xref: /openssh-portable/regress/test-exec.sh (revision 721948e6)
1#	$OpenBSD: test-exec.sh,v 1.78 2021/03/13 01:52:16 dtucker Exp $
2#	Placed in the Public Domain.
3
4#SUDO=sudo
5
6# Unbreak GNU head(1)
7_POSIX2_VERSION=199209
8export _POSIX2_VERSION
9
10case `uname -s 2>/dev/null` in
11OSF1*)
12	BIN_SH=xpg4
13	export BIN_SH
14	;;
15CYGWIN*)
16	os=cygwin
17	;;
18esac
19
20if [ ! -z "$TEST_SSH_PORT" ]; then
21	PORT="$TEST_SSH_PORT"
22else
23	PORT=4242
24fi
25
26# If configure tells us to use a different egrep, create a wrapper function
27# to call it.  This means we don't need to change all the tests that depend
28# on a good implementation.
29if test "x${EGREP}" != "x"; then
30	egrep ()
31{
32	 ${EGREP} "$@"
33}
34fi
35
36if [ -x /usr/ucb/whoami ]; then
37	USER=`/usr/ucb/whoami`
38elif whoami >/dev/null 2>&1; then
39	USER=`whoami`
40elif logname >/dev/null 2>&1; then
41	USER=`logname`
42else
43	USER=`id -un`
44fi
45if test -z "$LOGNAME"; then
46	LOGNAME="${USER}"
47	export LOGNAME
48fi
49
50OBJ=$1
51if [ "x$OBJ" = "x" ]; then
52	echo '$OBJ not defined'
53	exit 2
54fi
55if [ ! -d $OBJ ]; then
56	echo "not a directory: $OBJ"
57	exit 2
58fi
59SCRIPT=$2
60if [ "x$SCRIPT" = "x" ]; then
61	echo '$SCRIPT not defined'
62	exit 2
63fi
64if [ ! -f $SCRIPT ]; then
65	echo "not a file: $SCRIPT"
66	exit 2
67fi
68if $TEST_SHELL -n $SCRIPT; then
69	true
70else
71	echo "syntax error in $SCRIPT"
72	exit 2
73fi
74unset SSH_AUTH_SOCK
75
76SRC=`dirname ${SCRIPT}`
77
78# defaults
79SSH=ssh
80SSHD=sshd
81SSHAGENT=ssh-agent
82SSHADD=ssh-add
83SSHKEYGEN=ssh-keygen
84SSHKEYSCAN=ssh-keyscan
85SFTP=sftp
86SFTPSERVER=/usr/libexec/openssh/sftp-server
87SCP=scp
88
89# Set by make_tmpdir() on demand (below).
90SSH_REGRESS_TMP=
91
92# Interop testing
93PLINK=plink
94PUTTYGEN=puttygen
95CONCH=conch
96
97# Tools used by multiple tests
98NC=$OBJ/netcat
99
100if [ "x$TEST_SSH_SSH" != "x" ]; then
101	SSH="${TEST_SSH_SSH}"
102fi
103if [ "x$TEST_SSH_SSHD" != "x" ]; then
104	SSHD="${TEST_SSH_SSHD}"
105fi
106if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
107	SSHAGENT="${TEST_SSH_SSHAGENT}"
108fi
109if [ "x$TEST_SSH_SSHADD" != "x" ]; then
110	SSHADD="${TEST_SSH_SSHADD}"
111fi
112if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
113	SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
114fi
115if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
116	SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
117fi
118if [ "x$TEST_SSH_SFTP" != "x" ]; then
119	SFTP="${TEST_SSH_SFTP}"
120fi
121if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
122	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
123fi
124if [ "x$TEST_SSH_SCP" != "x" ]; then
125	SCP="${TEST_SSH_SCP}"
126fi
127if [ "x$TEST_SSH_PLINK" != "x" ]; then
128	# Find real binary, if it exists
129	case "${TEST_SSH_PLINK}" in
130	/*) PLINK="${TEST_SSH_PLINK}" ;;
131	*) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
132	esac
133fi
134if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
135	# Find real binary, if it exists
136	case "${TEST_SSH_PUTTYGEN}" in
137	/*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
138	*) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
139	esac
140fi
141if [ "x$TEST_SSH_CONCH" != "x" ]; then
142	# Find real binary, if it exists
143	case "${TEST_SSH_CONCH}" in
144	/*) CONCH="${TEST_SSH_CONCH}" ;;
145	*) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
146	esac
147fi
148if [ "x$TEST_SSH_PKCS11_HELPER" != "x" ]; then
149	SSH_PKCS11_HELPER="${TEST_SSH_PKCS11_HELPER}"
150fi
151if [ "x$TEST_SSH_SK_HELPER" != "x" ]; then
152	SSH_SK_HELPER="${TEST_SSH_SK_HELPER}"
153fi
154
155# Path to sshd must be absolute for rexec
156case "$SSHD" in
157/*) ;;
158*) SSHD=`which $SSHD` ;;
159esac
160
161case "$SSHAGENT" in
162/*) ;;
163*) SSHAGENT=`which $SSHAGENT` ;;
164esac
165
166# Record the actual binaries used.
