Ana Sayfa Keşfet Yardım
Giriş Yap
SoftwareDesign
/
csu3_am335x
8
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Ağaç: 52bd49a6d4
Dallar Biçim İmleri
csu3_am335x
/
EVSE
/
GPL
/
curl-7.61.1
/
tests
/
sshserver.pl

sshserver.pl 38 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080 
  1. #!/usr/bin/env perl
    2. 

  2. #***************************************************************************
    3. 

  3. #                                  _   _ ____  _
    4. 

  4. #  Project                     ___| | | |  _ \| |
    5. 

  5. #                             / __| | | | |_) | |
    6. 

  6. #                            | (__| |_| |  _ <| |___
    7. 

  7. #                             \___|\___/|_| \_\_____|
    8. 

  8. #
    9. 

  9. # Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
    10. 

  10. #
    11. 

  11. # This software is licensed as described in the file COPYING, which
    12. 

  12. # you should have received as part of this distribution. The terms
    13. 

  13. # are also available at https://curl.haxx.se/docs/copyright.html.
    14. 

  14. #
    15. 

  15. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
    16. 

  16. # copies of the Software, and permit persons to whom the Software is
    17. 

  17. # furnished to do so, under the terms of the COPYING file.
    18. 

  18. #
    19. 

  19. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
    20. 

  20. # KIND, either express or implied.
    21. 

  21. #
    22. 

  22. #***************************************************************************
    23. 

  23. 

  24. # Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests.
    25. 

  25. # Also creates the ssh configuration files needed for these tests.
    26. 

  26. 

  27. use strict;
    28. 

  28. use warnings;
    29. 

  29. use Cwd;
    30. 

  30. use Cwd 'abs_path';
    31. 

  31. 

  32. #***************************************************************************
    33. 

  33. # Variables and subs imported from sshhelp module
    34. 

  34. #
    35. 

  35. use sshhelp qw(
    36. 

  36.     $sshdexe
    37. 

  37.     $sshexe
    38. 

  38.     $sftpsrvexe
    39. 

  39.     $sftpexe
    40. 

  40.     $sshkeygenexe
    41. 

  41.     $sshdconfig
    42. 

  42.     $sshconfig
    43. 

  43.     $sftpconfig
    44. 

  44.     $knownhosts
    45. 

  45.     $sshdlog
    46. 

  46.     $sshlog
    47. 

  47.     $sftplog
    48. 

  48.     $sftpcmds
    49. 

  49.     $hstprvkeyf
    50. 

  50.     $hstpubkeyf
    51. 

  51.     $cliprvkeyf
    52. 

  52.     $clipubkeyf
    53. 

  53.     display_sshdconfig
    54. 

  54.     display_sshconfig
    55. 

  55.     display_sftpconfig
    56. 

  56.     display_sshdlog
    57. 

  57.     display_sshlog
    58. 

  58.     display_sftplog
    59. 

  59.     dump_array
    60. 

  60.     find_sshd
    61. 

  61.     find_ssh
    62. 

  62.     find_sftpsrv
    63. 

  63.     find_sftp
    64. 

  64.     find_sshkeygen
    65. 

  65.     logmsg
    66. 

  66.     sshversioninfo
    67. 

  67.     );
    68. 

  68. 

  69. #***************************************************************************
    70. 

  70. # Subs imported from serverhelp module
    71. 

  71. #
    72. 

  72. use serverhelp qw(
    73. 

  73.     server_pidfilename
    74. 

  74.     server_logfilename
    75. 

  75.     );
    76. 

  76. 

  77. use pathhelp;
    78. 

  78. 

  79. #***************************************************************************
    80. 

  80. 

  81. my $verbose = 0;              # set to 1 for debugging
    82. 

  82. my $debugprotocol = 0;        # set to 1 for protocol debugging
    83. 

  83. my $port = 8999;              # our default SCP/SFTP server port
    84. 

  84. my $socksport = $port + 1;    # our default SOCKS4/5 server port
    85. 

  85. my $listenaddr = '127.0.0.1'; # default address on which to listen
    86. 

  86. my $ipvnum = 4;               # default IP version of listener address
    87. 

  87. my $idnum = 1;                # default ssh daemon instance number
    88. 

  88. my $proto = 'ssh';            # protocol the ssh daemon speaks
    89. 

  89. my $path = getcwd();          # current working directory
    90. 

  90. my $logdir = $path .'/log';   # directory for log files
    91. 

  91. my $username = $ENV{USER};    # default user
    92. 

  92. my $pidfile;                  # ssh daemon pid file
    93. 

  93. my $identity = 'curl_client_key'; # default identity file
    94. 

  94. 

  95. my $error;
    96. 

  96. my @cfgarr;
    97. 

  97. 

  98. 

  99. #***************************************************************************
    100. 

  100. # Parse command line options
    101. 

  101. #
    102. 

  102. while(@ARGV) {
    103. 

  103.     if($ARGV[0] eq '--verbose') {
    104. 

  104.         $verbose = 1;
    105. 

  105.     }
    106. 

  106.     elsif($ARGV[0] eq '--debugprotocol') {
    107. 

  107.         $verbose = 1;
    108. 

  108.         $debugprotocol = 1;
    109. 

  109.     }
    110. 

  110.     elsif($ARGV[0] eq '--user') {
    111. 

  111.         if($ARGV[1]) {
    112. 

  112.             $username = $ARGV[1];
    113. 

  113.             shift @ARGV;
    114. 

  114.         }
    115. 

  115.     }
    116. 

  116.     elsif($ARGV[0] eq '--id') {
    117. 

  117.         if($ARGV[1]) {
    118. 

  118.             if($ARGV[1] =~ /^(\d+)$/) {
    119. 

  119.                 $idnum = $1 if($1 > 0);
    120. 

  120.                 shift @ARGV;
    121. 

  121.             }
    122. 

  122.         }
    123. 

  123.     }
    124. 

  124.     elsif($ARGV[0] eq '--ipv4') {
    125. 

  125.         $ipvnum = 4;
    126. 

  126.         $listenaddr = '127.0.0.1' if($listenaddr eq '::1');
    127. 

  127.     }
    128. 

  128.     elsif($ARGV[0] eq '--ipv6') {
    129. 

  129.         $ipvnum = 6;
    130. 

  130.         $listenaddr = '::1' if($listenaddr eq '127.0.0.1');
    131. 

  131.     }
    132. 

  132.     elsif($ARGV[0] eq '--addr') {
    133. 

  133.         if($ARGV[1]) {
    134. 

  134.             my $tmpstr = $ARGV[1];
    135. 

  135.             if($tmpstr =~ /^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/) {
    136. 

  136.                 $listenaddr = "$1.$2.$3.$4" if($ipvnum == 4);
    137. 

  137.                 shift @ARGV;
    138. 

  138.             }
    139. 

  139.             elsif($ipvnum == 6) {
    140. 

  140.                 $listenaddr = $tmpstr;
    141. 

  141.                 $listenaddr =~ s/^\[(.*)\]$/$1/;
    142. 

  142.                 shift @ARGV;
    143. 

  143.             }
    144. 

  144.         }
    145. 

  145.     }
    146. 

  146.     elsif($ARGV[0] eq '--pidfile') {
    147. 

  147.         if($ARGV[1]) {
    148. 

  148.             $pidfile = "$path/". $ARGV[1];
    149. 

  149.             shift @ARGV;
    150. 

  150.         }
    151. 

  151.     }
    152. 

  152.     elsif($ARGV[0] eq '--sshport') {
    153. 

  153.         if($ARGV[1]) {
    154. 

