1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
#!/bin/sh
#
# Test suite for remctl-shell.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2016 Russ Allbery <eagle@eyrie.org>
# Copyright 2016 Dropbox, Inc.
#
# SPDX-License-Identifier: MIT
. "${C_TAP_SOURCE}/tap/libtap.sh"
# Declare plan.
plan 18
# Clean any leaked environment variables.
unset REMCTL_USER
unset SSH_CONNECTION
unset SSH_ORIGINAL_COMMAND
# Find the remctl-shell binary.
shell="${C_TAP_BUILD}/../server/remctl-shell"
# Check a few error messages from not having environment variables set, and
# set up the environment.
msg='SSH_ORIGINAL_COMMAND not set in the environment'
ok_program 'no SSH_ORIGINAL_COMMAND' 1 "remctl-shell: $msg" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" test@EXAMPLE.COM
msg='REMCTL_USER must be set in the environment via authorized_keys'
ok_program 'no REMCTL_USER' 1 "remctl-shell: $msg" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test test'
REMCTL_USER=test@EXAMPLE.COM
export REMCTL_USER
ok_program 'no SSH_CONNECTION' 1 \
'remctl-shell: SSH_CONNECTION not set (remctl-shell must be run via ssh)' \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test test'
SSH_CONNECTION='127.0.0.1 16666 127.0.0.1 16666'
export SSH_CONNECTION
# Check the various environment variables.
ok_program 'value for REMUSER' 0 "$REMCTL_USER" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test env REMUSER'
ok_program 'value for REMOTE_USER' 0 "$REMCTL_USER" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test env REMOTE_USER'
ok_program 'value for REMOTE_ADDR' 0 '127.0.0.1' \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test env REMOTE_ADDR'
ok_program 'value for REMOTE_EXPIRES' 0 '0' \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test env REMOTE_EXPIRES'
# Remote host requires a bit more effort, since it can be one of a number of
# values. Don't bother with all the ok_program checks, and just check the
# output.
command='test env REMOTE_HOST'
hostname=`"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c "$command" 2>&1`
status=$?
ok 'return status for REMOTE_HOST' [ $status -eq 0 ]
if [ -z "$hostname" ]; then
ok 'value for REMOTE_HOST' true
elif echo "$hostname" | grep -q localhost; then
ok 'value for REMOTE_HOST' true
elif echo "$hostname" | grep -q "`hostname`"; then
ok 'value for REMOTE_HOST' true
else
diag "env REMOTE_HOST: $hostname"
ok 'value for REMOTE_HOST' false
fi
# Test some of the general server properties. This code is mostly also tested
# by the regular server tests, but it's good verification that the shell
# implementation works the same.
ok_program "file descriptors closed properly on server" 0 "Okay" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test closed'
ok_program "server returns despite background process" 0 "Parent" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test background'
ok_program "matching and argv passing for EMPTY" 0 "0" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'empty'
ok_program "...but the empty argument does not match" 255 "Unknown command" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'empty ""'
ok_program "wildcard matching for the command" 0 "hello world" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'foo bar'
ok_program "...but only matches that subcommand" 255 "Unknown command" \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'foo baz'
ok_program "server resets SIGPIPE handler before running client" 255 '' \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test sigpipe'
# Now check passing in a command via SSH_ORIGINAL_COMMAND instead. We should
# ignore the REMCTL_USER environment variable.
SSH_ORIGINAL_COMMAND='test env REMUSER'
export SSH_ORIGINAL_COMMAND
ok_program 'force-command value for REMUSER' 0 command@EXAMPLE.COM \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" command@EXAMPLE.COM
unset REMCTL_USER
SSH_ORIGINAL_COMMAND='test env "REMOTE_USER"'
ok_program 'force-command value for REMOTE_USER' 0 command@EXAMPLE.COM \
"$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" command@EXAMPLE.COM
|
