package ProFTPD::Tests::Modules::mod_sftp; use lib qw(t/lib); use base qw(ProFTPD::TestSuite::Child); use strict; use Digest::MD5; use File::Copy; use File::Path qw(mkpath rmtree); use File::Spec; use IO::Handle; use IPC::Open3; use POSIX qw(:fcntl_h); use Socket; use ProFTPD::TestSuite::FTP; use ProFTPD::TestSuite::Utils qw(:auth :config :features :running :test :testsuite); $| = 1; my $order = 0; my $TESTS = { ssh2_connect_bad_version => { order => ++$order, test_class => [qw(bug forking ssh2)], }, ssh2_connect_timeout_login => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_kex_dh_group1_sha1 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_kex_dh_group14_sha1 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_kex_dh_gex_sha1 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_hostkey_rsa => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_hostkey_rsa_only => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_hostkey_dss => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_hostkey_dss_only => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_hostkey_dss_bug3634 => { order => ++$order, test_class => [qw(bug forking slow ssh2)], }, ssh2_cipher_c2s_aes256_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_c2s_aes192_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_c2s_aes128_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_c2s_blowfish_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_c2s_arcfour => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_c2s_cast128_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_c2s_3des_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_c2s_none => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_s2c_aes256_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_s2c_aes192_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_s2c_aes128_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_s2c_blowfish_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_s2c_arcfour => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_s2c_cast128_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_s2c_3des_cbc => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_cipher_s2c_none => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_c2s_hmac_sha1 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_c2s_hmac_sha1_96 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_c2s_hmac_md5 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_c2s_hmac_md5_96 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_c2s_hmac_ripemd160 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_c2s_none => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_s2c_hmac_sha1 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_s2c_hmac_sha1_96 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_s2c_hmac_md5 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_s2c_hmac_md5_96 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_s2c_hmac_ripemd160 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_mac_s2c_none => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_compress_c2s_none => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_compress_c2s_zlib => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_compress_s2c_none => { order => ++$order, test_class => [qw(forking ssh2)], }, # XXX Currently disabled due to buggy handling of compression in libssh2. ssh2_compress_s2c_zlib => { order => ++$order, test_class => [qw(forking ssh2 inprogress)], }, # XXX Need more auth method tests: keyboard-interactive # (the password method is used in other tests, so is covered). # Note: this test requires libssh2-1.2.7 (when released), and thus is # currently disabled ssh2_auth_hostbased => { order => ++$order, test_class => [qw(forking ssh2 inprogress)], }, ssh2_auth_publickey_rsa_no_match_bug3493 => { order => ++$order, test_class => [qw(bug forking ssh2)], }, ssh2_auth_publickey_rsa_with_match_bug3493 => { order => ++$order, test_class => [qw(bug forking ssh2)], }, ssh2_auth_publickey_rsa2048 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_publickey_rsa4096 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_publickey_rsa8192 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_publickey_rsa16384 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_publickey_dsa1024 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_publickey_dsa2048 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_publickey_dsa4096 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_publickey_dsa8192 => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_publickey_user_var_bug3315 => { order => ++$order, test_class => [qw(bug forking ssh2)], }, # This fails because of a bug in Net::SSH2; I've filed a bug report # with fix for it: # # http://rt.cpan.org/Ticket/Display.html?id=49584 # ssh2_auth_no_authorized_keys => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_auth_kbdint_failed_password_ok => { order => ++$order, test_class => [qw(bug forking mod_sftp_pam ssh2)], }, ssh2_interop_scanner => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_interop_probe => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_channel_failed_ptyreq => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_channel_failed_shell => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_channel_failed_exec_cmd => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_channel_env_default => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_channel_env_accept_glob_char => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_channel_env_accept_single_char => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_channel_max_exceeded => { order => ++$order, test_class => [qw(forking ssh2)], }, ssh2_disconnect_client => { order => ++$order, test_class => [qw(forking ssh2)], }, sftp_without_auth => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_stat => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_fstat => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_lstat => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_setstat => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_setstat_sgid => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_fsetstat => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_realpath => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_open_enoent_bug3345 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_open_trunc_bug3449 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_open_creat => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_open_creat_excl => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_open_append_bug3450 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_open_rdonly => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_open_wronly => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_open_rdwr => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_upload => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, # Requires libssh2-1.2.8 or later, with fixed compression sftp_upload_with_compression => { order => ++$order, test_class => [qw(forking inprogress sftp ssh2)], }, sftp_upload_zero_len_file => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_upload_largefile => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_upload_device_full => { order => ++$order, test_class => [qw(forking os_linux sftp ssh2)], }, sftp_upload_fifo_bug3312 => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_upload_fifo_bug3313 => { order => ++$order, test_class => [qw(forking inprogress sftp ssh2)], }, sftp_ext_upload_bug3550 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_download => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, # Requires libssh2-1.2.8 or later, with fixed compression sftp_download_with_compression => { order => ++$order, test_class => [qw(forking inprogress sftp ssh2)], }, sftp_download_zero_len_file => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_download_largefile => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_download_fifo_bug3314 => { order => ++$order, test_class => [qw(forking inprogress sftp ssh2)], }, sftp_ext_download_bug3550 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_readdir => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_readdir_symlink_dir => { order => ++$order, test_class => [qw(forking mod_vroot sftp ssh2)], }, sftp_mkdir => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_mkdir_readdir_bug3481 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_rmdir => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_rmdir_dir_not_empty => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_remove => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_rename => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_symlink => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_symlink_dst_already_exists => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_symlink_src_does_not_exist => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_readlink => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_client_alive => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_createhome => { order => ++$order, test_class => [qw(forking rootprivs sftp ssh2)], }, sftp_config_max_login_attempts => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_ignore_upload_perms_upload => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_ignore_upload_perms_mkdir_bug3680 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_config_ignore_set_perms_bug3599 => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_ignore_set_times_bug3706 => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_client_match => { order => ++$order, test_class => [qw(forking ssh2)], }, sftp_config_allowoverwrite => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_allowstorerestart => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_defaultchdir => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_deleteabortedstores => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_dirfakemode => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_hiddenstores => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_hidefiles_abs_path => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_hidefiles_deferred_path_bug3470 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_config_hidefiles_deferred_path_chroot_bug3470 => { order => ++$order, test_class => [qw(bug forking rootprivs sftp ssh2)], }, sftp_config_hidenoaccess => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_max_clients_per_host_bug3630 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_config_pathdenyfilter => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_rekey_short_timeout_failed => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_rekey_long_timeout_ok => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_rootlogin => { order => ++$order, test_class => [qw(forking rootprivs sftp ssh2)], }, sftp_config_protocols => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_timeoutidle => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_timeoutlogin => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_timeoutnotransfer_download => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_timeoutnotransfer_readdir => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_timeoutnotransfer_upload => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_timeoutstalled => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_userowner => { order => ++$order, test_class => [qw(forking rootprivs sftp ssh2)], }, sftp_config_groupowner => { order => ++$order, test_class => [qw(forking rootprivs sftp ssh2)], }, sftp_config_groupowner_suppl_group_norootprivs => { order => ++$order, test_class => [qw(forking norootprivs sftp ssh2)], }, sftp_config_ftpaccess_bug3460 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_config_limit_appe => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_limit_chmod => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_limit_list => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_config_limit_nlst => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_multi_channels => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_multi_channel_downloads => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_xferlog_download => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_xferlog_download_incomplete => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_xferlog_delete => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_xferlog_delete_chrooted => { order => ++$order, test_class => [qw(forking rootprivs sftp ssh2)], }, sftp_log_xferlog_upload => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_xferlog_upload_incomplete => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_extlog_reads => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_extlog_var_s_reads => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_extlog_var_s_writes => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_log_extlog_retr_file_size => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_log_extlog_putty_mget_retr_file_size_bug3560 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_log_extlog_file_modified_bug3457 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_log_extlog_var_F_mkdir_rmdir_bug3591 => { order => ++$order, test_class => [qw(bug forking rootprivs sftp ssh2)], }, sftp_log_extlog_var_w_rename_bug3029 => { order => ++$order, test_class => [qw(bug forking sftp ssh2)], }, sftp_log_extlog_var_f_remove => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_sighup => { order => ++$order, test_class => [qw(forking sftp ssh2)], }, sftp_ifsess_protocols => { order => ++$order, test_class => [qw(forking mod_ifsession sftp ssh2)], }, sftp_wrap_login_allowed_bug3352 => { order => ++$order, test_class => [qw(bug forking mod_wrap sftp ssh2)], }, sftp_wrap_login_denied_bug3352 => { order => ++$order, test_class => [qw(bug forking mod_wrap sftp ssh2)], }, scp_upload => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_upload_zero_len_file => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_upload_largefile => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_upload_subdir_enoent => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_upload_subdir_enoent_with_limits => { order => ++$order, test_class => [qw(forking rootprivs scp ssh2)], }, scp_upload_fifo_bug3312 => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_upload_fifo_bug3313 => { order => ++$order, test_class => [qw(forking inprogress scp ssh2)], }, scp_ext_upload_recursive_dir_bug3447 => { order => ++$order, test_class => [qw(bug forking scp ssh2)], }, scp_ext_upload_different_name_bug3425 => { order => ++$order, test_class => [qw(bug forking scp ssh2)], }, scp_ext_upload_recursive_empty_dir => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_download => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_download_zero_len_file => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_download_largefile => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_download_fifo_bug3314 => { order => ++$order, test_class => [qw(forking inprogress scp ssh2)], }, scp_ext_download_bug3544 => { order => ++$order, test_class => [qw(bug forking scp ssh2)], }, scp_ext_download_recursive_dir_bug3456 => { order => ++$order, test_class => [qw(bug forking scp ssh2)], }, scp_ext_download_recursive_empty_dir => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_config_ignore_upload_perms => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_config_hiddenstores => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_config_subdir_upload_allowed => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_config_protocols => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_config_userowner => { order => ++$order, test_class => [qw(forking rootprivs scp ssh2)], }, scp_config_groupowner => { order => ++$order, test_class => [qw(forking rootprivs scp ssh2)], }, scp_config_groupowner_suppl_group_norootprivs => { order => ++$order, test_class => [qw(forking norootprivs scp ssh2)], }, scp_log_extlog_var_f_upload => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_log_extlog_file_modified_bug3457 => { order => ++$order, test_class => [qw(bug forking scp ssh2)], }, scp_log_xferlog_download => { order => ++$order, test_class => [qw(forking scp ssh2)], }, scp_log_xferlog_upload => { order => ++$order, test_class => [qw(forking scp ssh2)], }, sftp_quotatab_upload_bytes_in_exceeded_soft_limit => { order => ++$order, test_class => [qw(forking mod_quotatab_sql mod_sql_sqlite sftp ssh2)], }, sftp_sql_custom_user_info => { order => ++$order, test_class => [qw(forking mod_sql mod_sql_sqlite sftp ssh2)], }, sftp_sql_log_retr_vars => { order => ++$order, test_class => [qw(forking mod_sql mod_sql_sqlite sftp ssh2)], }, sftp_sql_log_stor_vars => { order => ++$order, test_class => [qw(forking mod_sql mod_sql_sqlite sftp ssh2)], }, sftp_sql_log_appe_vars => { order => ++$order, test_class => [qw(forking mod_sql mod_sql_sqlite sftp ssh2)], }, sftp_sql_log_init_vars => { order => ++$order, test_class => [qw(forking mod_sql mod_sql_sqlite sftp ssh2)], }, sftp_sql_log_pass_vars => { order => ++$order, test_class => [qw(forking mod_sql mod_sql_sqlite sftp ssh2)], }, sftp_sql_log_exit_vars => { order => ++$order, test_class => [qw(forking mod_sql mod_sql_sqlite sftp ssh2)], }, scp_ifsess_protocols => { order => ++$order, test_class => [qw(forking mod_ifsession scp ssh2)], }, }; sub get_sftplog { my $db_file = shift; my $sql = "SELECT user, operation, filename, full_path, filesize, xfertime FROM sftplog"; my $cmd = "sqlite3 $db_file \"$sql\""; if ($ENV{TEST_VERBOSE}) { print STDERR "Executing sqlite3: $cmd\n"; } my $res = join('', `$cmd`); # The default sqlite3 delimiter is '|' return split(/\|/, $res); } sub new { return shift()->SUPER::new(@_); } sub list_tests { # Check for the required Perl modules: # # Net-SSH2 # Net-SSH2-SFTP my $required = [qw( Net::SSH2 Net::SSH2::SFTP )]; foreach my $req (@$required) { eval "use $req"; if ($@) { print STDERR "\nWARNING:\n + Module '$req' not found, skipping all tests\n"; if ($ENV{TEST_VERBOSE}) { print STDERR "Unable to load $req: $@\n"; } return qw(testsuite_empty_test); } } return testsuite_get_runnable_tests($TESTS); } sub set_up { my $self = shift; $self->SUPER::set_up(@_); # Make sure that mod_sftp does not complain about permissions on the hostkey # files. my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); unless (chmod(0400, $rsa_host_key, $dsa_host_key)) { die("Can't set perms on $rsa_host_key, $dsa_host_key: $!"); } } sub ssh2_connect_bad_version { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { sleep(1); my $proto = getprotobyname('tcp'); my $sock; unless (socket($sock, PF_INET, SOCK_STREAM, $proto)) { die("Can't create socket: $!"); } my $in_addr = inet_aton('127.0.0.1'); my $addr = sockaddr_in($port, $in_addr); unless (connect($sock, $addr)) { die("Can't connect to 127.0.0.1:$port: $!"); } print $sock "AAAA" x 1024; close($sock); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_connect_timeout_login { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutLogin => 3, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { sleep(1); my $proto = getprotobyname('tcp'); my $sock; unless (socket($sock, PF_INET, SOCK_STREAM, $proto)) { die("Can't create socket: $!"); } my $in_addr = inet_aton('127.0.0.1'); my $addr = sockaddr_in($port, $in_addr); unless (connect($sock, $addr)) { die("Can't connect to 127.0.0.1:$port: $!"); } sleep(4); print $sock "AAAA" x 1024; close($sock); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_kex_dh_group1_sha1 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $kex = 'diffie-hellman-group1-sha1'; $ssh2->method('kex', $kex); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $kex_used = $ssh2->method('kex'); $self->assert($kex eq $kex_used, test_msg("Expected '$kex', got '$kex_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_kex_dh_group14_sha1 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $kex = 'diffie-hellman-group14-sha1'; $ssh2->method('kex', $kex); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $kex_used = $ssh2->method('kex'); $self->assert($kex eq $kex_used, test_msg("Expected '$kex', got '$kex_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_kex_dh_gex_sha1 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $kex = 'diffie-hellman-group-exchange-sha1'; $ssh2->method('kex', $kex); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $kex_used = $ssh2->method('kex'); $self->assert($kex eq $kex_used, test_msg("Expected '$kex', got '$kex_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_hostkey_rsa { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $hostkey = 'ssh-rsa'; $ssh2->method('hostkey', $hostkey); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $hostkey_used = $ssh2->method('hostkey'); $self->assert($hostkey eq $hostkey_used, test_msg("Expected '$hostkey', got '$hostkey_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_hostkey_rsa_only { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $hostkey = 'ssh-rsa'; $ssh2->method('hostkey', $hostkey); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $hostkey_used = $ssh2->method('hostkey'); $self->assert($hostkey eq $hostkey_used, test_msg("Expected '$hostkey', got '$hostkey_used'")); $ssh2->disconnect(); # Test that using ssh-dss does NOT work $hostkey = 'ssh-dss'; $ssh2->method('hostkey', $hostkey); if ($ssh2->connect('127.0.0.1', $port)) { die("Connect to SSH2 server unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); # The expected error messages depend on the version of libssh2 being # used. $self->assert($err_name eq 'LIBSSH2_ERROR_KEX_FAILURE' or $err_name eq 'LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE', test_msg("Expected 'LIBSSH2_ERROR_KEX_FAILURE' or 'LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE', got '$err_name'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_hostkey_dss { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $hostkey = 'ssh-dss'; $ssh2->method('hostkey', $hostkey); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $hostkey_used = $ssh2->method('hostkey'); $self->assert($hostkey eq $hostkey_used, test_msg("Expected '$hostkey', got '$hostkey_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_hostkey_dss_only { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $hostkey = 'ssh-dss'; $ssh2->method('hostkey', $hostkey); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $hostkey_used = $ssh2->method('hostkey'); $self->assert($hostkey eq $hostkey_used, test_msg("Expected '$hostkey', got '$hostkey_used'")); $ssh2->disconnect(); # Test that using ssh-rsa does NOT work $hostkey = 'ssh-rsa'; $ssh2->method('hostkey', $hostkey); if ($ssh2->connect('127.0.0.1', $port)) { die("Connect to SSH2 server unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); # The expected error messages depend on the version of libssh2 being # used. $self->assert($err_name eq 'LIBSSH2_ERROR_KEX_FAILURE' or $err_name eq 'LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE', test_msg("Expected 'LIBSSH2_ERROR_KEX_FAILURE' or 'LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE', got '$err_name'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_hostkey_dss_bug3634 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $dsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa_key'); my $dsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa_key.pub'); my $dsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_dsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($dsa_rfc4716_key, $authorized_keys)) { die("Can't copy $dsa_rfc4716_key to $authorized_keys: $!"); } my $batch_file = File::Spec->rel2abs("$tmpdir/sftp-batch.txt"); if (open(my $fh, "> $batch_file")) { print $fh "pwd\n"; unless (close($fh)) { die("Can't write $batch_file: $!"); } } else { die("Can't open $batch_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { sleep(1); my @cmd = ( 'sftp', '-oBatchMode=yes', '-oCheckHostIP=no', '-oCompression=yes', "-oPort=$port", '-oHostKeyAlgorithms=ssh-dss', "-oIdentityFile=$dsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', '-vvv', '-b', "$batch_file", "$user\@127.0.0.1", ); my $count = 250; for (my $i = 0; $i < $count; $i++) { if ($ENV{TEST_VERBOSE}) { print STDERR "Connect #", $i + 1, "\n"; } my $sftp_rh = IO::Handle->new(); my $sftp_wh = IO::Handle->new(); my $sftp_eh = IO::Handle->new(); $sftp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $dsa_priv_key)) { die("Can't set perms on $dsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $sftp_pid = open3($sftp_wh, $sftp_rh, $sftp_eh, @cmd); waitpid($sftp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $dsa_priv_key)) { die("Can't set perms on $dsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$sftp_eh>); $res = 0; } else { if ($ENV{TEST_VERBOSE}) { $errstr = join('', <$sftp_eh>); print STDERR "Stderr: $errstr\n"; } $res = 1; } $self->assert($res == 1, test_msg("Can't pwd on server: $errstr")); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, 300) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_c2s_aes256_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'aes256-cbc'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_c2s_aes192_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'aes192-cbc'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_c2s_aes128_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'aes128-cbc'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_c2s_blowfish_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'blowfish-cbc'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_c2s_arcfour { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'arcfour,aes256-cbc'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); # mod_sftp explicitly does NOT support the 'arcfour' cipher; it # DOES support 'arcfour256' and 'arcfour128', which are better anyway. my $expected = 'aes256-cbc'; $self->assert($expected eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_c2s_cast128_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'cast128-cbc'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_c2s_3des_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = '3des-cbc'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_c2s_none { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'none'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); $self->assert($cipher ne $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_s2c_aes256_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'aes256-cbc'; $ssh2->method('crypt_sc', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_sc'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_s2c_aes192_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'aes192-cbc'; $ssh2->method('crypt_cs', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_cs'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_s2c_aes128_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'aes128-cbc'; $ssh2->method('crypt_sc', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_sc'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_s2c_blowfish_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'blowfish-cbc'; $ssh2->method('crypt_sc', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_sc'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_s2c_arcfour { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'arcfour,aes256-cbc'; $ssh2->method('crypt_sc', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_sc'); # mod_sftp explicitly does NOT support the 'arcfour' cipher; it # DOES support 'arcfour256' and 'arcfour128', which are better anyway. my $expected = 'aes256-cbc'; $self->assert($expected eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_s2c_cast128_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'cast128-cbc'; $ssh2->method('crypt_sc', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_sc'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_s2c_3des_cbc { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = '3des-cbc'; $ssh2->method('crypt_sc', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_sc'); $self->assert($cipher eq $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_cipher_s2c_none { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $cipher = 'none'; $ssh2->method('crypt_sc', $cipher); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $cipher_used = $ssh2->method('crypt_sc'); $self->assert($cipher ne $cipher_used, test_msg("Expected '$cipher', got '$cipher_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_c2s_hmac_sha1 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-sha1'; $ssh2->method('mac_cs', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_cs'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_c2s_hmac_sha1_96 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-sha1-96'; $ssh2->method('mac_cs', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_cs'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_c2s_hmac_md5 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-md5'; $ssh2->method('mac_cs', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_cs'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_c2s_hmac_md5_96 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-md5-96'; $ssh2->method('mac_cs', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_cs'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_c2s_hmac_ripemd160 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-ripemd160'; $ssh2->method('mac_cs', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_cs'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_c2s_none { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'none'; $ssh2->method('mac_cs', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_cs'); $self->assert($mac ne $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_s2c_hmac_sha1 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-sha1'; $ssh2->method('mac_sc', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_sc'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_s2c_hmac_sha1_96 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-sha1-96'; $ssh2->method('mac_sc', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_sc'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_s2c_hmac_md5 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-md5'; $ssh2->method('mac_sc', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_sc'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_s2c_hmac_md5_96 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-md5-96'; $ssh2->method('mac_sc', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_sc'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_s2c_hmac_ripemd160 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'hmac-ripemd160'; $ssh2->method('mac_sc', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_sc'); $self->assert($mac eq $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_mac_s2c_none { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $mac = 'none'; $ssh2->method('mac_sc', $mac); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $mac_used = $ssh2->method('mac_sc'); $self->assert($mac ne $mac_used, test_msg("Expected '$mac', got '$mac_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_compress_c2s_none { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $comp = 'none'; $ssh2->method('comp_cs', $comp); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $comp_used = $ssh2->method('comp_cs'); $self->assert($comp eq $comp_used, test_msg("Expected '$comp', got '$comp_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_compress_c2s_zlib { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPCompression on", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $comp = 'zlib'; $ssh2->method('comp_cs', $comp); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $comp_used = $ssh2->method('comp_cs'); $self->assert($comp eq $comp_used, test_msg("Expected '$comp', got '$comp_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_compress_s2c_none { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $comp = 'none'; $ssh2->method('comp_sc', $comp); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $comp_used = $ssh2->method('comp_sc'); $self->assert($comp eq $comp_used, test_msg("Expected '$comp', got '$comp_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_compress_s2c_zlib { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPCompression on", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $comp = 'zlib'; $ssh2->method('comp_sc', $comp); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $comp_used = $ssh2->method('comp_sc'); $self->assert($comp eq $comp_used, test_msg("Expected '$comp', got '$comp_used'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_hostbased { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedHostKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_hostbased($user, $rsa_pub_key, $rsa_priv_key, '127.0.0.1', $user)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("RSA hostbased authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_rsa_no_match_bug3493 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_subj_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("RSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_rsa_with_match_bug3493 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_subj_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", "SFTPOptions MatchKeySubject", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } if ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { die("RSA publickey authentication succeeded unexpectly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_rsa2048 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("RSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_rsa4096 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa4096_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa4096_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa4096_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("RSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_rsa8192 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa8192_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa8192_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa8192_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("RSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_rsa16384 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa16384_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa16384_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa16384_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $timeout_idle = 15; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutIdle => $timeout_idle, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("RSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, $timeout_idle + 5) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_dsa1024 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $dsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa_key'); my $dsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa_key.pub'); my $dsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_dsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($dsa_rfc4716_key, $authorized_keys)) { die("Can't copy $dsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $dsa_pub_key, $dsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("DSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_dsa2048 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $dsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa2048_key'); my $dsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa2048_key.pub'); my $dsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_dsa2048_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($dsa_rfc4716_key, $authorized_keys)) { die("Can't copy $dsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $dsa_pub_key, $dsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("DSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_dsa4096 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $dsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa4096_key'); my $dsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa4096_key.pub'); my $dsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_dsa4096_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($dsa_rfc4716_key, $authorized_keys)) { die("Can't copy $dsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $dsa_pub_key, $dsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("DSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_dsa8192 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $dsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa8192_key'); my $dsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_dsa8192_key.pub'); my $dsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_dsa8192_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($dsa_rfc4716_key, $authorized_keys)) { die("Can't copy $dsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $dsa_pub_key, $dsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("DSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_publickey_user_var_bug3315 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys_dir = File::Spec->rel2abs("$tmpdir/authorized_keys"); mkpath($authorized_keys_dir); my $authorized_keys = File::Spec->rel2abs("$authorized_keys_dir/$user"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:$authorized_keys_dir/%u", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("RSA publickey authentication failed: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_no_authorized_keys { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $have_sftp_pam = feature_have_module_compiled('mod_sftp_pam.c'); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $auth_meths = [$ssh2->auth_list($user)]; foreach my $meth (@$auth_meths) { # With no configured SFTPAuthorizedUserKeys nor SFTPAuthorizedHostKeys, # we should NOT see 'publickey' or 'hostbased' in the authentication # method list. if ($meth eq 'publickey' || $meth eq 'hostbased') { die("Unexpected SSH2 authentication method '$meth' provided"); } # Unless we have mod_sftp_pam involved, we shouldn't see # 'keyboard-interactive', either. if ($have_sftp_pam && $meth eq 'keyboard-interactive') { die("Unexpected SSH2 authentication method '$meth' provided"); } } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_auth_kbdint_failed_password_ok { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $auth_meths = "publickey keyboard-interactive password"; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", # We want to specifically configure the list of offered auth methods, # such that 'keyboard-interactive' is in the middle of the list. # This bug occurred because mod_sftp was not properly splicing # out of the middle of the auth method list. "SFTPAuthMethods $auth_meths", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } if ($ssh2->auth_keyboard($user, $passwd)) { die("Keyboard-interactive authentication succeeded unexpectedly"); } # Try to use 'keyboard-interactive' again, just to make sure that # it has been properly disabled. if ($ssh2->auth_keyboard($user, $passwd)) { die("Keyboard-interactive authentication succeeded unexpectedly"); } # XXX Ideally I could use $ssh2->error() to differentiate the # error codes/reasons between the two failures above, but it looks like # there is a bug in Net::SSH2 which precludes this. So, for now, # I'll rely on the TraceLog output from mod_sftp. # XXX This causes a segfault on Mac OSX 10.5; not sure whether it's # in Net::SSH2's XS bindings or in libssh2 itself. =pod # Get the offered auth method list and make sure that # 'keyboard-interactive' has been properly removed. my $auth_list = $ssh2->auth_list($user); my $expected = "publickey,password"; $self->assert($expected eq $auth_list, test_msg("Expected '$expected', got '$auth_list'")); =cut unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't authenticate to SSH2 server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_interop_scanner { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $banner = "SSH_Version_Mapper"; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); $ssh2->banner($banner); sleep(1); if ($ssh2->connect('127.0.0.1', $port)) { die("Connect to SSH2 server succeeded unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $log_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /SSH2 scan from '(\S+)',/) { my $text = $1; if ($text eq $banner) { $ok = 1; last; } } } close($fh); unless ($ok) { die("SFTPLog message about scanner unexpectedly missing"); } } else { die("Can't read $log_file: $!"); } unlink($log_file); } sub ssh2_interop_probe { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $banner = "Probe-Me"; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); $ssh2->banner($banner); sleep(1); if ($ssh2->connect('127.0.0.1', $port)) { die("Connect to SSH2 server succeeded unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $log_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /SSH2 probe from '(\S+)',/) { my $text = $1; if ($text eq $banner) { $ok = 1; last; } } } close($fh); unless ($ok) { die("SFTPLog message about scanner unexpectedly missing"); } } else { die("Can't read $log_file: $!"); } unlink($log_file); } sub ssh2_channel_failed_ptyreq { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't authenticate to SSH2 server: [$err_name] ($err_code) $err_str"); } my $chan = $ssh2->channel('session'); unless ($chan) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't open 'session' channel: [$err_name] ($err_code) $err_str"); } if ($chan->pty('vt100')) { die("'pty-req' session channel request succeeded unexpectedly"); } $chan->eof(); $chan->close(); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_channel_failed_shell { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't authenticate to SSH2 server: [$err_name] ($err_code) $err_str"); } my $chan = $ssh2->channel('session'); unless ($chan) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't open 'session' channel: [$err_name] ($err_code) $err_str"); } if ($chan->shell()) { die("'shell' session channel request succeeded unexpectedly"); } $chan->eof(); $chan->close(); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_channel_failed_exec_cmd { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $have_sftp_pam = feature_have_module_compiled('mod_sftp_pam.c'); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't authenticate to SSH2 server: [$err_name] ($err_code) $err_str"); } my $chan = $ssh2->channel('session'); unless ($chan) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't open 'session' channel: [$err_name] ($err_code) $err_str"); } if ($chan->exec('date')) { die("'exec' session channel request succeeded unexpectedly"); } $chan->eof(); $chan->close(); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_channel_env_default { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $have_sftp_pam = feature_have_module_compiled('mod_sftp_pam.c'); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't authenticate to SSH2 server: [$err_name] ($err_code) $err_str"); } my $chan = $ssh2->channel('session'); unless ($chan) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't open 'session' channel: [$err_name] ($err_code) $err_str"); } my $barred = [qw( SFTP SFTP_LIBRARY_VERSION SFTP_CLIENT_CIPHER_ALGO SFTP_CLIENT_MAC_ALGO SFTP_CLIENT_COMPRESSION_ALGO SFTP_KEX_ALGO SFTP_SERVER_CIPHER_ALGO SFTP_SERVER_MAC_ALGO SFTP_SERVER_COMPRESSION_ALGO )]; foreach my $key (@$barred) { if ($chan->setenv($key, "1")) { die("Setting environment variable '$key' via 'env' channel succeeded unexpectedly"); } } unless ($chan->setenv('LANG', 'FOO')) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Setting environment variable 'LANG' failed: [$err_name] ($err_code) $err_str"); } $chan->eof(); $chan->close(); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_channel_env_accept_glob_char { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ 'SFTPAcceptEnv L*', "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $have_sftp_pam = feature_have_module_compiled('mod_sftp_pam.c'); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't authenticate to SSH2 server: [$err_name] ($err_code) $err_str"); } my $chan = $ssh2->channel('session'); unless ($chan) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't open 'session' channel: [$err_name] ($err_code) $err_str"); } my $barred = [qw( SFTP SFTP_LIBRARY_VERSION SFTP_CLIENT_CIPHER_ALGO SFTP_CLIENT_MAC_ALGO SFTP_CLIENT_COMPRESSION_ALGO SFTP_KEX_ALGO SFTP_SERVER_CIPHER_ALGO SFTP_SERVER_MAC_ALGO SFTP_SERVER_COMPRESSION_ALGO )]; foreach my $key (@$barred) { if ($chan->setenv($key, "1")) { die("Setting environment variable '$key' via 'env' channel succeeded unexpectedly"); } } unless ($chan->setenv('LANG', 'FOO')) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Setting environment variable 'LANG' failed: [$err_name] ($err_code) $err_str"); } unless ($chan->setenv('LOG', 'FOO')) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Setting environment variable 'LOG' failed: [$err_name] ($err_code) $err_str"); } $chan->eof(); $chan->close(); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_channel_env_accept_single_char { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ 'SFTPAcceptEnv L?G', "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $have_sftp_pam = feature_have_module_compiled('mod_sftp_pam.c'); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't authenticate to SSH2 server: [$err_name] ($err_code) $err_str"); } my $chan = $ssh2->channel('session'); unless ($chan) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't open 'session' channel: [$err_name] ($err_code) $err_str"); } my $barred = [qw( SFTP SFTP_LIBRARY_VERSION SFTP_CLIENT_CIPHER_ALGO SFTP_CLIENT_MAC_ALGO SFTP_CLIENT_COMPRESSION_ALGO SFTP_KEX_ALGO SFTP_SERVER_CIPHER_ALGO SFTP_SERVER_MAC_ALGO SFTP_SERVER_COMPRESSION_ALGO )]; foreach my $key (@$barred) { if ($chan->setenv($key, "1")) { die("Setting environment variable '$key' via 'env' channel succeeded unexpectedly"); } } if ($chan->setenv('LANG', 'FOO')) { die("Setting environment variable 'LANG' via 'env' channel succeeded unexpectedly"); } unless ($chan->setenv('LOG', 'FOO')) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Setting environment variable 'LOG' failed: [$err_name] ($err_code) $err_str"); } $chan->eof(); $chan->close(); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_channel_max_exceeded { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPMaxChannels 1", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $have_sftp_pam = feature_have_module_compiled('mod_sftp_pam.c'); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't authenticate to SSH2 server: [$err_name] ($err_code) $err_str"); } my $chan = $ssh2->channel('session'); unless ($chan) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't open 'session' channel: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); if ($sftp) { die("Open 'sftp' channel succeeded unexpectedly"); } $chan->eof(); $chan->close(); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub ssh2_disconnect_client { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_idle = 5; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutIdle => $timeout_idle, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $have_sftp_pam = feature_have_module_compiled('mod_sftp_pam.c'); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; my $start_time = time(); # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } # Don't explicitly