  154.             if($ARGV[1] =~ /^(\d+)$/) {
    155. 

  155.                 $port = $1;
    156. 

  156.                 shift @ARGV;
    157. 

  157.             }
    158. 

  158.         }
    159. 

  159.     }
    160. 

  160.     elsif($ARGV[0] eq '--socksport') {
    161. 

  161.         if($ARGV[1]) {
    162. 

  162.             if($ARGV[1] =~ /^(\d+)$/) {
    163. 

  163.                 $socksport = $1;
    164. 

  164.                 shift @ARGV;
    165. 

  165.             }
    166. 

  166.         }
    167. 

  167.     }
    168. 

  168.     else {
    169. 

  169.         print STDERR "\nWarning: sshserver.pl unknown parameter: $ARGV[0]\n";
    170. 

  170.     }
    171. 

  171.     shift @ARGV;
    172. 

  172. }
    173. 

  173. 

  174. 

  175. #***************************************************************************
    176. 

  176. # Default ssh daemon pid file name
    177. 

  177. #
    178. 

  178. if(!$pidfile) {
    179. 

  179.     $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
    180. 

  180. }
    181. 

  181. 

  182. 

  183. #***************************************************************************
    184. 

  184. # ssh, socks and sftp server log file names
    185. 

  185. #
    186. 

  186. $sshdlog = server_logfilename($logdir, 'ssh', $ipvnum, $idnum);
    187. 

  187. $sftplog = server_logfilename($logdir, 'sftp', $ipvnum, $idnum);
    188. 

  188. $sshlog  = server_logfilename($logdir, 'socks', $ipvnum, $idnum);
    189. 

  189. 

  190. 

  191. #***************************************************************************
    192. 

  192. # Logging level for ssh server and client
    193. 

  193. #
    194. 

  194. my $loglevel = $debugprotocol?'DEBUG3':'DEBUG2';
    195. 

  195. 

  196. 

  197. #***************************************************************************
    198. 

  198. # Validate username
    199. 

  199. #
    200. 

  200. if(!$username) {
    201. 

  201.     $error = 'Will not run ssh server without a user name';
    202. 

  202. }
    203. 

  203. elsif($username eq 'root') {
    204. 

  204.     $error = 'Will not run ssh server as root to mitigate security risks';
    205. 

  205. }
    206. 

  206. if($error) {
    207. 

  207.     logmsg $error;
    208. 

  208.     exit 1;
    209. 

  209. }
    210. 

  210. 

  211. 

  212. #***************************************************************************
    213. 

  213. # Find out ssh daemon canonical file name
    214. 

  214. #
    215. 

  215. my $sshd = find_sshd();
    216. 

  216. if(!$sshd) {
    217. 

  217.     logmsg "cannot find $sshdexe";
    218. 

  218.     exit 1;
    219. 

  219. }
    220. 

  220. 

  221. 

  222. #***************************************************************************
    223. 

  223. # Find out ssh daemon version info
    224. 

  224. #
    225. 

  225. my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd);
    226. 

  226. if(!$sshdid) {
    227. 

  227.     # Not an OpenSSH or SunSSH ssh daemon
    228. 

  228.     logmsg $sshderror if($verbose);
    229. 

  229.     logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
    230. 

  230.     exit 1;
    231. 

  231. }
    232. 

  232. logmsg "ssh server found $sshd is $sshdverstr" if($verbose);
    233. 

  233. 

  234. 

  235. #***************************************************************************
    236. 

  236. #  ssh daemon command line options we might use and version support
    237. 

  237. #
    238. 

  238. #  -e:  log stderr           : OpenSSH 2.9.0 and later
    239. 

  239. #  -f:  sshd config file     : OpenSSH 1.2.1 and later
    240. 

  240. #  -D:  no daemon forking    : OpenSSH 2.5.0 and later
    241. 

  241. #  -o:  command-line option  : OpenSSH 3.1.0 and later
    242. 

  242. #  -t:  test config file     : OpenSSH 2.9.9 and later
    243. 

  243. #  -?:  sshd version info    : OpenSSH 1.2.1 and later
    244. 

  244. #
    245. 

  245. #  -e:  log stderr           : SunSSH 1.0.0 and later
    246. 

  246. #  -f:  sshd config file     : SunSSH 1.0.0 and later
    247. 

  247. #  -D:  no daemon forking    : SunSSH 1.0.0 and later
    248. 

  248. #  -o:  command-line option  : SunSSH 1.0.0 and later
    249. 

  249. #  -t:  test config file     : SunSSH 1.0.0 and later
    250. 

  250. #  -?:  sshd version info    : SunSSH 1.0.0 and later
    251. 

  251. 

  252. 

  253. #***************************************************************************
    254. 

  254. # Verify minimum ssh daemon version
    255. 

  255. #
    256. 

  256. if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
    257. 

  257.    (($sshdid =~ /SunSSH/)  && ($sshdvernum < 100))) {
    258. 

  258.     logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
    259. 

  259.     exit 1;
    260. 

  260. }
    261. 

  261. 

  262. 

  263. #***************************************************************************
    264. 

  264. # Find out sftp server plugin canonical file name
    265. 

  265. #
    266. 

  266. my $sftpsrv = find_sftpsrv();
    267. 

  267. if(!$sftpsrv) {
    268. 

  268.     logmsg "cannot find $sftpsrvexe";
    269. 

  269.     exit 1;
    270. 

  270. }
    271. 

  271. logmsg "sftp server plugin found $sftpsrv" if($verbose);
    272. 

  272. 

  273. 

  274. #***************************************************************************
    275. 

  275. # Find out sftp client canonical file name
    276. 

  276. #
    277. 

  277. my $sftp = find_sftp();
    278. 

  278. if(!$sftp) {
    279. 

  279.     logmsg "cannot find $sftpexe";
    280. 

  280.     exit 1;
    281. 

  281. }
    282. 

  282. logmsg "sftp client found $sftp" if($verbose);
    283. 

  283. 

  284. 

  285. #***************************************************************************
    286. 

  286. # Find out ssh keygen canonical file name
    287. 

  287. #
    288. 

  288. my $sshkeygen = find_sshkeygen();
    289. 

  289. if(!$sshkeygen) {
    290. 

  290.     logmsg "cannot find $sshkeygenexe";
    291. 

  291.     exit 1;
    292. 

  292. }
    293. 

  293. logmsg "ssh keygen found $sshkeygen" if($verbose);
    294. 

  294. 

  295. 

  296. #***************************************************************************
    297. 

  297. # Find out ssh client canonical file name
    298. 

  298. #
    299. 

  299. my $ssh = find_ssh();
    300. 

  300. if(!$ssh) {
    301. 

  301.     logmsg "cannot find $sshexe";
    302. 

  302.     exit 1;
    303. 

  303. }
    304. 

  304. 

  305. 

  306. #***************************************************************************
    307. 

  307. # Find out ssh client version info
    308. 

  308. #
    309. 

  309. my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh);
    310. 

  310. if(!$sshid) {
    311. 

  311.     # Not an OpenSSH or SunSSH ssh client
    312. 

  312.     logmsg $ssherror if($verbose);
    313. 

  313.     logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
    314. 

  314.     exit 1;
    315. 

  315. }
    316. 

  316. logmsg "ssh client found $ssh is $sshverstr" if($verbose);
    317. 

  317. 

  318. 

  319. #***************************************************************************
    320. 

  320. #  ssh client command line options we might use and version support
    321. 

  321. #
    322. 

  322. #  -D:  dynamic app port forwarding  : OpenSSH 2.9.9 and later
    323. 

