You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

340 lines
7.5 KiB

  1. // Copyright 2012 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. // +build !windows
  5. package test
  6. // Session functional tests.
  7. import (
  8. "bytes"
  9. "errors"
  10. "io"
  11. "strings"
  12. "testing"
  13. "golang.org/x/crypto/ssh"
  14. )
  15. func TestRunCommandSuccess(t *testing.T) {
  16. server := newServer(t)
  17. defer server.Shutdown()
  18. conn := server.Dial(clientConfig())
  19. defer conn.Close()
  20. session, err := conn.NewSession()
  21. if err != nil {
  22. t.Fatalf("session failed: %v", err)
  23. }
  24. defer session.Close()
  25. err = session.Run("true")
  26. if err != nil {
  27. t.Fatalf("session failed: %v", err)
  28. }
  29. }
  30. func TestHostKeyCheck(t *testing.T) {
  31. server := newServer(t)
  32. defer server.Shutdown()
  33. conf := clientConfig()
  34. hostDB := hostKeyDB()
  35. conf.HostKeyCallback = hostDB.Check
  36. // change the keys.
  37. hostDB.keys[ssh.KeyAlgoRSA][25]++
  38. hostDB.keys[ssh.KeyAlgoDSA][25]++
  39. hostDB.keys[ssh.KeyAlgoECDSA256][25]++
  40. conn, err := server.TryDial(conf)
  41. if err == nil {
  42. conn.Close()
  43. t.Fatalf("dial should have failed.")
  44. } else if !strings.Contains(err.Error(), "host key mismatch") {
  45. t.Fatalf("'host key mismatch' not found in %v", err)
  46. }
  47. }
  48. func TestRunCommandStdin(t *testing.T) {
  49. server := newServer(t)
  50. defer server.Shutdown()
  51. conn := server.Dial(clientConfig())
  52. defer conn.Close()
  53. session, err := conn.NewSession()
  54. if err != nil {
  55. t.Fatalf("session failed: %v", err)
  56. }
  57. defer session.Close()
  58. r, w := io.Pipe()
  59. defer r.Close()
  60. defer w.Close()
  61. session.Stdin = r
  62. err = session.Run("true")
  63. if err != nil {
  64. t.Fatalf("session failed: %v", err)
  65. }
  66. }
  67. func TestRunCommandStdinError(t *testing.T) {
  68. server := newServer(t)
  69. defer server.Shutdown()
  70. conn := server.Dial(clientConfig())
  71. defer conn.Close()
  72. session, err := conn.NewSession()
  73. if err != nil {
  74. t.Fatalf("session failed: %v", err)
  75. }
  76. defer session.Close()
  77. r, w := io.Pipe()
  78. defer r.Close()
  79. session.Stdin = r
  80. pipeErr := errors.New("closing write end of pipe")
  81. w.CloseWithError(pipeErr)
  82. err = session.Run("true")
  83. if err != pipeErr {
  84. t.Fatalf("expected %v, found %v", pipeErr, err)
  85. }
  86. }
  87. func TestRunCommandFailed(t *testing.T) {
  88. server := newServer(t)
  89. defer server.Shutdown()
  90. conn := server.Dial(clientConfig())
  91. defer conn.Close()
  92. session, err := conn.NewSession()
  93. if err != nil {
  94. t.Fatalf("session failed: %v", err)
  95. }
  96. defer session.Close()
  97. err = session.Run(`bash -c "kill -9 $$"`)
  98. if err == nil {
  99. t.Fatalf("session succeeded: %v", err)
  100. }
  101. }
  102. func TestRunCommandWeClosed(t *testing.T) {
  103. server := newServer(t)
  104. defer server.Shutdown()
  105. conn := server.Dial(clientConfig())
  106. defer conn.Close()
  107. session, err := conn.NewSession()
  108. if err != nil {
  109. t.Fatalf("session failed: %v", err)
  110. }
  111. err = session.Shell()
  112. if err != nil {
  113. t.Fatalf("shell failed: %v", err)
  114. }
  115. err = session.Close()
  116. if err != nil {
  117. t.Fatalf("shell failed: %v", err)
  118. }
  119. }
  120. func TestFuncLargeRead(t *testing.T) {
  121. server := newServer(t)
  122. defer server.Shutdown()
  123. conn := server.Dial(clientConfig())
  124. defer conn.Close()
  125. session, err := conn.NewSession()
  126. if err != nil {
  127. t.Fatalf("unable to create new session: %s", err)
  128. }
  129. stdout, err := session.StdoutPipe()
  130. if err != nil {
  131. t.Fatalf("unable to acquire stdout pipe: %s", err)
  132. }
  133. err = session.Start("dd if=/dev/urandom bs=2048 count=1024")
  134. if err != nil {
  135. t.Fatalf("unable to execute remote command: %s", err)
  136. }
  137. buf := new(bytes.Buffer)
  138. n, err := io.Copy(buf, stdout)
  139. if err != nil {
  140. t.Fatalf("error reading from remote stdout: %s", err)
  141. }
  142. if n != 2048*1024 {
  143. t.Fatalf("Expected %d bytes but read only %d from remote command", 2048, n)
  144. }
  145. }
  146. func TestKeyChange(t *testing.T) {
  147. server := newServer(t)
  148. defer server.Shutdown()
  149. conf := clientConfig()
  150. hostDB := hostKeyDB()
  151. conf.HostKeyCallback = hostDB.Check
  152. conf.RekeyThreshold = 1024
