1#	$OpenBSD: test-exec.sh,v 1.76 2020/04/04 23:04:41 dtucker Exp $
2#	Placed in the Public Domain.
3
4#SUDO=sudo
5
6# Unbreak GNU head(1)
7_POSIX2_VERSION=199209
8export _POSIX2_VERSION
9
10case `uname -s 2>/dev/null` in
11OSF1*)
12	BIN_SH=xpg4
13	export BIN_SH
14	;;
15CYGWIN*)
16	os=cygwin
17	;;
18esac
19
20if [ ! -z "$TEST_SSH_PORT" ]; then
21	PORT="$TEST_SSH_PORT"
22else
23	PORT=4242
24fi
25
26# If configure tells us to use a different egrep, create a wrapper function
27# to call it.  This means we don't need to change all the tests that depend
28# on a good implementation.
29if test "x${EGREP}" != "x"; then
30	egrep ()
31{
32	 ${EGREP} "$@"
33}
34fi
35
36if [ -x /usr/ucb/whoami ]; then
37	USER=`/usr/ucb/whoami`
38elif whoami >/dev/null 2>&1; then
39	USER=`whoami`
40elif logname >/dev/null 2>&1; then
41	USER=`logname`
42else
43	USER=`id -un`
44fi
45
46OBJ=$1
47if [ "x$OBJ" = "x" ]; then
48	echo '$OBJ not defined'
49	exit 2
50fi
51if [ ! -d $OBJ ]; then
52	echo "not a directory: $OBJ"
53	exit 2
54fi
55SCRIPT=$2
56if [ "x$SCRIPT" = "x" ]; then
57	echo '$SCRIPT not defined'
58	exit 2
59fi
60if [ ! -f $SCRIPT ]; then
61	echo "not a file: $SCRIPT"
62	exit 2
63fi
64if $TEST_SHELL -n $SCRIPT; then
65	true
66else
67	echo "syntax error in $SCRIPT"
68	exit 2
69fi
70unset SSH_AUTH_SOCK
71
72SRC=`dirname ${SCRIPT}`
73
74# defaults
75SSH=ssh
76SSHD=sshd
77SSHAGENT=ssh-agent
78SSHADD=ssh-add
79SSHKEYGEN=ssh-keygen
80SSHKEYSCAN=ssh-keyscan
81SFTP=sftp
82SFTPSERVER=/usr/libexec/openssh/sftp-server
83SCP=scp
84
85# Set by make_tmpdir() on demand (below).
86SSH_REGRESS_TMP=
87
88# Interop testing
89PLINK=plink
90PUTTYGEN=puttygen
91CONCH=conch
92
93# Tools used by multiple tests
94NC=$OBJ/netcat
95
96if [ "x$TEST_SSH_SSH" != "x" ]; then
97	SSH="${TEST_SSH_SSH}"
98fi
99if [ "x$TEST_SSH_SSHD" != "x" ]; then
100	SSHD="${TEST_SSH_SSHD}"
101fi
102if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
103	SSHAGENT="${TEST_SSH_SSHAGENT}"
104fi
105if [ "x$TEST_SSH_SSHADD" != "x" ]; then
106	SSHADD="${TEST_SSH_SSHADD}"
107fi
108if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
109	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
110fi
111if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
112	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
113fi
114if [ "x$TEST_SSH_SFTP" != "x" ]; then
115	SFTP="${TEST_SSH_SFTP}"
116fi
117if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
118	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
119fi
120if [ "x$TEST_SSH_SCP" != "x" ]; then
121	SCP="${TEST_SSH_SCP}"
122fi
123if [ "x$TEST_SSH_PLINK" != "x" ]; then
124	# Find real binary, if it exists
125	case "${TEST_SSH_PLINK}" in
126	/*) PLINK="${TEST_SSH_PLINK}" ;;
127	*) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
128	esac
129fi
130if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
131	# Find real binary, if it exists
132	case "${TEST_SSH_PUTTYGEN}" in
133	/*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
134	*) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
135	esac
136fi
137if [ "x$TEST_SSH_CONCH" != "x" ]; then
138	# Find real binary, if it exists
139	case "${TEST_SSH_CONCH}" in
140	/*) CONCH="${TEST_SSH_CONCH}" ;;
141	*) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
142	esac
143fi
144if [ "x$TEST_SSH_PKCS11_HELPER" != "x" ]; then
145	SSH_PKCS11_HELPER="${TEST_SSH_PKCS11_HELPER}"
146fi
147if [ "x$TEST_SSH_SK_HELPER" != "x" ]; then
148	SSH_SK_HELPER="${TEST_SSH_SK_HELPER}"
149fi
150
151# Path to sshd must be absolute for rexec
152case "$SSHD" in
153/*) ;;
154*) SSHD=`which $SSHD` ;;
155esac
156
157case "$SSHAGENT" in
158/*) ;;
159*) SSHAGENT=`which $SSHAGENT` ;;
160esac
161
162# Record the actual binaries used.