  323. #  -F:  ssh config file              : OpenSSH 2.9.9 and later
    324. 

  324. #  -N:  no shell/command             : OpenSSH 2.1.0 and later
    325. 

  325. #  -p:  connection port              : OpenSSH 1.2.1 and later
    326. 

  326. #  -v:  verbose messages             : OpenSSH 1.2.1 and later
    327. 

  327. # -vv:  increase verbosity           : OpenSSH 2.3.0 and later
    328. 

  328. #  -V:  ssh version info             : OpenSSH 1.2.1 and later
    329. 

  329. #
    330. 

  330. #  -D:  dynamic app port forwarding  : SunSSH 1.0.0 and later
    331. 

  331. #  -F:  ssh config file              : SunSSH 1.0.0 and later
    332. 

  332. #  -N:  no shell/command             : SunSSH 1.0.0 and later
    333. 

  333. #  -p:  connection port              : SunSSH 1.0.0 and later
    334. 

  334. #  -v:  verbose messages             : SunSSH 1.0.0 and later
    335. 

  335. # -vv:  increase verbosity           : SunSSH 1.0.0 and later
    336. 

  336. #  -V:  ssh version info             : SunSSH 1.0.0 and later
    337. 

  337. 

  338. 

  339. #***************************************************************************
    340. 

  340. # Verify minimum ssh client version
    341. 

  341. #
    342. 

  342. if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) ||
    343. 

  343.    (($sshid =~ /SunSSH/)  && ($sshvernum < 100))) {
    344. 

  344.     logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
    345. 

  345.     exit 1;
    346. 

  346. }
    347. 

  347. 

  348. 

  349. #***************************************************************************
    350. 

  350. #  ssh keygen command line options we actually use and version support
    351. 

  351. #
    352. 

  352. #  -C:  identity comment : OpenSSH 1.2.1 and later
    353. 

  353. #  -f:  key filename     : OpenSSH 1.2.1 and later
    354. 

  354. #  -N:  new passphrase   : OpenSSH 1.2.1 and later
    355. 

  355. #  -q:  quiet keygen     : OpenSSH 1.2.1 and later
    356. 

  356. #  -t:  key type         : OpenSSH 2.5.0 and later
    357. 

  357. #
    358. 

  358. #  -C:  identity comment : SunSSH 1.0.0 and later
    359. 

  359. #  -f:  key filename     : SunSSH 1.0.0 and later
    360. 

  360. #  -N:  new passphrase   : SunSSH 1.0.0 and later
    361. 

  361. #  -q:  quiet keygen     : SunSSH 1.0.0 and later
    362. 

  362. #  -t:  key type         : SunSSH 1.0.0 and later
    363. 

  363. 

  364. 

  365. #***************************************************************************
    366. 

  366. # Generate host and client key files for curl's tests
    367. 

  367. #
    368. 

  368. if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) ||
    369. 

  369.    (! -e $hstpubkeyf) || (! -s $hstpubkeyf) ||
    370. 

  370.    (! -e $cliprvkeyf) || (! -s $cliprvkeyf) ||
    371. 

  371.    (! -e $clipubkeyf) || (! -s $clipubkeyf)) {
    372. 

  372.     # Make sure all files are gone so ssh-keygen doesn't complain
    373. 

  373.     unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf);
    374. 

  374.     logmsg 'generating host keys...' if($verbose);
    375. 

  375.     if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") {
    376. 

  376.         logmsg 'Could not generate host key';
    377. 

  377.         exit 1;
    378. 

  378.     }
    379. 

  379.     logmsg 'generating client keys...' if($verbose);
    380. 

  380.     if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") {
    381. 

  381.         logmsg 'Could not generate client key';
    382. 

  382.         exit 1;
    383. 

  383.     }
    384. 

  384. }
    385. 

  385. 

  386. 

  387. #***************************************************************************
    388. 

  388. # Convert paths for curl's tests running on Windows with Cygwin/Msys OpenSSH
    389. 

  389. #
    390. 

  390. my $clipubkeyf_config = abs_path("$path/$clipubkeyf");
    391. 

  391. my $hstprvkeyf_config = abs_path("$path/$hstprvkeyf");
    392. 

  392. my $pidfile_config = $pidfile;
    393. 

  393. my $sftpsrv_config = $sftpsrv;
    394. 

  394. 

  395. if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys') {
    396. 

  396.     # Ensure to use MinGW/Cygwin paths
    397. 

  397.     $clipubkeyf_config = pathhelp::build_sys_abs_path($clipubkeyf_config);
    398. 

  398.     $hstprvkeyf_config = pathhelp::build_sys_abs_path($hstprvkeyf_config);
    399. 

  399.     $pidfile_config = pathhelp::build_sys_abs_path($pidfile_config);
    400. 

  400.     $sftpsrv_config = "internal-sftp";
    401. 

  401. }
    402. 

  402. 

  403. #***************************************************************************
    404. 

  404. #  ssh daemon configuration file options we might use and version support
    405. 

  405. #
    406. 

  406. #  AFSTokenPassing                  : OpenSSH 1.2.1 and later [1]
    407. 

  407. #  AcceptEnv                        : OpenSSH 3.9.0 and later
    408. 

  408. #  AddressFamily                    : OpenSSH 4.0.0 and later
    409. 

  409. #  AllowGroups                      : OpenSSH 1.2.1 and later
    410. 

  410. #  AllowTcpForwarding               : OpenSSH 2.3.0 and later
    411. 

  411. #  AllowUsers                       : OpenSSH 1.2.1 and later
    412. 

  412. #  AuthorizedKeysFile               : OpenSSH 2.9.9 and later
    413. 

  413. #  AuthorizedKeysFile2              : OpenSSH 2.9.9 and later
    414. 

  414. #  Banner                           : OpenSSH 2.5.0 and later
    415. 

  415. #  ChallengeResponseAuthentication  : OpenSSH 2.5.0 and later
    416. 

  416. #  Ciphers                          : OpenSSH 2.1.0 and later [3]
    417. 

  417. #  ClientAliveCountMax              : OpenSSH 2.9.0 and later
    418. 

  418. #  ClientAliveInterval              : OpenSSH 2.9.0 and later
    419. 

  419. #  Compression                      : OpenSSH 3.3.0 and later
    420. 

  420. #  DenyGroups                       : OpenSSH 1.2.1 and later
    421. 

  421. #  DenyUsers                        : OpenSSH 1.2.1 and later
    422. 

  422. #  ForceCommand                     : OpenSSH 4.4.0 and later [3]
    423. 

  423. #  GatewayPorts                     : OpenSSH 2.1.0 and later
    424. 

  424. #  GSSAPIAuthentication             : OpenSSH 3.7.0 and later [1]
    425. 

  425. #  GSSAPICleanupCredentials         : OpenSSH 3.8.0 and later [1]
    426. 

  426. #  GSSAPIKeyExchange                :  SunSSH 1.0.0 and later [1]
    427. 

  427. #  GSSAPIStoreDelegatedCredentials  :  SunSSH 1.0.0 and later [1]
    428. 

  428. #  GSSCleanupCreds                  :  SunSSH 1.0.0 and later [1]
    429. 

  429. #  GSSUseSessionCredCache           :  SunSSH 1.0.0 and later [1]
    430. 

  430. #  HostbasedAuthentication          : OpenSSH 2.9.0 and later
    431. 

  431. #  HostbasedUsesNameFromPacketOnly  : OpenSSH 2.9.0 and later
    432. 

  432. #  HostKey                          : OpenSSH 1.2.1 and later
    433. 

  433. #  IgnoreRhosts                     : OpenSSH 1.2.1 and later
    434. 

