From f82bd1c6327a0ab418a95aa15be2508ca2740a32 Mon Sep 17 00:00:00 2001 From: dtucker Date: Wed, 1 Mar 2023 09:29:32 +0000 Subject: [PATCH] Rework logging for the regression tests. Previously we would log to ssh.log and sshd.log, but that is insufficient for tests that have more than one concurent ssh/sshd. Instead, we'll log to separate datestamped files in a $OBJ/log/ and leave a symlink at the previous location pointing at the most recent instance with an entry in regress.log showing which files were created at each point. This should be sufficient to reconstruct what happened even for tests that use multiple instances of each program. If the test fails, tar up all of the logs for later analysis. This will let us also capture the output from some of the other tools which was previously sent to /dev/null although most of those will be in future commits. --- regress/usr.bin/ssh/Makefile | 9 ++- regress/usr.bin/ssh/agent-restrict.sh | 6 +- regress/usr.bin/ssh/agent.sh | 4 +- regress/usr.bin/ssh/integrity.sh | 4 +- regress/usr.bin/ssh/multiplex.sh | 4 +- regress/usr.bin/ssh/sshd-log-wrapper.sh | 12 ---- regress/usr.bin/ssh/test-exec.sh | 84 ++++++++++++++++++++----- regress/usr.bin/ssh/timestamp.c | 46 ++++++++++++++ 8 files changed, 128 insertions(+), 41 deletions(-) delete mode 100644 regress/usr.bin/ssh/sshd-log-wrapper.sh create mode 100644 regress/usr.bin/ssh/timestamp.c diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index ef9cfea144f..8ae0d0dfc8c 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.123 2023/01/17 10:02:34 djm Exp $ +# $OpenBSD: Makefile,v 1.124 2023/03/01 09:29:32 dtucker Exp $ OPENSSL?= yes @@ -134,7 +134,8 @@ CLEANFILES+= *.core actual agent-key.* authorized_keys_${USERNAME} \ sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \ t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \ t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ - t9.out t9.out.pub testdata user_*key* user_ca* user_key* + t9.out t9.out.pub \ + timestamp testdata user_*key* user_ca* user_key* # Enable all malloc(3) randomisations and checks TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX" @@ -210,10 +211,12 @@ t12: t12.out modpipe: modpipe.c +timestamp: timestamp.c + t-integrity: modpipe .for t in ${LTESTS} ${INTEROP_TESTS} ${EXTRA_TESTS} -t-${t}: +t-${t}: timestamp env SUDO="${SUDO}" ${TEST_ENV} \ sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh .endfor diff --git a/regress/usr.bin/ssh/agent-restrict.sh b/regress/usr.bin/ssh/agent-restrict.sh index a30aed7bf3d..62cea85225e 100644 --- a/regress/usr.bin/ssh/agent-restrict.sh +++ b/regress/usr.bin/ssh/agent-restrict.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-restrict.sh,v 1.5 2022/01/13 04:53:16 dtucker Exp $ +# $OpenBSD: agent-restrict.sh,v 1.6 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="agent restrictions" @@ -39,14 +39,14 @@ Host host_$h Hostname host_$h HostkeyAlias host_$h IdentityFile $OBJ/user_$h - ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy_host_$h + ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy_host_$h _EOF # Variant with no specified keys. cat << _EOF >> $OBJ/ssh_proxy_noid Host host_$h Hostname host_$h HostkeyAlias host_$h - ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy_host_$h + ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy_host_$h _EOF done cat $OBJ/ssh_proxy.bak >> $OBJ/ssh_proxy diff --git a/regress/usr.bin/ssh/agent.sh b/regress/usr.bin/ssh/agent.sh index f187b675720..5f1060608eb 100644 --- a/regress/usr.bin/ssh/agent.sh +++ b/regress/usr.bin/ssh/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.20 2021/02/25 03:27:34 djm Exp $ +# $OpenBSD: agent.sh,v 1.21 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -9,7 +9,7 @@ if [ $? -ne 2 ]; then fi trace "start agent, args ${EXTRA_AGENT_ARGS} -s" -eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null +eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` >`ssh_logfile ssh-agent` r=$? if [ $r -ne 0 ]; then fatal "could not