167SSH_BIN=${SSH}
168SSHD_BIN=${SSHD}
169SSHAGENT_BIN=${SSHAGENT}
170SSHADD_BIN=${SSHADD}
171SSHKEYGEN_BIN=${SSHKEYGEN}
172SSHKEYSCAN_BIN=${SSHKEYSCAN}
173SFTP_BIN=${SFTP}
174SFTPSERVER_BIN=${SFTPSERVER}
175SCP_BIN=${SCP}
176
177if [ "x$USE_VALGRIND" != "x" ]; then
178	rm -rf $OBJ/valgrind-out $OBJ/valgrind-vgdb
179	mkdir -p $OBJ/valgrind-out $OBJ/valgrind-vgdb
180	# When using sudo ensure low-priv tests can write pipes and logs.
181	if [ "x$SUDO" != "x" ]; then
182		chmod 777 $OBJ/valgrind-out $OBJ/valgrind-vgdb
183	fi
184	VG_TEST=`basename $SCRIPT .sh`
185
186	# Some tests are difficult to fix.
187	case "$VG_TEST" in
188	reexec)
189		VG_SKIP=1 ;;
190	sftp-chroot)
191		if [ "x${SUDO}" != "x" ]; then
192			VG_SKIP=1
193		fi ;;
194	esac
195
196	if [ x"$VG_SKIP" = "x" ]; then
197		VG_LEAK="--leak-check=no"
198		if [ x"$VALGRIND_CHECK_LEAKS" != "x" ]; then
199			VG_LEAK="--leak-check=full"
200		fi
201		VG_IGNORE="/bin/*,/sbin/*,/usr/*,/var/*"
202		VG_LOG="$OBJ/valgrind-out/${VG_TEST}."
203		VG_OPTS="--track-origins=yes $VG_LEAK"
204		VG_OPTS="$VG_OPTS --trace-children=yes"
205		VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}"
206		VG_OPTS="$VG_OPTS --vgdb-prefix=$OBJ/valgrind-vgdb/"
207		VG_PATH="valgrind"
208		if [ "x$VALGRIND_PATH" != "x" ]; then
209			VG_PATH="$VALGRIND_PATH"
210		fi
211		VG="$VG_PATH $VG_OPTS"
212		SSH="$VG --log-file=${VG_LOG}ssh.%p $SSH"
213		SSHD="$VG --log-file=${VG_LOG}sshd.%p $SSHD"
214		SSHAGENT="$VG --log-file=${VG_LOG}ssh-agent.%p $SSHAGENT"
215		SSHADD="$VG --log-file=${VG_LOG}ssh-add.%p $SSHADD"
216		SSHKEYGEN="$VG --log-file=${VG_LOG}ssh-keygen.%p $SSHKEYGEN"
217		SSHKEYSCAN="$VG --log-file=${VG_LOG}ssh-keyscan.%p $SSHKEYSCAN"
218		SFTP="$VG --log-file=${VG_LOG}sftp.%p ${SFTP}"
219		SCP="$VG --log-file=${VG_LOG}scp.%p $SCP"
220		cat > $OBJ/valgrind-sftp-server.sh << EOF
221#!/bin/sh
222exec $VG --log-file=${VG_LOG}sftp-server.%p $SFTPSERVER "\$@"
223EOF
224		chmod a+rx $OBJ/valgrind-sftp-server.sh
225		SFTPSERVER="$OBJ/valgrind-sftp-server.sh"
226	fi
227fi
228
229# Logfiles.
230# SSH_LOGFILE should be the debug output of ssh(1) only
231# SSHD_LOGFILE should be the debug output of sshd(8) only
232# REGRESS_LOGFILE is the output of the test itself stdout and stderr
233if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
234	TEST_SSH_LOGFILE=$OBJ/ssh.log
235fi
236if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
237	TEST_SSHD_LOGFILE=$OBJ/sshd.log
238fi
239if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
240	TEST_REGRESS_LOGFILE=$OBJ/regress.log
241fi
242
243# truncate logfiles
244>$TEST_SSH_LOGFILE
245>$TEST_SSHD_LOGFILE
246>$TEST_REGRESS_LOGFILE
247
248# Create wrapper ssh with logging.  We can't just specify "SSH=ssh -E..."