  434. #  IgnoreUserKnownHosts             : OpenSSH 1.2.1 and later
    435. 

  435. #  KbdInteractiveAuthentication     : OpenSSH 2.3.0 and later
    436. 

  436. #  KeepAlive                        : OpenSSH 1.2.1 and later
    437. 

  437. #  KerberosAuthentication           : OpenSSH 1.2.1 and later [1]
    438. 

  438. #  KerberosGetAFSToken              : OpenSSH 3.8.0 and later [1]
    439. 

  439. #  KerberosOrLocalPasswd            : OpenSSH 1.2.1 and later [1]
    440. 

  440. #  KerberosTgtPassing               : OpenSSH 1.2.1 and later [1]
    441. 

  441. #  KerberosTicketCleanup            : OpenSSH 1.2.1 and later [1]
    442. 

  442. #  KeyRegenerationInterval          : OpenSSH 1.2.1 and later
    443. 

  443. #  ListenAddress                    : OpenSSH 1.2.1 and later
    444. 

  444. #  LoginGraceTime                   : OpenSSH 1.2.1 and later
    445. 

  445. #  LogLevel                         : OpenSSH 1.2.1 and later
    446. 

  446. #  LookupClientHostnames            :  SunSSH 1.0.0 and later
    447. 

  447. #  MACs                             : OpenSSH 2.5.0 and later [3]
    448. 

  448. #  Match                            : OpenSSH 4.4.0 and later [3]
    449. 

  449. #  MaxAuthTries                     : OpenSSH 3.9.0 and later
    450. 

  450. #  MaxStartups                      : OpenSSH 2.2.0 and later
    451. 

  451. #  PAMAuthenticationViaKbdInt       : OpenSSH 2.9.0 and later [2]
    452. 

  452. #  PasswordAuthentication           : OpenSSH 1.2.1 and later
    453. 

  453. #  PermitEmptyPasswords             : OpenSSH 1.2.1 and later
    454. 

  454. #  PermitOpen                       : OpenSSH 4.4.0 and later [3]
    455. 

  455. #  PermitRootLogin                  : OpenSSH 1.2.1 and later
    456. 

  456. #  PermitTunnel                     : OpenSSH 4.3.0 and later
    457. 

  457. #  PermitUserEnvironment            : OpenSSH 3.5.0 and later
    458. 

  458. #  PidFile                          : OpenSSH 2.1.0 and later
    459. 

  459. #  Port                             : OpenSSH 1.2.1 and later
    460. 

  460. #  PrintLastLog                     : OpenSSH 2.9.0 and later
    461. 

  461. #  PrintMotd                        : OpenSSH 1.2.1 and later
    462. 

  462. #  Protocol                         : OpenSSH 2.1.0 and later
    463. 

  463. #  PubkeyAuthentication             : OpenSSH 2.5.0 and later
    464. 

  464. #  RhostsAuthentication             : OpenSSH 1.2.1 and later
    465. 

  465. #  RhostsRSAAuthentication          : OpenSSH 1.2.1 and later
    466. 

  466. #  RSAAuthentication                : OpenSSH 1.2.1 and later
    467. 

  467. #  ServerKeyBits                    : OpenSSH 1.2.1 and later
    468. 

  468. #  SkeyAuthentication               : OpenSSH 1.2.1 and later [1]
    469. 

  469. #  StrictModes                      : OpenSSH 1.2.1 and later
    470. 

  470. #  Subsystem                        : OpenSSH 2.2.0 and later
    471. 

  471. #  SyslogFacility                   : OpenSSH 1.2.1 and later
    472. 

  472. #  TCPKeepAlive                     : OpenSSH 3.8.0 and later
    473. 

  473. #  UseDNS                           : OpenSSH 3.7.0 and later
    474. 

  474. #  UseLogin                         : OpenSSH 1.2.1 and later
    475. 

  475. #  UsePAM                           : OpenSSH 3.7.0 and later [1][2]
    476. 

  476. #  UsePrivilegeSeparation           : OpenSSH 3.2.2 and later
    477. 

  477. #  VerifyReverseMapping             : OpenSSH 3.1.0 and later
    478. 

  478. #  X11DisplayOffset                 : OpenSSH 1.2.1 and later [3]
    479. 

  479. #  X11Forwarding                    : OpenSSH 1.2.1 and later
    480. 

  480. #  X11UseLocalhost                  : OpenSSH 3.1.0 and later
    481. 

  481. #  XAuthLocation                    : OpenSSH 2.1.1 and later [3]
    482. 

  482. #
    483. 

  483. #  [1] Option only available if activated at compile time
    484. 

  484. #  [2] Option specific for portable versions
    485. 

  485. #  [3] Option not used in our ssh server config file
    486. 

  486. 

  487. 

  488. #***************************************************************************
    489. 

  489. # Initialize sshd config with options actually supported in OpenSSH 2.9.9
    490. 

  490. #
    491. 

  491. logmsg 'generating ssh server config file...' if($verbose);
    492. 

  492. @cfgarr = ();
    493. 

  493. push @cfgarr, '# This is a generated file.  Do not edit.';
    494. 

  494. push @cfgarr, "# $sshdverstr sshd configuration file for curl testing";
    495. 

  495. push @cfgarr, '#';
    496. 

  496. push @cfgarr, "DenyUsers !$username";
    497. 

  497. push @cfgarr, "AllowUsers $username";
    498. 

  498. push @cfgarr, 'DenyGroups';
    499. 

  499. push @cfgarr, 'AllowGroups';
    500. 

  500. push @cfgarr, '#';
    501. 

  501. push @cfgarr, "AuthorizedKeysFile $clipubkeyf_config";
    502. 

  502. push @cfgarr, "AuthorizedKeysFile2 $clipubkeyf_config";
    503. 

  503. push @cfgarr, "HostKey $hstprvkeyf_config";
    504. 

  504. push @cfgarr, "PidFile $pidfile_config";
    505. 

  505. push @cfgarr, '#';
    506. 

  506. push @cfgarr, "Port $port";
    507. 

  507. push @cfgarr, "ListenAddress $listenaddr";
    508. 

  508. push @cfgarr, 'Protocol 2';
    509. 

  509. push @cfgarr, '#';
    510. 

  510. push @cfgarr, 'AllowTcpForwarding yes';
    511. 

  511. push @cfgarr, 'Banner none';
    512. 

  512. push @cfgarr, 'ChallengeResponseAuthentication no';
    513. 

  513. push @cfgarr, 'ClientAliveCountMax 3';
    514. 

  514. push @cfgarr, 'ClientAliveInterval 0';
    515. 

  515. push @cfgarr, 'GatewayPorts no';
    516. 

  516. push @cfgarr, 'HostbasedAuthentication no';
    517. 

  517. push @cfgarr, 'HostbasedUsesNameFromPacketOnly no';
    518. 

  518. push @cfgarr, 'IgnoreRhosts yes';
    519. 

  519. push @cfgarr, 'IgnoreUserKnownHosts yes';
    520. 

  520. push @cfgarr, 'KeyRegenerationInterval 0';
    521. 

  521. push @cfgarr, 'LoginGraceTime 30';
    522. 

  522. push @cfgarr, "LogLevel $loglevel";
    523. 

  523. push @cfgarr, 'MaxStartups 5';
    524. 

  524. push @cfgarr, 'PasswordAuthentication no';
    525. 

  525. push @cfgarr, 'PermitEmptyPasswords no';
    526. 

  526. push @cfgarr, 'PermitRootLogin no';
    527. 

  527. push @cfgarr, 'PrintLastLog no';
    528. 

