%% %% %CopyrightBegin% %% %% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in %% compliance with the License. You should have received a copy of the %% Erlang Public License along with this software. If not, it can be %% retrieved online at http://www.erlang.org/. %% %% Software distributed under the License is distributed on an "AS IS" %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See %% the License for the specific language governing rights and limitations %% under the License. %% %% %CopyrightEnd% %% %% -module(ssh_protocol_SUITE). -include_lib("common_test/include/ct.hrl"). -include_lib("kernel/include/inet.hrl"). -include_lib("ssh/src/ssh.hrl"). % ?UINT32, ?BYTE, #ssh{} ... -include_lib("ssh/src/ssh_transport.hrl"). -include_lib("ssh/src/ssh_auth.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). -define(NEWLINE, <<"\r\n">>). -define(REKEY_DATA_TMO, 65000). -define(v(Key, Config), proplists:get_value(Key, Config)). -define(v(Key, Config, Default), proplists:get_value(Key, Config, Default)). %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- suite() -> [{ct_hooks,[ts_install_cth]}, {timetrap,{seconds,40}}]. all() -> [{group,tool_tests}, {group,kex}, {group,service_requests}, {group,authentication}, {group,packet_size_error}, {group,field_size_error} ]. groups() -> [{tool_tests, [], [lib_works_as_client, lib_works_as_server, lib_match, lib_no_match ]}, {packet_size_error, [], [packet_length_too_large, packet_length_too_short]}, {field_size_error, [], [service_name_length_too_large, service_name_length_too_short]}, {kex, [], [no_common_alg_server_disconnects, no_common_alg_client_disconnects, gex_client_init_option_groups, gex_server_gex_limit, gex_client_init_option_groups_moduli_file, gex_client_init_option_groups_file, gex_client_old_request_exact, gex_client_old_request_noexact ]}, {service_requests, [], [bad_service_name, bad_long_service_name, bad_very_long_service_name, empty_service_name, bad_service_name_then_correct ]}, {authentication, [], [client_handles_keyboard_interactive_0_pwds ]} ]. init_per_suite(Config) -> start_std_daemon( setup_dirs( start_apps(Config))). end_per_suite(Config) -> stop_apps(Config). init_per_testcase(no_common_alg_server_disconnects, Config) -> start_std_daemon(Config, [{preferred_algorithms,[{public_key,['ssh-rsa']}]}]); init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; TC == gex_client_init_option_groups_moduli_file ; TC == gex_client_init_option_groups_file ; TC == gex_server_gex_limit ; TC == gex_client_old_request_exact ; TC == gex_client_old_request_noexact -> Opts = case TC of gex_client_init_option_groups -> [{dh_gex_groups, [{2345, 3, 41}]}]; gex_client_init_option_groups_file -> DataDir = proplists:get_value(data_dir, Config), F = filename:join(DataDir, "dh_group_test"), [{dh_gex_groups, {file,F}}]; gex_client_init_option_groups_moduli_file -> DataDir = proplists:get_value(data_dir, Config), F = filename:join(DataDir, "dh_group_test.moduli"), [{dh_gex_groups, {ssh_moduli_file,F}}]; _ when TC == gex_server_gex_limit ; TC == gex_client_old_request_exact ; TC == gex_client_old_request_noexact -> [{dh_gex_groups, [{ 500, 3, 17}, {1000, 7, 91}, {3000, 5, 61}]}, {dh_gex_limits,{500,1500}} ]; _ -> [] end, start_std_daemon(Config, [{preferred_algorithms, ssh:default_algorithms()} | Opts]); init_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). end_per_testcase(no_common_alg_server_disconnects, Config) -> stop_std_daemon(Config); end_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; TC == gex_client_init_option_groups_moduli_file ; TC == gex_client_init_option_groups_file ; TC == gex_server_gex_limit ; TC == gex_client_old_request_exact ; TC == gex_client_old_request_noexact -> stop_std_daemon(Config); end_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). %%%-------------------------------------------------------------------- %%% Test Cases -------------------------------------------------------- %%%-------------------------------------------------------------------- %%%-------------------------------------------------------------------- %%% Connect