disconnect. But idle for 2 seconds, to see if # the server is properly waiting (up to TimeoutIdle); this will be # reflected in the generated logs. sleep(2); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my $elapsed = time()- $start_time; if ($elapsed > $timeout_idle) { die("Expected less than $timeout_idle, got $elapsed"); } unlink($log_file); } sub sftp_without_auth { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); if ($sftp) { die("Started SFTP channel unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected; # The expected error messages depend on the version of libssh2 being # used. $self->assert($err_name eq 'LIBSSH2_ERROR_INVAL' or $err_name eq 'LIBSSH2_ERROR_CHANNEL_FAILURE', test_msg("Expected 'LIBSSH2_ERROR_INVAL' or 'LIBSSH2_ERROR_CHANNEL_FAILURE', got '$err_name'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_stat { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $config_size = (stat($config_file))[7]; # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $attrs = $sftp->stat('sftp.conf', 1); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_STAT sftp.conf failed: [$err_name] ($err_code)"); } my $expected; $expected = $config_size; my $file_size = $attrs->{size}; $self->assert($expected == $file_size, test_msg("Expected '$expected', got '$file_size'")); $expected = $<; my $file_uid = $attrs->{uid}; $self->assert($expected == $file_uid, test_msg("Expected '$expected', got '$file_uid'")); $expected = $(; my $file_gid = $attrs->{gid}; $self->assert($expected == $file_gid, test_msg("Expected '$expected', got '$file_gid'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_fstat { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $config_size = (stat($config_file))[7]; # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('sftp.conf', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open sftp.conf: [$err_name] ($err_code)"); } my $attrs = $fh->stat(); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_FSTAT sftp.conf failed: [$err_name] ($err_code)"); } # Explicitly destroy the handle so that an FXP_CLOSE is sent. $fh = undef; my $expected; $expected = $config_size; my $file_size = $attrs->{size}; $self->assert($expected == $file_size, test_msg("Expected '$expected', got '$file_size'")); $expected = $<; my $file_uid = $attrs->{uid}; $self->assert($expected == $file_uid, test_msg("Expected '$expected', got '$file_uid'")); $expected = $(; my $file_gid = $attrs->{gid}; $self->assert($expected == $file_gid, test_msg("Expected '$expected', got '$file_gid'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_lstat { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 1024; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_size = (stat($test_file))[7]; my $test_symlink = File::Spec->rel2abs("$tmpdir/test.lnk"); unless (symlink($test_file, $test_symlink)) { die("Can't symlink $test_symlink to $test_file: $!"); } my $test_symlink_size = (lstat($test_symlink))[7]; # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $attrs = $sftp->stat('test.lnk', 0); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_LSTAT test.lnk failed: [$err_name] ($err_code)"); } my $expected; $expected = $test_symlink_size; my $file_size = $attrs->{size}; $self->assert($expected == $file_size, test_msg("Expected '$expected', got '$file_size'")); $expected = $<; my $file_uid = $attrs->{uid}; $self->assert($expected == $file_uid, test_msg("Expected '$expected', got '$file_uid'")); $expected = $(; my $file_gid = $attrs->{gid}; $self->assert($expected == $file_gid, test_msg("Expected '$expected', got '$file_gid'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_setstat { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->setstat('sftp.conf', atime => 0, mtime => 0, ); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't setstat sftp.conf: [$err_name] ($err_code)"); } my $attrs = $sftp->stat('sftp.conf'); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_STAT sftp.conf failed: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); my $expected; $expected = 0; my $file_atime = $attrs->{atime}; $self->assert($expected == $file_atime, test_msg("Expected '$expected', got '$file_atime'")); my $file_mtime = $attrs->{mtime}; $self->assert($expected == $file_mtime, test_msg("Expected '$expected', got '$file_mtime'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_setstat_sgid { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->setstat('sftp.conf', mode => oct(2664), ); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't setstat sftp.conf: [$err_name] ($err_code)"); } my $attrs = $sftp->stat('sftp.conf'); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_STAT sftp.conf failed: [$err_name] ($err_code)"); } my $expected = '2664'; my $file_mode = sprintf("%lo", (34228 & 07777)); $self->assert($expected eq $file_mode, test_msg("Expected '$expected', got '$file_mode'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_fsetstat { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('sftp.conf', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open sftp.conf: [$err_name] ($err_code)"); } my $res = $fh->setstat( atime => 0, mtime => 0, ); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't fsetstat sftp.conf: [$err_name] ($err_code)"); } # Explicitly destroy the handle to issue the FXP_CLOSE $fh = undef; my $attrs = $sftp->stat('sftp.conf'); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_STAT sftp.conf failed: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); my $expected; $expected = 0; my $file_atime = $attrs->{atime}; $self->assert($expected == $file_atime, test_msg("Expected '$expected', got '$file_atime'")); my $file_mtime = $attrs->{mtime}; $self->assert($expected == $file_mtime, test_msg("Expected '$expected', got '$file_mtime'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_realpath { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $cwd = $sftp->realpath('.'); unless ($cwd) { my ($err_code, $err_name) = $sftp->error(); die("Can't get real path for '.': [$err_name] ($err_code)"); } my $expected; $expected = $home_dir; $self->assert($expected eq $cwd, test_msg("Expected '$expected', got '$cwd'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_open_enoent_bug3345 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); if ($fh) { die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected; $expected = 'SSH_FX_NO_SUCH_FILE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $expected = 2; $self->assert($expected == $err_code, test_msg("Expected $expected, got $err_code")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_open_trunc_bug3449 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 1024; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_size = (stat($test_file))[7]; # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $attrs = $sftp->stat('test.txt', 0); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("LSTAT test.txt failed: [$err_name] ($err_code)"); } my $expected; $expected = $test_size; my $file_size = $attrs->{size}; $self->assert($expected == $file_size, test_msg("Expected '$expected', got '$file_size'")); $expected = $<; my $file_uid = $attrs->{uid}; $self->assert($expected == $file_uid, test_msg("Expected '$expected', got '$file_uid'")); $expected = $(; my $file_gid = $attrs->{gid}; $self->assert($expected == $file_gid, test_msg("Expected '$expected', got '$file_gid'")); my $orig_size = $attrs->{size}; my $fh = $sftp->open('test.txt', O_WRONLY|O_TRUNC); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("OPEN test.txt failed: [$err_name] ($err_code)"); } $attrs = $sftp->stat('test.txt', 0); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("LSTAT test.txt failed: [$err_name] ($err_code)"); } $expected = 0; $file_size = $attrs->{size}; $self->assert($expected == $file_size, test_msg("Expected '$expected', got '$file_size'")); # To issue a CLOSE, we need to destroy the filehandle $fh = undef; $attrs = $sftp->stat('test.txt', 0); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("LSTAT test.txt failed: [$err_name] ($err_code)"); } $expected = 0; $file_size = $attrs->{size}; $self->assert($expected == $file_size, test_msg("Expected '$expected', got '$file_size'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_open_creat { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_CREAT, 0640); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("OPEN test.txt failed: [$err_name] ($err_code)"); } # To issue a CLOSE, we need to destroy the filehandle $fh = undef; $sftp = undef; $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_open_creat_excl { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # This should fail, since the file already exists my $fh = $sftp->open('test.txt', O_CREAT|O_EXCL, 0640); if ($fh) { die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected; $expected = 'SSH_FX_FAILURE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); # Now remove that file, and try again. unlink($test_file); $fh = $sftp->open('test.txt', O_CREAT|O_EXCL, 0640); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("OPEN test.txt failed: [$err_name] ($err_code)"); } # To issue a CLOSE, we need to destroy the filehandle $fh = undef; $sftp = undef; $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_open_append_bug3450 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', AllowStoreRestart => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_size = (stat($test_file))[7]; # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_APPEND); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("OPEN test.txt failed: [$err_name] ($err_code)"); } unless ($fh->write("ABCD")) { my ($err_code, $err_name) = $sftp->error(); die("WRITE test.txt failed: [$err_name] ($err_code)"); } # To issue a CLOSE, we need to destroy the filehandle $fh = undef; $sftp = undef; $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file does not exist as expected"); } my $new_size = (stat($test_file))[7]; my $expected_size = $test_size + 4; $self->assert($expected_size == $new_size, test_msg("Expected $expected_size, got $new_size")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_open_rdonly { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', AllowStoreRestart => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Set write-only permissions unless (chmod(0222, $test_file)) { die("Can't set perms on $test_file to 0222: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); if ($fh) { die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected; $expected = 'SSH_FX_PERMISSION_DENIED'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_open_wronly { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', AllowStoreRestart => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Set read-only permissions unless (chmod(0444, $test_file)) { die("Can't set perms on $test_file to 0444: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY); if ($fh) { die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected; $expected = 'SSH_FX_PERMISSION_DENIED'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_open_rdwr { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', AllowStoreRestart => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Set execute-only permissions unless (chmod(0111, $test_file)) { die("Can't set perms on $test_file to 0111: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDWR); if ($fh) { die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected; $expected = 'SSH_FX_PERMISSION_DENIED'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_upload { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_upload_with_compression { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPCompression on", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $comp = 'zlib'; $ssh2->method('comp_cs', $comp); $ssh2->method('comp_sc', $comp); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_upload_zero_len_file { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$home_dir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $size = -s $test_file; unless ($size == 0) { die("$test_file has $size len unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_upload_largefile { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $fh; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open($fh, "> $test_file")) { # Make a file that's larger than the maximum SSH2 packet size, forcing # the scp code to loop properly entire the entire large file is sent. print $fh "ABCDefgh" x 16384; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Calculate the MD5 checksum of this file, for comparison with the # downloaded file. my $ctx = Digest::MD5->new(); my $expected_md5; if (open($fh, "< $test_file")) { binmode($fh); $ctx->addfile($fh); $expected_md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $test_file: $!"); } my $test_file2 = File::Spec->rel2abs("$tmpdir/test2.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { my $test_rfh; unless (open($test_rfh, "< $test_file")) { die("Can't read $test_file: $!"); } eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $test_wfh = $sftp->open('test2.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($test_wfh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test2.txt: [$err_name] ($err_code)"); } my $buf; my $bufsz = 8192; while (read($test_rfh, $buf, $bufsz)) { print $test_wfh $buf; } close($test_rfh); # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $test_wfh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); unless (-f $test_file2) { die("$test_file2 file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } # Calculate the MD5 checksum of the uploaded file, for comparison with the # file that was uploaded. $ctx->reset(); my $md5; if (open($fh, "< $test_file2")) { binmode($fh); $ctx->addfile($fh); $md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $test_file2: $!"); } $self->assert($expected_md5 eq $md5, test_msg("Expected '$expected_md5', got '$md5'")); unlink($log_file); } sub sftp_upload_device_full { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPOptions IgnoreSFTPUploadPerms", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # XXX The /dev/full device only exists on Linux, as far as I know my $fh = $sftp->open('/dev/full', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open /dev/full: [$err_name] ($err_code)"); } my $count = 20; for (my $i = 0; $i < $count; $i++) { unless (print $fh "ABCD" x 8192) { die("Failed to write to /dev/full: $!"); } } # XXX Hrm. Looks like the Net::SSH2::File interface does not actually # inform the user if there was a CLOSE error, or if there was an # error writing (e.g. if the disk was full). Will have to file # a bug report with them about this. # # This means that, for now, you have to double-check the generated # logs to make sure that mod_sftp is sending the correct error/response. # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_upload_fifo_bug3312 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $fifo = File::Spec->rel2abs("$tmpdir/test.fifo"); unless (POSIX::mkfifo($fifo, 0666)) { die("Can't create fifo $fifo: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.fifo', O_WRONLY|O_CREAT|O_TRUNC, 0644); if ($fh) { die("OPEN test.fifo succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected = 'SSH_FX_NO_SUCH_FILE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_upload_fifo_bug3313 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); # XXX This assume that a FIFO reader is running, and opened at this path my $fifo = File::Spec->rel2abs("/tmp/test.fifo"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('/tmp/test.fifo', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open /tmp/test.fifo: [$err_name] ($err_code)"); } # Attempt to truncate the FIFO as well my $res = $fh->setstat( size => 24, ); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't truncate /tmp/test.fifo: [$err_name] ($err_code)"); } my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } $fh = undef; $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_ext_upload_bug3550 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $src_file = File::Spec->rel2abs('t/etc/modules/mod_sftp/bug3550.php'); # Calculate the MD5 checksum of this file, for comparison with the uploaded # file. my $ctx = Digest::MD5->new(); my $expected_md5; if (open(my $fh, "< $src_file")) { binmode($fh); $ctx->addfile($fh); $expected_md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $src_file: $!"); } my $expected_sz = (stat($src_file))[7]; my $dst_file = File::Spec->rel2abs("$tmpdir/test.dat"); my $batch_file = File::Spec->rel2abs("$tmpdir/sftp-batch.txt"); if (open(my $fh, "> $batch_file")) { print $fh "put -P $src_file $dst_file\n"; unless (close($fh)) { die("Can't write $batch_file: $!"); } } else { die("Can't open $batch_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", "SFTPCiphers aes256-ctr aes192-ctr aes128-ctr", "SFTPDigests hmac-sha1 hmac-ripemd160", # Bug#3551 requires that mod_sftp support compression, and that # the client use compression for the uploads. "SFTPCompression delayed", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my @cmd = ( 'sftp', '-oBatchMode=yes', '-oCheckHostIP=no', '-oCompression=yes', "-oPort=$port", "-oIdentityFile=$rsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', '-vvv', '-b', "$batch_file", "$user\@127.0.0.1", ); my $sftp_rh = IO::Handle->new(); my $sftp_wh = IO::Handle->new(); my $sftp_eh = IO::Handle->new(); $sftp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $sftp_pid = open3($sftp_wh, $sftp_rh, $sftp_eh, @cmd); waitpid($sftp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$sftp_eh>); $res = 0; } else { if ($ENV{TEST_VERBOSE}) { $errstr = join('', <$sftp_eh>); print STDERR "Stderr: $errstr\n"; } $res = 1; } unless ($res) { die("Can't upload $src_file to server: $errstr"); } unless (-f $dst_file) { die("File '$dst_file' does not exist as expected"); } $ctx->reset(); my $md5; if (open(my $fh, "< $dst_file")) { binmode($fh); $ctx->addfile($fh); $md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $dst_file: $!"); } my $sz = (stat($dst_file))[7]; $self->assert($expected_sz == $sz, test_msg("Expected $expected_sz, got $sz")); $self->assert($expected_md5 eq $md5, test_msg("Expected '$expected_md5', got '$md5'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_download { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_sz = (stat($test_file))[7]; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); while ($res) { $size += $res; $res = $fh->read($buf, 8192); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $self->assert($test_sz == $size, test_msg("Expected $test_sz, got $size")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_download_with_compression { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_sz = (stat($test_file))[7]; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPCompression on", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); my $comp = 'zlib'; $ssh2->method('comp_cs', $comp); $ssh2->method('comp_sc', $comp); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); if ($res < 0) { my ($err_code, $err_name) = $sftp->error(); die("Can't read test.txt: [$err_name] ($err_code)"); } while ($res) { $size += $res; $res = $fh->read($buf, 8192); if ($res < 0) { my ($err_code, $err_name) = $sftp->error(); die("Can't read test.txt: [$err_name] ($err_code)"); } } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $self->assert($test_sz == $size, test_msg("Expected $test_sz, got $size")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_download_zero_len_file { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_sz = (stat($test_file))[7]; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); while ($res) { $size += $res; $res = $fh->read($buf, 8192); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $self->assert($test_sz == $size, test_msg("Expected $test_sz, got $size")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_download_largefile { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $fh; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open($fh, "> $test_file")) { # Make a file that's larger than the maximum SSH2 packet size, forcing # the scp code to loop properly entire the entire large file is sent. print $fh "ABCDefgh" x 16384; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Calculate the MD5 checksum of this file, for comparison with the # downloaded file. my $ctx = Digest::MD5->new(); my $expected_md5; if (open($fh, "< $test_file")) { binmode($fh); $ctx->addfile($fh); $expected_md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $test_file: $!"); } my $test_file2 = File::Spec->rel2abs("$tmpdir/test2.