  528. push @cfgarr, 'PrintMotd no';
    529. 

  529. push @cfgarr, 'PubkeyAuthentication yes';
    530. 

  530. push @cfgarr, 'RhostsRSAAuthentication no';
    531. 

  531. push @cfgarr, 'RSAAuthentication no';
    532. 

  532. push @cfgarr, 'ServerKeyBits 768';
    533. 

  533. push @cfgarr, 'StrictModes no';
    534. 

  534. push @cfgarr, "Subsystem sftp \"$sftpsrv_config\"";
    535. 

  535. push @cfgarr, 'SyslogFacility AUTH';
    536. 

  536. push @cfgarr, 'UseLogin no';
    537. 

  537. push @cfgarr, 'X11Forwarding no';
    538. 

  538. push @cfgarr, '#';
    539. 

  539. 

  540. 

  541. #***************************************************************************
    542. 

  542. # Write out initial sshd configuration file for curl's tests
    543. 

  543. #
    544. 

  544. $error = dump_array($sshdconfig, @cfgarr);
    545. 

  545. if($error) {
    546. 

  546.     logmsg $error;
    547. 

  547.     exit 1;
    548. 

  548. }
    549. 

  549. 

  550. 

  551. #***************************************************************************
    552. 

  552. # Verifies at run time if sshd supports a given configuration file option
    553. 

  553. #
    554. 

  554. sub sshd_supports_opt {
    555. 

  555.     my ($option, $value) = @_;
    556. 

  556.     my $err;
    557. 

  557.     #
    558. 

  558.     if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) ||
    559. 

  559.         ($sshdid =~ /SunSSH/)) {
    560. 

  560.         # ssh daemon supports command line options -t -f and -o
    561. 

  561.         $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
    562. 

  562.                     qx("$sshd" -t -f $sshdconfig -o "$option=$value" 2>&1);
    563. 

  563.         return !$err;
    564. 

  564.     }
    565. 

  565.     if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) {
    566. 

  566.         # ssh daemon supports command line options -t and -f
    567. 

  567.         $err = dump_array($sshdconfig, (@cfgarr, "$option $value"));
    568. 

  568.         if($err) {
    569. 

  569.             logmsg $err;
    570. 

  570.             return 0;
    571. 

  571.         }
    572. 

  572.         $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
    573. 

  573.                     qx("$sshd" -t -f $sshdconfig 2>&1);
    574. 

  574.         unlink $sshdconfig;
    575. 

  575.         return !$err;
    576. 

  576.     }
    577. 

  577.     return 0;
    578. 

  578. }
    579. 

  579. 

  580. 

  581. #***************************************************************************
    582. 

  582. # Kerberos Authentication support may have not been built into sshd
    583. 

  583. #
    584. 

  584. if(sshd_supports_opt('KerberosAuthentication','no')) {
    585. 

  585.     push @cfgarr, 'KerberosAuthentication no';
    586. 

  586. }
    587. 

  587. if(sshd_supports_opt('KerberosGetAFSToken','no')) {
    588. 

  588.     push @cfgarr, 'KerberosGetAFSToken no';
    589. 

  589. }
    590. 

  590. if(sshd_supports_opt('KerberosOrLocalPasswd','no')) {
    591. 

  591.     push @cfgarr, 'KerberosOrLocalPasswd no';
    592. 

  592. }
    593. 

  593. if(sshd_supports_opt('KerberosTgtPassing','no')) {
    594. 

  594.     push @cfgarr, 'KerberosTgtPassing no';
    595. 

  595. }
    596. 

  596. if(sshd_supports_opt('KerberosTicketCleanup','yes')) {
    597. 

  597.     push @cfgarr, 'KerberosTicketCleanup yes';
    598. 

  598. }
    599. 

  599. 

  600. 

  601. #***************************************************************************
    602. 

  602. # Andrew File System support may have not been built into sshd
    603. 

  603. #
    604. 

  604. if(sshd_supports_opt('AFSTokenPassing','no')) {
    605. 

  605.     push @cfgarr, 'AFSTokenPassing no';
    606. 

  606. }
    607. 

  607. 

  608. 

  609. #***************************************************************************
    610. 

  610. # S/Key authentication support may have not been built into sshd
    611. 

  611. #
    612. 

  612. if(sshd_supports_opt('SkeyAuthentication','no')) {
    613. 

  613.     push @cfgarr, 'SkeyAuthentication no';
    614. 

  614. }
    615. 

  615. 

  616. 

  617. #***************************************************************************
    618. 

  618. # GSSAPI Authentication support may have not been built into sshd
    619. 

  619. #
    620. 

  620. my $sshd_builtwith_GSSAPI;
    621. 

  621. if(sshd_supports_opt('GSSAPIAuthentication','no')) {
    622. 

  622.     push @cfgarr, 'GSSAPIAuthentication no';
    623. 

  623.     $sshd_builtwith_GSSAPI = 1;
    624. 

  624. }
    625. 

  625. if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) {
    626. 

  626.     push @cfgarr, 'GSSAPICleanupCredentials yes';
    627. 

  627. }
    628. 

  628. if(sshd_supports_opt('GSSAPIKeyExchange','no')) {
    629. 

  629.     push @cfgarr, 'GSSAPIKeyExchange no';
    630. 

  630. }
    631. 

  631. if(sshd_supports_opt('GSSAPIStoreDelegatedCredentials','no')) {
    632. 

  632.     push @cfgarr, 'GSSAPIStoreDelegatedCredentials no';
    633. 

  633. }
    634. 

  634. if(sshd_supports_opt('GSSCleanupCreds','yes')) {
    635. 

  635.     push @cfgarr, 'GSSCleanupCreds yes';
    636. 

  636. }
    637. 

  637. if(sshd_supports_opt('GSSUseSessionCredCache','no')) {
    638. 

  638.     push @cfgarr, 'GSSUseSessionCredCache no';
    639. 

  639. }
    640. 

  640. push @cfgarr, '#';
    641. 

  641. 

  642. 

  643. #***************************************************************************
    644. 

  644. # Options that might be supported or not in sshd OpenSSH 2.9.9 and later
    645. 

  645. #
    646. 

  646. if(sshd_supports_opt('AcceptEnv','')) {
    647. 

  647.     push @cfgarr, 'AcceptEnv';
    648. 

  648. }
    649. 

  649. if(sshd_supports_opt('AddressFamily','any')) {
    650. 

  650.     # Address family must be specified before ListenAddress
    651. 

  651.     splice @cfgarr, 14, 0, 'AddressFamily any';
    652. 

  652. }
    653. 

  653. if(sshd_supports_opt('Compression','no')) {
    654. 

  654.     push @cfgarr, 'Compression no';
    655. 

  655. }
    656. 

  656. if(sshd_supports_opt('KbdInteractiveAuthentication','no')) {
    657. 

  657.     push @cfgarr, 'KbdInteractiveAuthentication no';
    658. 

  658. }
    659. 

  659. if(sshd_supports_opt('KeepAlive','no')) {
    660. 

  660.     push @cfgarr, 'KeepAlive no';
    661. 

  661. }
    662. 

  662. if(sshd_supports_opt('LookupClientHostnames','no')) {
    663. 

  663.     push @cfgarr, 'LookupClientHostnames no';
    664. 

  664. }
    665. 

  665. if(sshd_supports_opt('MaxAuthTries','10')) {
    666. 

  666.     push @cfgarr, 'MaxAuthTries 10';
    667. 

  667. }
    668. 

  668. if(sshd_supports_opt('PAMAuthenticationViaKbdInt','no')) {
    669. 