to an erlang server and check that the testlib acts as a client. lib_works_as_client(Config) -> %% Connect and negotiate keys {ok,InitialState} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}] ), {ok,AfterKexState} = connect_and_kex(Config, InitialState), %% Do the authentcation {User,Pwd} = server_user_password(Config), {ok,EndState} = ssh_trpt_test_lib:exec( [{send, #ssh_msg_service_request{name = "ssh-userauth"}}, {match, #ssh_msg_service_accept{name = "ssh-userauth"}, receive_msg}, {send, #ssh_msg_userauth_request{user = User, service = "ssh-connection", method = "password", data = <<?BOOLEAN(?FALSE), ?STRING(unicode:characters_to_binary(Pwd))>> }}, {match, #ssh_msg_userauth_success{_='_'}, receive_msg} ], AfterKexState), %% Disconnect {ok,_} = ssh_trpt_test_lib:exec( [{send, #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "End of the fun", language = "" }}, close_socket ], EndState). %%-------------------------------------------------------------------- %%% Connect an erlang client and check that the testlib can act as a server. lib_works_as_server(Config) -> {User,_Pwd} = server_user_password(Config), %% Create a listening socket as server socket: {ok,InitialState} = ssh_trpt_test_lib:exec(listen), HostPort = ssh_trpt_test_lib:server_host_port(InitialState), %% Start a process handling one connection on the server side: spawn_link( fun() -> {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_messages]}, {accept, [{system_dir, system_dir(Config)}, {user_dir, user_dir(Config)}]}, receive_hello, {send, hello}, {send, ssh_msg_kexinit}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {match, #ssh_msg_kexdh_init{_='_'}, receive_msg}, {send, ssh_msg_kexdh_reply}, {send, #ssh_msg_newkeys{}}, {match, #ssh_msg_newkeys{_='_'}, receive_msg}, {match, #ssh_msg_service_request{name="ssh-userauth"}, receive_msg}, {send, #ssh_msg_service_accept{name="ssh-userauth"}}, {match, #ssh_msg_userauth_request{service="ssh-connection", method="none", user=User, _='_'}, receive_msg}, {send, #ssh_msg_userauth_failure{authentications = "password", partial_success = false}}, {match, #ssh_msg_userauth_request{service="ssh-connection", method="password", user=User, _='_'}, receive_msg}, {send, #ssh_msg_userauth_success{}}, close_socket, print_state ], InitialState) end), %% and finally connect to it with a regular Erlang SSH client: {ok,_} = std_connect(HostPort, Config, [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}] ). %%-------------------------------------------------------------------- %%% Matching lib_match(_Config) -> {ok,_} = ssh_trpt_test_lib:exec([{set_options, [print_ops]}, {match, abc, abc}, {match, '$a', {cde,fgh}}, {match, {cde,fgh}, '$a'}, {match, '_', {cde,fgh}}, {match, [a,'$a',b], [a,{cde,fgh},b]}, {match, [a,'$a'|'$b'], [a,{cde,fgh},b,c]}, {match, '$b', [b,c]} ]). %%-------------------------------------------------------------------- %%% Not matching lib_no_match(_Config) -> case ssh_trpt_test_lib:exec([{set_options, [print_ops]}, {match, '$x', b}, {match, a, '$x'}]) of {ok,_} -> {fail,"Unexpected match"}; {error, {_Op,{expected,a,b},_State}} -> ok end. %%-------------------------------------------------------------------- %%% Algo negotiation fail. This should result in a ssh_msg_disconnect %%% being sent from the server. no_common_alg_server_disconnects(Config) -> {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, {print_messages,detail}]}, {connect, server_host(Config),server_port(Config), [{silently_accept_hosts, true}, {user_dir, user_dir(Config)}, {user_interaction, false}, {preferred_algorithms,[{public_key,['ssh-dss']}]} ]}, receive_hello, {send, hello}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {send, ssh_msg_kexinit}, % with server unsupported 'ssh-dss' ! {match, disconnect(), receive_msg} ] ). %%-------------------------------------------------------------------- %%% Algo negotiation fail. This should result in a ssh_msg_disconnect %%% being sent from the client. no_common_alg_client_disconnects(Config) -> %% Create