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { my $test_wfh; unless (open($test_wfh, "> $test_file2")) { die("Can't open $test_file2: $!"); } binmode($test_wfh); eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $test_rfh = $sftp->open('test.txt', O_RDONLY); unless ($test_rfh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $bufsz = 8192; my $res = $test_rfh->read($buf, $bufsz); while ($res) { print $test_wfh $buf; $res = $test_rfh->read($buf, $bufsz); } unless (close($test_wfh)) { die("Can't write $test_file2: $!"); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $test_rfh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } # Calculate the MD5 checksum of the downloaded file, for comparison with the # downloaded file. $ctx->reset(); my $md5; if (open($fh, "< $test_file2")) { binmode($fh); $ctx->addfile($fh); $md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $test_file2: $!"); } $self->assert($expected_md5 eq $md5, test_msg("Expected '$expected_md5', got '$md5'")); unlink($log_file); } sub sftp_download_fifo_bug3314 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $fifo = File::Spec->rel2abs("/tmp/test.fifo"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open($fifo, O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open $fifo: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); while ($res) { $size += $res; $res = $fh->read($buf, 8192); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_ext_download_bug3550 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $orig_file = File::Spec->rel2abs('t/etc/modules/mod_sftp/bug3550.php'); # Calculate the MD5 checksum of this file, for comparison with the downloaded # file. my $ctx = Digest::MD5->new(); my $expected_md5; if (open(my $fh, "< $orig_file")) { binmode($fh); $ctx->addfile($fh); $expected_md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $orig_file: $!"); } my $expected_sz = (stat($orig_file))[7]; my $src_file = File::Spec->rel2abs("$tmpdir/test.dat"); unless (copy($orig_file, $src_file)) { die("Can't copy $orig_file to $src_file: $!"); } my $dst_file = File::Spec->rel2abs("$tmpdir/test2.dat"); my $batch_file = File::Spec->rel2abs("$tmpdir/sftp-batch.txt"); if (open(my $fh, "> $batch_file")) { print $fh "get -P $src_file $dst_file\n"; unless (close($fh)) { die("Can't write $batch_file: $!"); } } else { die("Can't open $batch_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", "SFTPCiphers aes256-ctr aes192-ctr aes128-ctr", "SFTPDigests hmac-sha1 hmac-ripemd160", # Bug#3551 requires that mod_sftp support compression, and that # the client use compression for the uploads. "SFTPCompression delayed", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my @cmd = ( 'sftp', '-oBatchMode=yes', '-oCheckHostIP=no', '-oCompression=yes', "-oPort=$port", "-oIdentityFile=$rsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', '-vvv', '-b', "$batch_file", "$user\@127.0.0.1", ); my $sftp_rh = IO::Handle->new(); my $sftp_wh = IO::Handle->new(); my $sftp_eh = IO::Handle->new(); $sftp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $sftp_pid = open3($sftp_wh, $sftp_rh, $sftp_eh, @cmd); waitpid($sftp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$sftp_eh>); $res = 0; } else { if ($ENV{TEST_VERBOSE}) { $errstr = join('', <$sftp_eh>); print STDERR "Stderr: $errstr\n"; } $res = 1; } unless ($res) { die("Can't download $src_file from server: $errstr"); } unless (-f $dst_file) { die("File '$dst_file' does not exist as expected"); } $ctx->reset(); my $md5; if (open(my $fh, "< $dst_file")) { binmode($fh); $ctx->addfile($fh); $md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $dst_file: $!"); } my $sz = (stat($dst_file))[7]; $self->assert($expected_sz == $sz, test_msg("Expected $expected_sz, got $sz")); $self->assert($expected_md5 eq $md5, test_msg("Expected '$expected_md5', got '$md5'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_readdir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'auth:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } my $expected = { '.' => 1, '..' => 1, 'sftp.conf' => 1, 'sftp.group' => 1, 'sftp.passwd' => 1, 'sftp.pid' => 1, 'sftp.scoreboard' => 1, 'sftp.scoreboard.lck' => 1, }; # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_readdir_symlink_dir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $uid = 500; my $gid = 500; # For this test, we want to create a symlink to a directory which lies # outside of the user's home dir; we will be using mod_vroot + DefaultRoot # to "jail" the user into their home directory. my $home_dir = File::Spec->rel2abs("$tmpdir/subdir"); mkpath($home_dir); my $other_dir = File::Spec->rel2abs("$tmpdir/otherdir"); mkpath($other_dir); my $test_symlink = File::Spec->rel2abs("$home_dir/otherdir.lnk"); unless (symlink($other_dir, $test_symlink)) { die("Can't symlink $test_symlink to $other_dir: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'auth:10 fsio:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_vroot.c' => { DefaultRoot => '~', VRootEngine => 'on', VRootLog => $log_file, VRootOptions => 'allowSymlinks', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $dir = $sftp->opendir('otherdir.lnk'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory 'otherdir.lnk': [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } my $expected = { '.' => 1, '..' => 1, }; # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_mkdir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_dir = File::Spec->rel2abs("$tmpdir/testdir"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->mkdir('testdir'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't mkdir testdir: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); unless (-d $test_dir) { die("$test_dir directory does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_mkdir_readdir_bug3481 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_dir = File::Spec->rel2abs("$tmpdir/testdir"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # See http://forums.proftpd.org/smf/index.php/topic,4759.0.html # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->mkdir('testdir'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't mkdir testdir: [$err_name] ($err_code)"); } # Create 10 files in the sub directory my $count = 10; for (my $i = 0; $i < $count; $i++) { my $test_file = 'testdir/test_' . sprintf("%03s", $i); my $fh = $sftp->open($test_file, O_CREAT, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("OPEN $test_file failed: [$err_name] ($err_code)"); } $fh = undef; } # Now read the test directory twice my $dir = $sftp->opendir('testdir'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("OPENDIR testdir failed: [$err_name] ($err_code)"); } my $files1 = {}; my $file = $dir->read(); while ($file) { $files1->{$file->{name}} = $file; $file = $dir->read(); } $dir = undef; $dir = $sftp->opendir('testdir'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("OPENDIR testdir failed: [$err_name] ($err_code)"); } my $files2 = {}; $file = $dir->read(); while ($file) { $files2->{$file->{name}} = $file; $file = $dir->read(); } $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; # Make sure that the same paths were returned in the directory listings foreach my $file (keys(%$files1)) { unless (defined($files2->{$file})) { die("File $file unexpectedly missing from second READDIR"); } } foreach my $file (keys(%$files2)) { unless (defined($files1->{$file})) { die("File $file unexpectedly missing from first READDIR"); } } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_rmdir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_dir = File::Spec->rel2abs("$tmpdir/testdir"); mkpath($test_dir); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->rmdir('testdir'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't rmdir testdir: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); if (-d $test_dir) { die("$test_dir directory exists unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_rmdir_dir_not_empty { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_dir = File::Spec->rel2abs("$tmpdir/testdir"); mkpath($test_dir); my $test_file = File::Spec->rel2abs("$test_dir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->rmdir('testdir'); if ($res) { die("RMDIR testdir succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected = 'SSH_FX_FAILURE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); unless (-d $test_dir) { die("$test_dir directory does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_remove { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 8192; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->unlink('test.txt'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't remove test.txt: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); if (-f $test_file) { die("$test_file file exists unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_rename { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 8192; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_file2 = File::Spec->rel2abs("$tmpdir/test2.txt"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->rename('test.txt', 'test2.txt'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't rename test.txt to test2.txt: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); if (-f $test_file) { die("$test_file file exists unexpectedly"); } unless (-f $test_file2) { die("$test_file2 file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_symlink { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 8192; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_symlink = File::Spec->rel2abs("$tmpdir/test.lnk"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->symlink('test.txt', 'test.lnk'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't symlink test.lnk to test.txt: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); unless (-l $test_symlink) { die("$test_symlink symlink does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_symlink_dst_already_exists { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 8192; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_symlink = File::Spec->rel2abs("$tmpdir/test.lnk"); if (open(my $fh, "> $test_symlink")) { close($fh); } else { die("Can't open $test_symlink: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->symlink('test.txt', 'test.lnk'); if ($res) { die("Symlink test.lnk to test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); $sftp = undef; $ssh2->disconnect(); my $expected = 'SSH_FX_FAILURE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $self->assert(!-l $test_symlink, test_msg("$test_symlink symlink exists unexpectedly")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_symlink_src_does_not_exist { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $test_symlink = File::Spec->rel2abs("$tmpdir/test.lnk"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->symlink('test.txt', 'test.lnk'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Symlink test.lnk to test.txt failed: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); $self->assert(-l $test_symlink, test_msg("$test_symlink symlink does not exist as expected")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_readlink { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 8192; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_symlink = File::Spec->rel2abs("$tmpdir/test.lnk"); unless (symlink($test_file, $test_symlink)) { die("Can't symlink $test_symlink to $test_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $path = $sftp->readlink('test.lnk'); unless ($path) { my ($err_code, $err_name) = $sftp->error(); die("Can't readlink test.lnk: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); $self->assert($test_file eq $path, test_msg("Expected '$test_file', got '$path'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_allowoverwrite { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, Directory => { '~' => { AllowOverwrite => 'off', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY); if ($fh) { $fh = undef; die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); $sftp = undef; $ssh2->disconnect(); my $expected = 'SSH_FX_PERMISSION_DENIED'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_allowstorerestart { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, Directory => { '~' => { AllowOverwrite => 'on', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_APPEND); if ($fh) { $fh = undef; die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); $sftp = undef; $ssh2->disconnect(); my $expected = 'SSH_FX_PERMISSION_DENIED'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_client_alive { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_idle = 30; my $client_alive_max = 5; my $client_alive_interval = 1; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutIdle => $timeout_idle, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPClientAlive $client_alive_max $client_alive_interval", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # We have to tell Net::SSH2 to actually _do_ something, in order to have # it process any messages it may have received from mod_sftp, like # the client alive checks. for (my $i = 0; $i < 10; $i++) { $sftp->realpath('.'); my $delay = $client_alive_interval + 1; sleep($delay); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, $timeout_idle + 2) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_client_match { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $banner = 'SFTP_UnitTest (Perl)'; my $banner_pattern = 'SFTP_UnitTest \\\\(Perl\\\\)'; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPClientMatch \"^$banner_pattern\$\" channelWindowSize 64MB sftpProtocolVersion 1-2", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); $ssh2->banner($banner); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # We can't actually check whether our configured values are applied # via the Net::SSH2 methods (yet). So we have to rely on the # generated TraceLog. $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_createhome { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs("$tmpdir/foo/bar"); my $uid = 500; my $gid = 500; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $home_gid = 777; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, CreateHome => "on 711 homegid $home_gid", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); # Check that the home directory exists, and that the parent directory # of $tmpdir/foo is owned by UID/GID root. $self->assert(-d $home_dir, test_msg("Expected $home_dir directory to exist")); my ($uid_owner, $gid_owner) = (stat($home_dir))[4,5]; my $expected = $uid; $self->assert($expected == $uid_owner, test_msg("Expected $expected, got $uid_owner")); $expected = $home_gid; $self->assert($expected == $gid_owner, test_msg("Expected $expected, got $gid_owner")); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_defaultchdir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $sub_dir = File::Spec->rel2abs("$home_dir/public_sftp"); mkpath($sub_dir); my $test_file = File::Spec->rel2abs("$sub_dir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't write $test_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir, $sub_dir)) { die("Can't set perms on $home_dir, $sub_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir, $sub_dir)) { die("Can't set owner of $home_dir, $sub_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $hidden_file = File::Spec->rel2abs("$tmpdir/.in.test.txt."); $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, DefaultChdir => '~/public_sftp', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } my $expected = { '.' => 1, '..' => 1, 'test.txt' => 1, }; # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_deleteabortedstores { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $hidden_file = File::Spec->rel2abs("$tmpdir/.in.test.txt."); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:20 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, HiddenStores => 'on', DeleteAbortedStores => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } # Check for the HiddenStores file unless (-f $hidden_file) { die("File $hidden_file does not exist as expected"); } print $fh "ABCD\n" x 32; # Explicitly close the channel before we have closed the file, to # simulate an "aborted" transfer. $sftp = undef; $ssh2->disconnect(); # Give the server a little time to do its end-of-session thing. sleep(1); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } if ($ex) { die($ex); } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); # Check that the HiddenStores file is gone, and the requested # file does NOT exist. $self->assert(!-f $hidden_file, test_msg("File $hidden_file exists unexpectedly")); $self->assert(!-f $test_file, test_msg("File $test_file does not exist as expected")); unlink($log_file); } sub sftp_config_dirfakemode { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, DirFakeMode => '0310', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = sprintf("%04o", $file->{mode} & 0777); $file = $dir->read(); } my $expected = { '.' => '0311', '..' => '0311', 'sftp.conf' => '0310', 'sftp.group' => '0310', 'sftp.passwd' => '0310', 'sftp.pid' => '0310', 'sftp.scoreboard' => '0310', 'sftp.scoreboard.lck' => '0310', }; # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $file_ok = 1; my $mode_ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $file_ok = 0; last; } unless ($res->{$name} eq $expected->{$name}) { $mismatch = "$name: $res->{$name}"; $mode_ok = 0; last; } } unless ($file_ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } unless ($mode_ok) { die("Unexpected mode '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_hiddenstores { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $hidden_file = File::Spec->rel2abs("$tmpdir/.in.test.txt."); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, HiddenStores => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } # Check for the HiddenStores file unless (-f $hidden_file) { die("File $hidden_file does not exist as expected"); } print $fh "ABCD\n" x 32; # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); # Check that the HiddenStores file is gone, and the requested # file exists. if (-f $hidden_file) { die("File $hidden_file exists unexpectedly"); } unless (-f $test_file) { die("File $test_file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_hidefiles_abs_path { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } # Make the perms on the file such that the user can't read it unless (chmod(0311, $test_file)) { die("Can't chmod $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, Directory => { '/' => { HideFiles => '!\.txt$', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # Issue a READDIR. Due to HideFiles, we should only see # the 'test.txt' file in the list. my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } my $expected = { 'test.txt' => 1, }; # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_hidefiles_deferred_path_bug3470 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } # Make the perms on the file such that the user can't read it unless (chmod(0311, $test_file)) { die("Can't chmod $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20 directory:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, Directory => { '~' => { HideFiles => '^(\.|sftp)', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # Issue a READDIR. Due to HideFiles, we should only see # the 'test.txt' file in the list. my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } my $expected = { 'test.txt' => 1, }; # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_hidefiles_deferred_path_chroot_bug3470 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } # Make the perms on the file such that the user can't read it unless (chmod(0311, $test_file)) { die("Can't chmod $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20 directory:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, DefaultRoot => '~', Directory => { '~' => { HideFiles => '^(\.|sftp)', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # Issue a READDIR. Due to HideFiles, we should only see # the 'test.txt' file in the list. my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } my $expected = { 'test.txt' => 1, }; # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_hidenoaccess { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } # Make the perms on the file such that the user can't read it unless (chmod(0311, $test_file)) { die("Can't chmod $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, Directory => { '~' => { Limit => { DIRS => { IgnoreHidden => 'on', }, }, HideNoAccess => 'on', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPOptions IgnoreSFTPUploadPerms", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # Issue a READDIR. Due to the "HideNoAccess on", we should not see # the 'test.txt' file in the list. my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } my $expected = { '.' => 1, '..' => 1, 'sftp.conf' => 1, 'sftp.group' => 1, 'sftp.passwd' => 1, 'sftp.pid' => 1, 'sftp.scoreboard' => 1, 'sftp.scoreboard.lck' => 1, }; # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_max_clients_per_host_bug3630 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $max_clients_per_host = 1; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, MaxClientsPerHost => $max_clients_per_host, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); if (open(my $fh, ">> $config_file")) { my $sftp_port = $port + 2; print $fh < SFTPEngine on SFTPLog $log_file SFTPHostKey $rsa_host_key SFTPHostKey $dsa_host_key Port $sftp_port EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { # First client should be able to connect and log in... my $client1 = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); $client1->login($user, $passwd); # ...but the second client should be able to connect, but not login. my $client2 = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port); eval { $client2->login($user, $passwd) }; unless ($@) { die("Login succeeded unexpectedly"); } my $resp_code = $client2->response_code(); my $expected = 530; $self->assert($expected == $resp_code, test_msg("Expected $expected, got $resp_code")); $client1->quit(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_max_login_attempts { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, MaxLoginAttempts => 1, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); # Now connect again, try to authenticate via 'publickey', which should # fail, and then again via 'password', which should also fail, since # it exceeds the MaxLoginAttempts of 1. $ssh2 = Net::SSH2->new(); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } if ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { die("Publickey auth succeeded unexpectedly"); } if ($ssh2->auth_password($user, $passwd)) { die("Password auth succeeded unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_pathdenyfilter { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, PathDenyFilter => '\.dir$', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->mkdir('sub.dir'); if ($res) { die("MKDIR sub.dir succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected = 'SSH_FX_PERMISSION_DENIED'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_rekey_short_timeout_failed { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x (1024 * 1024); unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_sz = (stat($test_file))[7]; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_idle = 20; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutIdle => $timeout_idle, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPRekey required 3600 1 1", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $buflen = (1024 * 250); my $res = $fh->read($buf, $buflen); while ($res) { $size += $res; sleep(1); $res = $fh->read($buf, $buflen); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); # The only way we really have, given Net::SSH2's API, to detect # whether the server disconnected us in mid-download is to check the # number of bytes we downloaded, to see if it's the full size. # # With such a short rekey timeout (1 sec), it's not expected that we # have all of the bytes. $self->assert($test_sz != $size, test_msg("Expected !