  669.     push @cfgarr, 'PAMAuthenticationViaKbdInt no';
    670. 

  670. }
    671. 

  671. if(sshd_supports_opt('PermitTunnel','no')) {
    672. 

  672.     push @cfgarr, 'PermitTunnel no';
    673. 

  673. }
    674. 

  674. if(sshd_supports_opt('PermitUserEnvironment','no')) {
    675. 

  675.     push @cfgarr, 'PermitUserEnvironment no';
    676. 

  676. }
    677. 

  677. if(sshd_supports_opt('RhostsAuthentication','no')) {
    678. 

  678.     push @cfgarr, 'RhostsAuthentication no';
    679. 

  679. }
    680. 

  680. if(sshd_supports_opt('TCPKeepAlive','no')) {
    681. 

  681.     push @cfgarr, 'TCPKeepAlive no';
    682. 

  682. }
    683. 

  683. if(sshd_supports_opt('UseDNS','no')) {
    684. 

  684.     push @cfgarr, 'UseDNS no';
    685. 

  685. }
    686. 

  686. if(sshd_supports_opt('UsePAM','no')) {
    687. 

  687.     push @cfgarr, 'UsePAM no';
    688. 

  688. }
    689. 

  689. 

  690. if($sshdid =~ /OpenSSH/) {
    691. 

  691.     # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415
    692. 

  692.     if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
    693. 

  693.         push @cfgarr, 'UsePrivilegeSeparation no';
    694. 

  694.     }
    695. 

  695. }
    696. 

  696. 

  697. if(sshd_supports_opt('VerifyReverseMapping','no')) {
    698. 

  698.     push @cfgarr, 'VerifyReverseMapping no';
    699. 

  699. }
    700. 

  700. if(sshd_supports_opt('X11UseLocalhost','yes')) {
    701. 

  701.     push @cfgarr, 'X11UseLocalhost yes';
    702. 

  702. }
    703. 

  703. push @cfgarr, '#';
    704. 

  704. 

  705. 

  706. #***************************************************************************
    707. 

  707. # Write out resulting sshd configuration file for curl's tests
    708. 

  708. #
    709. 

  709. $error = dump_array($sshdconfig, @cfgarr);
    710. 

  710. if($error) {
    711. 

  711.     logmsg $error;
    712. 

  712.     exit 1;
    713. 

  713. }
    714. 

  714. 

  715. 

  716. #***************************************************************************
    717. 

  717. # Verify that sshd actually supports our generated configuration file
    718. 

  718. #
    719. 

  719. if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") {
    720. 

  720.     logmsg "sshd configuration file $sshdconfig failed verification";
    721. 

  721.     display_sshdlog();
    722. 

  722.     display_sshdconfig();
    723. 

  723.     exit 1;
    724. 

  724. }
    725. 

  725. 

  726. 

  727. #***************************************************************************
    728. 

  728. # Generate ssh client host key database file for curl's tests
    729. 

  729. #
    730. 

  730. if((! -e $knownhosts) || (! -s $knownhosts)) {
    731. 

  731.     logmsg 'generating ssh client known hosts file...' if($verbose);
    732. 

  732.     unlink($knownhosts);
    733. 

  733.     if(open(RSAKEYFILE, "<$hstpubkeyf")) {
    734. 

  734.         my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
    735. 

  735.         if(close(RSAKEYFILE)) {
    736. 

  736.             if(open(KNOWNHOSTS, ">$knownhosts")) {
    737. 

  737.                 print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n";
    738. 

  738.                 if(!close(KNOWNHOSTS)) {
    739. 

  739.                     $error = "Error: cannot close file $knownhosts";
    740. 

  740.                 }
    741. 

  741.             }
    742. 

  742.             else {
    743. 

  743.                 $error = "Error: cannot write file $knownhosts";
    744. 

  744.             }
    745. 

  745.         }
    746. 

  746.         else {
    747. 

  747.             $error = "Error: cannot close file $hstpubkeyf";
    748. 

  748.         }
    749. 

  749.     }
    750. 

  750.     else {
    751. 

  751.         $error = "Error: cannot read file $hstpubkeyf";
    752. 

  752.     }
    753. 

  753.     if($error) {
    754. 

  754.         logmsg $error;
    755. 

  755.         exit 1;
    756. 

  756.     }
    757. 

  757. }
    758. 

  758. 

  759. 

  760. #***************************************************************************
    761. 

  761. # Convert paths for curl's tests running on Windows using Cygwin OpenSSH
    762. 

  762. #
    763. 

  763. my $identity_config = abs_path("$path/$identity");
    764. 

  764. my $knownhosts_config = abs_path("$path/$knownhosts");
    765. 

  765. 

  766. if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys') {
    767. 

  767.     # Ensure to use MinGW/Cygwin paths
    768. 

  768.     $identity_config = pathhelp::build_sys_abs_path($identity_config);
    769. 

  769.     $knownhosts_config = pathhelp::build_sys_abs_path($knownhosts_config);
    770. 

  770. }
    771. 

  771. 

  772. 

  773. #***************************************************************************
    774. 

  774. #  ssh client configuration file options we might use and version support
    775. 

  775. #
    776. 

  776. #  AddressFamily                     : OpenSSH 3.7.0 and later
    777. 

  777. #  BatchMode                         : OpenSSH 1.2.1 and later
    778. 

  778. #  BindAddress                       : OpenSSH 2.9.9 and later
    779. 

  779. #  ChallengeResponseAuthentication   : OpenSSH 2.5.0 and later
    780. 

  780. #  CheckHostIP                       : OpenSSH 1.2.1 and later
    781. 

  781. #  Cipher                            : OpenSSH 1.2.1 and later [3]
    782. 

  782. #  Ciphers                           : OpenSSH 2.1.0 and later [3]
    783. 

  783. #  ClearAllForwardings               : OpenSSH 2.9.9 and later
    784. 

  784. #  Compression                       : OpenSSH 1.2.1 and later
    785. 

  785. #  CompressionLevel                  : OpenSSH 1.2.1 and later [3]
    786. 

  786. #  ConnectionAttempts                : OpenSSH 1.2.1 and later
    787. 

  787. #  ConnectTimeout                    : OpenSSH 3.7.0 and later
    788. 

  788. #  ControlMaster                     : OpenSSH 3.9.0 and later
    789. 

  789. #  ControlPath                       : OpenSSH 3.9.0 and later
    790. 

  790. #  DisableBanner                     :  SunSSH 1.2.0 and later
    791. 

  791. #  DynamicForward                    : OpenSSH 2.9.0 and later
    792. 

  792. #  EnableSSHKeysign                  : OpenSSH 3.6.0 and later
    793. 

  793. #  EscapeChar                        : OpenSSH 1.2.1 and later [3]
    794. 

  794. #  ExitOnForwardFailure              : OpenSSH 4.4.0 and later
    795. 

  795. #  ForwardAgent                      : OpenSSH 1.2.1 and later
    796. 

  796. #  ForwardX11                        : OpenSSH 1.2.1 and later
    797. 

  797. #  ForwardX11Trusted                 : OpenSSH 3.8.0 and later
    798. 

  798. #  GatewayPorts                      : OpenSSH 1.2.1 and later
    799. 

  799. #  GlobalKnownHostsFile              : OpenSSH 1.2.1 and later
    800. 

  800. #  GSSAPIAuthentication              : OpenSSH 3.7.0 and later [1]
    801. 

  801. #  GSSAPIDelegateCredentials         : OpenSSH 3.7.0 and later [1]
    802. 

  802. #  HashKnownHosts                    : OpenSSH 4.0.0 and later
    803. 

