1*d8f5b04cSrillig# $NetBSD: t_tcpip.sh,v 1.24 2024/04/28 07:27:41 rillig Exp $ 2fbc821a0Spooka# 3fbc821a0Spooka# Copyright (c) 2011 The NetBSD Foundation, Inc. 4fbc821a0Spooka# All rights reserved. 5fbc821a0Spooka# 6fbc821a0Spooka# Redistribution and use in source and binary forms, with or without 7fbc821a0Spooka# modification, are permitted provided that the following conditions 8fbc821a0Spooka# are met: 9fbc821a0Spooka# 1. Redistributions of source code must retain the above copyright 10fbc821a0Spooka# notice, this list of conditions and the following disclaimer. 11fbc821a0Spooka# 2. Redistributions in binary form must reproduce the above copyright 12fbc821a0Spooka# notice, this list of conditions and the following disclaimer in the 13fbc821a0Spooka# documentation and/or other materials provided with the distribution. 14fbc821a0Spooka# 15fbc821a0Spooka# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16fbc821a0Spooka# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17fbc821a0Spooka# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18fbc821a0Spooka# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19fbc821a0Spooka# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20fbc821a0Spooka# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21fbc821a0Spooka# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22fbc821a0Spooka# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23fbc821a0Spooka# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24fbc821a0Spooka# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25fbc821a0Spooka# POSSIBILITY OF SUCH DAMAGE. 26fbc821a0Spooka# 27fbc821a0Spooka 2848e354a3Sbadrumpnetsrv="rump_server -lrumpnet -lrumpnet_net -lrumpnet_netinet" 29fbc821a0Spookaexport RUMP_SERVER=unix://csock 30fbc821a0Spooka 31fbc821a0Spookaatf_test_case http cleanup 32fbc821a0Spookahttp_head() 33fbc821a0Spooka{ 34fbc821a0Spooka atf_set "descr" "Start hijacked httpd and get webpage from it" 35fbc821a0Spooka} 36fbc821a0Spooka 37fbc821a0Spookahttp_body() 38fbc821a0Spooka{ 39fbc821a0Spooka 4048e354a3Sbad atf_check -s exit:0 ${rumpnetsrv} -lrumpnet_netinet6 ${RUMP_SERVER} 41fbc821a0Spooka 42fbc821a0Spooka # start bozo in daemon mode 43e7ac4039Spooka atf_check -s exit:0 env LD_PRELOAD=/usr/lib/librumphijack.so \ 445bd1bce1Sjmmv /usr/libexec/httpd -P ./httpd.pid -b -s $(atf_get_srcdir) 45fbc821a0Spooka 46fbc821a0Spooka atf_check -s exit:0 -o file:"$(atf_get_srcdir)/netstat.expout" \ 47fbc821a0Spooka rump.netstat -a 48fbc821a0Spooka 49fbc821a0Spooka # get the webpage 50fbc821a0Spooka atf_check -s exit:0 env LD_PRELOAD=/usr/lib/librumphijack.so \ 51fbc821a0Spooka $(atf_get_srcdir)/h_netget 127.0.0.1 80 webfile 52fbc821a0Spooka 53fbc821a0Spooka # check that we got what we wanted 54fbc821a0Spooka atf_check -o match:'HTTP/1.0 200 OK' cat webfile 55fbc821a0Spooka atf_check -o match:'Content-Length: 95' cat webfile 56bc007038Sapb blank_line_re="$(printf '^\r$')" # matches a line with only <CR><LF> 57fbc821a0Spooka atf_check -o file:"$(atf_get_srcdir)/index.html" \ 58bc007038Sapb sed -n "1,/${blank_line_re}/!p" webfile 59fbc821a0Spooka} 60fbc821a0Spooka 61fbc821a0Spookahttp_cleanup() 62fbc821a0Spooka{ 635bd1bce1Sjmmv if [ -f httpd.pid ]; then 645bd1bce1Sjmmv kill -9 "$(cat httpd.pid)" 655bd1bce1Sjmmv rm -f httpd.pid 665bd1bce1Sjmmv fi 67e58081aaSjmmv 68e58081aaSjmmv rump.halt 69fbc821a0Spooka} 70fbc821a0Spooka 71e7ac4039Spooka# 72e7ac4039Spooka# Starts a SSH server and sets up the client to access it. 73e7ac4039Spooka# Authentication is allowed and done using an RSA key exclusively, which 74e7ac4039Spooka# is generated on the fly as part of the test case. 75e7ac4039Spooka# XXX: Ideally, all the tests in this test program should be able to share 76e7ac4039Spooka# the generated key, because creating it can be a very slow process on some 77e7ac4039Spooka# machines. 