$test_sz, got $size")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, $timeout_idle + 3) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_rekey_long_timeout_ok { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x (1024 * 1024); unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_sz = (stat($test_file))[7]; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_idle = 20; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutIdle => $timeout_idle, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPRekey required 3600 1 15", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $buflen = (1024 * 250); my $res = $fh->read($buf, $buflen); while ($res) { $size += $res; sleep(1); $res = $fh->read($buf, $buflen); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); # The only way we really have, given Net::SSH2's API, to detect # whether the server disconnected us in mid-download is to check the # number of bytes we downloaded, to see if it's the full size. # # With such long rekey timeout (15 sec), it is expected that we have # all of the bytes. $self->assert($test_sz == $size, test_msg("Expected $test_sz, got $size")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, $timeout_idle + 3) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_rootlogin { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 0; my $gid = 0; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, RootLogin => 'off', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } if ($ssh2->auth_password($user, $passwd)) { die("Unexpectedly logged in to SSH2 server"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_protocols { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "Protocols scp", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); if ($sftp) { die("SFTP subsystem started unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_CHANNEL_FAILURE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_timeoutidle { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_idle = 5; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutIdle => $timeout_idle, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(2); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } # Wait for more than the idle period sleep($timeout_idle + 2); my $sftp = $ssh2->sftp(); if ($sftp) { die("SFTP subsystem started unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_CHANNEL_FAILURE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); # Try again, this time hitting the TimeoutIdle in the middle of an # SFTP session $ssh2 = Net::SSH2->new(); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # Wait for more than the idle period sleep($timeout_idle + 2); my $cwd = $sftp->realpath('.'); if ($cwd) { die("FXP_REALPATH succeeded unexpectedly"); } ($err_code, $err_name, $err_str) = $ssh2->error(); $expected = 'LIBSSH2_ERROR_SOCKET_TIMEOUT'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, 30) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_timeoutlogin { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_login = 2; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutLogin => $timeout_login, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } # Wait for more than the login period sleep($timeout_login + 2); if ($ssh2->auth_password($user, $passwd)) { die("SSH2 login succeeded unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_TIMEOUT'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, 30) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_timeoutnotransfer_download { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_noxfer = 2; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutNoTransfer => $timeout_noxfer, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $cwd = $sftp->realpath('.'); unless ($cwd) { my ($err_code, $err_name) = $sftp->error(); die("Can't get real path for '.': [$err_name] ($err_code)"); } # Wait for more than the no-transfer period sleep($timeout_noxfer + 2); my $fh = $sftp->open('test.txt', O_RDONLY); if ($fh) { die("FXP_OPEN succeeded unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_SOCKET_NONE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, 30) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_timeoutnotransfer_readdir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_noxfer = 2; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutNoTransfer => $timeout_noxfer, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $cwd = $sftp->realpath('.'); unless ($cwd) { my ($err_code, $err_name) = $sftp->error(); die("Can't get real path for '.': [$err_name] ($err_code)"); } # Wait for more than the no-transfer period sleep($timeout_noxfer + 2); my $dir = $sftp->opendir('.'); if ($dir) { die("FXP_OPENDIR succeeded unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_SOCKET_NONE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, 30) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_timeoutnotransfer_upload { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_noxfer = 2; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutNoTransfer => $timeout_noxfer, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $cwd = $sftp->realpath('.'); unless ($cwd) { my ($err_code, $err_name) = $sftp->error(); die("Can't get real path for '.': [$err_name] ($err_code)"); } # Wait for more than the no-transfer period sleep($timeout_noxfer + 2); my $fh = $sftp->open('test.txt', O_CREAT|O_WRONLY); if ($fh) { die("FXP_OPEN succeeded unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_SOCKET_NONE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, 30) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_timeoutstalled { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $timeout_stalled = 2; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCDefgh" x 32768; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TimeoutStalled => $timeout_stalled, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); while ($res) { $size += $res; # Sleep for longer than the TimeoutStalled period sleep($timeout_stalled + 2); $res = $fh->read($buf, 8192); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_SOCKET_NONE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, 30) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_ignore_upload_perms_upload { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPOptions IgnoreSFTPUploadPerms", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0666); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my $perms = ((stat($test_file))[2] & 07777); my $expected = 0644; $self->assert($expected == $perms, test_msg("Expected '$expected', got '$perms'")); unlink($log_file); } sub sftp_config_ignore_upload_perms_mkdir_bug3680 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_dir = File::Spec->rel2abs("$tmpdir/testdir"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPOptions IgnoreSFTPUploadPerms", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->mkdir('testdir', 0511); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't mkdir testdir: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unless (-d $test_dir) { die("$test_dir directory does not exist as expected"); } my $perms = ((stat($test_dir))[2] & 07777); my $expected = 0755; $self->assert($expected == $perms, test_msg("Expected '$expected', got '$perms'")); unlink($log_file); } sub sftp_config_ignore_set_perms_bug3599 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPOptions IgnoreSFTPSetPerms", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->setstat('test.txt', mode => 0666, ); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't setstat sftp.conf: [$err_name] ($err_code)"); } my $attrs = $sftp->stat('test.txt'); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_STAT test.txt failed: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my $perms = ((stat($test_file))[2] & 07777); my $expected = 0644; $self->assert($expected == $perms, test_msg("Expected '$expected', got '$perms'")); unlink($log_file); } sub sftp_config_ignore_set_times_bug3706 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my ($test_atime, $test_mtime) = (stat($test_file))[8, 9]; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPOptions IgnoreSFTPSetTimes", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->setstat('test.txt', atime => 0, mtime => 0, ); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't setstat test.txt: [$err_name] ($err_code)"); } my $attrs = $sftp->stat('test.txt'); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_STAT test.txt failed: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my ($new_atime, $new_mtime) = (stat($test_file))[8, 9]; my $expected = $test_atime; $self->assert($expected == $new_atime, test_msg("Expected atime $expected, got $new_atime")); $expected = $test_mtime; $self->assert($expected == $new_mtime, test_msg("Expected mtime $expected, got $new_mtime")); unlink($log_file); } sub sftp_config_userowner { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $owner = 'proftpd2'; my $owner_uid = 7777; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_user_write($auth_user_file, $owner, 'none', $owner_uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, RootRevoke => 'off', Directory => { '~' => { UserOwner => $owner, }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file does not exist as expected"); } my $owning_uid = (stat($test_file))[4]; $self->assert($owner_uid == $owning_uid, test_msg("Expected $owner_uid, got $owning_uid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_groupowner { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $owner = 'proftpd2'; my $owner_gid = 7777; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); auth_group_write($auth_group_file, $owner, $owner_gid, 'foo'); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, RootRevoke => 'off', Directory => { '~' => { GroupOwner => $owner, }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file does not exist as expected"); } my $owning_gid = (stat($test_file))[5]; $self->assert($owner_gid == $owning_gid, test_msg("Expected $owner_gid, got $owning_gid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_groupowner_suppl_group_norootprivs { my $self = shift; my $tmpdir = $self->{tmpdir}; my ($config_user, $config_group) = config_get_identity(); my $members = [split(' ', (getgrnam($config_group))[3])]; if (scalar(@$members) < 2) { print STDERR " + unable to run 'sftp_config_groupowner_suppl_group_norootprivs' test without current user belonging to multiple groups, skipping\n"; return; } my ($uid, $gid) = (getpwnam($members->[0]))[2,3]; my $root_login = 'off'; if ($uid == 0) { $root_login = 'on'; } my $owner = 'proftpd2'; my $owner_gid = (getpwnam($members->[1]))[3]; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); auth_group_write($auth_group_file, $owner, $owner_gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, RootLogin => $root_login, Directory => { '~' => { GroupOwner => $owner, }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my $port; ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $count = 20; for (my $i = 0; $i < $count; $i++) { print $fh "ABCD" x 8192; } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file does not exist as expected"); } my $owning_gid = (stat($test_file))[5]; $self->assert($owner_gid == $owning_gid, test_msg("Expected $owner_gid, got $owning_gid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_ftpaccess_bug3460 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $data_dir = File::Spec->rel2abs("$home_dir/data"); mkpath($data_dir); my $ftpaccess_file = File::Spec->rel2abs("$data_dir/.ftpaccess"); if (open(my $fh, "> $ftpaccess_file")) { print $fh < IgnoreHidden on DenyAll EOF unless (close($fh)) { die("Can't write $ftpaccess_file: $!"); } } else { die("Can't open $ftpaccess_file: $!"); } my $neither_dir = File::Spec->rel2abs("$data_dir/neither"); mkpath($neither_dir); my $readable_dir = File::Spec->rel2abs("$data_dir/readable"); mkpath($readable_dir); $ftpaccess_file = File::Spec->rel2abs("$readable_dir/.ftpaccess"); if (open(my $fh, "> $ftpaccess_file")) { print $fh < AllowUser $user AllowUser foo DenyAll EOF unless (close($fh)) { die("Can't write $ftpaccess_file: $!"); } } else { die("Can't open $ftpaccess_file: $!"); } my $writable_dir = File::Spec->rel2abs("$data_dir/writable"); mkpath($writable_dir); $ftpaccess_file = File::Spec->rel2abs("$writable_dir/.ftpaccess"); if (open(my $fh, "> $ftpaccess_file")) { print $fh < AllowUser $user AllowUser foo DenyAll EOF unless (close($fh)) { die("Can't write $ftpaccess_file: $!"); } } else { die("Can't open $ftpaccess_file: $!"); } my $sub_writable_dir = File::Spec->rel2abs("$writable_dir/subwritable"); mkpath($sub_writable_dir); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir, $data_dir, $neither_dir, $readable_dir, $writable_dir, $sub_writable_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir, $data_dir, $neither_dir, $readable_dir, $writable_dir, $sub_writable_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $data_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20 directory:20 ftpaccess:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverride => 'on', PathDenyFilter => '"\\\\.ftpaccess$"', Directory => { '/*' => { AllowOverwrite => 'on', HideUser => 'nobody', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, Limit => { 'LOCK SYMLINK' => { DenyAll => '', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $base_path = $sftp->realpath('.'); unless ($base_path) { my ($err_code, $err_name) = $sftp->error(); die("FXP_REALPATH failed: [$err_name] ($err_code)"); } my $path = $sftp->realpath("$base_path/writable/subwritable"); unless ($path) { my ($err_code, $err_name) = $sftp->error(); die("FXP_REALPATH failed: [$err_name] ($err_code)"); } my $dirh = $sftp->opendir($path); unless ($dirh) { my ($err_code, $err_name) = $sftp->error(); die("FXP_OPENDIR failed: [$err_name] ($err_code)"); } $dirh = undef; $path = $sftp->realpath("$path/test.txt"); unless ($path) { my ($err_code, $err_name) = $sftp->error(); die("FXP_REALPATH failed: [$err_name] ($err_code)"); } my $fh = $sftp->open($path, O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("FXP_OPEN failed: [$err_name] ($err_code)"); } $fh = undef; $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_limit_appe { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, Directory => { '~' => { AllowOverwrite => 'on', AllowStoreRestart => 'on', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, Limit => { APPE => { DenyAll => '', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_APPEND); if ($fh) { $fh = undef; die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); $sftp = undef; $ssh2->disconnect(); my $expected = 'SSH_FX_PERMISSION_DENIED'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_limit_chmod { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, Limit => { 'SITE_CHMOD' => { DenyAll => '', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->setstat('sftp.conf', mode => 0777, ); if ($res) { die("setstat sftp.conf succeeded unexpectly"); } my $attrs = $sftp->stat('sftp.conf'); unless ($attrs) { my ($err_code, $err_name) = $sftp->error(); die("FXP_STAT sftp.conf failed: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); my $expected; $expected = 0644; my $file_mode = ($attrs->{mode} & 0777); $self->assert($expected == $file_mode, test_msg("Expected '$expected', got '$file_mode'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_limit_list { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, Limit => { LIST => { DenyAll => '', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # Make sure that OPENDIR succeeds, but READDIR returns end-of-list. my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("FXP_OPENDIR . failed: [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } # To close the dirhandle, we explicitly destroy it. $dir = undef; $sftp = undef; $ssh2->disconnect(); my $expected = {}; my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_config_limit_nlst { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, Limit => { NLST => { DenyAll => '', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # Make sure that OPENDIR succeeds, but READDIR returns end-of-list. my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("FXP_OPENDIR . failed: [$err_name] ($err_code)"); } my $res = {}; my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } # To close the dirhandle, we explicitly destroy it. $dir = undef; $sftp = undef; $ssh2->disconnect(); my $expected = {}; my $ok = 1; my $mismatch; my $seen = []; foreach my $name (keys(%$res)) { push(@$seen, $name); unless (defined($expected->{$name})) { $mismatch = $name; $ok = 0; last; } } unless ($ok) { die("Unexpected name '$mismatch' appeared in READDIR data") } # Now remove from $expected all of the paths we saw; if there are # any entries remaining in $expected, something went wrong. foreach my $name (@$seen) { delete($expected->{$name}); } my $remaining = scalar(keys(%$expected)); $self->assert(0 == $remaining, test_msg("Expected 0, got $remaining")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_multi_channels { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } # Open three different 'sftp' sessions, and make sure they all # work as expected. my $sftps = []; for (my $i = 0; $i < 3; $i++) { my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } push(@$sftps, $sftp); } for (my $i = 0; $i < scalar(@$sftps); $i++) { my $cwd = $sftps->[$i]->realpath('.'); unless ($cwd) { my ($err_code, $err_name) = $sftps->[$i]->error(); die("Can't get real path for '.': [$err_name] ($err_code)"); } my $expected; $expected = $home_dir; $self->assert($expected eq $cwd, test_msg("Expected '$expected', got '$cwd'")); } for (my $i = 0; $i < scalar(@$sftps); $i++) { $sftps->[$i] = undef; } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_multi_channel_downloads { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my $test_file1 = File::Spec->rel2abs("$tmpdir/test1.txt"); if (open(my $fh, "> $test_file1")) { print $fh "ABCD" x 8192; unless (close($fh)) { die("Can't write $test_file1: $!"); } } else { die("Can't open $test_file1: $!"); } my $test_file2 = File::Spec->rel2abs("$tmpdir/test2.txt"); if (open(my $fh, "> $test_file2")) { print $fh "KLMN" x 8192; unless (close($fh)) { die("Can't write $test_file2: $!"); } } else { die("Can't open $test_file2: $!"); } my $test_file3 = File::Spec->rel2abs("$tmpdir/test3.txt"); if (open(my $fh, "> $test_file3")) { print $fh "UVWX" x 8192; unless (close($fh)) { die("Can't write $test_file3: $!"); } } else { die("Can't open $test_file3: $!"); } my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } # Open three different 'sftp' sessions, and make sure they all # work as expected. my $sftps = []; my $fhs = []; my $md5s = []; for (my $i = 0; $i < 3; $i++) { my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } push(@$sftps, $sftp); } for (my $i = 0; $i < scalar(@$sftps); $i++) { my $path = "test" . ($i + 1) . ".txt"; my $test_fh = $sftps->[$i]->open($path, O_RDONLY); unless ($test_fh) { my ($err_code, $err_name) = $sftps->[$i]->error(); die("Can't open $path: [$err_name] ($err_code)"); } my $ctx = Digest::MD5->new(); # my $read_len = 65535; my $read_len = 32768; my $buf; my $res = $test_fh->read($buf, $read_len); unless ($res) { my ($err_code, $err_name) = $sftps->[$i]->error(); if ($err_code != 0) { die("Can't read $path: [$err_name] ($err_code)"); } else { my $err_str; ($err_code, $err_name, $err_str) = $ssh2->error(); die("SSH2 error: [$err_name] ($err_code) $err_str"); } } while ($res) { $ctx->add($buf); unless ($test_fh->seek($res)) { die("Can't seek to offset $res on $path handle: $!"); } $res = $test_fh->read($buf, $read_len); } push(@$md5s, $ctx->hexdigest()); push(@$fhs, $test_fh); } for (my $i = 0; $i < scalar(@$fhs); $i++) { $fhs->[$i] = undef; } for (my $i = 0; $i < scalar(@$sftps); $i++) { $sftps->[$i] = undef; } $ssh2->disconnect(); my $expected; $expected = '6e816b2d373a619a29d1706ac6be1db0'; $self->assert($expected eq $md5s->[0], test_msg("Expected '$expected', got '$md5s->[0]'")); $expected = 'b96129f1efce8f38324adf1a9d1e889c'; $self->assert($expected eq $md5s->[1], test_msg("Expected '$expected', got '$md5s->[1]'")); $expected = 'b6df9d6dccce294918a51ac7deabfd96'; $self->assert($expected eq $md5s->[2], test_msg("Expected '$expected', got '$md5s->[2]'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, 30) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_restart { my $pid_file = shift; my $pid; if (open(my $fh, "< $pid_file")) { $pid = <$fh>; chomp($pid); close($fh); } else { die("Can't read $pid_file: $!"); } my $cmd = "kill -HUP $pid"; if ($ENV{TEST_VERBOSE}) { print STDERR "Restarting server: $cmd\n"; } my @output = `$cmd`; } sub sftp_log_xferlog_download { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $xferlog_file = File::Spec->rel2abs("$tmpdir/xfer.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 256; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_sz = (stat($test_file))[7]; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TransferLog => $xferlog_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); while ($res) { $size += $res; $res = $fh->read($buf, 8192); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $self->assert($test_sz == $size, test_msg("Expected $test_sz, got $size")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $xferlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^(\S+\s+\S+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)\s+(.*?)\s+(\d+)\s+(.*?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*?)\s+(.*?)\s+.*?(\S+)$/o) { my $client_addr = $3; my $nbytes = $4; my $path = $5; my $xfer_type = $6; my $action_flag = $7; my $xfer_direction = $8; my $access_mode = $9; my $user_name = $10; my $service_name = $11; my $completion_status = $12; my $expected; $expected = '127.0.0.1'; $self->assert($expected eq $client_addr, test_msg("Expected '$expected', got '$client_addr'")); $expected = $test_sz; $self->assert($expected == $nbytes, test_msg("Expected $expected, got $nbytes")); $expected = $test_file; $self->assert($expected eq $path, test_msg("Expected '$expected', got '$path'")); $expected = 'b'; $self->assert($expected eq $xfer_type, test_msg("Expected '$expected', got '$xfer_type'")); $expected = '_'; $self->assert($expected eq $action_flag, test_msg("Expected '$expected', got '$action_flag'")); $expected = 'o'; $self->assert($expected eq $xfer_direction, test_msg("Expected '$expected', got '$xfer_direction'")); $expected = 'r'; $self->assert($expected eq $access_mode, test_msg("Expected '$expected', got '$access_mode'")); $expected = $user; $self->assert($expected eq $user_name, test_msg("Expected '$expected', got '$user_name'")); $expected = 'sftp'; $self->assert($expected eq $service_name, test_msg("Expected '$expected', got '$service_name'")); $expected = 'c'; $self->assert($expected eq $completion_status, test_msg("Expected '$expected', got '$completion_status'")); $ok = 1; last; } } close($fh); unless ($ok) { die("No lines found in $xferlog_file"); } } else { die("Can't read $xferlog_file: $!"); } unlink($log_file); } sub sftp_log_xferlog_download_incomplete { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $xferlog_file = File::Spec->rel2abs("$tmpdir/xfer.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 256; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $read_sz = 32; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TransferLog => $xferlog_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $res = $fh->read($buf, $read_sz); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't read test.txt: [$err_name] ($err_code)"); } sleep(1); # Explicitly disconnect without closing the file, simulating an # aborted transfer. $ssh2->disconnect(); # Give a little time for the server to do its end-of-session thing. sleep(1); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $xferlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^(\S+\s+\S+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)\s+(.*?)\s+(\d+)\s+(.*?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*?)\s+(.*?)\s+.*?(\S+)$/o) { my $client_addr = $3; my $nbytes = $4; my $path = $5; my $xfer_type = $6; my $action_flag = $7; my $xfer_direction = $8; my $access_mode = $9; my $user_name = $10; my $service_name = $11; my $completion_status = $12; my $expected; $expected = '127.0.0.1'; $self->assert($expected eq $client_addr, test_msg("Expected '$expected', got '$client_addr'")); $expected = $read_sz; $self->assert($expected == $nbytes, test_msg("Expected $expected, got $nbytes")); $expected = $test_file; $self->assert($expected eq $path, test_msg("Expected '$expected', got '$path'")); $expected = 'b'; $self->assert($expected eq $xfer_type, test_msg("Expected '$expected', got '$xfer_type'")); $expected = '_'; $self->assert($expected eq $action_flag, test_msg("Expected '$expected', got '$action_flag'")); $expected = 'o'; $self->assert($expected eq $xfer_direction, test_msg("Expected '$expected', got '$xfer_direction'")); $expected = 'r'; $self->assert($expected eq $access_mode, test_msg("Expected '$expected', got '$access_mode'")); $expected = $user; $self->assert($expected eq $user_name, test_msg("Expected '$expected', got '$user_name'")); $expected = 'sftp'; $self->assert($expected eq $service_name, test_msg("Expected '$expected', got '$service_name'")); $expected = 'i'; $self->assert($expected eq $completion_status, test_msg("Expected '$expected', got '$completion_status'")); $ok = 1; last; } } close($fh); unless ($ok) { die("No lines found in $xferlog_file"); } } else { die("Can't read $xferlog_file: $!"); } unlink($log_file); } sub sftp_log_xferlog_delete { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $xferlog_file = File::Spec->rel2abs("$tmpdir/xfer.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TransferLog => $xferlog_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->unlink('test.txt'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't delete test.txt: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $xferlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^(\S+\s+\S+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)\s+(.*?)\s+(\d+)\s+(.*?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*?)\s+(.*?)\s+.*?