  803. #  Host                              : OpenSSH 1.2.1 and later
    804. 

  804. #  HostbasedAuthentication           : OpenSSH 2.9.0 and later
    805. 

  805. #  HostKeyAlgorithms                 : OpenSSH 2.9.0 and later [3]
    806. 

  806. #  HostKeyAlias                      : OpenSSH 2.5.0 and later [3]
    807. 

  807. #  HostName                          : OpenSSH 1.2.1 and later
    808. 

  808. #  IdentitiesOnly                    : OpenSSH 3.9.0 and later
    809. 

  809. #  IdentityFile                      : OpenSSH 1.2.1 and later
    810. 

  810. #  IgnoreIfUnknown                   :  SunSSH 1.2.0 and later
    811. 

  811. #  KeepAlive                         : OpenSSH 1.2.1 and later
    812. 

  812. #  KbdInteractiveAuthentication      : OpenSSH 2.3.0 and later
    813. 

  813. #  KbdInteractiveDevices             : OpenSSH 2.3.0 and later [3]
    814. 

  814. #  LocalCommand                      : OpenSSH 4.3.0 and later [3]
    815. 

  815. #  LocalForward                      : OpenSSH 1.2.1 and later [3]
    816. 

  816. #  LogLevel                          : OpenSSH 1.2.1 and later
    817. 

  817. #  MACs                              : OpenSSH 2.5.0 and later [3]
    818. 

  818. #  NoHostAuthenticationForLocalhost  : OpenSSH 3.0.0 and later
    819. 

  819. #  NumberOfPasswordPrompts           : OpenSSH 1.2.1 and later
    820. 

  820. #  PasswordAuthentication            : OpenSSH 1.2.1 and later
    821. 

  821. #  PermitLocalCommand                : OpenSSH 4.3.0 and later
    822. 

  822. #  Port                              : OpenSSH 1.2.1 and later
    823. 

  823. #  PreferredAuthentications          : OpenSSH 2.5.2 and later
    824. 

  824. #  Protocol                          : OpenSSH 2.1.0 and later
    825. 

  825. #  ProxyCommand                      : OpenSSH 1.2.1 and later [3]
    826. 

  826. #  PubkeyAuthentication              : OpenSSH 2.5.0 and later
    827. 

  827. #  RekeyLimit                        : OpenSSH 3.7.0 and later
    828. 

  828. #  RemoteForward                     : OpenSSH 1.2.1 and later [3]
    829. 

  829. #  RhostsRSAAuthentication           : OpenSSH 1.2.1 and later
    830. 

  830. #  RSAAuthentication                 : OpenSSH 1.2.1 and later
    831. 

  831. #  SendEnv                           : OpenSSH 3.9.0 and later
    832. 

  832. #  ServerAliveCountMax               : OpenSSH 3.8.0 and later
    833. 

  833. #  ServerAliveInterval               : OpenSSH 3.8.0 and later
    834. 

  834. #  SmartcardDevice                   : OpenSSH 2.9.9 and later [1][3]
    835. 

  835. #  StrictHostKeyChecking             : OpenSSH 1.2.1 and later
    836. 

  836. #  TCPKeepAlive                      : OpenSSH 3.8.0 and later
    837. 

  837. #  Tunnel                            : OpenSSH 4.3.0 and later
    838. 

  838. #  TunnelDevice                      : OpenSSH 4.3.0 and later [3]
    839. 

  839. #  UsePAM                            : OpenSSH 3.7.0 and later [1][2][3]
    840. 

  840. #  UsePrivilegedPort                 : OpenSSH 1.2.1 and later
    841. 

  841. #  User                              : OpenSSH 1.2.1 and later
    842. 

  842. #  UserKnownHostsFile                : OpenSSH 1.2.1 and later
    843. 

  843. #  VerifyHostKeyDNS                  : OpenSSH 3.8.0 and later
    844. 

  844. #  XAuthLocation                     : OpenSSH 2.1.1 and later [3]
    845. 

  845. #
    846. 

  846. #  [1] Option only available if activated at compile time
    847. 

  847. #  [2] Option specific for portable versions
    848. 

  848. #  [3] Option not used in our ssh client config file
    849. 

  849. 

  850. 

  851. #***************************************************************************
    852. 

  852. # Initialize ssh config with options actually supported in OpenSSH 2.9.9
    853. 

  853. #
    854. 

  854. logmsg 'generating ssh client config file...' if($verbose);
    855. 

  855. @cfgarr = ();
    856. 

  856. push @cfgarr, '# This is a generated file.  Do not edit.';
    857. 

  857. push @cfgarr, "# $sshverstr ssh client configuration file for curl testing";
    858. 

  858. push @cfgarr, '#';
    859. 

  859. push @cfgarr, 'Host *';
    860. 

  860. push @cfgarr, '#';
    861. 

  861. push @cfgarr, "Port $port";
    862. 

  862. push @cfgarr, "HostName $listenaddr";
    863. 

  863. push @cfgarr, "User $username";
    864. 

  864. push @cfgarr, 'Protocol 2';
    865. 

  865. push @cfgarr, '#';
    866. 

  866. push @cfgarr, "BindAddress $listenaddr";
    867. 

  867. push @cfgarr, "DynamicForward $socksport";
    868. 

  868. push @cfgarr, '#';
    869. 

  869. push @cfgarr, "IdentityFile $identity_config";
    870. 

  870. push @cfgarr, "UserKnownHostsFile $knownhosts_config";
    871. 

  871. push @cfgarr, '#';
    872. 

  872. push @cfgarr, 'BatchMode yes';
    873. 

  873. push @cfgarr, 'ChallengeResponseAuthentication no';
    874. 

  874. push @cfgarr, 'CheckHostIP no';
    875. 

  875. push @cfgarr, 'ClearAllForwardings no';
    876. 

  876. push @cfgarr, 'Compression no';
    877. 

  877. push @cfgarr, 'ConnectionAttempts 3';
    878. 

  878. push @cfgarr, 'ForwardAgent no';
    879. 

  879. push @cfgarr, 'ForwardX11 no';
    880. 

  880. push @cfgarr, 'GatewayPorts no';
    881. 

  881. push @cfgarr, 'GlobalKnownHostsFile /dev/null';
    882. 

  882. push @cfgarr, 'HostbasedAuthentication no';
    883. 

  883. push @cfgarr, 'KbdInteractiveAuthentication no';
    884. 

  884. push @cfgarr, "LogLevel $loglevel";
    885. 

  885. push @cfgarr, 'NumberOfPasswordPrompts 0';
    886. 

  886. push @cfgarr, 'PasswordAuthentication no';
    887. 

  887. push @cfgarr, 'PreferredAuthentications publickey';
    888. 

  888. push @cfgarr, 'PubkeyAuthentication yes';
    889. 

  889. push @cfgarr, 'RhostsRSAAuthentication no';
    890. 

  890. push @cfgarr, 'RSAAuthentication no';
    891. 

  891. 

  892. # Disabled StrictHostKeyChecking since it makes the tests fail on my
    893. 

  893. # OpenSSH_6.0p1 on Debian Linux / Daniel
    894. 

  894. push @cfgarr, 'StrictHostKeyChecking no';
    895. 

  895. push @cfgarr, 'UsePrivilegedPort no';
    896. 

  896. push @cfgarr, '#';
    897. 

  897. 

  898. 

  899. #***************************************************************************
    900. 

  900. # Options supported in ssh client newer than OpenSSH 2.9.9
    901. 

  901. #
    902. 

  902. 

  903. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) {
    904. 

  904.     push @cfgarr, 'AddressFamily any';
    905. 

