1 1.26 riastrad # $NetBSD: t_tcpip.sh,v 1.26 2025/04/25 22:51:29 riastradh Exp $ 2 1.1 pooka # 3 1.1 pooka # Copyright (c) 2011 The NetBSD Foundation, Inc. 4 1.1 pooka # All rights reserved. 5 1.1 pooka # 6 1.1 pooka # Redistribution and use in source and binary forms, with or without 7 1.1 pooka # modification, are permitted provided that the following conditions 8 1.1 pooka # are met: 9 1.1 pooka # 1. Redistributions of source code must retain the above copyright 10 1.1 pooka # notice, this list of conditions and the following disclaimer. 11 1.1 pooka # 2. Redistributions in binary form must reproduce the above copyright 12 1.1 pooka # notice, this list of conditions and the following disclaimer in the 13 1.1 pooka # documentation and/or other materials provided with the distribution. 14 1.1 pooka # 15 1.1 pooka # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16 1.1 pooka # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 1.1 pooka # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 1.1 pooka # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 1.1 pooka # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 1.1 pooka # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 1.1 pooka # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 1.1 pooka # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 1.1 pooka # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 1.1 pooka # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 1.1 pooka # POSSIBILITY OF SUCH DAMAGE. 26 1.1 pooka # 27 1.1 pooka 28 1.19 bad rumpnetsrv="rump_server -lrumpnet -lrumpnet_net -lrumpnet_netinet" 29 1.1 pooka export RUMP_SERVER=unix://csock 30 1.1 pooka 31 1.1 pooka atf_test_case http cleanup 32 1.1 pooka http_head() 33 1.1 pooka { 34 1.1 pooka atf_set "descr" "Start hijacked httpd and get webpage from it" 35 1.1 pooka } 36 1.1 pooka 37 1.1 pooka http_body() 38 1.1 pooka { 39 1.1 pooka 40 1.19 bad atf_check -s exit:0 ${rumpnetsrv} -lrumpnet_netinet6 ${RUMP_SERVER} 41 1.1 pooka 42 1.1 pooka # start bozo in daemon mode 43 1.2 pooka atf_check -s exit:0 env LD_PRELOAD=/usr/lib/librumphijack.so \ 44 1.9 jmmv /usr/libexec/httpd -P ./httpd.pid -b -s $(atf_get_srcdir) 45 1.1 pooka 46 1.1 pooka atf_check -s exit:0 -o file:"$(atf_get_srcdir)/netstat.expout" \ 47 1.1 pooka rump.netstat -a 48 1.1 pooka 49 1.1 pooka # get the webpage 50 1.1 pooka atf_check -s exit:0 env LD_PRELOAD=/usr/lib/librumphijack.so \ 51 1.1 pooka $(atf_get_srcdir)/h_netget 127.0.0.1 80 webfile 52 1.1 pooka 53 1.1 pooka # check that we got what we wanted 54 1.1 pooka atf_check -o match:'HTTP/1.0 200 OK' cat webfile 55 1.1 pooka atf_check -o match:'Content-Length: 95' cat webfile 56 1.14 apb blank_line_re="$(printf '^\r$')" # matches a line with only <CR><LF> 57 1.1 pooka atf_check -o file:"$(atf_get_srcdir)/index.html" \ 58 1.14 apb sed -n "1,/${blank_line_re}/!p" webfile 59 1.1 pooka } 60 1.1 pooka 61 1.1 pooka http_cleanup() 62 1.1 pooka { 63 1.9 jmmv if [ -f httpd.pid ]; then 64 1.9 jmmv kill -9 "$(cat httpd.pid)" 65 1.9 jmmv rm -f httpd.pid 66 1.9 jmmv fi 67 1.10 jmmv 68 1.10 jmmv rump.halt 69 1.1 pooka } 70 1.1 pooka 71 1.2 pooka # 72 1.2 pooka # Starts a SSH server and sets up the client to access it. 73 1.2 pooka # Authentication is allowed and done using an RSA key exclusively, which 74 1.2 pooka # is generated on the fly as part of the test case. 75 1.2 pooka # XXX: Ideally, all the tests in this test program should be able to share 76 1.2 pooka # the generated key, because creating it can be a very slow process on some 77 1.2 pooka # machines. 