# Tests to ensure that the monkeysphere is working
-# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-# Date: 2008-09-13 13:40:15-0400
+# Authors:
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright: 2008
+# License: GPL v3 or later
-# these tests might be best run under fakeroot, particularly the
-# "server-side" tests. Using fakeroot, they should be able to be run
+# these tests should all be able to
# as a non-privileged user.
-# NOTE: these tests have *not* themselves been tested yet
-# (2008-09-13). Please exercise with caution!
-
-# fail on fail
+# all subcommands in this script should complete without failure:
set -e
-# these tests assume a commonly-trusted "Admin's key", a fake key
-# permanently stored in ./home/admin/.gnupg:
+# gpg command for test admin user
gpgadmin() {
- GNUPGHOME="$TESTDIR"/home/admin/.gnupg gpg "$@"
+ GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
+}
+
+failed_cleanup() {
+# FIXME: can we be more verbose here?
+ echo 'FAILED!'
+ cleanup
}
# cleanup:
cleanup() {
+ echo
read -p "press enter to cleanup and remove tmp:"
- # FIXME: stop the sshd process
+ if ( ps $SSHD_PID >/dev/null ) ; then
+ echo "### stopping still-running sshd..."
+ kill $SSHD_PID
+ fi
- echo
echo "### removing temp dir..."
rm -rf "$TEMPDIR"
- # FIXME: how should we clear out the temporary $VARLIB?
-
- # FIXME: clear out ssh client config file and known hosts.
+ wait
}
## setup trap
-trap cleanup EXIT
+trap failed_cleanup EXIT
## set up some variables to ensure that we're operating strictly in
## the tests, not system-wide:
SSHD_CONFIG="$TEMPDIR"/sshd_config
export SOCKET="$TEMPDIR"/ssh-socket
+# copy in admin and testuser home to tmp
+echo "### copying admin and testuser homes..."
+cp -a "$TESTDIR"/home/admin "$TEMPDIR"/
+cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
+
+cat <<EOF >> "$TEMPDIR"/testuser/.ssh/config
+UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts
+ProxyCommand $TEMPDIR/testuser/.ssh/proxy-command %h %p $SOCKET
+EOF
+
+cat <<EOF >> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf
+KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts
+EOF
### SERVER TESTS
# FIXME: how can we test publish-key without flooding junk into the
# keyservers?
-# indicate that the "Admin's" key is an identity certifier for the
-# host
-
+# add admin as identity certifier for testhost
echo "### adding admin as certifier..."
-echo y | monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg
+echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg
# initialize base sshd_config
cp etc/ssh/sshd_config "$SSHD_CONFIG"
# launch test sshd with the new host key.
echo "### starting sshd..."
-socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
-
+socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
+export SSHD_PID=$!
### TESTUSER TESTS
-# copy testuser home directory into temp dir
-echo "### seting up testuser home..."
-cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/
-
# generate an auth subkey for the test user
echo "### generating key for testuser..."
-MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \
- monkeysphere gen-subkey --expire 0
+export GNUPGHOME="$TEMPDIR"/testuser/.gnupg
+export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass
+export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere
+
+monkeysphere gen-subkey --expire 0
# add server key to testuser keychain
echo "### export server key to testuser..."
-gpgadmin --armor --export "$HOSTKEYID" | \
- GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import
+gpgadmin --armor --export "$HOSTKEYID" | gpg --import
-#GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --list-keys
-#read -p "?"
-
-# connect to test sshd, using monkeysphere to verify the identity
-# before connection.
+# connect to test sshd, using monkeysphere-ssh-proxycommand to verify
+# the identity before connection. This should work in both directions!
echo "### testuser connecting to sshd socket..."
-PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}"
-GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -oProxyCommand="$PROXY_COMMAND" testhost
-# create a new client side key, certify it with the "CA", use it to
-# log in.
-## FIXME: implement!
+ssh-agent bash -c \
+ 'monkeysphere subkey-to-ssh-agent && ssh -F "$TEMPDIR"/testuser/.ssh/config testhost'
+
+trap - EXIT
+cleanup