a listening socket as server socket: {ok,InitialState} = ssh_trpt_test_lib:exec(listen), HostPort = ssh_trpt_test_lib:server_host_port(InitialState), Parent = self(), %% Start a process handling one connection on the server side: Pid = spawn_link( fun() -> Parent ! {result,self(), ssh_trpt_test_lib:exec( [{set_options, [print_ops, {print_messages,detail}]}, {accept, [{system_dir, system_dir(Config)}, {user_dir, user_dir(Config)}]}, receive_hello, {send, hello}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {send, #ssh_msg_kexinit{ % with unsupported "SOME-UNSUPPORTED" cookie = <<80,158,95,51,174,35,73,130,246,141,200,49,180,190,82,234>>, kex_algorithms = ["diffie-hellman-group1-sha1"], server_host_key_algorithms = ["SOME-UNSUPPORTED"], % SIC! encryption_algorithms_client_to_server = ["aes128-ctr"], encryption_algorithms_server_to_client = ["aes128-ctr"], mac_algorithms_client_to_server = ["hmac-sha2-256"], mac_algorithms_server_to_client = ["hmac-sha2-256"], compression_algorithms_client_to_server = ["none"], compression_algorithms_server_to_client = ["none"], languages_client_to_server = [], languages_server_to_client = [], first_kex_packet_follows = false, reserved = 0 }}, {match, disconnect(?SSH_DISCONNECT_KEY_EXCHANGE_FAILED), receive_msg} ], InitialState) } end), %% and finally connect to it with a regular Erlang SSH client %% which of course does not support SOME-UNSUPPORTED as pub key algo: Result = std_connect(HostPort, Config, [{preferred_algorithms,[{public_key,['ssh-dss']}]}]), ct:log("Result of connect is ~p",[Result]), receive {result,Pid,{ok,_}} -> ok; {result,Pid,{error,{Op,ExecResult,S}}} -> ct:log("ERROR!~nOp = ~p~nExecResult = ~p~nState =~n~s", [Op,ExecResult,ssh_trpt_test_lib:format_msg(S)]), {fail, ExecResult}; X -> ct:log("¤¤¤¤¤"), ct:fail(X) after 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%%-------------------------------------------------------------------- gex_client_init_option_groups(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, {3,41}). gex_client_init_option_groups_file(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, {5,61}). gex_client_init_option_groups_moduli_file(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, {5,16#B7}). gex_server_gex_limit(Config) -> do_gex_client_init(Config, {1000, 3000, 4000}, {7,91}). do_gex_client_init(Config, {Min,N,Max}, {G,P}) -> {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, {connect, server_host(Config),server_port(Config), [{silently_accept_hosts, true}, {user_dir, user_dir(Config)}, {user_interaction, false}, {preferred_algorithms,[{kex,['diffie-hellman-group-exchange-sha1']}]} ]}, receive_hello, {send, hello}, {send, ssh_msg_kexinit}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {send, #ssh_msg_kex_dh_gex_request{min = Min, n = N, max = Max}}, {match, #ssh_msg_kex_dh_gex_group{p=P, g=G, _='_'}, receive_msg} ] ). %%%-------------------------------------------------------------------- gex_client_old_request_exact(Config) -> do_gex_client_init_old(Config, 500, {3,17}). gex_client_old_request_noexact(Config) -> do_gex_client_init_old(Config, 800, {7,91}). do_gex_client_init_old(Config, N, {G,P}) -> {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, {connect, server_host(Config),server_port(Config), [{silently_accept_hosts, true}, {user_dir, user_dir(Config)}, {user_interaction, false}, {preferred_algorithms,[{kex,['diffie-hellman-group-exchange-sha1']}]} ]}, receive_hello, {send, hello}, {send, ssh_msg_kexinit}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {send, #ssh_msg_kex_dh_gex_request_old{n = N}}, {match, #ssh_msg_kex_dh_gex_group{p=P, g=G, _='_'}, receive_msg} ] ). %%%-------------------------------------------------------------------- bad_service_name(Config) -> bad_service_name(Config, "kfglkjf"). bad_long_service_name(Config) -> bad_service_name(Config, lists:duplicate(?SSH_MAX_PACKET_SIZE div 