78 1.2 pooka # 79 1.2 pooka # XXX2: copypasted from jmmv's sshd thingamob in the psshfs test. 80 1.2 pooka # ideally code (and keys, like jmmv notes above) could be shared 81 1.2 pooka # 82 1.2 pooka start_sshd() { 83 1.2 pooka echo "Setting up SSH server configuration" 84 1.2 pooka sed -e "s,@SRCDIR@,$(atf_get_srcdir),g" -e "s,@WORKDIR@,$(pwd),g" \ 85 1.2 pooka $(atf_get_srcdir)/sshd_config.in >sshd_config || \ 86 1.2 pooka atf_fail "Failed to create sshd_config" 87 1.2 pooka atf_check -s ignore -o empty -e ignore \ 88 1.2 pooka cp $(atf_get_srcdir)/ssh_host_key . 89 1.2 pooka atf_check -s ignore -o empty -e ignore \ 90 1.2 pooka cp $(atf_get_srcdir)/ssh_host_key.pub . 91 1.24 rillig atf_check -s exit:0 -o empty -e empty chmod 400 ssh_host_key 92 1.24 rillig atf_check -s exit:0 -o empty -e empty chmod 444 ssh_host_key.pub 93 1.2 pooka 94 1.20 christos # Start in debugging mode so we don't have parent<->child privsep stuff 95 1.2 pooka env LD_PRELOAD=/usr/lib/librumphijack.so \ 96 1.26 riastrad /usr/sbin/sshd -d -e -E "$(pwd)/out" -f ./sshd_config & 97 1.20 christos # while [ ! -f sshd.pid ]; do 98 1.20 christos # sleep 0.01 99 1.20 christos # done 100 1.20 christos # echo "SSH server started (pid $(cat sshd.pid))" 101 1.20 christos sleep 1 102 1.2 pooka 103 1.2 pooka echo "Setting up SSH client configuration" 104 1.24 rillig atf_check -s exit:0 -o empty -e empty \ 105 1.2 pooka ssh-keygen -f ssh_user_key -t rsa -b 1024 -N "" -q 106 1.24 rillig atf_check -s exit:0 -o empty -e empty \ 107 1.2 pooka cp ssh_user_key.pub authorized_keys 108 1.2 pooka echo "127.0.0.1,localhost,::1 " \ 109 1.2 pooka "$(cat $(atf_get_srcdir)/ssh_host_key.pub)" >known_hosts || \ 110 1.2 pooka atf_fail "Failed to create known_hosts" 111 1.24 rillig atf_check -s exit:0 -o empty -e empty chmod 600 authorized_keys 112 1.2 pooka sed -e "s,@SRCDIR@,$(atf_get_srcdir),g" -e "s,@WORKDIR@,$(pwd),g" \ 113 1.2 pooka $(atf_get_srcdir)/ssh_config.in >ssh_config || \ 114 1.2 pooka atf_fail "Failed to create ssh_config" 115 1.2 pooka 116 1.2 pooka echo "sshd running" 117 1.2 pooka } 118 1.2 pooka 119 1.2 pooka atf_test_case ssh cleanup 120 1.2 pooka ssh_head() 121 1.2 pooka { 122 1.2 pooka atf_set "descr" "Test that hijacked ssh/sshd works" 123 1.2 pooka } 124 1.2 pooka 125 1.2 pooka ssh_body() 126 1.2 pooka { 127 1.2 pooka atf_check -s exit:0 ${rumpnetsrv} ${RUMP_SERVER} 128 1.2 pooka # make sure clients die after we nuke the server 129 1.5 pooka export RUMPHIJACK_RETRYCONNECT='die' 130 1.2 pooka 131 1.2 pooka start_sshd 132 1.2 pooka 133 1.2 pooka # create some sort of directory for us to "ls" 134 1.2 pooka mkdir testdir 135 1.2 pooka cd testdir 136 1.2 pooka jot 11 | xargs touch 137 1.2 pooka jot 11 12 | xargs mkdir 138 1.2 pooka cd .. 139 1.2 pooka 140 1.25 riastrad # From the PR (https://gnats.NetBSD.org/59278): 141 1.25 riastrad # 142 1.25 riastrad # > The LDAP problem has been fixed, but the new sshd-session 143 1.25 riastrad # > wants to exec sshd-auth with stdin/out the network socket so the 144 1.25 riastrad # > hijack code tries to dup(128, 0) and fails in: 145 1.25 riastrad # > 146 1.25 riastrad # > if (fd_isrump(oldd)) { 147 1.25 riastrad # > int (*op_close)(int) = GETSYSCALL(host, CLOSE); 148 1.25 riastrad # > 149 1.25 riastrad # > /* only allow fd 0-2 for cross-kernel dup */ 150 1.25 riastrad # > if (!