"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/tests/ssh-plugin-test" (13 Jan 2022, 5552 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "ssh-plugin-test": 2.4.1_vs_2.4.2.

    1 #!/bin/bash
    2 
    3 [ -z "$CRYPTSETUP_PATH" ] && {
    4     export LD_PRELOAD=./fake_token_path.so
    5     CRYPTSETUP_PATH=".."
    6 }
    7 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
    8 CRYPTSETUP_SSH=$CRYPTSETUP_PATH/cryptsetup-ssh
    9 IMG="ssh_test.img"
   10 MAP="sshtest"
   11 USER="sshtest"
   12 PASSWD="sshtest"
   13 PASSWD2="sshtest2"
   14 LOOPDEV=$(losetup -f 2>/dev/null)
   15 SSH_OPTIONS="-o StrictHostKeyChecking=no"
   16 
   17 SSH_SERVER="localhost"
   18 SSH_PATH="/home/$USER/keyfile"
   19 SSH_KEY_PATH="$HOME/sshtest-key"
   20 
   21 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
   22 
   23 [ -z "$srcdir" ] && srcdir="."
   24 
   25 function remove_mapping()
   26 {
   27     [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
   28         losetup -d $LOOPDEV >/dev/null 2>&1
   29         rm -f $IMG >/dev/null 2>&1
   30 }
   31 
   32 function remove_user()
   33 {
   34         id -u $USER >/dev/null 2>&1 && userdel -r -f $USER >/dev/null 2>&1
   35         rm -f $SSH_KEY_PATH "$SSH_KEY_PATH.pub" >/dev/null 2>&1
   36 }
   37 
   38 function create_user()
   39 {
   40         id -u $USER >/dev/null 2>&1
   41         [ $? -eq 0 ] && skip "User account $USER exists, aborting."
   42         [ -f $SSH_KEY_PATH ] && skip "SSH key $SSH_KEY_PATH already exists, aborting."
   43 
   44         useradd -m $USER -p $(openssl passwd $PASSWD) || skip "Failed to add user for SSH plugin test."
   45 
   46         ssh-keygen -f $SSH_KEY_PATH -q -N "" >/dev/null 2>&1
   47         [ $? -ne 0 ] && remove_user && skip "Failed to create SSH key."
   48 }
   49 
   50 function ssh_check()
   51 {
   52         # try to use netcat to check port 22
   53         nc -zv $SSH_SERVER 22 >/dev/null 2>&1 || skip "SSH server does not seem to be running, skipping."
   54 }
   55 
   56 function bin_check()
   57 {
   58     which $1 >/dev/null 2>&1 || skip "WARNING: test require $1 binary, test skipped."
   59 }
   60 
   61 function ssh_setup()
   62 {
   63         # .ssh is used by ssh-copy-id for temp files so it must exist even if key is not there
   64         [ -d "$HOME/.ssh" ] || mkdir -m 700 $HOME/.ssh
   65 
   66         # ssh-copy-id
   67         sshpass -p $PASSWD ssh-copy-id -i $SSH_KEY_PATH $SSH_OPTIONS $USER@$SSH_SERVER >/dev/null 2>&1
   68         [ $? -ne 0 ] && remove_user && skip "Failed to copy SSH key."
   69 
   70         # make sure /home/sshtest/.ssh and /home/sshtest/.ssh/authorized_keys have correct permissions
   71         chown -R $USER:$USER /home/$USER/.ssh
   72         chmod 700 /home/$USER/.ssh
   73         chmod 644 /home/$USER/.ssh/authorized_keys
   74 
   75         # try to ssh and also create keyfile
   76         ssh -i $SSH_KEY_PATH $SSH_OPTIONS -o BatchMode=yes -n $USER@$SSH_SERVER -f "echo -n $PASSWD > $SSH_PATH" >/dev/null 2>&1
   77         [ $? -ne 0 ] && remove_user && skip "Failed to connect using SSH."