249# because sftp and scp don't handle spaces in arguments.
250SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
251echo "#!/bin/sh" > $SSHLOGWRAP
252echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
253
254chmod a+rx $OBJ/ssh-log-wrapper.sh
255REAL_SSH="$SSH"
256REAL_SSHD="$SSHD"
257SSH="$SSHLOGWRAP"
258
259# Some test data.  We make a copy because some tests will overwrite it.
260# The tests may assume that $DATA exists and is writable and $COPY does
261# not exist.  Tests requiring larger data files can call increase_datafile_size
262# [kbytes] to ensure the file is at least that large.
263DATANAME=data
264DATA=$OBJ/${DATANAME}
265cat ${SSHAGENT_BIN} >${DATA}
266chmod u+w ${DATA}
267COPY=$OBJ/copy
268rm -f ${COPY}
269
270increase_datafile_size()
271{
272	while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
273		cat ${SSHAGENT_BIN} >>${DATA}
274	done
275}
276
277# these should be used in tests
278export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
279export SSH_PKCS11_HELPER SSH_SK_HELPER
280#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
281
282# Portable specific functions
283have_prog()
284{
285	saved_IFS="$IFS"
286	IFS=":"
287	for i in $PATH
288	do
289		if [ -x $i/$1 ]; then
290			IFS="$saved_IFS"
291			return 0
292		fi
293	done
294	IFS="$saved_IFS"
295	return 1
296}
297
298jot() {
299	awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
300}
301
302# Check whether preprocessor symbols are defined in config.h.
303config_defined ()
304{
305	str=$1
306	while test "x$2" != "x" ; do
307		str="$str|$2"
308		shift
309	done
310	egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
311}
312
313md5 () {
314	if have_prog md5sum; then
315		md5sum
316	elif have_prog openssl; then
317		openssl md5
318	elif have_prog cksum; then
319		cksum
320	elif have_prog sum; then
321		sum
322	else
323		wc -c
324	fi
325}
326
327# Some platforms don't have hostname at all, but on others uname -n doesn't
328# provide the fully qualified name we need, so in the former case we create
329# our own hostname function.
330if ! have_prog hostname; then
331	hostname() {
332		uname -n
333	}
334fi
335# End of portable specific functions
336
337stop_sshd ()
338{
339	if [ -f $PIDFILE ]; then
340		pid=`$SUDO cat $PIDFILE`
341		if [ "X$pid" = "X" ]; then
342			echo no sshd running
343		else
344			if [ $pid -lt 2 ]; then
345				echo bad pid for sshd: $pid
346			else
347				$SUDO kill $pid
348				trace "wait for sshd to exit"
349				i=0;
350				while [ -f $PIDFILE -a $i -lt 5 ]; do
351					i=`expr $i + 1`
352					sleep $i
353				done
354				if test -f $PIDFILE; then
355					if $SUDO kill -0 $pid; then
356						echo "sshd didn't exit " \
357						    "port $PORT pid $pid"
358					else
359						echo "sshd died without cleanup"
360					fi
361					exit 1
362				fi
363			fi
364		fi
365	fi
366}
367
368make_tmpdir ()
369{
370	SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
371	    fatal "failed to create temporary directory"
372}
373
374# helper
375cleanup ()
376{
377	if [ "x$SSH_PID" != "x" ]; then
378		if [ $SSH_PID -lt 2 ]; then
379			echo bad pid for ssh: $SSH_PID
380		else
381			kill $SSH_PID
382		fi
383	fi
384	if [ "x$SSH_REGRESS_TMP" != "x" ]; then
385		rm -rf "$SSH_REGRESS_TMP"
386	fi
387	stop_sshd
388}
389
390start_debug_log ()
391{
392	echo "trace: $@" >$TEST_REGRESS_LOGFILE
393	echo "trace: $@" >$TEST_SSH_LOGFILE
394	echo "trace: $@" >$TEST_SSHD_LOGFILE
395}
396
397save_debug_log ()
398{
399	echo $@ >>$TEST_REGRESS_LOGFILE