163SSH_BIN=${SSH}
164SSHD_BIN=${SSHD}
165SSHAGENT_BIN=${SSHAGENT}
166SSHADD_BIN=${SSHADD}
167SSHKEYGEN_BIN=${SSHKEYGEN}
168SSHKEYSCAN_BIN=${SSHKEYSCAN}
169SFTP_BIN=${SFTP}
170SFTPSERVER_BIN=${SFTPSERVER}
171SCP_BIN=${SCP}
172
173if [ "x$USE_VALGRIND" != "x" ]; then
174	rm -rf $OBJ/valgrind-out $OBJ/valgrind-vgdb
175	mkdir -p $OBJ/valgrind-out $OBJ/valgrind-vgdb
176	# When using sudo ensure low-priv tests can write pipes and logs.
177	if [ "x$SUDO" != "x" ]; then
178		chmod 777 $OBJ/valgrind-out $OBJ/valgrind-vgdb
179	fi
180	VG_TEST=`basename $SCRIPT .sh`
181
182	# Some tests are difficult to fix.
183	case "$VG_TEST" in
184	reexec)
185		VG_SKIP=1 ;;
186	sftp-chroot)
187		if [ "x${SUDO}" != "x" ]; then
188			VG_SKIP=1
189		fi ;;
190	esac
191
192	if [ x"$VG_SKIP" = "x" ]; then
193		VG_LEAK="--leak-check=no"
194		if [ x"$VALGRIND_CHECK_LEAKS" != "x" ]; then
195			VG_LEAK="--leak-check=full"
196		fi
197		VG_IGNORE="/bin/*,/sbin/*,/usr/*,/var/*"
198		VG_LOG="$OBJ/valgrind-out/${VG_TEST}."
199		VG_OPTS="--track-origins=yes $VG_LEAK"
200		VG_OPTS="$VG_OPTS --trace-children=yes"
201		VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}"
202		VG_OPTS="$VG_OPTS --vgdb-prefix=$OBJ/valgrind-vgdb/"
203		VG_PATH="valgrind"
204		if [ "x$VALGRIND_PATH" != "x" ]; then
205			VG_PATH="$VALGRIND_PATH"
206		fi
207		VG="$VG_PATH $VG_OPTS"
208		SSH="$VG --log-file=${VG_LOG}ssh.%p $SSH"
209		SSHD="$VG --log-file=${VG_LOG}sshd.%p $SSHD"
210		SSHAGENT="$VG --log-file=${VG_LOG}ssh-agent.%p $SSHAGENT"
211		SSHADD="$VG --log-file=${VG_LOG}ssh-add.%p $SSHADD"
212		SSHKEYGEN="$VG --log-file=${VG_LOG}ssh-keygen.%p $SSHKEYGEN"
213		SSHKEYSCAN="$VG --log-file=${VG_LOG}ssh-keyscan.%p $SSHKEYSCAN"
214		SFTP="$VG --log-file=${VG_LOG}sftp.%p ${SFTP}"
215		SCP="$VG --log-file=${VG_LOG}scp.%p $SCP"
216		cat > $OBJ/valgrind-sftp-server.sh << EOF
217#!/bin/sh
218exec $VG --log-file=${VG_LOG}sftp-server.%p $SFTPSERVER "\$@"
219EOF
220		chmod a+rx $OBJ/valgrind-sftp-server.sh
221		SFTPSERVER="$OBJ/valgrind-sftp-server.sh"
222	fi
223fi
224
225# Logfiles.
