Page MenuHomePhabricator

torture_proxycommand failing
Closed, ResolvedPublic

Description

Currently, every version of libssh I've tried (0.8.6, 0.8.7, and current master) consistently fail on torture_proxycommand if client testing is enabled:

Test project /home/ivaldi/packages/newpkg/libssh/obj-aarch64-linux-gnu

Start 42: torture_proxycommand

1/1 Test #42: torture_proxycommand .............***Failed 0.52 sec
[==========] Running 3 test(s).
OK: SSH-2.0-OpenSSH_7.9
[ RUN ] torture_options_set_proxycommand
[ ERROR ] --- ERROR: Invalid return code - Socket error: Connection reset by peer
[ LINE ] --- /home/ivaldi/packages/newpkg/libssh/tests/client/torture_proxycommand.c:77: error: Failure!
[ FAILED ] torture_options_set_proxycommand
[ RUN ] torture_options_set_proxycommand_notexist
[ OK ] torture_options_set_proxycommand_notexist
[ RUN ] torture_options_set_proxycommand_ssh
[ OK ] torture_options_set_proxycommand_ssh
[==========] 3 test(s) run.
[ PASSED ] 2 test(s).
[ FAILED ] 1 test(s), listed below:
[ FAILED ] torture_options_set_proxycommand

1 FAILED TEST(S)

Client testing is apparently not enabled by default, so of course this is probably going unnoticed in regular unit-testing.

This is with openssl 1.1.0j on aarch64 little-endian, Linux 4.16.18.

Event Timeline

kelledin created this task.Apr 9 2019, 9:19 AM

Hello,

Actually the client testing is enabled in most of the builds in the CI (you can check the CI configuration in .gitlab-ci.yml file).

Can you please rerun the test in the failing environment with a more verbose setting? You can run it like this:

$ LIBSSH_VERBOSITY=4 ctest -V -R torture_proxycommand
asn added a subscriber: asn.Jun 14 2019, 12:04 PM

Is this using musl libc?

aris added a subscriber: aris.Sep 13 2019, 5:10 PM

I found this problem too when trying to set up the test environment on Ubuntu 18.04. The root cause is that the test calls the ssh binary from the fake root user. It fails because ssh can't find uid 0 in /etc/passwd, then fails because of missing known hosts keys and authentication keys. I don't know how that test could work elsewhere.
I made a patch that assumes it's running as root and create the missing keys. A better way would be to force the test cases to run as bob but I haven't found the proper way of doing this.

aris closed this task as Resolved.Sep 13 2019, 5:11 PM
aris claimed this task.
aris added a subscriber: Jakuje.

cc @Jakuje, git blame says you touched that code last :)

aris reopened this task as Open.Sep 13 2019, 5:12 PM

Closed it by mistake

Thank you for having a look into that. In that case, I am wondering why it did work for me and for the CI we run, but I think most of that is on Fedora, which might be a difference. Can you check whether the netcat (nc) is installed in your system?

If I read the code correctly, the setup phase has the setuid(pwd->pw_uid)) so there should be really no root involved.

I am getting exactly the same result as the OP when I remove the /usr/bin/nc, which is used in the respective failing test so I assume that this is the issue, but the error should be more properly reported and the test probably skipped in case the netcat is not in place. I will submit a patch.

Can you check the following patch if t addresses the issue for you?

https://gitlab.com/jjelen/libssh-mirror/commit/6115df072da8b1dc47a74ac9e13619965e3a691d

It worked for me and the test was correctly skipped when the netcat was not avilable.

aris added a comment.Sep 13 2019, 6:08 PM

Hi Jakub,

We may probably have different issues. I have netcat on my desktop (though it's in /bin instead of /usr/bin) and linking /usr/bin/nc to /bin/nc doesn't improve the test case (without your patch). It probably addresses OP's problem tho.

I overlooked the original bug report, my problem is a bit different:

10: Test command: /home/aris/libssh/build/tests/client/torture_proxycommand
10: Environment variables: 
10:  LD_PRELOAD=/usr/lib/libsocket_wrapper.so:/usr/lib/libnss_wrapper.so:/usr/lib/libuid_wrapper.so:/usr/lib/x86_64-linux-gnu/libpam_wrapper.so:/home/aris/libssh/build/lib/libchroot_wrapper.so
10:  UID_WRAPPER=1
10:  UID_WRAPPER_ROOT=1
10:  NSS_WRAPPER_PASSWD=/home/aris/libssh/build/tests/etc/passwd
10:  NSS_WRAPPER_SHADOW=/home/aris/libssh/build/tests/etc/shadow
10:  NSS_WRAPPER_GROUP=/home/aris/libssh/build/tests/etc/group
10:  PAM_WRAPPER_SERVICE_DIR=/home/aris/libssh/build/tests/etc/pam.d
10: Test timeout computed to be: 9.99988e+06
10: [==========] Running 4 test(s).
10: OK: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
10: [ RUN      ] torture_options_set_proxycommand
10: [       OK ] torture_options_set_proxycommand
10: [ RUN      ] torture_options_set_proxycommand_notexist
10: [       OK ] torture_options_set_proxycommand_notexist
10: [ RUN      ] torture_options_set_proxycommand_ssh
10: [  ERROR   ] --- ERROR: Invalid return code - Socket error: Connection reset by peer
10: [   LINE   ] --- /home/aris/libssh/tests/client/torture_proxycommand.c:111: error: Failure!
10: [  FAILED  ] torture_options_set_proxycommand_ssh
10: [ RUN      ] torture_options_set_proxycommand_ssh_stderr
10: [  ERROR   ] --- ERROR: Invalid return code - Socket error: Connection reset by peer
10: [   LINE   ] --- /home/aris/libssh/tests/client/torture_proxycommand.c:133: error: Failure!
10: [  FAILED  ] torture_options_set_proxycommand_ssh_stderr
10: [==========] 4 test(s) run.
10: [  PASSED  ] 2 test(s).
10: [  FAILED  ] 2 test(s), listed below:
10: [  FAILED  ] torture_options_set_proxycommand_ssh
10: [  FAILED  ] torture_options_set_proxycommand_ssh_stderr
10: 
10:  2 FAILED TEST(S)
1/1 Test #10: torture_proxycommand .............***Failed    0.73 sec

0% tests passed, 1 tests failed out of 1

Total Test time (real) =   0.74 sec

The following tests FAILED:
	 10 - torture_proxycommand (Failed)
Errors while running CTest
aris@vm1804:~/libssh/build/tests/client$

Definitively caused by /usr/bin/ssh that complains about missing user.

Aris, can you open a new bug for this, ideally with more debug information as proposed by @ansasaki?

Jakuje closed this task as Resolved.Sep 16 2019, 12:56 PM

The original issue should be resolved in master now.