400	echo $@ >>$TEST_SSH_LOGFILE
401	echo $@ >>$TEST_SSHD_LOGFILE
402	(cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
403	(cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
404	(cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
405}
406
407trace ()
408{
409	start_debug_log $@
410	if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
411		echo "$@"
412	fi
413}
414
415verbose ()
416{
417	start_debug_log $@
418	if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
419		echo "$@"
420	fi
421}
422
423warn ()
424{
425	echo "WARNING: $@" >>$TEST_SSH_LOGFILE
426	echo "WARNING: $@"
427}
428
429fail ()
430{
431	save_debug_log "FAIL: $@"
432	RESULT=1
433	echo "$@"
434	if test "x$TEST_SSH_FAIL_FATAL" != "x" ; then
435		cleanup
436		exit $RESULT
437	fi
438}
439
440fatal ()
441{
442	save_debug_log "FATAL: $@"
443	printf "FATAL: "
444	fail "$@"
445	cleanup
446	exit $RESULT
447}
448
449RESULT=0
450PIDFILE=$OBJ/pidfile
451
452trap fatal 3 2
453
454# create server config
455cat << EOF > $OBJ/sshd_config
456	StrictModes		no
457	Port			$PORT
458	AddressFamily		inet
459	ListenAddress		127.0.0.1
460	#ListenAddress		::1
461	PidFile			$PIDFILE
462	AuthorizedKeysFile	$OBJ/authorized_keys_%u
463	LogLevel		DEBUG3
464	AcceptEnv		_XXX_TEST_*
465	AcceptEnv		_XXX_TEST
466	Subsystem	sftp	$SFTPSERVER
467EOF
468
469# This may be necessary if /usr/src and/or /usr/obj are group-writable,
470# but if you aren't careful with permissions then the unit tests could
471# be abused to locally escalate privileges.
472if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
473	echo "	StrictModes no" >> $OBJ/sshd_config
474else
475	# check and warn if excessive permissions are likely to cause failures.
476	unsafe=""
477	dir="${OBJ}"
478	while test ${dir} != "/"; do
479		if test -d "${dir}" && ! test -h "${dir}"; then
480			perms=`ls -ld ${dir}`
481			case "${perms}" in
482			?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;;
483			esac
484		fi
485		dir=`dirname ${dir}`
486	done
487	if ! test  -z "${unsafe}"; then
488		cat <<EOD
489
490WARNING: Unsafe (group or world writable) directory permissions found:
491${unsafe}
492
493These could be abused to locally escalate privileges.  If you are
494sure that this is not a risk (eg there are no other users), you can
495bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1
496
497EOD
498	fi
499fi
500
501if [ ! -z "$TEST_SSH_MODULI_FILE" ]; then
502	trace "adding modulifile='$TEST_SSH_MODULI_FILE' to sshd_config"
503	echo "	ModuliFile '$TEST_SSH_MODULI_FILE'" >> $OBJ/sshd_config
504fi
505
506if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
507	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
508	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
509fi
510
511# server config for proxy connects
512cp $OBJ/sshd_config $OBJ/sshd_proxy
513
514# allow group-writable directories in proxy-mode
515echo 'StrictModes no' >> $OBJ/sshd_proxy
516
517# create client config
518cat << EOF > $OBJ/ssh_config
519Host *
520	Hostname		127.0.0.1
521	HostKeyAlias		localhost-with-alias
522	Port			$PORT
523	User			$USER
524	GlobalKnownHostsFile	$OBJ/known_hosts
525	UserKnownHostsFile	$OBJ/known_hosts
526	PubkeyAuthentication	yes
527	ChallengeResponseAuthentication	no
528	HostbasedAuthentication	no
529	PasswordAuthentication	no
530	BatchMode		yes
531	StrictHostKeyChecking	yes
532	LogLevel		DEBUG3
533EOF
534
535if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
536	trace "adding ssh_config option $TEST_SSH_SSH_CONFOPTS"
