113 lines
4.4 KiB
PHP
113 lines
4.4 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
test('keygen script creates plugin key and direct ssh authorized keys line', function (): void {
|
|
$keyDir = TEST_TMP . '/keys-direct';
|
|
$script = PLUGIN_ROOT . '/scripts/keygen.sh';
|
|
$cmd = sprintf(
|
|
'MAIL_LOGIN_KEY_DIR=%s SERVERNAME=%s SOURCE_IP=%s %s',
|
|
escapeshellarg($keyDir),
|
|
escapeshellarg('h4'),
|
|
escapeshellarg('203.0.113.10'),
|
|
escapeshellarg($script)
|
|
);
|
|
|
|
exec($cmd, $out, $code);
|
|
|
|
assert_same(0, $code, implode("\n", $out));
|
|
assert_true(is_file($keyDir . '/mx1_ed25519'));
|
|
assert_true(is_file($keyDir . '/mx1_ed25519.pub'));
|
|
$output = implode("\n", $out);
|
|
assert_contains('from="203.0.113.10"', $output);
|
|
assert_contains('restrict,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty', $output);
|
|
assert_not_contains('command=', $output);
|
|
assert_contains('KLUCZ PLUGINU mail-autologin DLA SERWERA h4', $output);
|
|
});
|
|
|
|
test('keygen script detects source ip without parameters', function (): void {
|
|
$keyDir = TEST_TMP . '/keys-auto';
|
|
$binDir = TEST_TMP . '/fake-bin';
|
|
mkdir($binDir, 0700, true);
|
|
test_write($binDir . '/ip', "#!/bin/sh\nif [ \"$1 $2 $3\" = 'route get 1.1.1.1' ]; then echo '1.1.1.1 via 203.0.113.1 dev eth0 src 203.0.113.55 uid 0'; exit 0; fi\nexit 1\n");
|
|
chmod($binDir . '/ip', 0755);
|
|
|
|
$script = PLUGIN_ROOT . '/scripts/keygen.sh';
|
|
$cmd = sprintf(
|
|
'PATH=%s:$PATH MAIL_LOGIN_KEY_DIR=%s %s',
|
|
escapeshellarg($binDir),
|
|
escapeshellarg($keyDir),
|
|
escapeshellarg($script)
|
|
);
|
|
|
|
exec($cmd, $out, $code);
|
|
|
|
assert_same(0, $code, implode("\n", $out));
|
|
$output = implode("\n", $out);
|
|
assert_contains('from="203.0.113.55"', $output);
|
|
assert_not_contains('SOURCE_SERVER_PUBLIC_IP', $output);
|
|
});
|
|
|
|
test('keygen script pins mx host key from plugin settings', function (): void {
|
|
$keyDir = TEST_TMP . '/keys-known-hosts';
|
|
$knownHosts = TEST_TMP . '/known-hosts/known_hosts';
|
|
$settings = TEST_TMP . '/plugin-settings.conf';
|
|
$binDir = TEST_TMP . '/fake-scan-bin';
|
|
$hostKey = TEST_TMP . '/mx-host-ed25519';
|
|
mkdir($binDir, 0700, true);
|
|
|
|
exec(sprintf('ssh-keygen -q -t ed25519 -N "" -f %s -C %s', escapeshellarg($hostKey), escapeshellarg('mx1.test')), $keygenOut, $keygenCode);
|
|
assert_same(0, $keygenCode, implode("\n", $keygenOut));
|
|
$pub = trim((string)file_get_contents($hostKey . '.pub'));
|
|
$parts = explode(' ', $pub);
|
|
$knownHostLine = '[mx1.test]:10022 ' . $parts[0] . ' ' . $parts[1];
|
|
|
|
test_write($settings, implode("\n", [
|
|
'MAIL_LOGIN_SSH_HOST=mx1.test',
|
|
'MAIL_LOGIN_SSH_PORT=10022',
|
|
'MAIL_LOGIN_SSH_KNOWN_HOSTS=' . $knownHosts,
|
|
'MAIL_LOGIN_CONNECT_TIMEOUT_SECONDS=5',
|
|
'',
|
|
]));
|
|
test_write($binDir . '/ssh-keyscan', "#!/bin/sh\nif [ \"$1 $2 $3 $4 $5 $6 $7\" = '-T 5 -p 10022 -t ed25519 mx1.test' ]; then cat <<'EOF'\n$knownHostLine\nEOF\nexit 0\nfi\nexit 1\n");
|
|
chmod($binDir . '/ssh-keyscan', 0755);
|
|
|
|
$script = PLUGIN_ROOT . '/scripts/keygen.sh';
|
|
$cmd = sprintf(
|
|
'PATH=%s:$PATH MAIL_LOGIN_SETTINGS_FILE=%s MAIL_LOGIN_KEY_DIR=%s SERVERNAME=%s SOURCE_IP=%s %s',
|
|
escapeshellarg($binDir),
|
|
escapeshellarg($settings),
|
|
escapeshellarg($keyDir),
|
|
escapeshellarg('h4'),
|
|
escapeshellarg('203.0.113.10'),
|
|
escapeshellarg($script)
|
|
);
|
|
|
|
exec($cmd, $out, $code);
|
|
|
|
assert_same(0, $code, implode("\n", $out));
|
|
assert_true(is_file($knownHosts));
|
|
assert_contains('[mx1.test]:10022', file_get_contents($knownHosts) ?: '');
|
|
$output = implode("\n", $out);
|
|
assert_contains('MAIL_LOGIN_SSH_KNOWN_HOSTS=' . $knownHosts, $output);
|
|
assert_contains('Pinned MX host key:', $output);
|
|
});
|
|
|
|
test('keygen script prints helper forced command line when mx login mode is helper', function (): void {
|
|
$keyDir = TEST_TMP . '/keys-helper';
|
|
$script = PLUGIN_ROOT . '/scripts/keygen.sh';
|
|
$cmd = sprintf(
|
|
'MAIL_LOGIN_KEY_DIR=%s MX_LOGIN_MODE=2 SERVERNAME=%s SOURCE_IP=%s %s',
|
|
escapeshellarg($keyDir),
|
|
escapeshellarg('h4'),
|
|
escapeshellarg('203.0.113.10'),
|
|
escapeshellarg($script)
|
|
);
|
|
|
|
exec($cmd, $out, $code);
|
|
|
|
assert_same(0, $code, implode("\n", $out));
|
|
$output = implode("\n", $out);
|
|
assert_contains('command="/usr/local/hitme_plugins/mail-login-helper/bin/create-login-url"', $output);
|
|
assert_contains('KLUCZ PLUGINU mail-autologin DLA SERWERA h4', $output);
|
|
});
|