start ssh-agent: exit code $r" diff --git a/regress/usr.bin/ssh/integrity.sh b/regress/usr.bin/ssh/integrity.sh index 83d2705a632..ffd8ee7b9b1 100644 --- a/regress/usr.bin/ssh/integrity.sh +++ b/regress/usr.bin/ssh/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.24 2020/01/21 08:06:27 djm Exp $ +# $OpenBSD: integrity.sh,v 1.25 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="integrity" @@ -13,7 +13,7 @@ macs=`${SSH} -Q mac` macs="$macs `${SSH} -Q cipher-auth`" # sshd-command for proxy (see test-exec.sh) -cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" +cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" for m in $macs; do trace "test $tid: mac $m" diff --git a/regress/usr.bin/ssh/multiplex.sh b/regress/usr.bin/ssh/multiplex.sh index 2cd17b1ce5a..1bae1b2eba2 100644 --- a/regress/usr.bin/ssh/multiplex.sh +++ b/regress/usr.bin/ssh/multiplex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: multiplex.sh,v 1.35 2023/01/13 04:47:34 dtucker Exp $ +# $OpenBSD: multiplex.sh,v 1.36 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. CTL=$OBJ/ctl-sock @@ -80,7 +80,7 @@ cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" rm -f ${COPY} verbose "test $tid: forward" trace "forward over TCP/IP and check result" -$NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} > /dev/null & +$NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} >`ssh_logfile nc` & netcat_pid=$! ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L127.0.0.1:$((${PORT} + 2)):127.0.0.1:$((${PORT} + 1)) otherhost >>$TEST_SSH_LOGFILE 2>&1 sleep 1 # XXX remove once race fixed diff --git a/regress/usr.bin/ssh/sshd-log-wrapper.sh b/regress/usr.bin/ssh/sshd-log-wrapper.sh deleted file mode 100644 index 4b3c9113799..00000000000 --- a/regress/usr.bin/ssh/sshd-log-wrapper.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -# $OpenBSD: sshd-log-wrapper.sh,v 1.5 2022/01/04 08:38:53 dtucker Exp $ -# Placed in the Public Domain. -# -# simple wrapper for sshd proxy mode to catch stderr output -# sh sshd-log-wrapper.sh /path/to/logfile /path/to/sshd [args...] - -log=$1 -shift - -echo "Executing: $@" >>$log -exec "$@" -E$log diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh index bd3b724d8b6..8567b08f5c2 100644 --- a/regress/usr.bin/ssh/test-exec.sh +++ b/regress/usr.bin/ssh/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.94 2023/01/13 04:47:34 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.95 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -123,7 +123,13 @@ esac # Logfiles. # SSH_LOGFILE should be the debug output of ssh(1) only # SSHD_LOGFILE should be the debug output of sshd(8) only -# REGRESS_LOGFILE is the output of the test itself stdout and stderr +# REGRESS_LOGFILE is the log of progress of the regress test itself. +# TEST_SSH_LOGDIR will contain datestamped logs of all binaries run in +# chronological order. +if [ "x$TEST_SSH_LOGDIR" = "x" ]; then + TEST_SSH_LOGDIR=$OBJ/log + mkdir -p $TEST_SSH_LOGDIR +fi if [ "x$TEST_SSH_LOGFILE" = "x" ]; then TEST_SSH_LOGFILE=$OBJ/ssh.log fi @@ -159,20 +165,27 @@ if [ "x$TEST_REGRESS_CACHE_DIR" != "x" ]; then fi # truncate logfiles ->$TEST_SSH_LOGFILE ->$TEST_SSHD_LOGFILE >$TEST_REGRESS_LOGFILE -# Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..." -# because sftp and scp don't handle spaces in arguments. scp and sftp like -# to use -q so we remove those to preserve our debug logging. In the rare -# instance where -q is desirable -qq is equivalent and is not removed. +# Create ssh and sshd wrappers with logging. These create a datestamped +# unique file for every invocation so that we can retain all logs from a +# given test no matter how many times it's invoked. It also leaves a +# symlink with the original name for tests (and people) who look for that. + +# For ssh, e can't just specify "SSH=ssh -E..." because sftp and scp don't +# handle spaces in arguments. scp and sftp like to use -q so we remove those +# to preserve our debug logging. In the rare instance where -q is desirable +# -qq is equivalent and is not removed. SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh cat >$SSHLOGWRAP <>${TEST_SSH_LOGFILE} +timestamp="\`$OBJ/timestamp\`" +logfile="${TEST_SSH_LOGDIR}/\${timestamp}.ssh.