78e7ac4039Spooka# 79e7ac4039Spooka# XXX2: copypasted from jmmv's sshd thingamob in the psshfs test. 80e7ac4039Spooka# ideally code (and keys, like jmmv notes above) could be shared 81e7ac4039Spooka# 82e7ac4039Spookastart_sshd() { 83e7ac4039Spooka echo "Setting up SSH server configuration" 84e7ac4039Spooka sed -e "s,@SRCDIR@,$(atf_get_srcdir),g" -e "s,@WORKDIR@,$(pwd),g" \ 85e7ac4039Spooka $(atf_get_srcdir)/sshd_config.in >sshd_config || \ 86e7ac4039Spooka atf_fail "Failed to create sshd_config" 87e7ac4039Spooka atf_check -s ignore -o empty -e ignore \ 88e7ac4039Spooka cp $(atf_get_srcdir)/ssh_host_key . 89e7ac4039Spooka atf_check -s ignore -o empty -e ignore \ 90e7ac4039Spooka cp $(atf_get_srcdir)/ssh_host_key.pub . 91*d8f5b04cSrillig atf_check -s exit:0 -o empty -e empty chmod 400 ssh_host_key 92*d8f5b04cSrillig atf_check -s exit:0 -o empty -e empty chmod 444 ssh_host_key.pub 93e7ac4039Spooka 94ca1322c5Schristos# Start in debugging mode so we don't have parent<->child privsep stuff 95e7ac4039Spooka env LD_PRELOAD=/usr/lib/librumphijack.so \ 96ca1322c5Schristos /usr/sbin/sshd -d -e -E out -f ./sshd_config & 97ca1322c5Schristos# while [ ! -f sshd.pid ]; do 98ca1322c5Schristos# sleep 0.01 99ca1322c5Schristos# done 100ca1322c5Schristos# echo "SSH server started (pid $(cat sshd.pid))" 101ca1322c5Schristos sleep 1 102e7ac4039Spooka 103e7ac4039Spooka echo "Setting up SSH client configuration" 104*d8f5b04cSrillig atf_check -s exit:0 -o empty -e empty \ 105e7ac4039Spooka ssh-keygen -f ssh_user_key -t rsa -b 1024 -N "" -q 106*d8f5b04cSrillig atf_check -s exit:0 -o empty -e empty \ 107e7ac4039Spooka cp ssh_user_key.pub authorized_keys 108e7ac4039Spooka echo "127.0.0.1,localhost,::1 " \ 109e7ac4039Spooka "$(cat $(atf_get_srcdir)/ssh_host_key.pub)" >known_hosts || \ 110e7ac4039Spooka atf_fail "Failed to create known_hosts" 111*d8f5b04cSrillig atf_check -s exit:0 -o empty -e empty chmod 600 authorized_keys 112e7ac4039Spooka sed -e "s,@SRCDIR@,$(atf_get_srcdir),g" -e "s,@WORKDIR@,$(pwd),g" \ 113e7ac4039Spooka $(atf_get_srcdir)/ssh_config.in >ssh_config || \ 114e7ac4039Spooka atf_fail "Failed to create ssh_config" 115e7ac4039Spooka 116e7ac4039Spooka echo "sshd running" 117e7ac4039Spooka} 118e7ac4039Spooka 119e7ac4039Spookaatf_test_case ssh cleanup 120e7ac4039Spookassh_head() 121e7ac4039Spooka{ 122e7ac4039Spooka atf_set "descr" "Test that hijacked ssh/sshd works" 123e7ac4039Spooka} 124e7ac4039Spooka 125e7ac4039Spookassh_body() 126e7ac4039Spooka{ 127e7ac4039Spooka atf_check -s exit:0 ${rumpnetsrv} ${RUMP_SERVER} 128e7ac4039Spooka # make sure clients die after we nuke the server 1295c6cde8aSpooka export RUMPHIJACK_RETRYCONNECT='die' 130e7ac4039Spooka 131e7ac4039Spooka start_sshd 132e7ac4039Spooka 133e7ac4039Spooka # create some sort of directory for us to "ls" 134e7ac4039Spooka mkdir testdir 135e7ac4039Spooka cd testdir 136e7ac4039Spooka jot 11 | xargs touch 137e7ac4039Spooka jot 11 12 | xargs mkdir 138e7ac4039Spooka cd .. 