  153. conn := server.Dial(conf)
  154. defer conn.Close()
  155. for i := 0; i < 4; i++ {
  156. session, err := conn.NewSession()
  157. if err != nil {
  158. t.Fatalf("unable to create new session: %s", err)
  159. }
  160. stdout, err := session.StdoutPipe()
  161. if err != nil {
  162. t.Fatalf("unable to acquire stdout pipe: %s", err)
  163. }
  164. err = session.Start("dd if=/dev/urandom bs=1024 count=1")
  165. if err != nil {
  166. t.Fatalf("unable to execute remote command: %s", err)
  167. }
  168. buf := new(bytes.Buffer)
  169. n, err := io.Copy(buf, stdout)
  170. if err != nil {
  171. t.Fatalf("error reading from remote stdout: %s", err)
  172. }
  173. want := int64(1024)
  174. if n != want {
  175. t.Fatalf("Expected %d bytes but read only %d from remote command", want, n)
  176. }
  177. }
  178. if changes := hostDB.checkCount; changes < 4 {
  179. t.Errorf("got %d key changes, want 4", changes)
  180. }
  181. }
  182. func TestInvalidTerminalMode(t *testing.T) {
  183. server := newServer(t)
  184. defer server.Shutdown()
  185. conn := server.Dial(clientConfig())
  186. defer conn.Close()
  187. session, err := conn.NewSession()
  188. if err != nil {
  189. t.Fatalf("session failed: %v", err)
  190. }
  191. defer session.Close()
  192. if err = session.RequestPty("vt100", 80, 40, ssh.TerminalModes{255: 1984}); err == nil {
  193. t.Fatalf("req-pty failed: successful request with invalid mode")
  194. }
  195. }
  196. func TestValidTerminalMode(t *testing.T) {
  197. server := newServer(t)
  198. defer server.Shutdown()
  199. conn := server.Dial(clientConfig())
  200. defer conn.Close()
  201. session, err := conn.NewSession()
  202. if err != nil {
  203. t.Fatalf("session failed: %v", err)
  204. }
  205. defer session.Close()
  206. stdout, err := session.StdoutPipe()
  207. if err != nil {
  208. t.Fatalf("unable to acquire stdout pipe: %s", err)
  209. }
  210. stdin, err := session.StdinPipe()
  211. if err != nil {
  212. t.Fatalf("unable to acquire stdin pipe: %s", err)
  213. }
  214. tm := ssh.TerminalModes{ssh.ECHO: 0}
  215. if err = session.RequestPty("xterm", 80, 40, tm); err != nil {
  216. t.Fatalf("req-pty failed: %s", err)
  217. }
  218. err = session.Shell()
  219. if err != nil {
  220. t.Fatalf("session failed: %s", err)
  221. }
  222. stdin.Write([]byte("stty -a && exit\n"))
  223. var buf bytes.Buffer
  224. if _, err := io.Copy(&buf, stdout); err != nil {
  225. t.Fatalf("reading failed: %s", err)
  226. }
  227. if sttyOutput := buf.String(); !strings.Contains(sttyOutput, "-echo ") {
  228. t.Fatalf("terminal mode failure: expected -echo in stty output, got %s", sttyOutput)
  229. }
  230. }
  231. func TestCiphers(t *testing.T) {
  232. var config ssh.Config
  233. config.SetDefaults()
  234. cipherOrder := config.Ciphers
  235. // This cipher will not be tested when commented out in cipher.go it will
  236. // fallback to the next available as per line 292.
  237. cipherOrder = append(cipherOrder, "aes128-cbc")
  238. for _, ciph := range cipherOrder {
  239. server := newServer(t)
  240. defer server.Shutdown()
  241. conf := clientConfig()
  242. conf.Ciphers = []string{ciph}
  243. // Don't fail if sshd doesnt have the cipher.
  244. conf.Ciphers = append(conf.Ciphers, cipherOrder...)
  245. conn, err := server.TryDial(conf)
  246. if err == nil {
  247. conn.Close()
  248. } else {
  249. t.Fatalf("failed for cipher %q", ciph)
  250. }
  251. }
  252. }
  253. func TestMACs(t *testing.T) {
  254. var config ssh.Config
  255. config.SetDefaults()
  256. macOrder := config.MACs
  257. for _, mac := range macOrder {
  258. server := newServer(t)
  259. defer server.Shutdown()
  260. conf := clientConfig()
  261. conf.MACs = []string{mac}
  262. // Don't fail if sshd doesnt have the MAC.
  263. conf.MACs = append(conf.MACs, macOrder...)
  264. if conn, err := server.TryDial(conf); err == nil {
  265. conn.Close()
  266. } else {
  267. t.Fatalf("failed for MAC %q", mac)
  268. }
  269. }
  270. }
  271. func TestKeyExchanges(t *testing.T) {
  272. var config ssh.Config
  273. config.SetDefaults()
  274. kexOrder := config.KeyExchanges
  275. for _, kex := range kexOrder {
  276. server := newServer(t)
  277. defer server.Shutdown()
  278. conf := clientConfig()
  279. // Don't fail if sshd doesnt have the kex.
  280. conf.KeyExchanges = append([]string{kex}, kexOrder...)
  281. conn, err := server.TryDial(conf)
  282. if err == nil {
  283. conn.Close()
  284. } else {
  285. t.Errorf("failed for kex %q", kex)
  286. }
  287. }
  288. }