : OpenSSH 1.2.1 and later | 
|  | 846 | #  ForwardX11                        : OpenSSH 1.2.1 and later | 
|  | 847 | #  ForwardX11Trusted                 : OpenSSH 3.8.0 and later | 
|  | 848 | #  GatewayPorts                      : OpenSSH 1.2.1 and later | 
|  | 849 | #  GlobalKnownHostsFile              : OpenSSH 1.2.1 and later | 
|  | 850 | #  GSSAPIAuthentication              : OpenSSH 3.7.0 and later [1] | 
|  | 851 | #  GSSAPIDelegateCredentials         : OpenSSH 3.7.0 and later [1] | 
|  | 852 | #  HashKnownHosts                    : OpenSSH 4.0.0 and later | 
|  | 853 | #  Host                              : OpenSSH 1.2.1 and later | 
|  | 854 | #  HostbasedAuthentication           : OpenSSH 2.9.0 and later | 
|  | 855 | #  HostKeyAlgorithms                 : OpenSSH 2.9.0 and later [3] | 
|  | 856 | #  HostKeyAlias                      : OpenSSH 2.5.0 and later [3] | 
|  | 857 | #  HostName                          : OpenSSH 1.2.1 and later | 
|  | 858 | #  IdentitiesOnly                    : OpenSSH 3.9.0 and later | 
|  | 859 | #  IdentityFile                      : OpenSSH 1.2.1 and later | 
|  | 860 | #  IgnoreIfUnknown                   :  SunSSH 1.2.0 and later | 
|  | 861 | #  KeepAlive                         : OpenSSH 1.2.1 and later | 
|  | 862 | #  KbdInteractiveAuthentication      : OpenSSH 2.3.0 and later | 
|  | 863 | #  KbdInteractiveDevices             : OpenSSH 2.3.0 and later [3] | 
|  | 864 | #  LocalCommand                      : OpenSSH 4.3.0 and later [3] | 
|  | 865 | #  LocalForward                      : OpenSSH 1.2.1 and later [3] | 
|  | 866 | #  LogLevel                          : OpenSSH 1.2.1 and later | 
|  | 867 | #  MACs                              : OpenSSH 2.5.0 and later [3] | 
|  | 868 | #  NoHostAuthenticationForLocalhost  : OpenSSH 3.0.0 and later | 
|  | 869 | #  NumberOfPasswordPrompts           : OpenSSH 1.2.1 and later | 
|  | 870 | #  PasswordAuthentication            : OpenSSH 1.2.1 and later | 
|  | 871 | #  PermitLocalCommand                : OpenSSH 4.3.0 and later | 
|  | 872 | #  Port                              : OpenSSH 1.2.1 and later | 
|  | 873 | #  PreferredAuthentications          : OpenSSH 2.5.2 and later | 
|  | 874 | #  Protocol                          : OpenSSH 2.1.0 and later | 
|  | 875 | #  ProxyCommand                      : OpenSSH 1.2.1 and later [3] | 
|  | 876 | #  PubkeyAuthentication              : OpenSSH 2.5.0 and later | 
|  | 877 | #  RekeyLimit                        : OpenSSH 3.7.0 and later | 
|  | 878 | #  RemoteForward                     : OpenSSH 1.2.1 and later [3] | 
|  | 879 | #  RhostsRSAAuthentication           : OpenSSH 1.2.1 and later | 
|  | 880 | #  RSAAuthentication                 : OpenSSH 1.2.1 and later | 
|  | 881 | #  ServerAliveCountMax               : OpenSSH 3.8.0 and later | 
|  | 882 | #  ServerAliveInterval               : OpenSSH 3.8.0 and later | 
|  | 883 | #  SmartcardDevice                   : OpenSSH 2.9.9 and later [1][3] | 
|  | 884 | #  StrictHostKeyChecking             : OpenSSH 1.2.1 and later | 