226# SSH_LOGFILE should be the debug output of ssh(1) only
227# SSHD_LOGFILE should be the debug output of sshd(8) only
228# REGRESS_LOGFILE is the output of the test itself stdout and stderr
229if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
230	TEST_SSH_LOGFILE=$OBJ/ssh.log
231fi
232if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
233	TEST_SSHD_LOGFILE=$OBJ/sshd.log
234fi
235if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
236	TEST_REGRESS_LOGFILE=$OBJ/regress.log
237fi
238
239# truncate logfiles
240>$TEST_SSH_LOGFILE
241>$TEST_SSHD_LOGFILE
242>$TEST_REGRESS_LOGFILE
243
244# Create wrapper ssh with logging.  We can't just specify "SSH=ssh -E..."
245# because sftp and scp don't handle spaces in arguments.
246SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
247echo "#!/bin/sh" > $SSHLOGWRAP
248echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
249
250chmod a+rx $OBJ/ssh-log-wrapper.sh
251REAL_SSH="$SSH"
252REAL_SSHD="$SSHD"
253SSH="$SSHLOGWRAP"
254
255# Some test data.  We make a copy because some tests will overwrite it.
256# The tests may assume that $DATA exists and is writable and $COPY does
257# not exist.  Tests requiring larger data files can call increase_datafile_size
258# [kbytes] to ensure the file is at least that large.
259DATANAME=data
260DATA=$OBJ/${DATANAME}
261cat ${SSHAGENT_BIN} >${DATA}
262chmod u+w ${DATA}
263COPY=$OBJ/copy
264rm -f ${COPY}
265
266increase_datafile_size()
267{
268	while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
269		cat ${SSHAGENT_BIN} >>${DATA}
270	done
271}
272
273# these should be used in tests
274export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
275export SSH_PKCS11_HELPER SSH_SK_HELPER
276#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
277
278# Portable specific functions
279have_prog()
280{
281	saved_IFS="$IFS"
282	IFS=":"
283	for i in $PATH
284	do
285		if [ -x $i/$1 ]; then
286			IFS="$saved_IFS"
287			return 0
288		fi
289	done
290	IFS="$saved_IFS"
291	return 1
292}
293
294jot() {
295	awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
296}
297
298# Check whether preprocessor symbols are defined in config.h.
299config_defined ()
300{
301	str=$1
302	while test "x$2" != "x" ; do
303		str="$str|$2"
304		shift
305	done
306	egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
307}
308
309md5 () {
310	if have_prog md5sum; then
311		md5sum
312	elif have_prog openssl; then
313		openssl md5
314	elif have_prog cksum; then
315		cksum
316	elif have_prog sum; then
317		sum
318	else
319		wc -c
320	fi
321}
322# End of portable specific functions
323
324stop_sshd ()
325{
326	if [ -f $PIDFILE ]; then
327		pid=`$SUDO cat $PIDFILE`
328		if [ "X$pid" = "X" ]; then
329			echo no sshd running
330		else
331			if [ $pid -lt 2 ]; then
332				echo bad pid for sshd: $pid
333			else
334				$SUDO kill $pid
335				trace "wait for sshd to exit"
336				i=0;
337				while [ -f $PIDFILE -a $i -lt 5 ]; do
338					i=`expr $i + 1`
339					sleep $i
340				done
341				if test -f $PIDFILE; then
342					if $SUDO kill -0 $pid; then
343						echo "sshd didn't exit " \
344						    "port $PORT pid $pid"
345					else
346						echo "sshd died without cleanup"
347					fi
348					exit 1
349				fi
350			fi
351		fi
352	fi
353}
354
355make_tmpdir ()
356{
357	SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
358	    fatal "failed to create temporary directory"
359}
360
361# helper
362cleanup ()
363{
364	if [ "x$SSH_PID" != "x" ]; then
365		if [ $SSH_PID -lt 2 ]; then
366			echo bad pid for ssh: $SSH_PID
367		else
368			kill $SSH_PID
369		fi
370	fi
371	if [ "x$SSH_REGRESS_TMP" != "x" ]; then