\$\$.log" +echo "Executing: ${SSH} \$@" log \${logfile} >>$TEST_REGRESS_LOGFILE +echo "Executing: ${SSH} \$@" >>\${logfile} for i in "\$@";do shift;case "\$i" in -q):;; *) set -- "\$@" "\$i";;esac;done -exec ${SSH} -E${TEST_SSH_LOGFILE} "\$@" +ln -f -s \${logfile} $TEST_SSH_LOGFILE +exec ${SSH} -E\${logfile} "\$@" EOD chmod a+rx $OBJ/ssh-log-wrapper.sh @@ -180,6 +193,27 @@ REAL_SSH="$SSH" REAL_SSHD="$SSHD" SSH="$SSHLOGWRAP" +SSHDLOGWRAP=$OBJ/sshd-log-wrapper.sh +cat >$SSHDLOGWRAP <>$TEST_REGRESS_LOGFILE +echo "Executing: ${SSHD} \$@" >>\${logfile} +exec ${SSHD} -E\${logfile} "\$@" +EOD +chmod a+rx $OBJ/sshd-log-wrapper.sh + +ssh_logfile () +{ + tool="$1" + timestamp="`$OBJ/timestamp`" + logfile="${TEST_SSH_LOGDIR}/${timestamp}.$tool.$$.log" + echo "Logging $tool to log \${logfile}" >>$TEST_REGRESS_LOGFILE + echo $logfile +} + # Some test data. We make a copy because some tests will overwrite it. # The tests may assume that $DATA exists and is writable and $COPY does # not exist. Tests requiring larger data files can call increase_datafile_size @@ -253,9 +287,10 @@ cleanup () start_debug_log () { - echo "trace: $@" >$TEST_REGRESS_LOGFILE - echo "trace: $@" >$TEST_SSH_LOGFILE - echo "trace: $@" >$TEST_SSHD_LOGFILE + echo "trace: $@" >>$TEST_REGRESS_LOGFILE + if [ -d "$TEST_SSH_LOGDIR" ]; then + rm -f $TEST_SSH_LOGDIR/* + fi } save_debug_log () @@ -266,6 +301,20 @@ save_debug_log () (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log + + # Save all logfiles in a tarball. + testname=`echo $tid | tr ' ' _` + (cd $OBJ && + logfiles="" + for i in $TEST_REGRESS_LOGFILE $TEST_SSH_LOGFILE $TEST_SSHD_LOGFILE \ + $TEST_SSH_LOGDIR; do + if [ -e "`basename $i`" ]; then + logfiles="$logfiles `basename $i`" + else + logfiles="$logfiles $i" + fi + done + tar cfv $OBJ/failed-$testname-logs.tar $logfiles) } trace () @@ -284,7 +333,6 @@ verbose () fi } - fail () { save_debug_log "FAIL: $@" @@ -523,14 +571,14 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy - echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "ProxyTelnetCommand=${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy fi # create a proxy version of the client config ( cat $OBJ/ssh_config - echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy + echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy ) > $OBJ/ssh_proxy # check proxy config @@ -539,9 +587,11 @@ ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" start_sshd () { # start sshd + logfile="${TEST_SSH_LOGDIR}/sshd.`$OBJ/timestamp`.$$.log" $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" $SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \ - ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE + ${SSHD} -f $OBJ/sshd_config "$@" -E$logfile + echo "trace: Started sshd as daemon, logfile $logfile" >>$TEST_REGRESS_LOGFILE trace "wait for sshd" i=0; diff --git a/regress/usr.bin/ssh/timestamp.c b/regress/usr.bin/ssh/timestamp.c new file mode 100644 index 00000000000..77dae457b6a --- /dev/null +++ b/regress/usr.bin/ssh/timestamp.c @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2023 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $OpenBSD: timestamp.c,v 1.1 2023/03/01 09:29:32 dtucker Exp $ */ + +/* + * Print a microsecond-granularity timestamp to stdout in an ISO8601-ish + * format, which we can then use as the first component of the log file + * so that they'll sort into chronological order. + */ + +#include + +#include +#include +#include + +int +main(void) +{ + struct timeval tv; + struct tm *tm; + char buf[1024]; + + if (gettimeofday(&tv, NULL) != 0) + exit(1); + if ((tm = localtime(&tv.tv_sec)) == NULL) + exit(2); + if (strftime(buf, sizeof buf, "%Y%m%dT%H%M%S", tm) <= 0) + exit(3); + printf("%s.%06d\n", buf, (int)tv.tv_usec); + exit(0); +} -- 2.20.1