  905. }
    906. 

  906. 

  907. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
    908. 

  908.    (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
    909. 

  909.     push @cfgarr, 'ConnectTimeout 30';
    910. 

  910. }
    911. 

  911. 

  912. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
    913. 

  913.     push @cfgarr, 'ControlMaster no';
    914. 

  914. }
    915. 

  915. 

  916. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) {
    917. 

  917.     push @cfgarr, 'ControlPath none';
    918. 

  918. }
    919. 

  919. 

  920. if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
    921. 

  921.     push @cfgarr, 'DisableBanner yes';
    922. 

  922. }
    923. 

  923. 

  924. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) {
    925. 

  925.     push @cfgarr, 'EnableSSHKeysign no';
    926. 

  926. }
    927. 

  927. 

  928. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) {
    929. 

  929.     push @cfgarr, 'ExitOnForwardFailure yes';
    930. 

  930. }
    931. 

  931. 

  932. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
    933. 

  933.    (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
    934. 

  934.     push @cfgarr, 'ForwardX11Trusted no';
    935. 

  935. }
    936. 

  936. 

  937. if(($sshd_builtwith_GSSAPI) && ($sshdid eq $sshid) &&
    938. 

  938.    ($sshdvernum == $sshvernum)) {
    939. 

  939.     push @cfgarr, 'GSSAPIAuthentication no';
    940. 

  940.     push @cfgarr, 'GSSAPIDelegateCredentials no';
    941. 

  941.     if($sshid =~ /SunSSH/) {
    942. 

  942.         push @cfgarr, 'GSSAPIKeyExchange no';
    943. 

  943.     }
    944. 

  944. }
    945. 

  945. 

  946. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) ||
    947. 

  947.    (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
    948. 

  948.     push @cfgarr, 'HashKnownHosts no';
    949. 

  949. }
    950. 

  950. 

  951. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
    952. 

  952.     push @cfgarr, 'IdentitiesOnly yes';
    953. 

  953. }
    954. 

  954. 

  955. if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
    956. 

  956.     push @cfgarr, 'IgnoreIfUnknown no';
    957. 

  957. }
    958. 

  958. 

  959. if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) ||
    960. 

  960.     ($sshid =~ /SunSSH/)) {
    961. 

  961.     push @cfgarr, 'KeepAlive no';
    962. 

  962. }
    963. 

  963. 

  964. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) ||
    965. 

  965.     ($sshid =~ /SunSSH/)) {
    966. 

  966.     push @cfgarr, 'NoHostAuthenticationForLocalhost no';
    967. 

  967. }
    968. 

  968. 

  969. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
    970. 

  970.     push @cfgarr, 'PermitLocalCommand no';
    971. 

  971. }
    972. 

  972. 

  973. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
    974. 

  974.    (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
    975. 

  975.     push @cfgarr, 'RekeyLimit 1G';
    976. 

  976. }
    977. 

  977. 

  978. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
    979. 

  979.     push @cfgarr, 'SendEnv';
    980. 

  980. }
    981. 

  981. 

  982. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
    983. 

  983.    (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
    984. 

  984.     push @cfgarr, 'ServerAliveCountMax 3';
    985. 

  985.     push @cfgarr, 'ServerAliveInterval 0';
    986. 

  986. }
    987. 

  987. 

  988. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
    989. 

  989.     push @cfgarr, 'TCPKeepAlive no';
    990. 

  990. }
    991. 

  991. 

  992. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
    993. 

  993.     push @cfgarr, 'Tunnel no';
    994. 

  994. }
    995. 

  995. 

  996. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
    997. 

  997.     push @cfgarr, 'VerifyHostKeyDNS no';
    998. 

  998. }
    999. 

  999. 

  1000. push @cfgarr, '#';
    1001. 

  1001. 

  1002. 

  1003. #***************************************************************************
    1004. 

  1004. # Write out resulting ssh client configuration file for curl's tests
    1005. 

  1005. #
    1006. 

  1006. $error = dump_array($sshconfig, @cfgarr);
    1007. 

  1007. if($error) {
    1008. 

  1008.     logmsg $error;
    1009. 

  1009.     exit 1;
    1010. 

  1010. }
    1011. 

  1011. 

  1012. 

  1013. #***************************************************************************
    1014. 

  1014. # Initialize client sftp config with options actually supported.
    1015. 

  1015. #
    1016. 

  1016. logmsg 'generating sftp client config file...' if($verbose);
    1017. 

  1017. splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing";
    1018. 

  1018. #
    1019. 

  1019. for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) {
    1020. 

  1020.     if($cfgarr[$i] =~ /^DynamicForward/) {
    1021. 

  1021.         splice @cfgarr, $i, 1;
    1022. 

  1022.         next;
    1023. 

  1023.     }
    1024. 

  1024.     if($cfgarr[$i] =~ /^ClearAllForwardings/) {
    1025. 

  1025.         splice @cfgarr, $i, 1, "ClearAllForwardings yes";
    1026. 

  1026.         next;
    1027. 

  1027.     }
    1028. 

  1028. }
    1029. 

  1029. 

  1030. 

  1031. #***************************************************************************
    1032. 

  1032. # Write out resulting sftp client configuration file for curl's tests
    1033. 

  1033. #
    1034. 

  1034. $error = dump_array($sftpconfig, @cfgarr);
    1035. 

  1035. if($error) {
    1036. 

  1036.     logmsg $error;
    1037. 

  1037.     exit 1;
    1038. 

  1038. }
    1039. 

  1039. @cfgarr = ();
    1040. 

  1040. 

  1041. 

  1042. #***************************************************************************
    1043. 

  1043. # Generate client sftp commands batch file for sftp server verification
    1044. 

  1044. #
    1045. 

  1045. logmsg 'generating sftp client commands file...' if($verbose);
    1046. 

  1046. push @cfgarr, 'pwd';
    1047. 

  1047. push @cfgarr, 'quit';
    1048. 

  1048. $error = dump_array($sftpcmds, @cfgarr);
    1049. 

  1049. if($error) {
    1050. 

  1050.     logmsg $error;
    1051. 

  1051.     exit 1;
    1052. 

  1052. }
    1053. 

  1053. @cfgarr = ();
    1054. 

  1054. 

  1055. 

  1056. #***************************************************************************
    1057. 

  1057. # Start the ssh server daemon without forking it
    1058. 

  1058. #
    1059. 

  1059. logmsg "SCP/SFTP server listening on port $port" if($verbose);
    1060. 

  1060. my $rc = system "\"$sshd\" -e -D -f $sshdconfig > $sshdlog 2>&1";
    1061. 

  1061. if($rc == -1) {
    1062. 

  1062.     logmsg "\"$sshd\" failed with: $!";
    1063. 

  1063. }
    1064. 

  1064. elsif($rc & 127) {
    1065. 

  1065.     logmsg sprintf("\"$sshd\" died with signal %d, and %s coredump",
    1066. 

  1066.                    ($rc & 127), ($rc & 128)?'a':'no');
    1067. 

  1067. }
    1068. 

  1068. elsif($verbose && ($rc >> 8)) {
    1069. 

  1069.     logmsg sprintf("\"$sshd\" exited with %d", $rc >> 8);
    1070. 

  1070. }
    1071. 

  1071. 

  1072. 

  1073. #***************************************************************************
    1074. 

  1074. # Clean up once the server has stopped
    1075. 

  1075. #
    1076. 

  1076. unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts);
    1077. 

  1077. unlink($sshdconfig, $sshconfig, $sftpconfig);
    1078. 

  1078. 

  1079. 

  1080. exit 0;
    1081.