From f735906a358a03bcb3f6906604a50226ff877e04 Mon Sep 17 00:00:00 2001 From: Adrian Dvergsdal Date: Wed, 19 Aug 2020 23:25:27 +0200 Subject: [PATCH] Generate and use host key in tests --- tests/run | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/tests/run b/tests/run index 406ae9a..480f0c0 100755 --- a/tests/run +++ b/tests/run @@ -6,8 +6,12 @@ argOutput=${2:-"quiet"} argCleanup=${3:-"cleanup"} testDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" imageName="$argImage" -sshKeyPri="/tmp/atmoz_sftp_test_rsa" -sshKeyPub="/tmp/atmoz_sftp_test_rsa.pub" +tmpDir="$(mktemp -d /tmp/atmoz_sftp_XXXX)" +sshKeyPri="$tmpDir/rsa" +sshKeyPub="$tmpDir/rsa.pub" +sshHostEd25519Key="$tmpDir/ssh_host_ed25519_key" +sshHostKeyMountArg="--volume=$sshHostEd25519Key:/etc/ssh/ssh_host_ed25519_key" +sshKnownHosts="$tmpDir/known_hosts" if [ $UID != 0 ] && ! groups | grep -qw docker; then echo "Run with sudo/root or add user $USER to group 'docker'" @@ -46,6 +50,9 @@ function oneTimeSetUp() { # Private key can not be read by others (sshd will complain) chmod go-rw "$sshKeyPri" + + # Generate host key + ssh-keygen -t ed25519 -f "$sshHostEd25519Key" < /dev/null } function setUp() { @@ -87,6 +94,8 @@ function runSftpCommands() { user="$2" shift 2 + echo "$ip $(cat "$sshHostEd25519Key.pub")" >> "$sshKnownHosts" + commands="" for cmd in "$@"; do commands="$commands$cmd"$'\n' @@ -94,8 +103,7 @@ function runSftpCommands() { echo "$commands" | sftp \ -i "$sshKeyPri" \ - -oStrictHostKeyChecking=no \ - -oUserKnownHostsFile=/dev/null \ + -oUserKnownHostsFile="$sshKnownHosts" \ -b - "$user@$ip" \ > "$redirect" 2>&1 @@ -127,7 +135,7 @@ function waitForServer() { ############################################################################## function testSmallestUserConfig() { - docker run --name "$containerName" \ + docker run --name "$containerName" "$sshHostKeyMountArg" \ --entrypoint="/bin/sh" \ "$imageName" \ -c "create-sftp-user u: && id u" \ @@ -136,7 +144,7 @@ function testSmallestUserConfig() { } function testCreateUserWithDot() { - docker run --name "$containerName" \ + docker run --name "$containerName" "$sshHostKeyMountArg" \ --entrypoint="/bin/sh" \ "$imageName" \ -c "create-sftp-user user.with.dot: && id user.with.dot" \ @@ -145,7 +153,7 @@ function testCreateUserWithDot() { } function testUserCustomUidAndGid() { - id="$(docker run --name "$containerName" \ + id="$(docker run --name "$containerName" "$sshHostKeyMountArg" \ --entrypoint="/bin/sh" \ "$imageName" \ -c "create-sftp-user u::1234:4321: > /dev/null && id u" )" @@ -161,14 +169,14 @@ function testUserCustomUidAndGid() { } function testCommandPassthrough() { - docker run --name "$containerName" \ + docker run --name "$containerName" "$sshHostKeyMountArg" \ "$imageName" test 1 -eq 1 \ > "$redirect" 2>&1 assertTrue "command passthrough" $? } function testUsersConf() { - docker run --name "$containerName" -d \ + docker run --name "$containerName" "$sshHostKeyMountArg" -d \ -v "$testDir/files/users.conf:/etc/sftp/users.conf:ro" \ "$imageName" \ > "$redirect" 2>&1 @@ -190,7 +198,7 @@ function testUsersConf() { } function testLegacyUsersConf() { - docker run --name "$containerName" -d \ + docker run --name "$containerName" "$sshHostKeyMountArg" -d \ -v "$testDir/files/users.conf:/etc/sftp-users.conf:ro" \ "$imageName" \ > "$redirect" 2>&1 @@ -203,7 +211,7 @@ function testLegacyUsersConf() { } function testCreateUsersUsingEnv() { - docker run --name "$containerName" -d \ + docker run --name "$containerName" "$sshHostKeyMountArg" -d \ -e "SFTP_USERS=user-from-env: user-from-env-2:" \ "$imageName" \ > "$redirect" 2>&1 @@ -219,7 +227,7 @@ function testCreateUsersUsingEnv() { } function testCreateUsersUsingCombo() { - docker run --name "$containerName" -d \ + docker run --name "$containerName" "$sshHostKeyMountArg" -d \ -v "$testDir/files/users.conf:/etc/sftp-users.conf:ro" \ -e "SFTP_USERS=user-from-env:" \ "$imageName" \ @@ -240,7 +248,7 @@ function testCreateUsersUsingCombo() { } function testWriteAccessToAutocreatedDirs() { - docker run --name "$containerName" -d \ + docker run --name "$containerName" "$sshHostKeyMountArg" -d \ -v "$sshKeyPub":/home/test/.ssh/keys/id_rsa.pub:ro \ "$imageName" "test::::testdir,dir with spaces" \ > "$redirect" 2>&1 @@ -278,7 +286,7 @@ chmod 755 /home/*/sftp EOF chmod +x "$tmpScript" - docker run --name "$containerName" -d \ + docker run --name "$containerName" "$sshHostKeyMountArg" -d \ -v "$sshKeyPub":/home/test/.ssh/keys/id_rsa.pub:ro \ -v "$tmpConfig:/etc/ssh/sshd_config" \ -v "$tmpScript:/etc/sftp.d/limited_home_dir" \ @@ -306,7 +314,7 @@ function testBindmountDirScript() { > "$containerTmpDir/mount.sh" chmod +x "$containerTmpDir/mount.sh" - docker run --name "$containerName" -d \ + docker run --name "$containerName" "$sshHostKeyMountArg" -d \ --privileged=true \ -v "$sshKeyPub":/home/custom/.ssh/keys/id_rsa.pub:ro \ -v "$containerTmpDir/custom/bindmount":/custom \ @@ -328,7 +336,7 @@ function testBindmountDirScript() { } function testDuplicateSshKeys() { - docker run --name "$containerName" -d \ + docker run --name "$containerName" "$sshHostKeyMountArg" -d \ -v "$sshKeyPub":/home/user/.ssh/keys/key1.pub:ro \ -v "$sshKeyPub":/home/user/.ssh/keys/key2.pub:ro \ "$imageName" "user:" \