(newd >= 0 && newd <= 2 && !fd_isrump(newd))) { 151 1.25 riastrad # > errno = EBADF; <----- 152 1.25 riastrad # > return -1; 153 1.25 riastrad # > } 154 1.25 riastrad # > 155 1.25 riastrad # > The server client portion of the test works without rump... 156 1.25 riastrad # 157 1.25 riastrad atf_expect_fail "PR bin/59278: failing since openssh 10.0 update" 158 1.25 riastrad 159 1.20 christos # ignore stderr for now, prints environment in debug mode 160 1.20 christos atf_check -s exit:0 -o save:ssh.out -e ignore \ 161 1.2 pooka env LD_PRELOAD=/usr/lib/librumphijack.so \ 162 1.4 pooka ssh -T -F ssh_config 127.0.0.1 env BLOCKSIZE=512 \ 163 1.4 pooka ls -li $(pwd)/testdir 164 1.4 pooka atf_check -s exit:0 -o file:ssh.out env BLOCKSIZE=512 \ 165 1.4 pooka ls -li $(pwd)/testdir 166 1.2 pooka } 167 1.2 pooka 168 1.2 pooka ssh_cleanup() 169 1.2 pooka { 170 1.2 pooka rump.halt 171 1.5 pooka # sshd dies due to RUMPHIJACK_RETRYCONNECT=1d6 172 1.2 pooka } 173 1.2 pooka 174 1.8 pooka test_nfs() 175 1.6 pooka { 176 1.6 pooka 177 1.6 pooka magicstr='wind in my hair' 178 1.6 pooka # create ffs file system we'll be serving from 179 1.6 pooka atf_check -s exit:0 -o ignore newfs -F -s 10000 ffs.img 180 1.6 pooka 181 1.6 pooka # start nfs kernel server. this is a mouthful 182 1.6 pooka export RUMP_SERVER=unix://serversock 183 1.8 pooka atf_check -s exit:0 rump_server $* ${RUMP_SERVER} 184 1.6 pooka 185 1.6 pooka atf_check -s exit:0 rump.ifconfig shmif0 create 186 1.6 pooka atf_check -s exit:0 rump.ifconfig shmif0 linkstr shmbus 187 1.6 pooka atf_check -s exit:0 rump.ifconfig shmif0 inet 10.1.1.1 188 1.6 pooka 189 1.6 pooka export RUMPHIJACK_RETRYCONNECT=die 190 1.6 pooka export LD_PRELOAD=/usr/lib/librumphijack.so 191 1.6 pooka 192 1.6 pooka atf_check -s exit:0 mkdir -p /rump/var/run 193 1.6 pooka atf_check -s exit:0 mkdir -p /rump/var/db 194 1.6 pooka atf_check -s exit:0 touch /rump/var/db/mountdtab 195 1.6 pooka atf_check -s exit:0 mkdir /rump/etc 196 1.6 pooka atf_check -s exit:0 mkdir /rump/export 197 1.6 pooka 198 1.11 jmmv atf_check -s exit:0 -x \ 199 1.6 pooka 'echo "/export -noresvport -noresvmnt 10.1.1.100" | \ 200 1.6 pooka dd of=/rump/etc/exports 2> /dev/null' 201 1.6 pooka 202 1.16 pgoyette atf_check -s exit:0 rump.sysctl -q -w kern.module.autoload=1 203 1.16 pgoyette 204 1.22 hannken atf_check -s exit:0 -e ignore env RUMPHIJACK='path=/rump,blanket=/dk' \ 205 1.22 hannken mount_ffs /dk /rump/export 206 1.11 jmmv atf_check -s exit:0 -x "echo ${magicstr} > /rump/export/im_alive" 207 1.6 pooka 208 1.6 pooka # start rpcbind. we want /var/run/rpcbind.sock 209 1.6 pooka export RUMPHIJACK='blanket=/var/run,socket=all' 210 1.6 pooka atf_check -s exit:0 rpcbind 211 1.6 pooka 212 1.6 pooka # ok, then we want mountd in the similar fashion 213 1.6 pooka export RUMPHIJACK='blanket=/var/run:/var/db:/export,socket=all,path=/rump,vfs=all' 214 1.6 pooka atf_check -s exit:0 mountd /rump/etc/exports 215 1.6 pooka 216 1.6 pooka # finally, le nfschuck 217 1.6 pooka export RUMPHIJACK='blanket=/var/run,socket=all,vfs=all' 218 1.12 pgoyette atf_check -s exit:0 nfsd 219 1.6 pooka 220 1.7 pooka # 221 1.6 pooka # now, time for the client server and associated madness. 