17c477526SPhilippe Mathieu-Daudé#!/usr/bin/env python3 29dd003a9SVladimir Sementsov-Ogievskiy# group: rw 356ea7450SKevin Wolf# 456ea7450SKevin Wolf# Test ssh image creation 556ea7450SKevin Wolf# 656ea7450SKevin Wolf# Copyright (C) 2018 Red Hat, Inc. 756ea7450SKevin Wolf# 800af1935SKevin Wolf# Creator/Owner: Kevin Wolf <kwolf@redhat.com> 900af1935SKevin Wolf# 1056ea7450SKevin Wolf# This program is free software; you can redistribute it and/or modify 1156ea7450SKevin Wolf# it under the terms of the GNU General Public License as published by 1256ea7450SKevin Wolf# the Free Software Foundation; either version 2 of the License, or 1356ea7450SKevin Wolf# (at your option) any later version. 1456ea7450SKevin Wolf# 1556ea7450SKevin Wolf# This program is distributed in the hope that it will be useful, 1656ea7450SKevin Wolf# but WITHOUT ANY WARRANTY; without even the implied warranty of 1756ea7450SKevin Wolf# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1856ea7450SKevin Wolf# GNU General Public License for more details. 1956ea7450SKevin Wolf# 2056ea7450SKevin Wolf# You should have received a copy of the GNU General Public License 2156ea7450SKevin Wolf# along with this program. If not, see <http://www.gnu.org/licenses/>. 2256ea7450SKevin Wolf# 2356ea7450SKevin Wolf 2400af1935SKevin Wolfimport iotests 2500af1935SKevin Wolfimport subprocess 2600af1935SKevin Wolfimport re 2756ea7450SKevin Wolf 287d814059SJohn Snowiotests.script_initialize( 297d814059SJohn Snow supported_fmts=['raw'], 307d814059SJohn Snow supported_protocols=['ssh'], 317d814059SJohn Snow) 3256ea7450SKevin Wolf 339ac10f2eSMax Reitzdef filter_hash(qmsg): 349ac10f2eSMax Reitz def _filter(key, value): 359ac10f2eSMax Reitz if key == 'hash' and re.match('[0-9a-f]+', value): 369ac10f2eSMax Reitz return 'HASH' 379ac10f2eSMax Reitz return value 389ac10f2eSMax Reitz return iotests.filter_qmp(qmsg, _filter) 3956ea7450SKevin Wolf 4000af1935SKevin Wolfdef blockdev_create(vm, options): 416055cdf3SKevin Wolf vm.blockdev_create(options, filters=[iotests.filter_qmp_testfiles, filter_hash]) 4256ea7450SKevin Wolf 4300af1935SKevin Wolfwith iotests.FilePath('t.img') as disk_path, \ 4400af1935SKevin Wolf iotests.VM() as vm: 4556ea7450SKevin Wolf 4600af1935SKevin Wolf remote_path = iotests.remote_filename(disk_path) 4756ea7450SKevin Wolf 4800af1935SKevin Wolf # 4900af1935SKevin Wolf # Successful image creation (defaults) 5000af1935SKevin Wolf # 5100af1935SKevin Wolf iotests.log("=== Successful image creation (defaults) ===") 5200af1935SKevin Wolf iotests.log("") 5356ea7450SKevin Wolf 5400af1935SKevin Wolf vm.launch() 5500af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 5600af1935SKevin Wolf 'location': { 5700af1935SKevin Wolf 'path': disk_path, 5800af1935SKevin Wolf 'server': { 5900af1935SKevin Wolf 'host': '127.0.0.1', 6000af1935SKevin Wolf 'port': '22' 6156ea7450SKevin Wolf } 6256ea7450SKevin Wolf }, 6300af1935SKevin Wolf 'size': 4194304 }) 6400af1935SKevin Wolf vm.shutdown() 6556ea7450SKevin Wolf 66b8c1f901SMax Reitz iotests.img_info_log(remote_path) 6700af1935SKevin Wolf iotests.log("") 6800af1935SKevin Wolf iotests.img_info_log(disk_path) 6956ea7450SKevin Wolf 7000af1935SKevin Wolf # 7100af1935SKevin Wolf # Test host-key-check options 7200af1935SKevin Wolf # 7300af1935SKevin Wolf