0
0
Fork 0
mirror of https://github.com/atmoz/sftp.git synced 2024-11-24 12:59:24 -05:00
atmoz-sftp/tests/run
2020-07-17 16:24:33 +02:00

351 lines
9.6 KiB
Bash
Executable file

#!/bin/bash
# See: https://github.com/kward/shunit2
argImage=$1
argOutput=${2:-"quiet"}
argCleanup=${3:-"cleanup"}
testDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
imageName="$argImage"
sshKeyPri="/tmp/atmoz_sftp_test_rsa"
sshKeyPub="/tmp/atmoz_sftp_test_rsa.pub"
if [ $UID != 0 ] && ! groups | grep -qw docker; then
echo "Run with sudo/root or add user $USER to group 'docker'"
exit 1
fi
if [ ! -f "$testDir/shunit2/shunit2" ]; then
echo "Could not find shunit2 in $testDir/shunit2."
echo "Run 'git submodule update --init'"
exit 2
fi
if [ -z "$argImage" ]; then
echo "Missing image name"
exit 3
fi
if [ "$argOutput" == "quiet" ]; then
redirect="/dev/null"
else
redirect="/dev/stdout"
fi
# clear argument list (or shunit2 will try to use them)
set --
##############################################################################
## Helper functions
##############################################################################
function oneTimeSetUp() {
# Generate temporary ssh keys for testing
if [ ! -f "$sshKeyPri" ]; then
ssh-keygen -t rsa -f "$sshKeyPri" -N '' > "$redirect" 2>&1
fi
# Private key can not be read by others (sshd will complain)
chmod go-rw "$sshKeyPri"
}
function setUp() {
# shellcheck disable=SC2154
containerName="atmoz_sftp_${_shunit_test_}"
containerTmpDir="$(mktemp -d "/tmp/${containerName}_XXXX")"
export containerName containerTmpDir
retireContainer "$containerName" # clean up leftover container
}
function tearDown() {
retireContainer "$containerName"
if [ "$argCleanup" == "cleanup" ] && [ -d "$containerTmpDir" ]; then
rm -rf "$containerTmpDir" || true # Can fail on GitHub Actions
fi
}
function retireContainer() {
if [ "$(docker ps -qaf name="$1")" ]; then
if [ "$argOutput" != "quiet" ]; then
echo "Docker log for $1:"
docker logs "$1"
fi
if [ "$argCleanup" == "cleanup" ]; then
docker rm -fv "$1" > "$redirect" 2>&1
fi
fi
}
function getSftpIp() {
docker inspect -f "{{.NetworkSettings.IPAddress}}" "$1"
}
function runSftpCommands() {
ip="$(getSftpIp "$1")"
user="$2"
shift 2
commands=""
for cmd in "$@"; do
commands="$commands$cmd"$'\n'
done
echo "$commands" | sftp \
-i "$sshKeyPri" \
-oStrictHostKeyChecking=no \
-oUserKnownHostsFile=/dev/null \
-b - "$user@$ip" \
> "$redirect" 2>&1
status=$?
sleep 1 # wait for commands to finish
return $status
}
function waitForServer() {
containerName="$1"
echo -n "Waiting for $containerName to open port 22 ..."
for _ in {1..30}; do
sleep 1
ip="$(getSftpIp "$containerName")"
echo -n "."
if [ -n "$ip" ] && nc -z "$ip" 22; then
echo " OPEN"
return 0;
fi
done
echo " TIMEOUT"
return 1
}
##############################################################################
## Tests
##############################################################################
function testSmallestUserConfig() {
docker run --name "$containerName" \
--entrypoint="/bin/sh" \
"$imageName" \
-c "create-sftp-user u: && id u" \
> "$redirect" 2>&1
assertTrue "user created" $?
}
function testCreateUserWithDot() {
docker run --name "$containerName" \
--entrypoint="/bin/sh" \
"$imageName" \
-c "create-sftp-user user.with.dot: && id user.with.dot" \
> "$redirect" 2>&1
assertTrue "user created" $?
}
function testUserCustomUidAndGid() {
id="$(docker run --name "$containerName" \
--entrypoint="/bin/sh" \
"$imageName" \
-c "create-sftp-user u::1234:4321: > /dev/null && id u" )"
echo "$id" | grep -q 'uid=1234('
assertTrue "custom UID" $?
echo "$id" | grep -q 'gid=4321('
assertTrue "custom GID" $?
# Here we also check group name
assertEquals "uid=1234(u) gid=4321(group_4321) groups=4321(group_4321)" "$id"
}
function testCommandPassthrough() {
docker run --name "$containerName" \
"$imageName" test 1 -eq 1 \
> "$redirect" 2>&1
assertTrue "command passthrough" $?