|  | 885 | #  TCPKeepAlive                      : OpenSSH 3.8.0 and later | 
|  | 886 | #  Tunnel                            : OpenSSH 4.3.0 and later | 
|  | 887 | #  TunnelDevice                      : OpenSSH 4.3.0 and later [3] | 
|  | 888 | #  UsePAM                            : OpenSSH 3.7.0 and later [1][2][3] | 
|  | 889 | #  UsePrivilegedPort                 : OpenSSH 1.2.1 and later | 
|  | 890 | #  User                              : OpenSSH 1.2.1 and later | 
|  | 891 | #  UserKnownHostsFile                : OpenSSH 1.2.1 and later | 
|  | 892 | #  VerifyHostKeyDNS                  : OpenSSH 3.8.0 and later | 
|  | 893 | #  XAuthLocation                     : OpenSSH 2.1.1 and later [3] | 
|  | 894 | # | 
|  | 895 | #  [1] Option only available if activated at compile time | 
|  | 896 | #  [2] Option specific for portable versions | 
|  | 897 | #  [3] Option not used in our ssh client config file | 
|  | 898 |  | 
|  | 899 |  | 
|  | 900 | #*************************************************************************** | 
|  | 901 | # Initialize ssh config with options actually supported in OpenSSH 2.9.9 | 
|  | 902 | # | 
|  | 903 | logmsg 'generating ssh client config file...' if($verbose); | 
|  | 904 | @cfgarr = (); | 
|  | 905 | push @cfgarr, '# This is a generated file.  Do not edit.'; | 
|  | 906 | push @cfgarr, "# $sshverstr ssh client configuration file for curl testing"; | 
|  | 907 | push @cfgarr, '#'; | 
|  | 908 | push @cfgarr, 'Host *'; | 
|  | 909 | push @cfgarr, '#'; | 
|  | 910 | push @cfgarr, "Port $port"; | 
|  | 911 | push @cfgarr, "HostName $listenaddr"; | 
|  | 912 | push @cfgarr, "User $username"; | 
|  | 913 | push @cfgarr, 'Protocol 2'; | 
|  | 914 | push @cfgarr, '#'; | 
|  | 915 |  | 
|  | 916 | # BindAddress option is not supported by OpenSSH for Windows | 
|  | 917 | if (!($sshdid =~ /OpenSSH-Windows/)) { | 
|  | 918 | push @cfgarr, "BindAddress $listenaddr"; | 
|  | 919 | } | 
|  | 920 |  | 
|  | 921 | push @cfgarr, '#'; | 
|  | 922 | push @cfgarr, "IdentityFile $identity_config"; | 
|  | 923 | push @cfgarr, "UserKnownHostsFile $knownhosts_config"; | 
|  | 924 | push @cfgarr, '#'; | 
|  | 925 | push @cfgarr, 'BatchMode yes'; | 
|  | 926 | push @cfgarr, 'ChallengeResponseAuthentication no'; | 
|  | 927 | push @cfgarr, 'CheckHostIP no'; | 
|  | 928 | push @cfgarr, 'ClearAllForwardings no'; | 
|  | 929 | push @cfgarr, 'Compression no'; | 
|  | 930 | push @cfgarr, 'ConnectionAttempts 3'; | 
|  | 931 | push @cfgarr, 'ForwardAgent no'; | 
|  | 932 | push @cfgarr, 'ForwardX11 no'; | 
|  | 933 | push @cfgarr, 'GatewayPorts no'; | 
|  | 934 | push @cfgarr, 'GlobalKnownHostsFile /dev/null'; | 
|  | 935 | push @cfgarr, 'HostbasedAuthentication no'; | 
|  | 936 | push @cfgarr, 'KbdInteractiveAuthentication no'; | 
|  | 937 | push @cfgarr, "LogLevel $loglevel"; | 
|  | 938 | push @cfgarr, 'NumberOfPasswordPrompts 0'; | 
|  | 939 | push @cfgarr, 'PasswordAuthentication no'; | 
|  | 940 | push @cfgarr, 'PreferredAuthentications publickey'; | 
|  | 941 | push @cfgarr, 'PubkeyAuthentication yes'; | 
|  | 942 |  | 