222 1.7 pooka # 223 1.7 pooka 224 1.6 pooka export RUMP_SERVER=unix://clientsock 225 1.7 pooka unset RUMPHIJACK 226 1.6 pooka unset LD_PRELOAD 227 1.6 pooka 228 1.6 pooka # at least the kernel server is easier 229 1.19 bad atf_check -s exit:0 rump_server -lrumpvfs -lrumpnet \ 230 1.6 pooka -lrumpnet_net -lrumpnet_netinet -lrumpnet_shmif -lrumpfs_nfs\ 231 1.6 pooka ${RUMP_SERVER} 232 1.6 pooka 233 1.6 pooka atf_check -s exit:0 rump.ifconfig shmif0 create 234 1.6 pooka atf_check -s exit:0 rump.ifconfig shmif0 linkstr shmbus 235 1.6 pooka atf_check -s exit:0 rump.ifconfig shmif0 inet 10.1.1.100 236 1.6 pooka 237 1.6 pooka export LD_PRELOAD=/usr/lib/librumphijack.so 238 1.6 pooka 239 1.6 pooka atf_check -s exit:0 mkdir /rump/mnt 240 1.6 pooka atf_check -s exit:0 mount_nfs 10.1.1.1:/export /rump/mnt 241 1.6 pooka 242 1.6 pooka atf_check -s exit:0 -o inline:"${magicstr}\n" cat /rump/mnt/im_alive 243 1.8 pooka atf_check -s exit:0 -o match:'.*im_alive$' ls -l /rump/mnt/im_alive 244 1.8 pooka } 245 1.8 pooka 246 1.8 pooka 247 1.8 pooka atf_test_case nfs cleanup 248 1.8 pooka nfs_head() 249 1.8 pooka { 250 1.8 pooka atf_set "descr" "Test hijacked nfsd and mount_nfs" 251 1.23 riastrad 252 1.23 riastrad # XXX Can probably make this work as nonroot, but need to 253 1.23 riastrad # convince rpcbind running in the rump kernel server that it 254 1.23 riastrad # has uid 0. 255 1.23 riastrad atf_set "require.user" "root" 256 1.8 pooka } 257 1.8 pooka 258 1.8 pooka nfs_body() 259 1.8 pooka { 260 1.8 pooka test_nfs -lrumpvfs -lrumpdev -lrumpnet -lrumpnet_net \ 261 1.19 bad -lrumpnet_netinet -lrumpnet_local -lrumpnet_shmif \ 262 1.8 pooka -lrumpdev_disk -lrumpfs_ffs -lrumpfs_nfs -lrumpfs_nfsserver \ 263 1.8 pooka -d key=/dk,hostpath=ffs.img,size=host 264 1.6 pooka } 265 1.6 pooka 266 1.6 pooka nfs_cleanup() 267 1.6 pooka { 268 1.6 pooka RUMP_SERVER=unix://serversock rump.halt 2> /dev/null 269 1.6 pooka RUMP_SERVER=unix://clientsock rump.halt 2> /dev/null 270 1.6 pooka : 271 1.6 pooka } 272 1.6 pooka 273 1.8 pooka atf_test_case nfs_autoload cleanup 274 1.8 pooka nfs_autoload_head() 275 1.8 pooka { 276 1.8 pooka atf_set "descr" "Test hijacked nfsd with autoload from /stand" 277 1.23 riastrad 278 1.23 riastrad # XXX Can probably make this work as nonroot, but need to 279 1.23 riastrad # convince rpcbind running in the rump kernel server that it 280 1.23 riastrad # has uid 0. 281 1.23 riastrad atf_set "require.user" "root" 282 1.8 pooka } 283 1.8 pooka 284 1.8 pooka nfs_autoload_body() 285 1.8 pooka { 286 1.8 pooka [ `uname -m` = "i386" ] || atf_skip "test currently valid only on i386" 287 1.21 gson atf_expect_fail "PR lib/54184" 288 1.8 pooka test_nfs -lrumpvfs -lrumpdev -lrumpnet -lrumpnet_net \ 289 1.19 bad -lrumpnet_netinet -lrumpnet_local -lrumpnet_shmif \ 290 1.8 pooka -lrumpdev_disk -d key=/dk,hostpath=ffs.img,size=host 291 1.8 pooka } 292 1.8 pooka 293 1.8 pooka nfs_autoload_cleanup() 294 1.8 pooka { 295 1.8 pooka nfs_cleanup 296 1.8 pooka } 297 1.6 pooka 298 1.1 pooka atf_init_test_cases() 299 1.1 pooka { 300 1.1 pooka atf_add_test_case http 301 1.2 pooka atf_add_test_case ssh 302 1.6 pooka atf_add_test_case nfs 303 1.8 pooka atf_add_test_case nfs_autoload 304 1.1 pooka } 305
Indexes created Wed Oct 01 19:09:53 GMT 2025