139e7ac4039Spooka 140ca1322c5Schristos # ignore stderr for now, prints environment in debug mode 141ca1322c5Schristos atf_check -s exit:0 -o save:ssh.out -e ignore \ 142e7ac4039Spooka env LD_PRELOAD=/usr/lib/librumphijack.so \ 1433e3af76eSpooka ssh -T -F ssh_config 127.0.0.1 env BLOCKSIZE=512 \ 1443e3af76eSpooka ls -li $(pwd)/testdir 1453e3af76eSpooka atf_check -s exit:0 -o file:ssh.out env BLOCKSIZE=512 \ 1463e3af76eSpooka ls -li $(pwd)/testdir 147e7ac4039Spooka} 148e7ac4039Spooka 149e7ac4039Spookassh_cleanup() 150e7ac4039Spooka{ 151e7ac4039Spooka rump.halt 1525c6cde8aSpooka # sshd dies due to RUMPHIJACK_RETRYCONNECT=1d6 153e7ac4039Spooka} 154e7ac4039Spooka 1554975925bSpookatest_nfs() 1561bafe88eSpooka{ 1571bafe88eSpooka 1581bafe88eSpooka magicstr='wind in my hair' 1591bafe88eSpooka # create ffs file system we'll be serving from 1601bafe88eSpooka atf_check -s exit:0 -o ignore newfs -F -s 10000 ffs.img 1611bafe88eSpooka 1621bafe88eSpooka # start nfs kernel server. this is a mouthful 1631bafe88eSpooka export RUMP_SERVER=unix://serversock 1644975925bSpooka atf_check -s exit:0 rump_server $* ${RUMP_SERVER} 1651bafe88eSpooka 1661bafe88eSpooka atf_check -s exit:0 rump.ifconfig shmif0 create 1671bafe88eSpooka atf_check -s exit:0 rump.ifconfig shmif0 linkstr shmbus 1681bafe88eSpooka atf_check -s exit:0 rump.ifconfig shmif0 inet 10.1.1.1 1691bafe88eSpooka 1701bafe88eSpooka export RUMPHIJACK_RETRYCONNECT=die 1711bafe88eSpooka export LD_PRELOAD=/usr/lib/librumphijack.so 1721bafe88eSpooka 1731bafe88eSpooka atf_check -s exit:0 mkdir -p /rump/var/run 1741bafe88eSpooka atf_check -s exit:0 mkdir -p /rump/var/db 1751bafe88eSpooka atf_check -s exit:0 touch /rump/var/db/mountdtab 1761bafe88eSpooka atf_check -s exit:0 mkdir /rump/etc 1771bafe88eSpooka atf_check -s exit:0 mkdir /rump/export 1781bafe88eSpooka 1799b4c1721Sjmmv atf_check -s exit:0 -x \ 1801bafe88eSpooka 'echo "/export -noresvport -noresvmnt 10.1.1.100" | \ 1811bafe88eSpooka dd of=/rump/etc/exports 2> /dev/null' 1821bafe88eSpooka 18381255372Spgoyette atf_check -s exit:0 rump.sysctl -q -w kern.module.autoload=1 18481255372Spgoyette 185b3a49969Shannken atf_check -s exit:0 -e ignore env RUMPHIJACK='path=/rump,blanket=/dk' \ 186b3a49969Shannken mount_ffs /dk /rump/export 1879b4c1721Sjmmv atf_check -s exit:0 -x "echo ${magicstr} > /rump/export/im_alive" 1881bafe88eSpooka 1891bafe88eSpooka # start rpcbind. we want /var/run/rpcbind.sock 1901bafe88eSpooka export RUMPHIJACK='blanket=/var/run,socket=all' 1911bafe88eSpooka atf_check -s exit:0 rpcbind 1921bafe88eSpooka 1931bafe88eSpooka # ok, then we want mountd in the similar fashion 1941bafe88eSpooka export RUMPHIJACK='blanket=/var/run:/var/db:/export,socket=all,path=/rump,vfs=all' 1951bafe88eSpooka atf_check -s exit:0 mountd /rump/etc/exports 1961bafe88eSpooka 1971bafe88eSpooka # finally, le nfschuck 1981bafe88eSpooka export RUMPHIJACK='blanket=/var/run,socket=all,vfs=all' 1991cf0fdecSpgoyette atf_check -s exit:0 nfsd 2001bafe88eSpooka 201baaf9cb9Spooka # 2021bafe88eSpooka # now, time for the client server and associated madness. 