|  | 943 | # RSA authentication options are not supported by OpenSSH for Windows | 
|  | 944 | if (!($sshdid =~ /OpenSSH-Windows/)) { | 
|  | 945 | push @cfgarr, 'RhostsRSAAuthentication no'; | 
|  | 946 | push @cfgarr, 'RSAAuthentication no'; | 
|  | 947 | } | 
|  | 948 |  | 
|  | 949 | # Disabled StrictHostKeyChecking since it makes the tests fail on my | 
|  | 950 | # OpenSSH_6.0p1 on Debian Linux / Daniel | 
|  | 951 | push @cfgarr, 'StrictHostKeyChecking no'; | 
|  | 952 | push @cfgarr, 'UsePrivilegedPort no'; | 
|  | 953 | push @cfgarr, '#'; | 
|  | 954 |  | 
|  | 955 |  | 
|  | 956 | #*************************************************************************** | 
|  | 957 | # Options supported in ssh client newer than OpenSSH 2.9.9 | 
|  | 958 | # | 
|  | 959 |  | 
|  | 960 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) { | 
|  | 961 | push @cfgarr, 'AddressFamily any'; | 
|  | 962 | } | 
|  | 963 |  | 
|  | 964 | if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) || | 
|  | 965 | (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { | 
|  | 966 | push @cfgarr, 'ConnectTimeout 30'; | 
|  | 967 | } | 
|  | 968 |  | 
|  | 969 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { | 
|  | 970 | push @cfgarr, 'ControlMaster no'; | 
|  | 971 | } | 
|  | 972 |  | 
|  | 973 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) { | 
|  | 974 | push @cfgarr, 'ControlPath none'; | 
|  | 975 | } | 
|  | 976 |  | 
|  | 977 | if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) { | 
|  | 978 | push @cfgarr, 'DisableBanner yes'; | 
|  | 979 | } | 
|  | 980 |  | 
|  | 981 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) { | 
|  | 982 | push @cfgarr, 'EnableSSHKeysign no'; | 
|  | 983 | } | 
|  | 984 |  | 
|  | 985 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) { | 
|  | 986 | push @cfgarr, 'ExitOnForwardFailure yes'; | 
|  | 987 | } | 
|  | 988 |  | 
|  | 989 | if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) || | 
|  | 990 | (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { | 
|  | 991 | push @cfgarr, 'ForwardX11Trusted no'; | 
|  | 992 | } | 
|  | 993 |  | 
|  | 994 | if(($sshd_builtwith_GSSAPI) && ($sshdid eq $sshid) && | 
|  | 995 | ($sshdvernum == $sshvernum)) { | 
|  | 996 | push @cfgarr, 'GSSAPIAuthentication no'; | 
|  | 997 | push @cfgarr, 'GSSAPIDelegateCredentials no'; | 
|  | 998 | if($sshid =~ /SunSSH/) { | 
|  | 999 | push @cfgarr, 'GSSAPIKeyExchange no'; | 
|  | 1000 | } | 
|  | 1001 | } | 
|  | 1002 |  | 
|  | 1003 | if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) || | 
|  | 1004 | (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { | 
|  | 1005 | push @cfgarr, 'HashKnownHosts no'; | 
|  | 1006 | } | 
|  | 1007 |  | 
|  | 1008 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { | 
|  | 1009 | push @cfgarr, 'IdentitiesOnly yes'; | 
|  | 1010 | } | 
|  | 1011 |  | 
|  | 1012 | if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) { | 
|  | 1013 | push @cfgarr, 'IgnoreIfUnknown no'; | 
|  | 1014 | } | 
|  | 1015 |  | 
|  | 1016 | if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) || | 
|  | 1017 | ($sshid =~ /SunSSH/)) { | 