   78 }
   79 
   80 function fail()
   81 {
   82     echo "[FAILED]"
   83         [ -n "$1" ] && echo "$1"
   84     echo "FAILED backtrace:"
   85     while caller $frame; do ((frame++)); done
   86     remove_mapping
   87         remove_user
   88     exit 2
   89 }
   90 
   91 function skip()
   92 {
   93     [ -n "$1" ] && echo "$1"
   94     remove_mapping
   95     exit 77
   96 }
   97 
   98 format()
   99 {
  100     dd if=/dev/zero of=$IMG bs=1M count=32 >/dev/null 2>&1
  101     sync
  102     losetup $LOOPDEV $IMG
  103 
  104     echo $PASSWD | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $LOOPDEV --force-password -q
  105     [ $? -ne 0 ] && fail "Format failed."
  106 
  107         echo -e "$PASSWD\n$PASSWD2" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -q
  108     [ $? -ne 0 ] && fail "Add key failed."
  109 }
  110 
  111 check_dump()
  112 {
  113         dump=$1
  114         keyslot=$2
  115 
  116         token=$(echo "$dump" | grep Tokens -A 1 | tail -1 | cut -d: -f2 | tr -d "\t\n ")
  117         [ "$token" = "ssh"  ] || fail " token check from dump failed."
  118 
  119         server=$(echo "$dump" | grep ssh_server | cut -d: -f2 | tr -d "\t\n ")
  120         [ "$server" = $SSH_SERVER ] || fail " server check from dump failed."
  121 
  122         user=$(echo "$dump" | grep ssh_user | cut -d: -f2 | tr -d "\t\n ")
  123         [ "$user" = "$USER"  ] || fail " user check from dump failed."
  124 
  125         path=$(echo "$dump" | grep ssh_path | cut -d: -f2 | tr -d "\t\n ")
  126         [ "$path" = "$SSH_PATH"  ] || fail " path check from dump failed."
  127 
  128         key_path=$(echo "$dump" | grep ssh_key_path | cut -d: -f2 | tr -d "\t\n ")
  129         [ "$key_path" = "$SSH_KEY_PATH"  ] || fail " key_path check from dump failed."
  130 
  131         keyslot_dump=$(echo "$dump" | grep Keyslot: | cut -d: -f2 | tr -d "\t\n ")
  132         [ "$keyslot_dump" = "$keyslot" ] || fail " keyslot check from dump failed."
  133 }
  134 
  135 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
  136 
  137 # Prevent running dangerous useradd operation by default
  138 [ -z "$RUN_SSH_PLUGIN_TEST" ] && skip "WARNING: Variable RUN_SSH_PLUGIN_TEST must be defined, test skipped."
  139 
  140 bin_check nc
  141 bin_check useradd
  142 bin_check ssh
  143 bin_check ssh-keygen
  144 bin_check sshpass
  145 bin_check openssl
  146 
  147 format
  148 
  149 echo -n "Adding SSH token: "
  150 
  151 ssh_check
  152 create_user
  153 ssh_setup
  154 
  155 $CRYPTSETUP_SSH add $LOOPDEV --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH
  156 [ $? -ne 0 ] && fail "Failed to add SSH token to $LOOPDEV"
  157 
  158 out=$($CRYPTSETUP luksDump $LOOPDEV)
  159 check_dump "$out" 0
  160 echo "[OK]"
  161 
  162 echo -n "Activating using SSH token: "
  163 
  164 $CRYPTSETUP luksOpen --token-only --disable-external-tokens -r $LOOPDEV $MAP && fail "Tokens should be disabled"
  165 $CRYPTSETUP luksOpen -r $LOOPDEV $MAP -q >/dev/null 2>&1 <&-
  166 [ $? -ne 0 ] && fail "Failed to open $LOOPDEV using SSH token"
  167 echo "[OK]"
  168 
  169 # Remove the newly added token and test adding with --key-slot
  170 $CRYPTSETUP token remove --token-id 0 $LOOPDEV || fail "Failed to remove token"
  171 
  172 echo -n "Adding SSH token with --key-slot: "
  173 
  174 $CRYPTSETUP_SSH add $LOOPDEV --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH --key-slot 1
  175 [ $? -ne 0 ] && fail "Failed to add SSH token to $LOOPDEV"
  176 
  177 out=$($CRYPTSETUP luksDump $LOOPDEV)
  178 check_dump "$out" 1
  179 echo "[OK]"
  180 
  181 remove_mapping
  182 remove_user