(\S+)$/o) { my $client_addr = $3; my $nbytes = $4; my $path = $5; my $xfer_type = $6; my $action_flag = $7; my $xfer_direction = $8; my $access_mode = $9; my $user_name = $10; my $service_name = $11; my $completion_status = $12; my $expected; $expected = '127.0.0.1'; $self->assert($expected eq $client_addr, test_msg("Expected '$expected', got '$client_addr'")); $expected = $test_file; $self->assert($expected eq $path, test_msg("Expected '$expected', got '$path'")); $expected = 'b'; $self->assert($expected eq $xfer_type, test_msg("Expected '$expected', got '$xfer_type'")); $expected = '_'; $self->assert($expected eq $action_flag, test_msg("Expected '$expected', got '$action_flag'")); $expected = 'd'; $self->assert($expected eq $xfer_direction, test_msg("Expected '$expected', got '$xfer_direction'")); $expected = 'r'; $self->assert($expected eq $access_mode, test_msg("Expected '$expected', got '$access_mode'")); $expected = $user; $self->assert($expected eq $user_name, test_msg("Expected '$expected', got '$user_name'")); $expected = 'sftp'; $self->assert($expected eq $service_name, test_msg("Expected '$expected', got '$service_name'")); $expected = 'c'; $self->assert($expected eq $completion_status, test_msg("Expected '$expected', got '$completion_status'")); $ok = 1; last; } } close($fh); unless ($ok) { die("No lines found in $xferlog_file"); } } else { die("Can't read $xferlog_file: $!"); } unlink($log_file); } sub sftp_log_xferlog_delete_chrooted { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $xferlog_file = File::Spec->rel2abs("$tmpdir/xfer.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, DefaultRoot => '~', TransferLog => $xferlog_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->unlink('test.txt'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't delete test.txt: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $xferlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^(\S+\s+\S+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)\s+(.*?)\s+(\d+)\s+(.*?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*?)\s+(.*?)\s+.*?(\S+)$/o) { my $client_addr = $3; my $nbytes = $4; my $path = $5; my $xfer_type = $6; my $action_flag = $7; my $xfer_direction = $8; my $access_mode = $9; my $user_name = $10; my $service_name = $11; my $completion_status = $12; my $expected; $expected = '127.0.0.1'; $self->assert($expected eq $client_addr, test_msg("Expected '$expected', got '$client_addr'")); $expected = $test_file; $self->assert($expected eq $path, test_msg("Expected '$expected', got '$path'")); $expected = 'b'; $self->assert($expected eq $xfer_type, test_msg("Expected '$expected', got '$xfer_type'")); $expected = '_'; $self->assert($expected eq $action_flag, test_msg("Expected '$expected', got '$action_flag'")); $expected = 'd'; $self->assert($expected eq $xfer_direction, test_msg("Expected '$expected', got '$xfer_direction'")); $expected = 'r'; $self->assert($expected eq $access_mode, test_msg("Expected '$expected', got '$access_mode'")); $expected = $user; $self->assert($expected eq $user_name, test_msg("Expected '$expected', got '$user_name'")); $expected = 'sftp'; $self->assert($expected eq $service_name, test_msg("Expected '$expected', got '$service_name'")); $expected = 'c'; $self->assert($expected eq $completion_status, test_msg("Expected '$expected', got '$completion_status'")); $ok = 1; last; } } close($fh); unless ($ok) { die("No lines found in $xferlog_file"); } } else { die("Can't read $xferlog_file: $!"); } unlink($log_file); } sub sftp_log_xferlog_upload { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $xferlog_file = File::Spec->rel2abs("$tmpdir/xfer.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $write_sz = 1024; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TransferLog => $xferlog_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf = ("ABCD" x 256); print $fh $buf; # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $xferlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^(\S+\s+\S+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)\s+(.*?)\s+(\d+)\s+(.*?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*?)\s+(.*?)\s+.*?(\S+)$/o) { my $client_addr = $3; my $nbytes = $4; my $path = $5; my $xfer_type = $6; my $action_flag = $7; my $xfer_direction = $8; my $access_mode = $9; my $user_name = $10; my $service_name = $11; my $completion_status = $12; my $expected; $expected = '127.0.0.1'; $self->assert($expected eq $client_addr, test_msg("Expected '$expected', got '$client_addr'")); $expected = $write_sz; $self->assert($expected == $nbytes, test_msg("Expected $expected, got $nbytes")); $expected = $test_file; $self->assert($expected eq $path, test_msg("Expected '$expected', got '$path'")); $expected = 'b'; $self->assert($expected eq $xfer_type, test_msg("Expected '$expected', got '$xfer_type'")); $expected = '_'; $self->assert($expected eq $action_flag, test_msg("Expected '$expected', got '$action_flag'")); $expected = 'i'; $self->assert($expected eq $xfer_direction, test_msg("Expected '$expected', got '$xfer_direction'")); $expected = 'r'; $self->assert($expected eq $access_mode, test_msg("Expected '$expected', got '$access_mode'")); $expected = $user; $self->assert($expected eq $user_name, test_msg("Expected '$expected', got '$user_name'")); $expected = 'sftp'; $self->assert($expected eq $service_name, test_msg("Expected '$expected', got '$service_name'")); $expected = 'c'; $self->assert($expected eq $completion_status, test_msg("Expected '$expected', got '$completion_status'")); $ok = 1; last; } } close($fh); unless ($ok) { die("No lines found in $xferlog_file"); } } else { die("Can't read $xferlog_file: $!"); } unlink($log_file); } sub sftp_log_xferlog_upload_incomplete { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $xferlog_file = File::Spec->rel2abs("$tmpdir/xfer.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $write_sz = 32; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TransferLog => $xferlog_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf = ("ABCD" x 8); my $res = $fh->write($buf); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't write test.txt: [$err_name] ($err_code)"); } # Explicitly disconnect without closing the file, simulating an # aborted transfer. $ssh2->disconnect(); # Give a little time for the server to do its end-of-session thing. sleep(1); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $xferlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^(\S+\s+\S+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)\s+(.*?)\s+(\d+)\s+(.*?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*?)\s+(.*?)\s+.*?(\S+)$/o) { my $client_addr = $3; my $nbytes = $4; my $path = $5; my $xfer_type = $6; my $action_flag = $7; my $xfer_direction = $8; my $access_mode = $9; my $user_name = $10; my $service_name = $11; my $completion_status = $12; my $expected; $expected = '127.0.0.1'; $self->assert($expected eq $client_addr, test_msg("Expected '$expected', got '$client_addr'")); $expected = $write_sz; $self->assert($expected == $nbytes, test_msg("Expected $expected, got $nbytes")); $expected = $test_file; $self->assert($expected eq $path, test_msg("Expected '$expected', got '$path'")); $expected = 'b'; $self->assert($expected eq $xfer_type, test_msg("Expected '$expected', got '$xfer_type'")); $expected = '_'; $self->assert($expected eq $action_flag, test_msg("Expected '$expected', got '$action_flag'")); $expected = 'i'; $self->assert($expected eq $xfer_direction, test_msg("Expected '$expected', got '$xfer_direction'")); $expected = 'r'; $self->assert($expected eq $access_mode, test_msg("Expected '$expected', got '$access_mode'")); $expected = $user; $self->assert($expected eq $user_name, test_msg("Expected '$expected', got '$user_name'")); $expected = 'sftp'; $self->assert($expected eq $service_name, test_msg("Expected '$expected', got '$service_name'")); $expected = 'i'; $self->assert($expected eq $completion_status, test_msg("Expected '$expected', got '$completion_status'")); $ok = 1; last; } } close($fh); unless ($ok) { die("No lines found in $xferlog_file"); } } else { die("Can't read $xferlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_reads { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $write_sz = 32; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, LogFormat => 'transfer "%m \"%F\""', ExtendedLog => "$extlog_file READ transfer", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT|O_TRUNC, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf = ("ABCD" x 8); my $res = $fh->write($buf); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't write test.txt: [$err_name] ($err_code)"); } # Explicitly disconnect without closing the file, simulating an # aborted transfer. $ssh2->disconnect(); # Give a little time for the server to do its end-of-session thing. sleep(1); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { my $ok = 1; while (my $line = <$fh>) { chomp($line); # We don't expect to see any lines in this ExtendedLog for the SSH2 # connection. $ok = 0; last; } close($fh); unless ($ok) { die("Lines found unexpectedly in $extlog_file"); } } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_var_s_reads { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $write_sz = 32; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } # Create some files in the home directory to read for (my $i = 0; $i < 5; $i++) { my $path = File::Spec->rel2abs("$home_dir/$i.txt"); if (open(my $fh, "> $path")) { print $fh "ABCD\n" x 64; unless (close($fh)) { die("Can't write $path: $!"); } } else { die("Can't open $path: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, LogFormat => 'response "%r %s"', ExtendedLog => "$extlog_file READ response", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $files = {}; my $file = $dir->read(); while ($file) { $files->{$file->{name}} = $file; $file = $dir->read(); } # To issue the FXP_CLOSE, we have to explicitly destroy the dirhandle $dir = undef; foreach my $file (keys(%$files)) { next unless $file =~ /\.txt$/; my $fh = $sftp->open($file, O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open $file: [$err_name] ($err_code)"); } my $read_len = 32768; my $buf; my $res = $fh->read($buf, $read_len); unless ($res) { my ($err_code, $err_name) = $sftp->error(); if ($err_code != 0) { die("Can't read $file: [$err_name] ($err_code)"); } else { my $err_str; ($err_code, $err_name, $err_str) = $ssh2->error(); die("SSH2 error: [$err_name] ($err_code) $err_str"); } } $fh = undef; } # Explicitly disconnect without closing the file, simulating an # aborted transfer. $ssh2->disconnect(); # Give a little time for the server to do its end-of-session thing. sleep(1); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { while (my $line = <$fh>) { chomp($line); if ($line =~ /(\S+)\s+\S+\s+(\S+)$/) { my $cmd = $1; my $code = $2; my $expected; if ($cmd eq 'OPEN') { $expected = '-'; } elsif ($cmd eq 'CLOSE') { $expected = '0'; } elsif ($cmd eq 'READ') { $expected = '(-|1)'; } elsif ($cmd eq 'RETR') { $expected = '-'; } else { die("Unexpected command '$cmd' in $extlog_file"); } $self->assert(qr/$expected/, $code, test_msg("Expected '$expected', got '$code'")); } else { die("Unexpected line '$line' in $extlog_file"); } } close($fh); } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_var_s_writes { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $write_sz = 32; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } # Create some files in the home directory to read for (my $i = 0; $i < 5; $i++) { my $path = File::Spec->rel2abs("$home_dir/$i.txt"); if (open(my $fh, "> $path")) { print $fh "ABCD\n" x 64; unless (close($fh)) { die("Can't write $path: $!"); } } else { die("Can't open $path: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, LogFormat => 'response "%r %s"', ExtendedLog => "$extlog_file WRITE response", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); if (open(my $fh, ">> $config_file")) { print $fh < DenyAll EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open 'test.txt': [$err_name] ($err_code)"); } # This is expected to fail because of the $fh->setstat(atime => 0, mtime => 0); print $fh "abcd" x 1024, "\n"; # This is expected to fail because of the $fh->setstat(atime => 0, mtime => 0); # Explicitly disconnect without closing the file, simulating an # aborted transfer. $ssh2->disconnect(); # Give a little time for the server to do its end-of-session thing. sleep(1); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { while (my $line = <$fh>) { chomp($line); if ($line =~ /(\S+)\s+\S+\s+(\S+)$/) { my $cmd = $1; my $code = $2; my $expected; if ($cmd eq 'OPEN') { $expected = '-'; } elsif ($cmd eq 'CLOSE') { $expected = '0'; } elsif ($cmd eq 'WRITE') { $expected = '0'; } elsif ($cmd eq 'FSETSTAT') { $expected = '3'; } elsif ($cmd eq 'STOR') { $expected = '-'; } else { die("Unexpected command '$cmd' in $extlog_file"); } $self->assert(qr/$expected/, $code, test_msg("Expected '$expected', got '$code'")); } else { die("Unexpected line '$line' in $extlog_file"); } } close($fh); } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_file_modified_bug3457 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', LogFormat => 'custom "%{file-modified}"', ExtendedLog => "$extlog_file WRITE custom", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open 'test.txt': [$err_name] ($err_code)"); } $fh = undef; $sftp = undef; $ssh2->disconnect(); # Give a little time for the server to do its end-of-session thing. sleep(1); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { while (my $line = <$fh>) { chomp($line); my $expected = 'true'; $self->assert($expected eq $line, test_msg("Expected '$expected', got '$line'")); } close($fh); } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_retr_file_size { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $test_sz = 32; if (open(my $fh, "> $test_file")) { print $fh "A" x $test_sz; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, LogFormat => 'transfer "%m %b', ExtendedLog => "$extlog_file READ transfer", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); while ($res) { $size += $res; $res = $fh->read($buf, 8192); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; $sftp = undef; $ssh2->disconnect(); $self->assert($test_sz == $size, test_msg("Expected $test_sz, got $size")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^RETR (\d+)/) { my $xfer_sz = $1; if ($xfer_sz == $test_sz) { $ok = 1; last; } } } close($fh); unless ($ok) { die("Missing expected RETR file size ($test_sz) in $extlog_file"); } } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_putty_mget_retr_file_size_bug3560 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file1 = File::Spec->rel2abs("$tmpdir/test.txt"); my $test_sz1 = 32; if (open(my $fh, "> $test_file1")) { print $fh "A" x $test_sz1; unless (close($fh)) { die("Can't write $test_file1: $!"); } } else { die("Can't open $test_file1: $!"); } my $test_file2 = File::Spec->rel2abs("$tmpdir/test2.txt"); my $test_sz2 = 64; if (open(my $fh, "> $test_file2")) { print $fh "A" x $test_sz2; unless (close($fh)) { die("Can't write $test_file2: $!"); } } else { die("Can't open $test_file2: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, LogFormat => 'transfer "%m %b', ExtendedLog => "$extlog_file READ transfer", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } # PuTTy's 'mget' does: # # OPENDIR # READDIR # # OPEN matching name # READ # CLOSE # READDIR # OPEN matching name # READ # CLOSE # CLOSE # OPENDIR my $dir = $sftp->opendir('.'); unless ($dir) { my ($err_code, $err_name) = $sftp->error(); die("Can't open directory '.': [$err_name] ($err_code)"); } my $res = {}; # READDIR my $file = $dir->read(); while ($file) { $res->{$file->{name}} = $file; $file = $dir->read(); } # OPEN file1 my $fh = $sftp->open('test.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } my $buf; my $size = 0; # READ file1 $res = $fh->read($buf, 8192); while ($res) { $size += $res; $res = $fh->read($buf, 8192); } # CLOSE file1 $fh = undef; # OPEN file2 $fh = $sftp->open('test2.txt', O_RDONLY); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test2.txt: [$err_name] ($err_code)"); } $buf = ''; $size = 0; # READ file2 $res = $fh->read($buf, 8192); while ($res) { $size += $res; $res = $fh->read($buf, 8192); } # CLOSE file2 $fh = undef; # CLOSEDIR $dir = undef; # CHANNEL_CLOSE $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { my $test_ok = 0; my $test2_ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^RETR (\d+)/) { my $xfer_sz = $1; if ($xfer_sz == $test_sz1) { $test_ok = 1; next; } if ($xfer_sz == $test_sz2) { $test2_ok = 1; last; } } } close($fh); unless ($test_ok) { die("Missing expected RETR file size ($test_sz1) in $extlog_file"); } unless ($test2_ok) { die("Missing expected RETR file size ($test_sz2) in $extlog_file"); } } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_var_F_mkdir_rmdir_bug3591 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_dir = File::Spec->rel2abs("$tmpdir/testdir"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, DefaultRoot => '~', LogFormat => 'dirlog "%m %F"', ExtendedLog => "$extlog_file WRITE dirlog", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->mkdir('testdir'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't mkdir testdir: [$err_name] ($err_code)"); } $res = $sftp->rmdir('testdir'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't rmdir testdir: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); if (-d $test_dir) { die("$test_dir directory exists unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { my $mkdir_ok = 0; my $rmdir_ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /(\S+)\s+(\S+)$/) { my $cmd = $1; my $dir_path = $2; if ($cmd eq 'MKD' || $cmd eq 'RMD') { my $expected = '/testdir'; $self->assert($expected eq $dir_path, test_msg("Expected '$expected', got '$dir_path'")); } elsif ($cmd eq 'MKDIR') { $mkdir_ok = 1; } elsif ($cmd eq 'RMDIR') { $rmdir_ok = 1; } else { die("Unexpected command '$cmd' in $extlog_file"); } } else { die("Unexpected line '$line' in $extlog_file"); } } close($fh); $self->assert($mkdir_ok == 1, test_msg("Expected to see 'MKDIR' command but it was missing")); $self->assert($rmdir_ok == 1, test_msg("Expected to see 'RMDIR' command but it was missing")); } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_var_w_rename_bug3029 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file1 = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file1")) { print $fh "ABCD" x 8192; unless (close($fh)) { die("Can't write $test_file1: $!"); } } else { die("Can't open $test_file1: $!"); } my $test_file2 = File::Spec->rel2abs("$tmpdir/test2.txt"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, LogFormat => 'rename "%m: %w %f"', ExtendedLog => "$extlog_file ALL rename", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->rename('test.txt', 'test2.txt'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't rename test.txt to test2.txt: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); if (-f $test_file1) { die("$test_file1 file exists unexpectedly"); } unless (-f $test_file2) { die("$test_file2 file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /(\S+):\s+(\S+)\s+(\S+)$/) { my $cmd = $1; my $whence = $2; my $whither = $3; my $expected; if ($cmd eq 'RNFR') { $expected = '-'; $self->assert($expected eq $whence, test_msg("Expected '$expected', got '$whence'")); $self->assert($expected eq $whither, test_msg("Expected '$expected', got '$whither'")); } elsif ($cmd eq 'RNTO') { $expected = $test_file1; $self->assert($expected eq $whence, test_msg("Expected '$expected', got '$whence'")); $expected = $test_file2; $self->assert($expected eq $whither, test_msg("Expected '$expected', got '$whither'")); } elsif ($cmd eq 'RENAME') { $expected = '-'; $self->assert($expected eq $whence, test_msg("Expected '$expected', got '$whence'")); $self->assert($expected eq $whither, test_msg("Expected '$expected', got '$whither'")); $ok = 1; } else { next; } } else { die("Unexpected line '$line' in $extlog_file"); } } close($fh); $self->assert($ok, test_msg("Did not find expected ExtendedLog lines")); } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_log_extlog_var_f_remove { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $write_sz = 32; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $test_file = File::Spec->rel2abs("$home_dir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD\n" x 64; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, LogFormat => 'delete "%m %f"', ExtendedLog => "$extlog_file WRITE delete", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $sftp->unlink('test.txt'); unless ($res) { my ($err_code, $err_name) = $sftp->error(); die("Can't remove test.txt: [$err_name] ($err_code)"); } $sftp = undef; $ssh2->disconnect(); if (-f $test_file) { die("$test_file file exists unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /(\S+) (.*)$/) { my $cmd = $1; my $path = $2; next unless $cmd eq 'DELE'; $self->assert($test_file eq $path, test_msg("Expected '$test_file', got '$path'")); $ok = 1; last; } } close($fh); $self->assert($ok, test_msg("Expected ExtendedLog lines did not appear as expected")); } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub sftp_sighup { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, DenyFilter => '\*/', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # First, start the server. server_start($config_file); # Give it a second to start up, then send the SIGHUP signal sleep(2); sftp_restart($pid_file); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { # Wait until we receive word from the child that it has finished its test. while (my $msg = <$rfh>) { chomp($msg); if ($msg eq 'done') { last; } } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_ifsess_protocols { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); if (open(my $fh, ">> $config_file")) { print $fh < Protocols sftp scp Protocols scp EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); if ($sftp) { die("SFTP subsystem started unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); my $expected = 'LIBSSH2_ERROR_CHANNEL_FAILURE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_wrap_login_allowed_bug3352 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $fh; my $allow_file = File::Spec->rel2abs("$tmpdir/sftp.allow"); if (open($fh, "> $allow_file")) { print $fh "proftpd: ALL\n"; unless (close($fh)) { die("Can't write $allow_file: $!"); } } else { die("Can't open $allow_file: $!"); } my $deny_file = File::Spec->rel2abs("$tmpdir/sftp.deny"); if (open($fh, "> $deny_file")) { print $fh "ALL: ALL\n"; unless (close($fh)) { die("Can't write $deny_file: $!"); } } else { die("Can't open $deny_file: $!"); } my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_wrap.c' => { TCPAccessFiles => "$allow_file $deny_file", }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } if ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { die("Publickey auth succeeded unexpectedly"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_wrap_login_denied_bug3352 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $fh; my $allow_file = File::Spec->rel2abs("$tmpdir/sftp.allow"); if (open($fh, "> $allow_file")) { # Leave this file empty } else { die("Can't open $allow_file: $!"); } my $deny_file = File::Spec->rel2abs("$tmpdir/sftp.deny"); if (open($fh, "> $deny_file")) { print $fh "ALL: ALL\n"; unless (close($fh)) { die("Can't write $deny_file: $!"); } } else { die("Can't open $deny_file: $!"); } my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_wrap.c' => { TCPAccessFiles => "$allow_file $deny_file", }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } if ($ssh2->auth_publickey($user, $rsa_pub_key, $rsa_priv_key)) { die("Publickey auth succeeded unexpectedly"); } if ($ssh2->auth_password($user, $passwd)) { die("Logged in to SSH2 server unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_upload { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'test.