}
function testUsersConf() {
docker run --name "$containerName" -d \
-v "$testDir/files/users.conf:/etc/sftp/users.conf:ro" \
"$imageName" \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
docker exec "$containerName" id user-from-conf > /dev/null
assertTrue "user-from-conf" $?
docker exec "$containerName" id test > /dev/null
assertTrue "test" $?
docker exec "$containerName" id user.with.dot > /dev/null
assertTrue "user.with.dot" $?
docker exec "$containerName" test -d /home/test/dir1 -a -d /home/test/dir2
assertTrue "dirs exists" $?
}
function testLegacyUsersConf() {
docker run --name "$containerName" -d \
-v "$testDir/files/users.conf:/etc/sftp-users.conf:ro" \
"$imageName" \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
docker exec "$containerName" id user-from-conf > /dev/null
assertTrue "user-from-conf" $?
}
function testCreateUsersUsingEnv() {
docker run --name "$containerName" -d \
-e "SFTP_USERS=user-from-env: user-from-env-2:" \
"$imageName" \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
docker exec "$containerName" id user-from-env > /dev/null
assertTrue "user-from-env" $?
docker exec "$containerName" id user-from-env-2 > /dev/null
assertTrue "user-from-env-2" $?
}
function testCreateUsersUsingCombo() {
docker run --name "$containerName" -d \
-v "$testDir/files/users.conf:/etc/sftp-users.conf:ro" \
-e "SFTP_USERS=user-from-env:" \
"$imageName" \
user-from-cmd: \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
docker exec "$containerName" id user-from-conf > /dev/null
assertTrue "user-from-conf" $?
docker exec "$containerName" id user-from-env > /dev/null
assertTrue "user-from-env" $?
docker exec "$containerName" id user-from-cmd > /dev/null
assertTrue "user-from-cmd" $?
}
function testWriteAccessToAutocreatedDirs() {
docker run --name "$containerName" -d \
-v "$sshKeyPub":/home/test/.ssh/keys/id_rsa.pub:ro \
"$imageName" "test::::testdir,dir with spaces" \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
runSftpCommands "$containerName" "test" \
"cd testdir" \
"mkdir test" \
"cd '../dir with spaces'" \
"mkdir test" \
"exit"
assertTrue "runSftpCommands" $?
docker exec "$containerName" test -d /home/test/testdir/test
assertTrue "testdir write access" $?
docker exec "$containerName" test -d "/home/test/dir with spaces/test"
assertTrue "dir with spaces write access" $?
}
function testWriteAccessToLimitedChroot() {
# Modified sshd_config with chrooted home subdir
tmpConfig="$(mktemp)"
sed 's/^ChrootDirectory.*/ChrootDirectory %h\/sftp/' \
< "$testDir/../files/sshd_config" > "$tmpConfig"
# Set correct permissions on chroot
tmpScript="$(mktemp)"
cat > "$tmpScript" <<EOF
mkdir -p /home/*/sftp
chown root:root /home/*/sftp
chmod 755 /home/*/sftp
EOF
chmod +x "$tmpScript"
docker run --name "$containerName" -d \
-v "$sshKeyPub":/home/test/.ssh/keys/id_rsa.pub:ro \
-v "$tmpConfig:/etc/ssh/sshd_config" \
-v "$tmpScript:/etc/sftp.d/limited_home_dir" \
"$imageName" "test::::sftp/upload" \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
runSftpCommands "$containerName" "test" \
"cd upload" \
"mkdir test" \
"exit"
assertTrue "runSftpCommands" $?
docker exec "$containerName" test -d /home/test/sftp/upload/test
assertTrue "limited chroot write access" $?
}
function testBindmountDirScript() {
mkdir -p "$containerTmpDir/custom/bindmount"
echo "mkdir -p /home/custom/bindmount && \
chown custom /custom /home/custom/bindmount && \
mount --bind /custom /home/custom/bindmount" \
> "$containerTmpDir/mount.sh"
chmod +x "$containerTmpDir/mount.sh"
docker run --name "$containerName" -d \
--privileged=true \
-v "$sshKeyPub":/home/custom/.ssh/keys/id_rsa.pub:ro \
-v "$containerTmpDir/custom/bindmount":/custom \
-v "$containerTmpDir/mount.sh":/etc/sftp.d/mount.sh \
"$imageName" custom:123 \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
runSftpCommands "$containerName" "custom" \
"cd bindmount" \
"mkdir test" \
"exit"
assertTrue "runSftpCommands" $?
docker exec "$containerName" test -d /home/custom/bindmount/test
assertTrue "directory exist" $?
}
function testDuplicateSshKeys() {
docker run --name "$containerName" -d \
-v "$sshKeyPub":/home/user/.ssh/keys/key1.pub:ro \
-v "$sshKeyPub":/home/user/.ssh/keys/key2.pub:ro \
"$imageName" "user:" \
> "$redirect" 2>&1
waitForServer "$containerName"
assertTrue "waitForServer" $?
lines="$(docker exec "$containerName" sh -c \
"wc -l < /home/user/.ssh/authorized_keys")"
assertEquals "1" "$lines"
}
##############################################################################
## Run
##############################################################################
# shellcheck disable=SC1090
source "$testDir/shunit2/shunit2"
# Nothing happens after this