203baaf9cb9Spooka # 204baaf9cb9Spooka 2051bafe88eSpooka export RUMP_SERVER=unix://clientsock 206baaf9cb9Spooka unset RUMPHIJACK 2071bafe88eSpooka unset LD_PRELOAD 2081bafe88eSpooka 2091bafe88eSpooka # at least the kernel server is easier 21048e354a3Sbad atf_check -s exit:0 rump_server -lrumpvfs -lrumpnet \ 2111bafe88eSpooka -lrumpnet_net -lrumpnet_netinet -lrumpnet_shmif -lrumpfs_nfs\ 2121bafe88eSpooka ${RUMP_SERVER} 2131bafe88eSpooka 2141bafe88eSpooka atf_check -s exit:0 rump.ifconfig shmif0 create 2151bafe88eSpooka atf_check -s exit:0 rump.ifconfig shmif0 linkstr shmbus 2161bafe88eSpooka atf_check -s exit:0 rump.ifconfig shmif0 inet 10.1.1.100 2171bafe88eSpooka 2181bafe88eSpooka export LD_PRELOAD=/usr/lib/librumphijack.so 2191bafe88eSpooka 2201bafe88eSpooka atf_check -s exit:0 mkdir /rump/mnt 2211bafe88eSpooka atf_check -s exit:0 mount_nfs 10.1.1.1:/export /rump/mnt 2221bafe88eSpooka 2231bafe88eSpooka atf_check -s exit:0 -o inline:"${magicstr}\n" cat /rump/mnt/im_alive 2244975925bSpooka atf_check -s exit:0 -o match:'.*im_alive$' ls -l /rump/mnt/im_alive 2254975925bSpooka} 2264975925bSpooka 2274975925bSpooka 2284975925bSpookaatf_test_case nfs cleanup 2294975925bSpookanfs_head() 2304975925bSpooka{ 2314975925bSpooka atf_set "descr" "Test hijacked nfsd and mount_nfs" 23223336793Sriastradh 23323336793Sriastradh # XXX Can probably make this work as nonroot, but need to 23423336793Sriastradh # convince rpcbind running in the rump kernel server that it 23523336793Sriastradh # has uid 0. 23623336793Sriastradh atf_set "require.user" "root" 2374975925bSpooka} 2384975925bSpooka 2394975925bSpookanfs_body() 2404975925bSpooka{ 2414975925bSpooka test_nfs -lrumpvfs -lrumpdev -lrumpnet -lrumpnet_net \ 24248e354a3Sbad -lrumpnet_netinet -lrumpnet_local -lrumpnet_shmif \ 2434975925bSpooka -lrumpdev_disk -lrumpfs_ffs -lrumpfs_nfs -lrumpfs_nfsserver \ 2444975925bSpooka -d key=/dk,hostpath=ffs.img,size=host 2451bafe88eSpooka} 2461bafe88eSpooka 2471bafe88eSpookanfs_cleanup() 2481bafe88eSpooka{ 2491bafe88eSpooka RUMP_SERVER=unix://serversock rump.halt 2> /dev/null 2501bafe88eSpooka RUMP_SERVER=unix://clientsock rump.halt 2> /dev/null 2511bafe88eSpooka : 2521bafe88eSpooka} 2531bafe88eSpooka 2544975925bSpookaatf_test_case nfs_autoload cleanup 2554975925bSpookanfs_autoload_head() 2564975925bSpooka{ 2574975925bSpooka atf_set "descr" "Test hijacked nfsd with autoload from /stand" 25823336793Sriastradh 25923336793Sriastradh # XXX Can probably make this work as nonroot, but need to 26023336793Sriastradh # convince rpcbind running in the rump kernel server that it 26123336793Sriastradh # has uid 0. 26223336793Sriastradh atf_set "require.user" "root" 2634975925bSpooka} 2644975925bSpooka 2654975925bSpookanfs_autoload_body() 2664975925bSpooka{ 2674975925bSpooka [ `uname -m` = "i386" ] || atf_skip "test currently valid only on i386" 26875c69081Sgson atf_expect_fail "PR lib/54184" 2694975925bSpooka test_nfs -lrumpvfs -lrumpdev -lrumpnet -lrumpnet_net \ 27048e354a3Sbad -lrumpnet_netinet -lrumpnet_local -lrumpnet_shmif \ 2714975925bSpooka -lrumpdev_disk -d key=/dk,hostpath=ffs.img,size=host 2724975925bSpooka} 2734975925bSpooka 2744975925bSpookanfs_autoload_cleanup() 2754975925bSpooka{ 2764975925bSpooka nfs_cleanup 2774975925bSpooka} 2781bafe88eSpooka 279fbc821a0Spookaatf_init_test_cases() 280fbc821a0Spooka{ 281fbc821a0Spooka atf_add_test_case http 282e7ac4039Spooka atf_add_test_case ssh 2831bafe88eSpooka atf_add_test_case nfs 2844975925bSpooka atf_add_test_case nfs_autoload 285fbc821a0Spooka} 286