|  | 1018 | push @cfgarr, 'KeepAlive no'; | 
|  | 1019 | } | 
|  | 1020 |  | 
|  | 1021 | if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) || | 
|  | 1022 | ($sshid =~ /SunSSH/)) { | 
|  | 1023 | push @cfgarr, 'NoHostAuthenticationForLocalhost no'; | 
|  | 1024 | } | 
|  | 1025 |  | 
|  | 1026 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) { | 
|  | 1027 | push @cfgarr, 'PermitLocalCommand no'; | 
|  | 1028 | } | 
|  | 1029 |  | 
|  | 1030 | if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) || | 
|  | 1031 | (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { | 
|  | 1032 | push @cfgarr, 'RekeyLimit 1G'; | 
|  | 1033 | } | 
|  | 1034 |  | 
|  | 1035 | if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) || | 
|  | 1036 | (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { | 
|  | 1037 | push @cfgarr, 'ServerAliveCountMax 3'; | 
|  | 1038 | push @cfgarr, 'ServerAliveInterval 0'; | 
|  | 1039 | } | 
|  | 1040 |  | 
|  | 1041 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) { | 
|  | 1042 | push @cfgarr, 'TCPKeepAlive no'; | 
|  | 1043 | } | 
|  | 1044 |  | 
|  | 1045 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) { | 
|  | 1046 | push @cfgarr, 'Tunnel no'; | 
|  | 1047 | } | 
|  | 1048 |  | 
|  | 1049 | if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) { | 
|  | 1050 | push @cfgarr, 'VerifyHostKeyDNS no'; | 
|  | 1051 | } | 
|  | 1052 |  | 
|  | 1053 | push @cfgarr, '#'; | 
|  | 1054 |  | 
|  | 1055 |  | 
|  | 1056 | #*************************************************************************** | 
|  | 1057 | # Write out resulting ssh client configuration file for curl's tests | 
|  | 1058 | # | 
|  | 1059 | $error = dump_array($sshconfig, @cfgarr); | 
|  | 1060 | if($error) { | 
|  | 1061 | logmsg $error; | 
|  | 1062 | exit 1; | 
|  | 1063 | } | 
|  | 1064 |  | 
|  | 1065 |  | 
|  | 1066 | #*************************************************************************** | 
|  | 1067 | # Initialize client sftp config with options actually supported. | 
|  | 1068 | # | 
|  | 1069 | logmsg 'generating sftp client config file...' if($verbose); | 
|  | 1070 | splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing"; | 
|  | 1071 | # | 
|  | 1072 | for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) { | 
|  | 1073 | if($cfgarr[$i] =~ /^DynamicForward/) { | 
|  | 1074 | splice @cfgarr, $i, 1; | 
|  | 1075 | next; | 
|  | 1076 | } | 
|  | 1077 | if($cfgarr[$i] =~ /^ClearAllForwardings/) { | 
|  | 1078 | splice @cfgarr, $i, 1, "ClearAllForwardings yes"; | 
|  | 1079 | next; | 
|  | 1080 | } | 
|  | 1081 | } | 
|  | 1082 |  | 
|  | 1083 |  | 
|  | 1084 | #*************************************************************************** | 
|  | 1085 | # Write out resulting sftp client configuration file for curl's tests | 
|  | 1086 | # | 
|  | 1087 | $error = dump_array($sftpconfig, @cfgarr); | 
|  | 1088 | if($error) { | 
|  | 1089 | logmsg $error; | 
|  | 1090 | exit 1; | 
|  | 1091 | } | 
|  | 1092 | @cfgarr = (); | 
|  | 1093 |  | 
|  | 1094 |  | 