537	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
538fi
539
540rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
541
542SSH_SK_PROVIDER=
543if ! config_defined ENABLE_SK; then
544	trace skipping sk-dummy
545elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
546	SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
547elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
548	SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
549fi
550export SSH_SK_PROVIDER
551
552if ! test -z "$SSH_SK_PROVIDER"; then
553	EXTRA_AGENT_ARGS='-P/*' # XXX want realpath(1)...
554	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/ssh_config
555	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_config
556	echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_proxy
557fi
558export EXTRA_AGENT_ARGS
559
560maybe_filter_sk() {
561	if test -z "$SSH_SK_PROVIDER" ; then
562		grep -v ^sk
563	else
564		cat
565	fi
566}
567
568SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk`
569SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk`
570
571for t in ${SSH_KEYTYPES}; do
572	# generate user key
573	if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then
574		trace "generating key type $t"
575		rm -f $OBJ/$t
576		${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
577			fail "ssh-keygen for $t failed"
578	else
579		trace "using cached key type $t"
580	fi
581
582	# setup authorized keys
583	cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
584	echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
585done
586
587for t in ${SSH_HOSTKEY_TYPES}; do
588	# known hosts file for client
589	(
590		printf 'localhost-with-alias,127.0.0.1,::1 '
591		cat $OBJ/$t.pub
592	) >> $OBJ/known_hosts
593
594	# use key as host key, too
595	$SUDO cp $OBJ/$t $OBJ/host.$t
596	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
597
598	# don't use SUDO for proxy connect
599	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
600done
601chmod 644 $OBJ/authorized_keys_$USER
602
603# Activate Twisted Conch tests if the binary is present
604REGRESS_INTEROP_CONCH=no
605if test -x "$CONCH" ; then
606	REGRESS_INTEROP_CONCH=yes
607fi
608
609# If PuTTY is present, new enough and we are running a PuTTY test, prepare
610# keys and configuration.
611REGRESS_INTEROP_PUTTY=no
612if test -x "$PUTTYGEN" -a -x "$PLINK" &&
613    "$PUTTYGEN" --help 2>&1 | grep -- --new-passphrase >/dev/null; then
614	REGRESS_INTEROP_PUTTY=yes
615fi
616case "$SCRIPT" in
617*putty*)	;;
618*)		REGRESS_INTEROP_PUTTY=no ;;
619esac
620
621if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
622	mkdir -p ${OBJ}/.putty
623
624	# Add a PuTTY key to authorized_keys
625	rm -f ${OBJ}/putty.rsa2
626	if ! "$PUTTYGEN" -t rsa -o ${OBJ}/putty.rsa2 \
627	    --random-device=/dev/urandom \
628	    --new-passphrase /dev/null < /dev/null > /dev/null; then
629		echo "Your installed version of PuTTY is too old to support --new-passphrase, skipping test" >&2
630		exit 1
631	fi
632	"$PUTTYGEN" -O public-openssh ${OBJ}/putty.rsa2 \
633	    >> $OBJ/authorized_keys_$USER
634
635	# Convert rsa2 host key to PuTTY format
636	cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
637	${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
638	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \
639	    ${OBJ}/.putty/sshhostkeys
640	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \
641	    ${OBJ}/.putty/sshhostkeys
642	rm -f $OBJ/ssh-rsa_oldfmt
643
644	# Setup proxied session
645	mkdir -p ${OBJ}/.putty/sessions
646	rm -f ${OBJ}/.putty/sessions/localhost_proxy
647	echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy
648	echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
649	echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
650	echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
651	echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
652	echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
653
654	PUTTYDIR=${OBJ}/.putty
655	export PUTTYDIR
656fi
657
658# create a proxy version of the client config
659(
660	cat $OBJ/ssh_config
661	echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy
662) > $OBJ/ssh_proxy
663
664# check proxy config
665${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
666
667start_sshd ()
668{
669	# start sshd
670	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
671	$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \
672	    ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
673
674	trace "wait for sshd"
675	i=0;
676	while [ ! -f $PIDFILE -a $i -lt 10 ]; do
677		i=`expr $i + 1`
678		sleep $i
679	done
680
681	test -f $PIDFILE || fatal "no sshd running on port $PORT"
682}
683
684# source test body
685. $SCRIPT
686
687# kill sshd
688cleanup
689
690if [ "x$USE_VALGRIND" != "x" ]; then
691	# wait for any running process to complete
692	wait; sleep 1
693	VG_RESULTS=$(find $OBJ/valgrind-out -type f -print)
694	VG_RESULT_COUNT=0
695	VG_FAIL_COUNT=0
696	for i in $VG_RESULTS; do
697		if grep "ERROR SUMMARY" $i >/dev/null; then
698			VG_RESULT_COUNT=$(($VG_RESULT_COUNT + 1))
699			if ! grep "ERROR SUMMARY: 0 errors" $i >/dev/null; then
700				VG_FAIL_COUNT=$(($VG_FAIL_COUNT + 1))
701				RESULT=1
702				verbose valgrind failure $i
703				cat $i
704			fi
705		fi
706	done
707	if [ x"$VG_SKIP" != "x" ]; then
708		verbose valgrind skipped
709	else
710		verbose valgrind results $VG_RESULT_COUNT failures $VG_FAIL_COUNT
711	fi
712fi
713
714if [ $RESULT -eq 0 ]; then
715	verbose ok $tid
716else
717	echo failed $tid
718fi
719exit $RESULT
720