iotests.log("=== Test host-key-check options ===") 7400af1935SKevin Wolf iotests.log("") 7556ea7450SKevin Wolf 76*bf783261SDaniel P. Berrangé iotests.log("--- no host key checking --") 77*bf783261SDaniel P. Berrangé iotests.log("") 78*bf783261SDaniel P. Berrangé 7900af1935SKevin Wolf vm.launch() 8000af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 8100af1935SKevin Wolf 'location': { 8200af1935SKevin Wolf 'path': disk_path, 8300af1935SKevin Wolf 'server': { 8400af1935SKevin Wolf 'host': '127.0.0.1', 8500af1935SKevin Wolf 'port': '22' 8656ea7450SKevin Wolf }, 8700af1935SKevin Wolf 'host-key-check': { 8800af1935SKevin Wolf 'mode': 'none' 8956ea7450SKevin Wolf } 9056ea7450SKevin Wolf }, 9100af1935SKevin Wolf 'size': 8388608 }) 9200af1935SKevin Wolf vm.shutdown() 9356ea7450SKevin Wolf 94b8c1f901SMax Reitz iotests.img_info_log(remote_path) 9556ea7450SKevin Wolf 96*bf783261SDaniel P. Berrangé iotests.log("--- known_hosts key checking --") 97*bf783261SDaniel P. Berrangé iotests.log("") 98*bf783261SDaniel P. Berrangé 9900af1935SKevin Wolf vm.launch() 10000af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 10100af1935SKevin Wolf 'location': { 10200af1935SKevin Wolf 'path': disk_path, 10300af1935SKevin Wolf 'server': { 10400af1935SKevin Wolf 'host': '127.0.0.1', 10500af1935SKevin Wolf 'port': '22' 10656ea7450SKevin Wolf }, 10700af1935SKevin Wolf 'host-key-check': { 10800af1935SKevin Wolf 'mode': 'known_hosts' 10956ea7450SKevin Wolf } 11056ea7450SKevin Wolf }, 11100af1935SKevin Wolf 'size': 4194304 }) 11200af1935SKevin Wolf vm.shutdown() 11356ea7450SKevin Wolf 114b8c1f901SMax Reitz iotests.img_info_log(remote_path) 11556ea7450SKevin Wolf 116b10d49d7SPino Toscano keys = subprocess.check_output( 117b10d49d7SPino Toscano 'ssh-keyscan 127.0.0.1 2>/dev/null | grep -v "\\^#" | ' + 118b10d49d7SPino Toscano 'cut -d" " -f3', 119b10d49d7SPino Toscano shell=True).rstrip().decode('ascii').split('\n') 120b10d49d7SPino Toscano 121b10d49d7SPino Toscano # Mappings of base64 representations to digests 122b10d49d7SPino Toscano md5_keys = {} 123b10d49d7SPino Toscano sha1_keys = {} 124*bf783261SDaniel P. Berrangé sha256_keys = {} 125b10d49d7SPino Toscano 126b10d49d7SPino Toscano for key in keys: 127b10d49d7SPino Toscano md5_keys[key] = subprocess.check_output( 128b10d49d7SPino Toscano 'echo %s | base64 -d | md5sum -b | cut -d" " -f1' % key, 129b10d49d7SPino Toscano shell=True).rstrip().decode('ascii') 130b10d49d7SPino Toscano 131b10d49d7SPino Toscano sha1_keys[key] = subprocess.check_output( 132b10d49d7SPino Toscano 'echo %s | base64 -d | sha1sum -b | cut -d" " -f1' % key, 1338eb5e674SMax Reitz shell=True).rstrip().decode('ascii') 13456ea7450SKevin Wolf 135*bf783261SDaniel P. Berrangé sha256_keys[key] = subprocess.check_output( 136*bf783261SDaniel P. Berrangé 'echo %s | base64 -d | sha256sum -b | cut -d" " -f1' % key, 137*bf783261SDaniel P. Berrangé shell=True).rstrip().decode('ascii') 138*bf783261SDaniel P. Berrangé 13900af1935SKevin Wolf vm.launch() 140b10d49d7SPino Toscano 141b10d49d7SPino Toscano # Find correct key first 142b10d49d7SPino Toscano matching_key = None 143b10d49d7SPino Toscano for key in keys: 144b10d49d7SPino Toscano result = vm.qmp('blockdev-add', 145b10d49d7SPino Toscano driver='ssh', node_name='node0', path=disk_path, 146b10d49d7SPino Toscano