|  | 1095 | #*************************************************************************** | 
|  | 1096 | # Generate client sftp commands batch file for sftp server verification | 
|  | 1097 | # | 
|  | 1098 | logmsg 'generating sftp client commands file...' if($verbose); | 
|  | 1099 | push @cfgarr, 'pwd'; | 
|  | 1100 | push @cfgarr, 'quit'; | 
|  | 1101 | $error = dump_array($sftpcmds, @cfgarr); | 
|  | 1102 | if($error) { | 
|  | 1103 | logmsg $error; | 
|  | 1104 | exit 1; | 
|  | 1105 | } | 
|  | 1106 | @cfgarr = (); | 
|  | 1107 |  | 
|  | 1108 | #*************************************************************************** | 
|  | 1109 | # Prepare command line of ssh server daemon | 
|  | 1110 | # | 
|  | 1111 | my $cmd = "\"$sshd\" -e -D -f $sshdconfig > $sshdlog 2>&1"; | 
|  | 1112 | logmsg "SCP/SFTP server listening on port $port" if($verbose); | 
|  | 1113 | logmsg "RUN: $cmd" if($verbose); | 
|  | 1114 |  | 
|  | 1115 | #*************************************************************************** | 
|  | 1116 | # Start the ssh server daemon on Windows without forking it | 
|  | 1117 | # | 
|  | 1118 | if ($sshdid =~ /OpenSSH-Windows/) { | 
|  | 1119 | # Fake pidfile for ssh server on Windows. | 
|  | 1120 | if(open(OUT, ">$pidfile")) { | 
|  | 1121 | print OUT $$ . "\n"; | 
|  | 1122 | close(OUT); | 
|  | 1123 | } | 
|  | 1124 |  | 
|  | 1125 | # Flush output. | 
|  | 1126 | $| = 1; | 
|  | 1127 |  | 
|  | 1128 | # Put an "exec" in front of the command so that the child process | 
|  | 1129 | # keeps this child's process ID by being tied to the spawned shell. | 
|  | 1130 | exec("exec $cmd") || die "Can't exec() $cmd: $!"; | 
|  | 1131 | # exec() will create a new process, but ties the existence of the | 
|  | 1132 | # new process to the parent waiting perl.exe and sh.exe processes. | 
|  | 1133 |  | 
|  | 1134 | # exec() should never return back here to this process. We protect | 
|  | 1135 | # ourselves by calling die() just in case something goes really bad. | 
|  | 1136 | die "error: exec() has returned"; | 
|  | 1137 | } | 
|  | 1138 |  | 
|  | 1139 | #*************************************************************************** | 
|  | 1140 | # Start the ssh server daemon without forking it | 
|  | 1141 | # | 
|  | 1142 | my $rc = system($cmd); | 
|  | 1143 | if($rc == -1) { | 
|  | 1144 | logmsg "\"$sshd\" failed with: $!"; | 
|  | 1145 | } | 
|  | 1146 | elsif($rc & 127) { | 
|  | 1147 | logmsg sprintf("\"$sshd\" died with signal %d, and %s coredump", | 
|  | 1148 | ($rc & 127), ($rc & 128)?'a':'no'); | 
|  | 1149 | } | 
|  | 1150 | elsif($verbose && ($rc >> 8)) { | 
|  | 1151 | logmsg sprintf("\"$sshd\" exited with %d", $rc >> 8); | 
|  | 1152 | } | 
|  | 1153 |  | 
|  | 1154 |  | 
|  | 1155 | #*************************************************************************** | 
|  | 1156 | # Clean up once the server has stopped | 
|  | 1157 | # | 
|  | 1158 | unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $hstpubsha256f, | 
|  | 1159 | $cliprvkeyf, $clipubkeyf, $knownhosts, | 
|  | 1160 | $sshdconfig, $sshconfig, $sftpconfig); | 
|  | 1161 |  | 
|  | 1162 | exit 0; |