2, $a)). bad_very_long_service_name(Config) -> bad_service_name(Config, lists:duplicate(4*?SSH_MAX_PACKET_SIZE, $a)). empty_service_name(Config) -> bad_service_name(Config, ""). bad_service_name_then_correct(Config) -> {ok,InitialState} = connect_and_kex(Config), {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, {send, #ssh_msg_service_request{name = "kdjglkfdjgkldfjglkdfjglkfdjglkj"}}, {send, #ssh_msg_service_request{name = "ssh-connection"}}, {match, disconnect(), receive_msg} ], InitialState). bad_service_name(Config, Name) -> {ok,InitialState} = connect_and_kex(Config), {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, {send, #ssh_msg_service_request{name = Name}}, {match, disconnect(), receive_msg} ], InitialState). %%%-------------------------------------------------------------------- packet_length_too_large(Config) -> bad_packet_length(Config, +4). packet_length_too_short(Config) -> bad_packet_length(Config, -4). bad_packet_length(Config, LengthExcess) -> PacketFun = fun(Msg, Ssh) -> BinMsg = ssh_message:encode(Msg), ssh_transport:pack(BinMsg, Ssh, LengthExcess) end, {ok,InitialState} = connect_and_kex(Config), {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, {send, {special, #ssh_msg_service_request{name="ssh-userauth"}, PacketFun}}, %% Prohibit remote decoder starvation: {send, #ssh_msg_service_request{name="ssh-userauth"}}, {match, disconnect(), receive_msg} ], InitialState). %%%-------------------------------------------------------------------- service_name_length_too_large(Config) -> bad_service_name_length(Config, +4). service_name_length_too_short(Config) -> bad_service_name_length(Config, -4). bad_service_name_length(Config, LengthExcess) -> PacketFun = fun(#ssh_msg_service_request{name=Service}, Ssh) -> BinName = list_to_binary(Service), BinMsg = <<?BYTE(?SSH_MSG_SERVICE_REQUEST), %% A bad string encoding of Service: ?UINT32(size(BinName)+LengthExcess), BinName/binary >>, ssh_transport:pack(BinMsg, Ssh) end, {ok,InitialState} = connect_and_kex(Config), {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, {send, {special, #ssh_msg_service_request{name="ssh-userauth"}, PacketFun} }, %% Prohibit remote decoder starvation: {send, #ssh_msg_service_request{name="ssh-userauth"}}, {match, disconnect(), receive_msg} ], InitialState). %%%-------------------------------------------------------------------- %%% This is due to a fault report (OTP-13255) with OpenSSH-6.6.1 client_handles_keyboard_interactive_0_pwds(Config) -> {User,_Pwd} = server_user_password(Config), %% Create a listening socket as server socket: {ok,InitialState} = ssh_trpt_test_lib:exec(listen), HostPort = ssh_trpt_test_lib:server_host_port(InitialState), %% Start a process handling one connection on the server side: spawn_link( fun() -> {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_messages]}, {accept, [{system_dir, system_dir(Config)}, {user_dir, user_dir(Config)}]}, receive_hello, {send, hello}, {send, ssh_msg_kexinit}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {match, #ssh_msg_kexdh_init{_='_'}, receive_msg}, {send, ssh_msg_kexdh_reply}, {send, #ssh_msg_newkeys{}}, {match, #ssh_msg_newkeys{_='_'}, receive_msg}, {match, #ssh_msg_service_request{name="ssh-userauth"}, receive_msg}, {send, #ssh_msg_service_accept{name="ssh-userauth"}}, {match, #ssh_msg_userauth_request{service="ssh-connection", method="none", user=User, _='_'}, receive_msg}, {send, #ssh_msg_userauth_failure{authentications = "keyboard-interactive", partial_success = false}}, {match, #ssh_msg_userauth_request{service="ssh-connection", method="keyboard-interactive", user=User, _='_'}, receive_msg}, {send, #ssh_msg_userauth_info_request{name = "", instruction = "", language_tag = "", num_prompts = 1, data = <<0,0,0,10,80,97,115,115,119,111,114,100,58,32,0>> }}, {match, #ssh_msg_userauth_info_response{num_responses = 1, _='_'}, receive_msg}, %% the next is strange, but openssh 6.6.1 does this and this is what this testcase is about {send, #ssh_msg_userauth_info_request{name = "", instruction = "", language_tag = "", num_prompts = 0, data = <<>> }}, {match, #ssh_msg_userauth_info_response{num_responses = 0, data = <<>>, _='_'}, receive_msg}, %% Here