From af5d8094d8b755e1daaf2e20ff1dc252800b4c9b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 Aug 2021 01:05:24 +0000 Subject: [PATCH] upstream: regression tests for scp SFTP protocol support; mostly by Jakub Jelen in GHPR#194 ok markus OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715 --- regress/scp-uri.sh | 84 ++++++++++--------- regress/scp.sh | 198 +++++++++++++++++++++++---------------------- 2 files changed, 149 insertions(+), 133 deletions(-) diff --git a/regress/scp-uri.sh b/regress/scp-uri.sh index c03d8bbe0..faf5095ac 100644 --- a/regress/scp-uri.sh +++ b/regress/scp-uri.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp-uri.sh,v 1.2 2017/12/11 11:41:56 dtucker Exp $ +# $OpenBSD: scp-uri.sh,v 1.3 2021/08/03 01:05:24 djm Exp $ # Placed in the Public Domain. tid="scp-uri" @@ -12,7 +12,6 @@ DIR2=${COPY}.dd2 SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp chmod 755 ${OBJ}/scp-ssh-wrapper.scp -scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp" export SCP # used in scp-ssh-wrapper.scp scpclean() { @@ -24,47 +23,56 @@ scpclean() { cp $OBJ/ssh_config $OBJ/ssh_config.orig egrep -v '^ +(Port|User) +.*$' $OBJ/ssh_config.orig > $OBJ/ssh_config -verbose "$tid: simple copy local file to remote file" -scpclean -$SCP $scpopts ${DATA} "scp://${USER}@somehost:${PORT}/${COPY}" || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" +for mode in scp sftp ; do + if test $mode = scp ; then + scpopts="-M scp -q -S ${OBJ}/scp-ssh-wrapper.scp" + tag="$tid" + else + scpopts="-M sftp -D ${SFTPSERVER}" + tag="$tid: sftp mode" + fi + verbose "$tag: simple copy local file to remote file" + scpclean + $SCP $scpopts ${DATA} "scp://${USER}@somehost:${PORT}/${COPY}" || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" -verbose "$tid: simple copy remote file to local file" -scpclean -$SCP $scpopts "scp://${USER}@somehost:${PORT}/${DATA}" ${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" + verbose "$tag: simple copy remote file to local file" + scpclean + $SCP $scpopts "scp://${USER}@somehost:${PORT}/${DATA}" ${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" -verbose "$tid: simple copy local file to remote dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts ${COPY} "scp://${USER}@somehost:${PORT}/${DIR}" || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + verbose "$tag: simple copy local file to remote dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts ${COPY} "scp://${USER}@somehost:${PORT}/${DIR}" || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" -verbose "$tid: simple copy remote file to local dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts "scp://${USER}@somehost:${PORT}/${COPY}" ${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + verbose "$tag: simple copy remote file to local dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts "scp://${USER}@somehost:${PORT}/${COPY}" ${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" -verbose "$tid: recursive local dir to remote dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r ${DIR} "scp://${USER}@somehost:${PORT}/${DIR2}" || fail "copy failed" -for i in $(cd ${DIR} && echo *); do - cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" + verbose "$tag: recursive local dir to remote dir" + scpclean + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r ${DIR} "scp://${USER}@somehost:${PORT}/${DIR2}" || fail "copy failed" + for i in $(cd ${DIR} && echo *); do + cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" + done + + verbose "$tag: recursive remote dir to local dir" + scpclean + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r "scp://${USER}@somehost:${PORT}/${DIR}" ${DIR2} || fail "copy failed" + for i in $(cd ${DIR} && echo *); do + cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" + done + + # TODO: scp -3 done -verbose "$tid: recursive remote dir to local dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r "scp://${USER}@somehost:${PORT}/${DIR}" ${DIR2} || fail "copy failed" -for i in $(cd ${DIR} && echo *); do - cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" -done - -# TODO: scp -3 - scpclean rm -f ${OBJ}/scp-ssh-wrapper.exe diff --git a/regress/scp.sh b/regress/scp.sh index 62400efad..bb0442822 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.11 2019/07/19 03:45:44 djm Exp $ +# $OpenBSD: scp.sh,v 1.12 2021/08/03 01:05:24 djm Exp $ # Placed in the Public Domain. tid="scp" @@ -19,7 +19,6 @@ DIR2=${COPY}.dd2 SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp chmod 755 ${OBJ}/scp-ssh-wrapper.scp -scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp" export SCP # used in scp-ssh-wrapper.scp scpclean() { @@ -28,109 +27,118 @@ scpclean() { chmod 755 ${DIR} ${DIR2} } -verbose "$tid: simple copy local file to local file" -scpclean -$SCP $scpopts ${DATA} ${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy local file to remote file" -scpclean -$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy remote file to local file" -scpclean -$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy local file to remote dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" - -verbose "$tid: simple copy local file to local dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts ${COPY} ${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" - -verbose "$tid: simple copy remote file to local dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" - -verbose "$tid: recursive local dir to remote dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - -verbose "$tid: recursive local dir to local dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - -verbose "$tid: recursive remote dir to local dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - -verbose "$tid: shell metacharacters" -scpclean -(cd ${DIR} && \ -touch '`touch metachartest`' && \ -$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \ -[ ! -f metachartest ] ) || fail "shell metacharacters" - -if [ ! -z "$SUDO" ]; then - verbose "$tid: skipped file after scp -p with failed chown+utimes" +for mode in scp sftp ; do + if test $mode = scp ; then + scpopts="-M scp -q -S ${OBJ}/scp-ssh-wrapper.scp" + tag="$tid" + else + scpopts="-M sftp -D ${SFTPSERVER}" + tag="$tid: sftp mode" + fi + verbose "tid: simple copy local file to local file" scpclean - cp -p ${DATA} ${DIR}/copy - cp -p ${DATA} ${DIR}/copy2 - cp ${DATA} ${DIR2}/copy - chmod 660 ${DIR2}/copy - $SUDO chown root ${DIR2}/copy - $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 - $SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - $SUDO rm ${DIR2}/copy -fi + $SCP $scpopts ${DATA} ${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" -for i in 0 1 2 3 4 5 6 7; do - verbose "$tid: disallow bad server #$i" - SCPTESTMODE=badserver_$i - export DIR SCPTESTMODE + verbose "$tag: simple copy local file to remote file" scpclean - $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null - [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir" - [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode" + $SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" + verbose "$tag: simple copy remote file to local file" scpclean - $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null - [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" + $SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" + verbose "$tag: simple copy local file to remote dir" scpclean - $SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null - [ ! -w ${DIR2} ] && fail "allows target root attribute change" + cp ${DATA} ${COPY} + $SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + verbose "$tag: simple copy local file to local dir" scpclean - $SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null - [ -e ${DIR2}/extrafile ] && fail "allows unauth object creation" - rm -f ${DIR2}/extrafile + cp ${DATA} ${COPY} + $SCP $scpopts ${COPY} ${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + + verbose "$tag: simple copy remote file to local dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + + verbose "$tag: recursive local dir to remote dir" + scpclean + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + + verbose "$tag: recursive local dir to local dir" + scpclean + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + + verbose "$tag: recursive remote dir to local dir" + scpclean + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + + verbose "$tag: shell metacharacters" + scpclean + (cd ${DIR} && \ + touch '`touch metachartest`' && \ + $SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \ + [ ! -f metachartest ] ) || fail "shell metacharacters" + + if [ ! -z "$SUDO" ]; then + verbose "$tag: skipped file after scp -p with failed chown+utimes" + scpclean + cp -p ${DATA} ${DIR}/copy + cp -p ${DATA} ${DIR}/copy2 + cp ${DATA} ${DIR2}/copy + chmod 660 ${DIR2}/copy + $SUDO chown root ${DIR2}/copy + $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 + $SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + $SUDO rm ${DIR2}/copy + fi + + for i in 0 1 2 3 4 5 6 7; do + verbose "$tag: disallow bad server #$i" + SCPTESTMODE=badserver_$i + export DIR SCPTESTMODE + scpclean + $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null + [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir" + [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode" + + scpclean + $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null + [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" + + scpclean + $SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null + [ ! -w ${DIR2} ] && fail "allows target root attribute change" + + scpclean + $SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null + [ -e ${DIR2}/extrafile ] && fail "allows unauth object creation" + rm -f ${DIR2}/extrafile + done + + verbose "$tag: detect non-directory target" + scpclean + echo a > ${COPY} + echo b > ${COPY2} + $SCP $scpopts ${DATA} ${COPY} ${COPY2} + cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target" done -verbose "$tid: detect non-directory target" -scpclean -echo a > ${COPY} -echo b > ${COPY2} -$SCP $scpopts ${DATA} ${COPY} ${COPY2} -cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target" - scpclean rm -f ${OBJ}/scp-ssh-wrapper.scp