#!/bin/sh
# 20210511
# Jan Mojzis
# Public domain.


# change directory to $AUTOPKGTEST_TMP
cd "${AUTOPKGTEST_TMP}"

# we need tools from /usr/sbin
PATH="/usr/sbin:${PATH}"
export PATH

# backup ~/.ssh
rm -rf ~/.ssh.tinysshtest.bk
[ -d ~/.ssh ] && mv ~/.ssh ~/.ssh.tinysshtest.bk
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# run tinysshd on port 10000
rm -rf sshkeydir
tinysshd-makekey -q sshkeydir
tcpserver -HRDl0 127.0.0.1 10000 tinysshd -v -- sshkeydir 2>tinysshd.log &
tcpserverpid=$!

cleanup() {
  ex=$?
  echo
  echo "tinysshd.log:"
  cat tinysshd.log
  rm -rf ~/.ssh sshkeydir tinysshd.log ssh.log
  [ -d ~/.ssh.tinysshtest.bk ] && mv ~/.ssh.tinysshtest.bk ~/.ssh
  #kill tcpserver
  kill -TERM "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  kill -KILL "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  exit "${ex}"
}
trap "cleanup" EXIT TERM INT

# create authorization keys
ssh-keygen -t ed25519 -q -N '' -f ~/.ssh/id_ed25519 || exit 10
cp -pr ~/.ssh/id_ed25519.pub ~/.ssh/authorized_keys || exit 11

# add server key to the known_hosts
ssh-keyscan -H -p 10000 127.0.0.1 2>/dev/null > ~/.ssh/known_hosts

chmod 757 ~/.ssh
if ssh -p 10000 127.0.0.1 true 2>ssh.log; then
  echo "tinysshd doesn't reject login when ~/.ssh is other writable, BAD !!!" >&2
else
  echo "tinysshd rejects login when ~/.ssh is other writable"
fi

chmod 775 ~/.ssh
if ssh -p 10000 127.0.0.1 true 2>ssh.log; then
  echo "tinysshd doesn't reject login when ~/.ssh is group writable, BAD !!!" >&2
else
  echo "tinysshd rejects login when ~/.ssh is group writable"
fi

exit 0