we know that the tested fault is fixed {send, #ssh_msg_userauth_success{}}, close_socket, print_state ], InitialState) end), %% and finally connect to it with a regular Erlang SSH client: {ok,_} = std_connect(HostPort, Config, [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}] ). %%%================================================================ %%%==== Internal functions ======================================== %%%================================================================ %%%---- init_suite and end_suite --------------------------------------- start_apps(Config) -> catch ssh:stop(), ok = ssh:start(), Config. stop_apps(_Config) -> ssh:stop(). setup_dirs(Config) -> DataDir = proplists:get_value(data_dir, Config), PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_rsa(DataDir, PrivDir), Config. system_dir(Config) -> filename:join(proplists:get_value(priv_dir, Config), system). user_dir(Config) -> proplists:get_value(priv_dir, Config). %%%---------------------------------------------------------------- start_std_daemon(Config) -> start_std_daemon(Config, []). start_std_daemon(Config, ExtraOpts) -> PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), UserPasswords = [{"user1","pwd1"}], Options = [%%{preferred_algorithms,[{public_key,['ssh-rsa']}]}, %% For some test cases {system_dir, system_dir(Config)}, {user_dir, UserDir}, {user_passwords, UserPasswords}, {failfun, fun ssh_test_lib:failfun/2} | ExtraOpts], Ref = {Server, Host, Port} = ssh_test_lib:daemon(Options), ct:log("Std server ~p started at ~p:~p~nOptions=~p",[Server, Host, Port, Options]), [{server,Ref}, {user_passwords, UserPasswords} | Config]. stop_std_daemon(Config) -> ssh:stop_daemon(server_pid(Config)), ct:log("Std server ~p at ~p:~p stopped", [server_pid(Config), server_host(Config), server_port(Config)]), lists:keydelete(server, 1, Config). check_std_daemon_works(Config, Line) -> case std_connect(Config) of {ok,C} -> ct:log("Server ~p:~p ~p is ok at line ~p", [server_host(Config), server_port(Config), server_pid(Config), Line]), ok = ssh:close(C), Config; Error = {error,_} -> ct:fail("Standard server ~p:~p ~p is ill at line ~p: ~p", [server_host(Config), server_port(Config), server_pid(Config), Line, Error]) end. server_pid(Config) -> element(1,?v(server,Config)). server_host(Config) -> element(2,?v(server,Config)). server_port(Config) -> element(3,?v(server,Config)). server_user_password(Config) -> server_user_password(1, Config). server_user_password(N, Config) -> lists:nth(N, ?v(user_passwords,Config)). std_connect(Config) -> std_connect({server_host(Config), server_port(Config)}, Config). std_connect({Host,Port}, Config) -> std_connect({Host,Port}, Config, []). std_connect({Host,Port}, Config, Opts) -> std_connect(Host, Port, Config, Opts). std_connect(Host, Port, Config, Opts) -> {User,Pwd} = server_user_password(Config), ssh:connect(Host, Port, %% Prefere User's Opts to the default opts [O || O = {Tag,_} <- [{user,User},{password,Pwd}, {silently_accept_hosts, true}, {user_dir, user_dir(Config)}, {user_interaction, false}], not lists:keymember(Tag, 1, Opts) ] ++ Opts, 30000). %%%---------------------------------------------------------------- connect_and_kex(Config) -> connect_and_kex(Config, ssh_trpt_test_lib:exec([]) ). connect_and_kex(Config, InitialState) -> ssh_trpt_test_lib:exec( [{connect, server_host(Config),server_port(Config), [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}, {silently_accept_hosts, true}, {user_dir, user_dir(Config)}, {user_interaction, false}]}, receive_hello, {send, hello}, {send, ssh_msg_kexinit}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {send, ssh_msg_kexdh_init}, {match,# ssh_msg_kexdh_reply{_='_'}, receive_msg}, {send, #ssh_msg_newkeys{}}, {match, #ssh_msg_newkeys{_='_'}, receive_msg} ], InitialState). %%%---------------------------------------------------------------- %%% For matching peer disconnection disconnect() -> disconnect('_'). disconnect(Code) -> {'or',[#ssh_msg_disconnect{code = Code, _='_'}, tcp_closed, {tcp_error,econnaborted} ]}.