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("$test_file file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_upload_zero_len_file { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $empty_file = File::Spec->rel2abs("$tmpdir/empty.txt"); if (open(my $fh, "> $empty_file")) { close($fh); } else { die("Can't open $empty_file: $!"); } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($empty_file, 'test.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("$test_file file does not exist as expected"); } my $size = -s $test_file; unless ($size == 0) { die("$test_file has size $size unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_upload_largefile { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $fh; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open($fh, "> $test_file")) { # Make a file that's larger than the maximum SSH2 packet size, forcing # the scp code to loop properly entire the entire large file is sent. print $fh "ABCDefgh" x 16384; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Calculate the MD5 checksum of this file, for comparison with the # downloaded file. my $ctx = Digest::MD5->new(); my $expected_md5; if (open($fh, "< $test_file")) { binmode($fh); $ctx->addfile($fh); $expected_md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $test_file: $!"); } my $test_file2 = File::Spec->rel2abs("$tmpdir/test2.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($test_file, 'test2.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't download 'test.txt' from server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file2) { die("$test_file2 file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } # Calculate the MD5 checksum of the uploaded file, for comparison with the # file that was uploaded. $ctx->reset(); my $md5; if (open($fh, "< $test_file2")) { binmode($fh); $ctx->addfile($fh); $md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $test_file2: $!"); } $self->assert($expected_md5 eq $md5, test_msg("Expected '$expected_md5', got '$md5'")); unlink($log_file); } sub scp_upload_subdir_enoent { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $subdir = File::Spec->rel2abs("$tmpdir/subdir"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$subdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'subdir/test.txt'); if ($res) { die("Upload of $config_file succeeded unexpectedly"); } if (-f $test_file) { die("$test_file file exists unexpectedly"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_upload_subdir_enoent_with_limits { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $subdir = File::Spec->rel2abs("$tmpdir/subdir"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$subdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, DefaultRoot => '~', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); if (open(my $fh, ">> $config_file")) { print $fh < Order allow,deny DenyAll Order allow,deny AllowUser foo DenyAll Order allow,deny AllowUser foo DenyAll EOL unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'subdir/'); if ($res) { die("Upload of $config_file succeeded unexpectedly"); } if (-f $test_file) { die("$test_file file exists unexpectedly"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_upload_fifo_bug3312 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $fifo = File::Spec->rel2abs("$tmpdir/test.fifo"); unless (POSIX::mkfifo($fifo, 0666)) { die("Can't create fifo $fifo: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } if ($ssh2->scp_put($config_file, 'test.fifo')) { die("Upload of $config_file to server succeeded unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); chomp($err_str); $ssh2->disconnect(); my $expected = 'test.fifo: (No such device or address|Device not configured)$'; $self->assert(qr/$expected/, $err_str, test_msg("Expected '$expected', got '$err_str'")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_upload_fifo_bug3313 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $fifo = File::Spec->rel2abs("/tmp/test.fifo"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, $fifo); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_ext_upload_recursive_dir_bug3447 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } # For this test, we need the following directory structure: # # src/ # files # subdir1/ # files # subdir2 # files # # The bug happened because mod_sftp was expecting the end-of-directory # marker under the wrong conditions. The triggering of the bug depends # on the order in which the client sends its control messages, which in # turn (in the case of OpenSSH) is depending on the order of directory # entries returned by readdir(2). my $src_dir = File::Spec->rel2abs("$tmpdir/src.d"); mkpath($src_dir); my $count = 25; for (my $i = 0; $i < $count; $i++) { my $filename = (chr(97 + $i)) . sprintf("%03s", $i); my $src_file = File::Spec->rel2abs("$src_dir/$filename"); if (open(my $fh, "> $src_file")) { print $fh "ABCDefgh" x 7891; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } } for (my $i = 0; $i < $count; $i++) { my $filename = (chr(65 + $i)) . sprintf("%03s", $i); my $src_file = File::Spec->rel2abs("$src_dir/$filename"); if (open(my $fh, "> $src_file")) { print $fh "ABCDefgh" x 6458; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } } my $src_subdir = File::Spec->rel2abs("$src_dir/cd.d"); mkpath($src_subdir); for (my $i = 0; $i < $count; $i++) { my $filename = 'aa' . sprintf("%03s", $i); my $src_file = File::Spec->rel2abs("$src_subdir/$filename"); if (open(my $fh, "> $src_file")) { print $fh "ABCDefgh" x 9802; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } } $src_subdir = File::Spec->rel2abs("$src_dir/wx.d"); mkpath($src_subdir); for (my $i = 0; $i < $count; $i++) { my $filename = 'aa' . sprintf("%03s", $i); my $src_file = File::Spec->rel2abs("$src_subdir/$filename"); if (open(my $fh, "> $src_file")) { print $fh "ABCDefgh" x 8192; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } } my $dst_dir = File::Spec->rel2abs("$tmpdir/dst.d"); mkpath($dst_dir); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my @cmd = ( 'scp', '-r', '-v', '-oBatchMode=yes', '-oCheckHostIP=no', "-oPort=$port", "-oIdentityFile=$rsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', "$src_dir/", "$user\@127.0.0.1:dst.d/", ); my $scp_rh = IO::Handle->new(); my $scp_wh = IO::Handle->new(); my $scp_eh = IO::Handle->new(); $scp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $scp_pid = open3($scp_wh, $scp_rh, $scp_eh, @cmd); waitpid($scp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$scp_eh>); $res = 0; } else { $res = 1; } unless ($res) { die("Can't upload $src_dir to server: $errstr"); } unless (-d "$dst_dir/src.d") { die("Directory '$dst_dir/src.d' does not exist as expected"); } unless (-f "$dst_dir/src.d/y024") { die("File '$dst_dir/src.d/y024' does not exist as expected"); } unless (-f "$dst_dir/src.d/Y024") { die("File '$dst_dir/src.d/Y024' does not exist as expected"); } unless (-d "$dst_dir/src.d/cd.d") { die("Directory '$dst_dir/src.d/cd.d' does not exist as expected"); } unless (-f "$dst_dir/src.d/cd.d/aa024") { die("File '$dst_dir/src.d/cd.d/aa024' does not exist as expected"); } unless (-d "$dst_dir/src.d/wx.d") { die("Directory '$dst_dir/src.d/wx.d' does not exist as expected"); } unless (-f "$dst_dir/src.d/wx.d/aa024") { die("File '$dst_dir/src.d/wx.d/aa024' does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_ext_upload_different_name_bug3425 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $src_file = File::Spec->rel2abs("$tmpdir/foo.txt"); if (open(my $fh, "> $src_file")) { print $fh "Hello, world!\n"; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } my $dst_file = File::Spec->rel2abs("$tmpdir/bar.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my @cmd = ( 'scp', '-v', '-oBatchMode=yes', '-oCheckHostIP=no', "-oPort=$port", "-oIdentityFile=$rsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', "$src_file", "$user\@127.0.0.1:bar.txt", ); my $scp_rh = IO::Handle->new(); my $scp_wh = IO::Handle->new(); my $scp_eh = IO::Handle->new(); $scp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $scp_pid = open3($scp_wh, $scp_rh, $scp_eh, @cmd); waitpid($scp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$scp_eh>); $res = 0; } else { $res = 1; } unless ($res) { die("Can't upload $src_file to server: $errstr"); } unless (-f $dst_file) { die("File '$dst_file' does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_ext_upload_recursive_empty_dir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $src_dir = File::Spec->rel2abs("$tmpdir/src.d"); mkpath($src_dir); my $dst_dir = File::Spec->rel2abs("$tmpdir/dst.d"); mkpath($dst_dir); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my @cmd = ( 'scp', '-r', '-v', '-oBatchMode=yes', '-oCheckHostIP=no', "-oPort=$port", "-oIdentityFile=$rsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', "$src_dir/", "$user\@127.0.0.1:dst.d/", ); my $scp_rh = IO::Handle->new(); my $scp_wh = IO::Handle->new(); my $scp_eh = IO::Handle->new(); $scp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $scp_pid = open3($scp_wh, $scp_rh, $scp_eh, @cmd); waitpid($scp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$scp_eh>); $res = 0; } else { $res = 1; } unless ($res) { die("Can't upload $src_dir to server: $errstr"); } unless (-d "$dst_dir/src.d") { die("Directory '$dst_dir/src.d' does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_download { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_get('sftp.conf', $test_file); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't download sftp.conf from server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("$test_file file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_download_zero_len_file { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $empty_file = File::Spec->rel2abs("$tmpdir/empty.txt"); if (open(my $fh, "> $empty_file")) { close($fh); } else { die("Can't open $empty_file: $!"); } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_get($empty_file, $test_file); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't download $empty_file from server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("$test_file file does not exist as expected"); } my $size = -s $test_file; unless ($size == 0) { die("$test_file has size $size unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_download_largefile { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $fh; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open($fh, "> $test_file")) { # Make a file that's larger than the maximum SSH2 packet size, forcing # the scp code to loop properly entire the entire large file is sent. print $fh "ABCDefgh" x 16384; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } # Calculate the MD5 checksum of this file, for comparison with the # downloaded file. my $ctx = Digest::MD5->new(); my $expected_md5; if (open($fh, "< $test_file")) { binmode($fh); $ctx->addfile($fh); $expected_md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $test_file: $!"); } my $test_file2 = File::Spec->rel2abs("$tmpdir/test2.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_get('test.txt', $test_file2); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't download 'test.txt' from server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file2) { die("$test_file2 file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } # Calculate the MD5 checksum of the downloaded file, for comparison with the # downloaded file. $ctx->reset(); my $md5; if (open($fh, "< $test_file2")) { binmode($fh); $ctx->addfile($fh); $md5 = $ctx->hexdigest(); close($fh); } else { die("Can't read $test_file2: $!"); } $self->assert($expected_md5 eq $md5, test_msg("Expected '$expected_md5', got '$md5'")); unlink($log_file); } sub scp_download_fifo_bug3314 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $fifo = File::Spec->rel2abs("/tmp/test.fifo"); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_get($fifo, $test_file); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't download $fifo from server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("$test_file file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_ext_download_bug3544 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $dst_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $timeout_idle = 60; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my @cmd = ( 'scp', '-vvv', '-oBatchMode=yes', '-oCheckHostIP=no', "-oPort=$port", "-oIdentityFile=$rsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', "$user\@127.0.0.1:$config_file", "$dst_file", ); my $scp_rh = IO::Handle->new(); my $scp_wh = IO::Handle->new(); my $scp_eh = IO::Handle->new(); $scp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $scp_pid = open3($scp_wh, $scp_rh, $scp_eh, @cmd); waitpid($scp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$scp_eh>); $res = 0; } else { if ($ENV{TEST_VERBOSE}) { $errstr = join('', <$scp_eh>); print STDERR "Stderr: $errstr\n"; } $res = 1; } unless ($res) { die("Can't download $config_file from server: $errstr"); } unless (-f "$dst_file") { die("File '$dst_file' does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, $timeout_idle + 2) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_ext_download_recursive_dir_bug3456 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } # For this test, we need the following directory structure: # # src/ # files # subdir1/ # files # subdir2 # files my $src_dir = File::Spec->rel2abs("$tmpdir/src.d"); mkpath($src_dir); my $count = 25; for (my $i = 0; $i < $count; $i++) { my $filename = (chr(97 + $i)) . sprintf("%03s", $i); my $src_file = File::Spec->rel2abs("$src_dir/$filename"); if (open(my $fh, "> $src_file")) { print $fh "ABCDefgh" x 7891; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } } for (my $i = 0; $i < $count; $i++) { my $filename = (chr(65 + $i)) . sprintf("%03s", $i); my $src_file = File::Spec->rel2abs("$src_dir/$filename"); if (open(my $fh, "> $src_file")) { print $fh "ABCDefgh" x 6458; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } } my $src_subdir = File::Spec->rel2abs("$src_dir/cd.d"); mkpath($src_subdir); for (my $i = 0; $i < $count; $i++) { my $filename = 'aa' . sprintf("%03s", $i); my $src_file = File::Spec->rel2abs("$src_subdir/$filename"); if (open(my $fh, "> $src_file")) { print $fh "ABCDefgh" x 9802; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } } $src_subdir = File::Spec->rel2abs("$src_dir/wx.d"); mkpath($src_subdir); for (my $i = 0; $i < $count; $i++) { my $filename = 'aa' . sprintf("%03s", $i); my $src_file = File::Spec->rel2abs("$src_subdir/$filename"); if (open(my $fh, "> $src_file")) { print $fh "ABCDefgh" x 8192; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } } my $dst_dir = File::Spec->rel2abs("$tmpdir/dst.d"); mkpath($dst_dir); my $timeout_idle = 60; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my @cmd = ( 'scp', '-r', '-vvv', '-oBatchMode=yes', '-oCheckHostIP=no', "-oPort=$port", "-oIdentityFile=$rsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', "$user\@127.0.0.1:src.d/", "$dst_dir", ); my $scp_rh = IO::Handle->new(); my $scp_wh = IO::Handle->new(); my $scp_eh = IO::Handle->new(); $scp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $scp_pid = open3($scp_wh, $scp_rh, $scp_eh, @cmd); waitpid($scp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$scp_eh>); $res = 0; } else { $res = 1; } unless ($res) { die("Can't download $src_dir from server: $errstr"); } unless (-d "$dst_dir/src.d") { die("Directory '$dst_dir/src.d' does not exist as expected"); } unless (-f "$dst_dir/src.d/y024") { die("File '$dst_dir/src.d/y024' does not exist as expected"); } unless (-f "$dst_dir/src.d/Y024") { die("File '$dst_dir/src.d/Y024' does not exist as expected"); } unless (-d "$dst_dir/src.d/cd.d") { die("Directory '$dst_dir/src.d/cd.d' does not exist as expected"); } unless (-f "$dst_dir/src.d/cd.d/aa024") { die("File '$dst_dir/src.d/cd.d/aa024' does not exist as expected"); } unless (-d "$dst_dir/src.d/wx.d") { die("Directory '$dst_dir/src.d/wx.d' does not exist as expected"); } unless (-f "$dst_dir/src.d/wx.d/aa024") { die("File '$dst_dir/src.d/wx.d/aa024' does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, $timeout_idle + 2) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_ext_download_recursive_empty_dir { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $rsa_priv_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key'); my $rsa_pub_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/test_rsa_key.pub'); my $rsa_rfc4716_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/authorized_rsa_keys'); my $authorized_keys = File::Spec->rel2abs("$tmpdir/.authorized_keys"); unless (copy($rsa_rfc4716_key, $authorized_keys)) { die("Can't copy $rsa_rfc4716_key to $authorized_keys: $!"); } my $src_dir = File::Spec->rel2abs("$tmpdir/src.d"); mkpath($src_dir); my $dst_dir = File::Spec->rel2abs("$tmpdir/dst.d"); mkpath($dst_dir); my $timeout_idle = 60; my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPAuthorizedUserKeys file:~/.authorized_keys", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my @cmd = ( 'scp', '-r', '-v', '-oBatchMode=yes', '-oCheckHostIP=no', "-oPort=$port", "-oIdentityFile=$rsa_priv_key", '-oPubkeyAuthentication=yes', '-oStrictHostKeyChecking=no', "$user\@127.0.0.1:src.d/", "$dst_dir", ); my $scp_rh = IO::Handle->new(); my $scp_wh = IO::Handle->new(); my $scp_eh = IO::Handle->new(); $scp_wh->autoflush(1); sleep(1); local $SIG{CHLD} = 'DEFAULT'; # Make sure that the perms on the priv key are what OpenSSH wants unless (chmod(0400, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0400: $!"); } if ($ENV{TEST_VERBOSE}) { print STDERR "Executing: ", join(' ', @cmd), "\n"; } my $scp_pid = open3($scp_wh, $scp_rh, $scp_eh, @cmd); waitpid($scp_pid, 0); # Restore the perms on the priv key unless (chmod(0644, $rsa_priv_key)) { die("Can't set perms on $rsa_priv_key to 0644: $!"); } my ($res, $errstr); if ($? >> 8) { $errstr = join('', <$scp_eh>); $res = 0; } else { $res = 1; } unless ($res) { die("Can't download $src_dir from server: $errstr"); } unless (-d "$dst_dir/src.d") { die("Directory '$dst_dir/src.d' does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh, $timeout_idle + 2) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_config_ignore_upload_perms { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "SFTPOptions IgnoreSCPUploadPerms", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } chmod(0666, $config_file); my $res = $ssh2->scp_put($config_file, 'test.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("$test_file file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my $perms = ((stat($test_file))[2] & 07777); my $expected = 0644; $self->assert($expected == $perms, test_msg("Expected '$expected', got '$perms'")); unlink($log_file); } sub scp_config_hiddenstores { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $hidden_file = File::Spec->rel2abs("$tmpdir/.in.test.txt."); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, HiddenStores => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'test.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); if (-f $hidden_file) { die("File $hidden_file exists unexpectedly"); } unless (-f $test_file) { die("File $test_file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_config_subdir_upload_allowed { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $parent_dir = File::Spec->rel2abs("$tmpdir/dir"); my $sub_dir = File::Spec->rel2abs("$parent_dir/subdir"); mkpath($sub_dir); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir, $parent_dir, $sub_dir)) { die("Can't set perms on $home_dir, $parent_dir, $sub_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir, $parent_dir, $sub_dir)) { die("Can't set owner of $home_dir, $parent_dir, $sub_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, # Provide a specific configuration which should only allow # uploads to a sub directory, not to the parent directory. Apparently # works as expected for FTP and SFTP, but not SCP. Directory => { '~/*/*' => { Limit => { STOR => { AllowAll => '', }, }, }, }, Limit => { WRITE => { DenyAll => '', }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'dir/test.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to 'dir/test.txt' on server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_config_protocols { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", "Protocols sftp", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'test.txt'); if ($res) { die("SCP upload succeeded unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); $ssh2->disconnect(); if (-f $test_file) { die("File $test_file exists unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_config_userowner { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $owner = 'proftpd2'; my $owner_uid = 7777; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_user_write($auth_user_file, $owner, 'none', $owner_uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, RootRevoke => 'off', Directory => { '~' => { UserOwner => $owner, }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'test.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file file does not exist as expected"); } my $owning_uid = (stat($test_file))[4]; $self->assert($owner_uid == $owning_uid, test_msg("Expected $owner_uid, got $owning_uid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_config_groupowner { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $owner = 'proftpd2'; my $owner_gid = 7777; auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); auth_group_write($auth_group_file, $owner, $owner_gid, 'foo'); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, RootRevoke => 'off', Directory => { '~' => { GroupOwner => $owner, }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'test.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file file does not exist as expected"); } my $owning_gid = (stat($test_file))[5]; $self->assert($owner_gid == $owning_gid, test_msg("Expected $owner_gid, got $owning_gid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_config_groupowner_suppl_group_norootprivs { my $self = shift; my $tmpdir = $self->{tmpdir}; my ($config_user, $config_group) = config_get_identity(); my $members = [split(' ', (getgrnam($config_group))[3])]; if (scalar(@$members) < 2) { print STDERR " + unable to run 'scp_config_groupowner_suppl_group_norootprivs' test without current user belonging to multiple groups, skipping\n"; return; } my ($uid, $gid) = (getpwnam($members->[0]))[2,3]; my $root_login = 'off'; if ($uid == 0) { $root_login = 'on'; } my $owner = 'proftpd2'; my $owner_gid = (getpwnam($members->[1]))[3]; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); auth_group_write($auth_group_file, $owner, $owner_gid, 'foo'); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, RootLogin => $root_login, Directory => { '~' => { GroupOwner => $owner, }, }, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my $port; ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'test.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $config_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("File $test_file file does not exist as expected"); } my $owning_gid = (stat($test_file))[5]; $self->assert($owner_gid == $owning_gid, test_msg("Expected $owner_gid, got $owning_gid")); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub scp_log_extlog_var_f_upload { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 32; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $upload_file = File::Spec->rel2abs("$tmpdir/upload.txt"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, LogFormat => 'transfer "%f %F"', ExtendedLog => "$extlog_file WRITE transfer", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($test_file, 'upload.