372		rm -rf "$SSH_REGRESS_TMP"
373	fi
374	stop_sshd
375}
376
377start_debug_log ()
378{
379	echo "trace: $@" >$TEST_REGRESS_LOGFILE
380	echo "trace: $@" >$TEST_SSH_LOGFILE
381	echo "trace: $@" >$TEST_SSHD_LOGFILE
382}
383
384save_debug_log ()
385{
386	echo $@ >>$TEST_REGRESS_LOGFILE
387	echo $@ >>$TEST_SSH_LOGFILE
388	echo $@ >>$TEST_SSHD_LOGFILE
389	(cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
390	(cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
391	(cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
392}
393
394trace ()
395{
396	start_debug_log $@
397	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
398		echo "$@"
399	fi
400}
401
402verbose ()
403{
404	start_debug_log $@
405	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
406		echo "$@"
407	fi
408}
409
410warn ()
411{
412	echo "WARNING: $@" >>$TEST_SSH_LOGFILE
413	echo "WARNING: $@"
414}
415
416fail ()
417{
418	save_debug_log "FAIL: $@"
419	RESULT=1
420	echo "$@"
421	if test "x$TEST_SSH_FAIL_FATAL" != "x" ; then
422		cleanup
423		exit $RESULT
424	fi
425}
426
427fatal ()
428{
429	save_debug_log "FATAL: $@"
430	printf "FATAL: "
431	fail "$@"
432	cleanup
433	exit $RESULT
434}
435
436RESULT=0
437PIDFILE=$OBJ/pidfile
438
439trap fatal 3 2
440
441# create server config
442cat << EOF > $OBJ/sshd_config
443	StrictModes		no
444	Port			$PORT
445	AddressFamily		inet
446	ListenAddress		127.0.0.1
447	#ListenAddress		::1
448	PidFile			$PIDFILE
449	AuthorizedKeysFile	$OBJ/authorized_keys_%u
450	LogLevel		DEBUG3
451	AcceptEnv		_XXX_TEST_*
452	AcceptEnv		_XXX_TEST
453	Subsystem	sftp	$SFTPSERVER
454EOF
455
456# This may be necessary if /usr/src and/or /usr/obj are group-writable,
457# but if you aren't careful with permissions then the unit tests could
458# be abused to locally escalate privileges.
459if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
460	echo "StrictModes no" >> $OBJ/sshd_config
461else
462	# check and warn if excessive permissions are likely to cause failures.
463	unsafe=""
464	dir="${OBJ}"
465	while test ${dir} != "/"; do
466		if test -d "${dir}" && ! test -h "${dir}"; then
467			perms=`ls -ld ${dir}`
468			case "${perms}" in
469			?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;;
470			esac
471		fi
472		dir=`dirname ${dir}`
473	done
474	if ! test  -z "${unsafe}"; then
475		cat <<EOD
476
477WARNING: Unsafe (group or world writable) directory permissions found:
478${unsafe}
479
480These could be abused to locally escalate privileges.  If you are
481sure that this is not a risk (eg there are no other users), you can
482bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1
483
484EOD
485	fi
486fi
487
488if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
489	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
490	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
491fi
492
493# server config for proxy connects
494cp $OBJ/sshd_config $OBJ/sshd_proxy
495
496# allow group-writable directories in proxy-mode
497echo 'StrictModes no' >> $OBJ/sshd_proxy
498
499# create client config
500cat << EOF > $OBJ/ssh_config
501Host *
502	Hostname		127.0.0.1
503	HostKeyAlias		localhost-with-alias
504	Port			$PORT
505	User			$USER
506	GlobalKnownHostsFile	$OBJ/known_hosts
507	UserKnownHostsFile	$OBJ/known_hosts
508	PubkeyAuthentication	yes
509	ChallengeResponseAuthentication	no
510	HostbasedAuthentication	no
511	PasswordAuthentication	no
512	BatchMode		yes
513	StrictHostKeyChecking	yes
514	LogLevel		DEBUG3
515EOF
516
517if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
518	trace "adding ssh_config option $TEST_SSH_SSH_CONFOPTS"
