X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=tests%2Fbasic;h=1f4930f9b1ca7c356f915f96edc36c8e83dd80ce;hb=dbbd331815b6f15f675d2ce651678b8b2ec06d68;hp=067a02c00a547e5d3ca8d50bd41db2f986c2ff97;hpb=f7242749c484cac12aacf8bcfe19bdea72c89aaa;p=monkeysphere.git diff --git a/tests/basic b/tests/basic index 067a02c..1f4930f 100755 --- a/tests/basic +++ b/tests/basic @@ -23,6 +23,7 @@ ssh_test() { umask 0077 # start the ssh daemon on the socket + echo "##### starting ssh server..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & SSHD_PID="$!" @@ -32,6 +33,7 @@ ssh_test() { done # make a client connection to the socket + echo "##### starting ssh client..." ssh-agent bash -c \ "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true" RETURN="$?" @@ -88,7 +90,7 @@ export PATH="$TESTDIR"/../src:"$TESTDIR"/../src/keytrans:"$PATH" export MONKEYSPHERE_SYSDATADIR="$TEMPDIR" export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR" export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src -export MONKEYSPHERE_MONKEYSPHERE_USER="$USER" +export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami) export MONKEYSPHERE_CHECK_KEYSERVER=false export MONKEYSPHERE_LOG_LEVEL=DEBUG @@ -101,21 +103,27 @@ echo "### copying admin and testuser homes..." cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ -cat <> "$TEMPDIR"/testuser/.ssh/config -UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts -IdentityFile $TEMPDIR/testuser/.ssh/no-such-identity -ProxyCommand $TEMPDIR/testuser/.ssh/proxy-command %h %p $SOCKET +# set up environment for testuser +export HOME="$TEMPDIR"/testuser +export GNUPGHOME="$HOME"/.gnupg +export SSH_ASKPASS="$HOME"/.ssh/askpass +export MONKEYSPHERE_HOME="$HOME"/.monkeysphere + +cat <> "$HOME"/.ssh/config +UserKnownHostsFile $HOME/.ssh/known_hosts +IdentityFile $HOME/.ssh/no-such-identity +ProxyCommand $HOME/.ssh/proxy-command %h %p $SOCKET EOF -cat <> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf -KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts +cat <> "$MONKEYSPHERE_HOME"/monkeysphere.conf +KNOWN_HOSTS=$HOME/.ssh/known_hosts EOF -get_gpg_prng_arg >> "$TEMPDIR"/testuser/.gnupg/gpg.conf +get_gpg_prng_arg >> "$GNUPGHOME"/gpg.conf # set up a simple default monkeysphere-server.conf cat <> "$TEMPDIR"/monkeysphere-server.conf -AUTHORIZED_USER_IDS="$TEMPDIR/testuser/.monkeysphere/authorized_user_ids" +AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authorized_user_ids" EOF ### SERVER TESTS @@ -124,6 +132,7 @@ EOF mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authorized_keys +mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/tmp cat < "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg @@ -163,12 +172,9 @@ EOF ### TESTUSER TESTS -# generate an auth subkey for the test user +# generate an auth subkey for the test user that expires in 2 days echo "### generating key for testuser..." -export GNUPGHOME="$TEMPDIR"/testuser/.gnupg -export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass -export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere -monkeysphere gen-subkey --expire 0 +monkeysphere gen-subkey --expire 2 # add server key to testuser keychain echo "### export server key to testuser..." @@ -178,7 +184,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import echo "### export testuser key to server..." gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import echo "### update server authorized_keys file for this testuser..." -monkeysphere-server update-users "$USER" +monkeysphere-server update-users $(whoami) # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! @@ -190,13 +196,15 @@ ssh_test # authentication FAILS... echo "### removing testuser authorized_user_ids and reupdating authorized_keys..." rm -f "$TEMPDIR"/testuser/.monkeysphere/authorized_user_ids -monkeysphere-server update-users "$USER" +monkeysphere-server update-users $(whoami) # make sure the user can NOT connect echo "### ssh connection test for server authentication denial..." ssh_test -if [ "$?" != '255' ] ; then - exit +ret="$?" +if [ "$ret" != '255' ] ; then + echo "### connection should have failed!" + exit "$ret" fi trap - EXIT