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $test_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $upload_file) { die("$upload_file file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); # Due to the way that Net::SSH2's scp support works, the full path is # sent to the server. Note that the OpenSSH command-line scp tool # does not do this, so the %F value will not always be the full path. my $expected = "$upload_file $upload_file"; $self->assert($expected eq $line, test_msg("Expected '$expected', got '$line'")); $ok = 1; last; } close($fh); unless ($ok) { die("No lines found in $extlog_file"); } } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub scp_log_extlog_file_modified_bug3457 { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $extlog_file = File::Spec->rel2abs("$tmpdir/ext.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $src_file = File::Spec->rel2abs("$tmpdir/src.txt"); if (open(my $fh, "> $src_file")) { print $fh "ABCD" x 32; unless (close($fh)) { die("Can't write $src_file: $!"); } } else { die("Can't open $src_file: $!"); } my $dst_file = File::Spec->rel2abs("$tmpdir/dst.txt"); if (open(my $fh, "> $dst_file")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $dst_file: $!"); } } else { die("Can't open $dst_file: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', LogFormat => 'custom "%{file-modified}"', ExtendedLog => "$extlog_file WRITE custom", IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($src_file, 'dst.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $src_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $extlog_file")) { while (my $line = <$fh>) { chomp($line); my $expected = 'true'; $self->assert($expected eq $line, test_msg("Expected '$expected', got '$line'")); } close($fh); } else { die("Can't read $extlog_file: $!"); } unlink($log_file); } sub scp_log_xferlog_download { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $xferlog_file = File::Spec->rel2abs("$tmpdir/xfer.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TransferLog => $xferlog_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $read_sz = (stat($config_file))[7]; # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_get('sftp.conf', $test_file); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't download sftp.conf from server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $test_file) { die("$test_file file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $xferlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^(\S+\s+\S+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)\s+(.*?)\s+(\d+)\s+(.*?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*?)\s+(.*?)\s+.*?(\S+)$/o) { my $client_addr = $3; my $nbytes = $4; my $path = $5; my $xfer_type = $6; my $action_flag = $7; my $xfer_direction = $8; my $access_mode = $9; my $user_name = $10; my $service_name = $11; my $completion_status = $12; my $expected; $expected = '127.0.0.1'; $self->assert($expected eq $client_addr, test_msg("Expected '$expected', got '$client_addr'")); $expected = $read_sz; $self->assert($expected == $nbytes, test_msg("Expected $expected, got $nbytes")); $expected = File::Spec->rel2abs($config_file); $self->assert($expected eq $path, test_msg("Expected '$expected', got '$path'")); $expected = 'b'; $self->assert($expected eq $xfer_type, test_msg("Expected '$expected', got '$xfer_type'")); $expected = '_'; $self->assert($expected eq $action_flag, test_msg("Expected '$expected', got '$action_flag'")); $expected = 'o'; $self->assert($expected eq $xfer_direction, test_msg("Expected '$expected', got '$xfer_direction'")); $expected = 'r'; $self->assert($expected eq $access_mode, test_msg("Expected '$expected', got '$access_mode'")); $expected = $user; $self->assert($expected eq $user_name, test_msg("Expected '$expected', got '$user_name'")); $expected = 'scp'; $self->assert($expected eq $service_name, test_msg("Expected '$expected', got '$service_name'")); $expected = 'c'; $self->assert($expected eq $completion_status, test_msg("Expected '$expected', got '$completion_status'")); $ok = 1; last; } } close($fh); unless ($ok) { die("No lines found in $xferlog_file"); } } else { die("Can't read $xferlog_file: $!"); } unlink($log_file); } sub scp_log_xferlog_upload { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $xferlog_file = File::Spec->rel2abs("$tmpdir/xfer.log"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { print $fh "ABCD" x 32; unless (close($fh)) { die("Can't write $test_file: $!"); } } else { die("Can't open $test_file: $!"); } my $test_sz = (stat($test_file))[7]; my $upload_file = File::Spec->rel2abs("$tmpdir/upload.txt"); # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, TransferLog => $xferlog_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($test_file, 'upload.txt'); unless ($res) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't upload $test_file to server: [$err_name] ($err_code) $err_str"); } $ssh2->disconnect(); unless (-f $upload_file) { die("$upload_file file does not exist as expected"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } if (open(my $fh, "< $xferlog_file")) { my $ok = 0; while (my $line = <$fh>) { chomp($line); if ($line =~ /^(\S+\s+\S+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)\s+(.*?)\s+(\d+)\s+(.*?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*?)\s+(.*?)\s+.*?(\S+)$/o) { my $client_addr = $3; my $nbytes = $4; my $path = $5; my $xfer_type = $6; my $action_flag = $7; my $xfer_direction = $8; my $access_mode = $9; my $user_name = $10; my $service_name = $11; my $completion_status = $12; my $expected; $expected = '127.0.0.1'; $self->assert($expected eq $client_addr, test_msg("Expected '$expected', got '$client_addr'")); $expected = $test_sz; $self->assert($expected == $nbytes, test_msg("Expected $expected, got $nbytes")); $expected = $upload_file; $self->assert($expected eq $path, test_msg("Expected '$expected', got '$path'")); $expected = 'b'; $self->assert($expected eq $xfer_type, test_msg("Expected '$expected', got '$xfer_type'")); $expected = '_'; $self->assert($expected eq $action_flag, test_msg("Expected '$expected', got '$action_flag'")); $expected = 'i'; $self->assert($expected eq $xfer_direction, test_msg("Expected '$expected', got '$xfer_direction'")); $expected = 'r'; $self->assert($expected eq $access_mode, test_msg("Expected '$expected', got '$access_mode'")); $expected = $user; $self->assert($expected eq $user_name, test_msg("Expected '$expected', got '$user_name'")); $expected = 'scp'; $self->assert($expected eq $service_name, test_msg("Expected '$expected', got '$service_name'")); $expected = 'c'; $self->assert($expected eq $completion_status, test_msg("Expected '$expected', got '$completion_status'")); $ok = 1; last; } } close($fh); unless ($ok) { die("No lines found in $xferlog_file"); } } else { die("Can't read $xferlog_file: $!"); } unlink($log_file); } sub sftp_quotatab_upload_bytes_in_exceeded_soft_limit { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; my $db_file = File::Spec->rel2abs("$tmpdir/sftp.db"); # Build up sqlite3 command to create users, groups tables and populate them my $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh <rel2abs("$tmpdir/$test_file"); if (open(my $fh, "> $test_path")) { print $fh "Hello, World!\n"; unless (close($fh)) { die("Can't write $test_path: $!"); } } else { die("Can't open $test_path: $!"); } # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AllowOverwrite => 'on', AllowStoreRestart => 'on', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_quotatab_sql.c' => [ 'SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = \'%{0}\' AND quota_type = \'%{1}\'"', 'SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = \'%{0}\' AND quota_type = \'%{1}\'"', 'SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = \'%{6}\' AND quota_type = \'%{7}\'" quotatallies', 'SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies', 'QuotaEngine on', "QuotaLog $log_file", 'QuotaLimitTable sql:/get-quota-limit', 'QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally', ], 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_sql.c' => { SQLEngine => 'log', SQLBackend => 'sqlite3', SQLConnectInfo => $db_file, SQLLogFile => $log_file, }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY, 0644); if ($fh) { die("OPEN test.txt succeeded unexpectedly"); } my ($err_code, $err_name) = $sftp->error(); my $expected = 'SSH_FX_FAILURE'; $self->assert($expected eq $err_name, test_msg("Expected '$expected', got '$err_name'")); $expected = 4; $self->assert($expected == $err_code, test_msg("Expected $expected, got $err_code")); $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_sql_custom_user_info { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } my $db_file = File::Spec->rel2abs("$tmpdir/proftpd.db"); # Build up sqlite3 command to create users, groups tables and populate them my $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh <rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); $db_file = File::Spec->rel2abs("$tmpdir/proftpd.db"); # Build up sqlite3 command to create users, groups tables and populate them $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh < 0 && $ENV{TEST_VERBOSE}) { print STDERR "Output: ", join('', @output), "\n"; } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_sql.c' => { SQLAuthTypes => 'plaintext', SQLEngine => 'on', SQLBackend => 'sqlite3', SQLConnectInfo => $db_file, SQLLogFile => $log_file, SQLNamedQuery => 'get-sql-user SELECT "userid, passwd, uid, gid, homedir, shell FROM ftpusers WHERE userid = \'%U\'"', SQLUserInfo => 'custom:/get-sql-user', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $config_size = (stat($config_file))[7]; # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('sftp.conf', O_RDONLY, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open sftp.conf: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } sub sftp_sql_log_retr_vars { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $db_file = File::Spec->rel2abs("$tmpdir/proftpd.db"); # Build up sqlite3 command to create users, groups tables and populate them my $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh < 0 && $ENV{TEST_VERBOSE}) { print STDERR "Output: ", join('', @output), "\n"; } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_sql.c' => { SQLEngine => 'log', SQLBackend => 'sqlite3', SQLConnectInfo => $db_file, SQLLogFile => $log_file, SQLNamedQuery => 'log-download FREEFORM "INSERT INTO sftplog (user, operation, filename, full_path, filesize, xfertime) VALUES (\'%u\', \'%m\', \'%F\', \'%f\', %b, %T)"', SQLLog => 'RETR log-download', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); my $config_size = (stat($config_file))[7]; # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('sftp.conf', O_RDONLY, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open sftp.conf: [$err_name] ($err_code)"); } my $buf; my $size = 0; my $res = $fh->read($buf, 8192); # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my ($logged_user, $filename, $full_path, $filesize, $xfertime); ($logged_user, $cmd, $filename, $full_path, $filesize, $xfertime) = get_sftplog($db_file); my $expected; $expected = 'RETR'; $self->assert($expected eq $cmd, test_msg("Expected '$expected', got '$cmd'")); $expected = 'sftp.conf'; $self->assert($expected eq $filename, test_msg("Expected '$expected', got '$filename'")); $expected = File::Spec->rel2abs($config_file); $self->assert($expected eq $full_path, test_msg("Expected '$expected', got '$full_path'")); $expected = $config_size; $self->assert($expected == $filesize, test_msg("Expected $expected, got $filesize")); unlink($log_file); } sub sftp_sql_log_stor_vars { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $db_file = File::Spec->rel2abs("$tmpdir/proftpd.db"); # Build up sqlite3 command to create users, groups tables and populate them my $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh < 0 && $ENV{TEST_VERBOSE}) { print STDERR "Output: ", join('', @output), "\n"; } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_sql.c' => { SQLEngine => 'log', SQLBackend => 'sqlite3', SQLConnectInfo => $db_file, SQLLogFile => $log_file, SQLNamedQuery => 'log-upload FREEFORM "INSERT INTO sftplog (user, operation, filename, full_path, filesize, xfertime) VALUES (\'%u\', \'%m\', \'%F\', \'%f\', %b, %T)"', SQLLog => 'STOR log-upload', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_CREAT, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } print $fh "ABCD" x 8192; # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my ($logged_user, $filename, $full_path, $filesize, $xfertime); ($logged_user, $cmd, $filename, $full_path, $filesize, $xfertime) = get_sftplog($db_file); my $expected; $expected = 'STOR'; $self->assert($expected eq $cmd, test_msg("Expected '$expected', got '$cmd'")); $expected = 'test.txt'; $self->assert($expected eq $filename, test_msg("Expected '$expected', got '$filename'")); $expected = File::Spec->rel2abs("$tmpdir/test.txt"); $self->assert($expected eq $full_path, test_msg("Expected '$expected', got '$full_path'")); $expected = 32768; $self->assert($expected == $filesize, test_msg("Expected $expected, got $filesize")); unlink($log_file); } sub sftp_sql_log_appe_vars { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $db_file = File::Spec->rel2abs("$tmpdir/proftpd.db"); # Build up sqlite3 command to create users, groups tables and populate them my $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh < 0 && $ENV{TEST_VERBOSE}) { print STDERR "Output: ", join('', @output), "\n"; } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, AllowOverwrite => 'on', AllowStoreRestart => 'on', IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_sql.c' => { SQLEngine => 'log', SQLBackend => 'sqlite3', SQLConnectInfo => $db_file, SQLLogFile => $log_file, SQLNamedQuery => 'log-appe FREEFORM "INSERT INTO sftplog (user, operation, filename, full_path, filesize, xfertime) VALUES (\'%u\', \'%m\', \'%F\', \'%f\', %b, %T)"', SQLLog => 'APPE log-appe', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('test.txt', O_WRONLY|O_APPEND, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open test.txt: [$err_name] ($err_code)"); } print $fh "ABCD" x 8192; # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my ($logged_user, $filename, $full_path, $filesize, $xfertime); ($logged_user, $cmd, $filename, $full_path, $filesize, $xfertime) = get_sftplog($db_file); my $expected; $expected = 'APPE'; $self->assert($expected eq $cmd, test_msg("Expected '$expected', got '$cmd'")); $expected = 'test.txt'; $self->assert($expected eq $filename, test_msg("Expected '$expected', got '$filename'")); $expected = File::Spec->rel2abs("$tmpdir/test.txt"); $self->assert($expected eq $full_path, test_msg("Expected '$expected', got '$full_path'")); $expected = 32768; $self->assert($expected == $filesize, test_msg("Expected $expected, got $filesize")); unlink($log_file); } sub sftp_sql_log_init_vars { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $db_file = File::Spec->rel2abs("$tmpdir/proftpd.db"); # Build up sqlite3 command to create users, groups tables and populate them my $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh < 0 && $ENV{TEST_VERBOSE}) { print STDERR "Output: ", join('', @output), "\n"; } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_sql.c' => { SQLEngine => 'log', SQLBackend => 'sqlite3', SQLConnectInfo => $db_file, SQLLogFile => $log_file, SQLNamedQuery => 'log-init FREEFORM "INSERT INTO sftplog (user, operation, filename, full_path, filesize, xfertime) VALUES (\'%u\', \'%m\', \'%F\', \'%f\', %b, %T)"', SQLLog => 'INIT log-init', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('sftp.conf', O_RDONLY, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open sftp.conf: [$err_name] ($err_code)"); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my ($logged_user, $filename, $full_path, $filesize, $xfertime); ($logged_user, $cmd, $filename, $full_path, $filesize, $xfertime) = get_sftplog($db_file); my $expected; $expected = $user; $self->assert($expected eq $logged_user, test_msg("Expected '$expected', got '$logged_user'")); $expected = 'INIT'; $self->assert($expected eq $cmd, test_msg("Expected '$expected', got '$cmd'")); $expected = '-'; $self->assert($expected eq $filename, test_msg("Expected '$expected', got '$filename'")); $expected = '-'; $self->assert($expected eq $full_path, test_msg("Expected '$expected', got '$full_path'")); $expected = 0; $self->assert($expected == $filesize, test_msg("Expected $expected, got $filesize")); unlink($log_file); } sub sftp_sql_log_pass_vars { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $db_file = File::Spec->rel2abs("$tmpdir/proftpd.db"); # Build up sqlite3 command to create users, groups tables and populate them my $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh < 0 && $ENV{TEST_VERBOSE}) { print STDERR "Output: ", join('', @output), "\n"; } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_sql.c' => { SQLEngine => 'log', SQLBackend => 'sqlite3', SQLConnectInfo => $db_file, SQLLogFile => $log_file, SQLNamedQuery => 'log-pass FREEFORM "INSERT INTO sftplog (user, operation, filename, full_path, filesize, xfertime) VALUES (\'%u\', \'%m\', \'%F\', \'%f\', %b, %T)"', SQLLog => 'PASS log-pass', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('sftp.conf', O_RDONLY, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open sftp.conf: [$err_name] ($err_code)"); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my ($logged_user, $filename, $full_path, $filesize, $xfertime); ($logged_user, $cmd, $filename, $full_path, $filesize, $xfertime) = get_sftplog($db_file); my $expected; $expected = $user; $self->assert($expected eq $logged_user, test_msg("Expected '$expected', got '$logged_user'")); $expected = 'PASS'; $self->assert($expected eq $cmd, test_msg("Expected '$expected', got '$cmd'")); $expected = '-'; $self->assert($expected eq $filename, test_msg("Expected '$expected', got '$filename'")); $expected = '-'; $self->assert($expected eq $full_path, test_msg("Expected '$expected', got '$full_path'")); $expected = 0; $self->assert($expected == $filesize, test_msg("Expected $expected, got $filesize")); unlink($log_file); } sub sftp_sql_log_exit_vars { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, 'ftpd', $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $db_file = File::Spec->rel2abs("$tmpdir/proftpd.db"); # Build up sqlite3 command to create users, groups tables and populate them my $db_script = File::Spec->rel2abs("$tmpdir/proftpd.sql"); if (open(my $fh, "> $db_script")) { print $fh < 0 && $ENV{TEST_VERBOSE}) { print STDERR "Output: ", join('', @output), "\n"; } my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); if (open(my $fh, "> $test_file")) { close($fh); } else { die("Can't open $test_file: $!"); } my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], 'mod_sql.c' => { SQLEngine => 'log', SQLBackend => 'sqlite3', SQLConnectInfo => $db_file, SQLLogFile => $log_file, SQLNamedQuery => 'log-exit FREEFORM "INSERT INTO sftplog (user, operation, filename, full_path, filesize, xfertime) VALUES (\'%u\', \'%m\', \'%F\', \'%f\', %b, %T)"', SQLLog => 'EXIT log-exit', }, }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $sftp = $ssh2->sftp(); unless ($sftp) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't use SFTP on SSH2 server: [$err_name] ($err_code) $err_str"); } my $fh = $sftp->open('sftp.conf', O_RDONLY, 0644); unless ($fh) { my ($err_code, $err_name) = $sftp->error(); die("Can't open sftp.conf: [$err_name] ($err_code)"); } # To issue the FXP_CLOSE, we have to explicitly destroy the filehandle $fh = undef; # To close the SFTP channel, we have to explicitly destroy the object $sftp = undef; $ssh2->disconnect(); # Let a little time pass, so that the server handles the session # ending properly. sleep(1); }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } my ($logged_user, $filename, $full_path, $filesize, $xfertime); ($logged_user, $cmd, $filename, $full_path, $filesize, $xfertime) = get_sftplog($db_file); my $expected; # The user (%u) is blank here because the session.user field has been # cleared. $expected = $user; $self->assert($expected eq $logged_user, test_msg("Expected '$expected', got '$logged_user'")); $expected = 'EXIT'; $self->assert($expected eq $cmd, test_msg("Expected '$expected', got '$cmd'")); $expected = '-'; $self->assert($expected eq $filename, test_msg("Expected '$expected', got '$filename'")); $expected = '-'; $self->assert($expected eq $full_path, test_msg("Expected '$expected', got '$full_path'")); $expected = 0; $self->assert($expected == $filesize, test_msg("Expected $expected, got $filesize")); unlink($log_file); } sub scp_ifsess_protocols { my $self = shift; my $tmpdir = $self->{tmpdir}; my $config_file = "$tmpdir/sftp.conf"; my $pid_file = File::Spec->rel2abs("$tmpdir/sftp.pid"); my $scoreboard_file = File::Spec->rel2abs("$tmpdir/sftp.scoreboard"); my $log_file = File::Spec->rel2abs('tests.log'); my $auth_user_file = File::Spec->rel2abs("$tmpdir/sftp.passwd"); my $auth_group_file = File::Spec->rel2abs("$tmpdir/sftp.group"); my $user = 'proftpd'; my $passwd = 'test'; my $group = 'ftpd'; my $home_dir = File::Spec->rel2abs($tmpdir); my $uid = 500; my $gid = 500; # Make sure that, if we're running as root, that the home directory has # permissions/privs set for the account we create if ($< == 0) { unless (chmod(0755, $home_dir)) { die("Can't set perms on $home_dir to 0755: $!"); } unless (chown($uid, $gid, $home_dir)) { die("Can't set owner of $home_dir to $uid/$gid: $!"); } } auth_user_write($auth_user_file, $user, $passwd, $uid, $gid, $home_dir, '/bin/bash'); auth_group_write($auth_group_file, $group, $gid, $user); my $rsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_rsa_key'); my $dsa_host_key = File::Spec->rel2abs('t/etc/modules/mod_sftp/ssh_host_dsa_key'); my $test_file = File::Spec->rel2abs("$tmpdir/test.txt"); my $config = { PidFile => $pid_file, ScoreboardFile => $scoreboard_file, SystemLog => $log_file, TraceLog => $log_file, Trace => 'DEFAULT:10 ssh2:20 sftp:20 scp:20', AuthUserFile => $auth_user_file, AuthGroupFile => $auth_group_file, IfModules => { 'mod_delay.c' => { DelayEngine => 'off', }, 'mod_sftp.c' => [ "SFTPEngine on", "SFTPLog $log_file", "SFTPHostKey $rsa_host_key", "SFTPHostKey $dsa_host_key", ], }, }; my ($port, $config_user, $config_group) = config_write($config_file, $config); if (open(my $fh, ">> $config_file")) { print $fh < Protocols sftp scp Protocols sftp EOC unless (close($fh)) { die("Can't write $config_file: $!"); } } else { die("Can't open $config_file: $!"); } # Open pipes, for use between the parent and child processes. Specifically, # the child will indicate when it's done with its test by writing a message # to the parent. my ($rfh, $wfh); unless (pipe($rfh, $wfh)) { die("Can't open pipe: $!"); } require Net::SSH2; my $ex; # Ignore SIGPIPE local $SIG{PIPE} = sub { }; # Fork child $self->handle_sigchld(); defined(my $pid = fork()) or die("Can't fork: $!"); if ($pid) { eval { my $ssh2 = Net::SSH2->new(); sleep(1); unless ($ssh2->connect('127.0.0.1', $port)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't connect to SSH2 server: [$err_name] ($err_code) $err_str"); } unless ($ssh2->auth_password($user, $passwd)) { my ($err_code, $err_name, $err_str) = $ssh2->error(); die("Can't login to SSH2 server: [$err_name] ($err_code) $err_str"); } my $res = $ssh2->scp_put($config_file, 'test.txt'); if ($res) { die("SCP upload succeeded unexpectedly"); } my ($err_code, $err_name, $err_str) = $ssh2->error(); $ssh2->disconnect(); if (-f $test_file) { die("File $test_file exists unexpectedly"); } }; if ($@) { $ex = $@; } $wfh->print("done\n"); $wfh->flush(); } else { eval { server_wait($config_file, $rfh) }; if ($@) { warn($@); exit 1; } exit 0; } # Stop server server_stop($pid_file); $self->assert_child_ok($pid); if ($ex) { die($ex); } unlink($log_file); } 1;