519	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
520fi
521
522rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
523
524SSH_SK_PROVIDER=
525if ! config_defined ENABLE_SK; then
526	trace skipping sk-dummy
527elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
528	SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
529elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
530	SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
531fi
532export SSH_SK_PROVIDER
533
534if ! test -z "$SSH_SK_PROVIDER"; then
535	EXTRA_AGENT_ARGS='-P/*' # XXX want realpath(1)...
536	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/ssh_config
537	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_config
538	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_proxy
539fi
540export EXTRA_AGENT_ARGS
541
542maybe_filter_sk() {
543	if test -z "$SSH_SK_PROVIDER" ; then
544		grep -v ^sk
545	else
546		cat
547	fi
548}
549
550SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk`
551SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk`
552
553for t in ${SSH_KEYTYPES}; do
554	# generate user key
555	if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then
556		trace "generating key type $t"
557		rm -f $OBJ/$t
558		${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
559			fail "ssh-keygen for $t failed"
560	else
561		trace "using cached key type $t"
562	fi
563
564	# setup authorized keys
565	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
566	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
567done
568
569for t in ${SSH_HOSTKEY_TYPES}; do
570	# known hosts file for client
571	(
572		printf 'localhost-with-alias,127.0.0.1,::1 '
573		cat $OBJ/$t.pub
574	) >> $OBJ/known_hosts
575
576	# use key as host key, too
577	$SUDO cp $OBJ/$t $OBJ/host.$t
578	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
579
580	# don't use SUDO for proxy connect
581	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
582done
583chmod 644 $OBJ/authorized_keys_$USER
584
585# Activate Twisted Conch tests if the binary is present
586REGRESS_INTEROP_CONCH=no
587if test -x "$CONCH" ; then
588	REGRESS_INTEROP_CONCH=yes
589fi
590
591# If PuTTY is present and we are running a PuTTY test, prepare keys and
592# configuration
593REGRESS_INTEROP_PUTTY=no
594if test -x "$PUTTYGEN" -a -x "$PLINK" ; then
595	REGRESS_INTEROP_PUTTY=yes
596fi
597case "$SCRIPT" in
598*putty*)	;;
599*)		REGRESS_INTEROP_PUTTY=no ;;
600esac
601
602if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
603	mkdir -p ${OBJ}/.putty
604
605	# Add a PuTTY key to authorized_keys
606	rm -f ${OBJ}/putty.rsa2
607	if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \
608	    --random-device=/dev/urandom \
609	    --new-passphrase /dev/null < /dev/null > /dev/null; then
610		echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2
611		puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
612	fi
613	puttygen -O public-openssh ${OBJ}/putty.rsa2 \
614	    >> $OBJ/authorized_keys_$USER
615
616	# Convert rsa2 host key to PuTTY format
617	cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
618	${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
619	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \
620	    ${OBJ}/.putty/sshhostkeys
621	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \
622	    ${OBJ}/.putty/sshhostkeys
623	rm -f $OBJ/ssh-rsa_oldfmt
624
625	# Setup proxied session
626	mkdir -p ${OBJ}/.putty/sessions
627	rm -f ${OBJ}/.putty/sessions/localhost_proxy
628	echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy
629	echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
630	echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
631	echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
632	echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
633	echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
634
635	PUTTYDIR=${OBJ}/.putty
636	export PUTTYDIR
637
638	REGRESS_INTEROP_PUTTY=yes
639fi
640
641# create a proxy version of the client config
642(
643	cat $OBJ/ssh_config
644	echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy
645) > $OBJ/ssh_proxy
646
647# check proxy config
648${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
649
650start_sshd ()
651{
652	# start sshd
653	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
654	$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \
655	    ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
656
657	trace "wait for sshd"
658	i=0;
659	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
660		i=`expr $i + 1`
661		sleep $i
662	done
663
664	test -f $PIDFILE || fatal "no sshd running on port $PORT"
665}
666
667# source test body
668. $SCRIPT
669
670# kill sshd
671cleanup
672
673if [ "x$USE_VALGRIND" != "x" ]; then
674	# wait for any running process to complete
675	wait; sleep 1
676	VG_RESULTS=$(find $OBJ/valgrind-out -type f -print)
677	VG_RESULT_COUNT=0
678	VG_FAIL_COUNT=0
679	for i in $VG_RESULTS; do
680		if grep "ERROR SUMMARY" $i >/dev/null; then
681			VG_RESULT_COUNT=$(($VG_RESULT_COUNT + 1))
682			if ! grep "ERROR SUMMARY: 0 errors" $i >/dev/null; then
683				VG_FAIL_COUNT=$(($VG_FAIL_COUNT + 1))
684				RESULT=1
685				verbose valgrind failure $i
686				cat $i
687			fi
688		fi
689	done
690	if [ x"$VG_SKIP" != "x" ]; then
691		verbose valgrind skipped
692	else
693		verbose valgrind results $VG_RESULT_COUNT failures $VG_FAIL_COUNT
694	fi
695fi
696
697if [ $RESULT -eq 0 ]; then
698	verbose ok $tid
699else
700	echo failed $tid
701fi
702exit $RESULT
703