server={ 147b10d49d7SPino Toscano 'host': '127.0.0.1', 148b10d49d7SPino Toscano 'port': '22', 149b10d49d7SPino Toscano }, host_key_check={ 150b10d49d7SPino Toscano 'mode': 'hash', 151b10d49d7SPino Toscano 'type': 'md5', 152b10d49d7SPino Toscano 'hash': md5_keys[key], 153b10d49d7SPino Toscano }) 154b10d49d7SPino Toscano 155b10d49d7SPino Toscano if 'error' not in result: 156b10d49d7SPino Toscano vm.qmp('blockdev-del', node_name='node0') 157b10d49d7SPino Toscano matching_key = key 158b10d49d7SPino Toscano break 159b10d49d7SPino Toscano 160b10d49d7SPino Toscano if matching_key is None: 161b10d49d7SPino Toscano vm.shutdown() 162b10d49d7SPino Toscano iotests.notrun('Did not find a key that fits 127.0.0.1') 163b10d49d7SPino Toscano 164*bf783261SDaniel P. Berrangé iotests.log("--- explicit md5 key checking --") 165*bf783261SDaniel P. Berrangé iotests.log("") 166*bf783261SDaniel P. Berrangé 16700af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 16800af1935SKevin Wolf 'location': { 16900af1935SKevin Wolf 'path': disk_path, 17000af1935SKevin Wolf 'server': { 17100af1935SKevin Wolf 'host': '127.0.0.1', 17200af1935SKevin Wolf 'port': '22' 17356ea7450SKevin Wolf }, 17400af1935SKevin Wolf 'host-key-check': { 17500af1935SKevin Wolf 'mode': 'hash', 17600af1935SKevin Wolf 'type': 'md5', 17700af1935SKevin Wolf 'hash': 'wrong', 17856ea7450SKevin Wolf } 17956ea7450SKevin Wolf }, 18000af1935SKevin Wolf 'size': 2097152 }) 181*bf783261SDaniel P. Berrangé 18200af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 18300af1935SKevin Wolf 'location': { 18400af1935SKevin Wolf 'path': disk_path, 18500af1935SKevin Wolf 'server': { 18600af1935SKevin Wolf 'host': '127.0.0.1', 18700af1935SKevin Wolf 'port': '22' 18856ea7450SKevin Wolf }, 18900af1935SKevin Wolf 'host-key-check': { 19000af1935SKevin Wolf 'mode': 'hash', 19100af1935SKevin Wolf 'type': 'md5', 192b10d49d7SPino Toscano 'hash': md5_keys[matching_key], 19356ea7450SKevin Wolf } 19456ea7450SKevin Wolf }, 19500af1935SKevin Wolf 'size': 8388608 }) 19600af1935SKevin Wolf vm.shutdown() 19756ea7450SKevin Wolf 198b8c1f901SMax Reitz iotests.img_info_log(remote_path) 19956ea7450SKevin Wolf 200*bf783261SDaniel P. Berrangé iotests.log("--- explicit sha1 key checking --") 201*bf783261SDaniel P. Berrangé iotests.log("") 202*bf783261SDaniel P. Berrangé 20300af1935SKevin Wolf vm.launch() 20400af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 20500af1935SKevin Wolf 'location': { 20600af1935SKevin Wolf 'path': disk_path, 20700af1935SKevin Wolf 'server': { 20800af1935SKevin Wolf 'host': '127.0.0.1', 20900af1935SKevin Wolf 'port': '22' 21056ea7450SKevin Wolf }, 21100af1935SKevin Wolf 'host-key-check': { 21200af1935SKevin Wolf 'mode': 'hash', 21300af1935SKevin Wolf 'type': 'sha1', 21400af1935SKevin Wolf 'hash': 'wrong', 21556ea7450SKevin Wolf } 21656ea7450SKevin Wolf }, 21700af1935SKevin Wolf 'size': 2097152 }) 21800af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 21900af1935SKevin Wolf 'location': { 22000af1935SKevin Wolf 'path': disk_path, 22100af1935SKevin Wolf 'server': { 22200af1935SKevin Wolf 'host': '127.0.0.1', 22300af1935SKevin Wolf 'port': '22' 22456ea7450SKevin Wolf }, 22500af1935SKevin Wolf 'host-key-check': { 22600af1935SKevin Wolf 'mode': 'hash', 22700af1935SKevin Wolf 'type': 'sha1', 228b10d49d7SPino Toscano 'hash': sha1_keys[matching_key], 22956ea7450SKevin Wolf } 23056ea7450SKevin Wolf }, 23100af1935SKevin Wolf 'size': 4194304 }) 23200af1935SKevin Wolf vm.shutdown() 23356ea7450SKevin Wolf 234b8c1f901SMax Reitz iotests.img_info_log(remote_path) 23556ea7450SKevin Wolf 236*bf783261SDaniel P. Berrangé iotests.log("--- explicit sha256 key checking --") 237*bf783261SDaniel P. Berrangé iotests.log("") 238*bf783261SDaniel P. Berrangé 239*bf783261SDaniel P. Berrangé vm.launch() 240*bf783261SDaniel P. Berrangé blockdev_create(vm, { 'driver': 'ssh', 241*bf783261SDaniel P. Berrangé 'location': { 242*bf783261SDaniel P. Berrangé 'path': disk_path, 243*bf783261SDaniel P. Berrangé 'server': { 244*bf783261SDaniel P. Berrangé 'host': '127.0.0.1', 245*bf783261SDaniel P. Berrangé 'port': '22' 246*bf783261SDaniel P. Berrangé }, 247*bf783261SDaniel P. Berrangé 'host-key-check': { 248*bf783261SDaniel P. Berrangé 'mode': 'hash', 249*bf783261SDaniel P. Berrangé 'type': 'sha256', 250*bf783261SDaniel P. Berrangé 'hash': 'wrong', 251*bf783261SDaniel P. Berrangé } 252*bf783261SDaniel P. Berrangé }, 253*bf783261SDaniel P. Berrangé 'size': 2097152 }) 254*bf783261SDaniel P. Berrangé blockdev_create(vm, { 'driver': 'ssh', 255*bf783261SDaniel P. Berrangé 'location': { 256*bf783261SDaniel P. Berrangé 'path': disk_path, 257*bf783261SDaniel P. Berrangé 'server': { 258*bf783261SDaniel P. Berrangé 'host': '127.0.0.1', 259*bf783261SDaniel P. Berrangé 'port': '22' 260*bf783261SDaniel P. Berrangé }, 261*bf783261SDaniel P. Berrangé 'host-key-check': { 262*bf783261SDaniel P. Berrangé 'mode': 'hash', 263*bf783261SDaniel P. Berrangé 'type': 'sha256', 264*bf783261SDaniel P. Berrangé 'hash': sha256_keys[matching_key], 265*bf783261SDaniel P. Berrangé } 266*bf783261SDaniel P. Berrangé }, 267*bf783261SDaniel P. Berrangé 'size': 4194304 }) 268*bf783261SDaniel P. Berrangé vm.shutdown() 269*bf783261SDaniel P. Berrangé 270*bf783261SDaniel P. Berrangé iotests.img_info_log(remote_path) 271*bf783261SDaniel P. Berrangé 27200af1935SKevin Wolf # 27300af1935SKevin Wolf # Invalid path and user 27400af1935SKevin Wolf # 27500af1935SKevin Wolf iotests.log("=== Invalid path and user ===") 27600af1935SKevin Wolf iotests.log("") 27756ea7450SKevin Wolf 27800af1935SKevin Wolf vm.launch() 27900af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 28000af1935SKevin Wolf 'location': { 28100af1935SKevin Wolf 'path': '/this/is/not/an/existing/path', 28200af1935SKevin Wolf 'server': { 28300af1935SKevin Wolf 'host': '127.0.0.1', 28400af1935SKevin Wolf 'port': '22' 28500af1935SKevin Wolf }, 28600af1935SKevin Wolf 'host-key-check': { 28700af1935SKevin Wolf 'mode': 'none' 28856ea7450SKevin Wolf } 28956ea7450SKevin Wolf }, 29000af1935SKevin Wolf 'size': 4194304 }) 29100af1935SKevin Wolf blockdev_create(vm, { 'driver': 'ssh', 29200af1935SKevin Wolf 'location': { 29300af1935SKevin Wolf 'path': disk_path, 29400af1935SKevin Wolf 'user': 'invalid user', 29500af1935SKevin Wolf 'server': { 29600af1935SKevin Wolf 'host': '127.0.0.1', 29700af1935SKevin Wolf 'port': '22' 29800af1935SKevin Wolf }, 29900af1935SKevin Wolf 'host-key-check': { 30000af1935SKevin Wolf 'mode': 'none' 30156ea7450SKevin Wolf } 30256ea7450SKevin Wolf }, 30300af1935SKevin Wolf 'size': 4194304 }) 30400af1935SKevin Wolf vm.shutdown() 305