Daemon test

.gitignore

@@ -107,6 +107,8 @@ perl/Makefile.config
 /tests/functional/dyn-drv/config.nix
 /tests/functional/repl-result-out
 /tests/functional/debugger-test-out
+/tests/functional/mock-daemon/mock-daemon
+/tests/functional/snoop-socket/snoop-socket
 /tests/functional/test-libstoreconsumer/test-libstoreconsumer
 
 # /tests/functional/lang/

Makefile

@@ -59,6 +59,8 @@ makefiles += \
   tests/functional/git-hashing/local.mk \
   tests/functional/dyn-drv/local.mk \
   tests/functional/local-overlay-store/local.mk \
+  tests/functional/mock-daemon/local.mk \
+  tests/functional/snoop-socket/local.mk \
   tests/functional/test-libstoreconsumer/local.mk \
   tests/functional/plugins/local.mk
 endif

tests/functional/local.mk

@@ -121,15 +121,22 @@ ifeq ($(HAVE_LIBCPUID), 1)
 endif
 
 ifeq ($(ENABLE_BUILD), yes)
-  nix_tests += test-libstoreconsumer.sh
+  nix_tests += \
+    ssh-handshake.sh \
+    test-libstoreconsumer.sh
 
   ifeq ($(BUILD_SHARED_LIBS), 1)
     nix_tests += plugins.sh
   endif
 endif
 
+$(d)/ssh-handshake.sh.test $(d)/ssh-handshake.sh.test-debug: \
+  $(buildprefix)$(d)/mock-daemon/mock-daemon \
+  $(buildprefix)$(d)/snoop-socket/snoop-socket
+
 $(d)/test-libstoreconsumer.sh.test $(d)/test-libstoreconsumer.sh.test-debug: \
   $(buildprefix)$(d)/test-libstoreconsumer/test-libstoreconsumer
+
 $(d)/plugins.sh.test $(d)/plugins.sh.test-debug: \
   $(buildprefix)$(d)/plugins/libplugintest.$(SO_EXT)
 

tests/functional/mock-daemon/local.mk

@@ -0,0 +1,13 @@
+programs += mock-daemon
+
+mock-daemon_DIR := $(d)
+
+# do not install
+mock-daemon_INSTALL_DIR :=
+
+mock-daemon_SOURCES := \
+  $(wildcard $(d)/*.cc) \
+
+mock-daemon_CXXFLAGS += -I src/libutil
+
+mock-daemon_LIBS = libutil

tests/functional/mock-daemon/main.cc

@@ -0,0 +1,81 @@
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#include "logging.hh"
+#include "unix-domain-socket.hh"
+
+using namespace nix;
+
+int main(int argc, char **argv)
+{
+    assert(argc >= 2 && argc <= 4);
+    Path socket_path { argv[1] };
+    std::optional<Path> write_log_path;
+    if (argc >= 3)
+        write_log_path = Path { argv[2] };
+    size_t write_count = argc >= 4 ? std::stoull(argv[3]) : 0;
+
+    AutoCloseFD server = createUnixDomainSocket(socket_path, 0666);
+
+    AutoCloseFD conn = accept(server.get(), nullptr, nullptr);
+    assert(conn.get() != -1);
+
+    fcntl(
+        conn.get(),
+        F_SETFL,
+        fcntl(conn.get(), F_GETFL, 0) | O_NONBLOCK);
+
+    AutoCloseFD write_log;
+
+    auto no_write = [&]{
+        debug("done writing");
+        write_log.close();
+        assert(!shutdown(conn.get(), SHUT_WR));
+        write_count = 0;
+    };
+
+    if (write_log_path) {
+        write_log = open(write_log_path->c_str(), O_RDONLY);
+        assert(write_log.get() != -1);
+    } else {
+        no_write();
+    }
+
+    while (true) {
+        fd_set read_fds, write_fds;
+        FD_ZERO(&read_fds);
+        FD_ZERO(&write_fds);
+        FD_SET(conn.get(), &read_fds);
+        if (write_count)
+            FD_SET(conn.get(), &write_fds);
+        else
+            no_write();
+
+        debug("select");
+        auto count = select(conn.get() + 1, &read_fds, &write_fds, nullptr, nullptr);
+
+        assert(count >= 0);
+
+        if (count > 0 && FD_ISSET(conn.get(), &read_fds)) {
+            debug("read");
+            char c;
+            auto ret = read(conn.get(), &c, 1);
+            assert(ret >= 0);
+            if (ret == 0) break;
+        }
+
+        if (write_count && count > 0 && FD_ISSET(conn.get(), &write_fds)) {
+            debug("write");
+            char c;
+            auto ret = read(write_log.get(), &c, 1);
+            assert(ret >= 0);
+            write_count = write_count - ret;
+            if (ret == 0) write_count = 0;
+        }
+    }
+    return EXIT_SUCCESS;
+}

tests/functional/snoop-socket/local.mk

@@ -0,0 +1,13 @@
+programs += snoop-socket
+
+snoop-socket_DIR := $(d)
+
+# do not install
+snoop-socket_INSTALL_DIR :=
+
+snoop-socket_SOURCES := \
+  $(wildcard $(d)/*.cc) \
+
+snoop-socket_CXXFLAGS += -I src/libutil
+
+snoop-socket_LIBS = libutil

tests/functional/snoop-socket/main.cc

@@ -0,0 +1,80 @@
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#include "logging.hh"
+#include "unix-domain-socket.hh"
+
+using namespace nix;
+
+int main(int argc, char **argv)
+{
+    assert(argc == 3);
+    Path server_path { argv[1] };
+    Path our_path { argv[2] };
+
+    AutoCloseFD server = createUnixDomainSocket();
+    connect(server.get(), server_path);
+
+    AutoCloseFD our_server = createUnixDomainSocket(our_path, 0667);
+    AutoCloseFD conn = accept(our_server.get(), nullptr, nullptr);
+
+    bool to_client = true, from_client = true;
+
+    while (to_client || from_client) {
+        fd_set read_fds;
+        FD_ZERO(&read_fds);
+
+        FD_SET(server.get(), &read_fds);
+        FD_SET(conn.get(), &read_fds);
+
+        debug("select");
+        auto count = select(std::max(server.get(), conn.get()) + 1, &read_fds, nullptr, nullptr, nullptr);
+
+        assert(count >= 0);
+
+        if (count == 0) continue;
+
+        // Check for data on the server socket
+        if (FD_ISSET(server.get(), &read_fds)) {
+            char buffer[1024];
+            debug("read from server");
+            auto ret = read(server.get(), buffer, sizeof(buffer));
+            assert(ret >= 0);
+
+            if (ret == 0) {
+                debug("Server closed connection");
+                assert(!shutdown(conn.get(), SHUT_WR));
+                to_client = false;
+            } else {
+                // Log intercepted data from the server
+                assert(write(STDOUT_FILENO, buffer, ret) >= 0);
+                // Forward intercepted data to the server
+                debug("write to client");
+                assert(write(conn.get(), buffer, ret) >= 0);
+            }
+        }
+
+        // Check for data on the conn socket
+        if (FD_ISSET(conn.get(), &read_fds)) {
+            char buffer[1024];
+            debug("read from conn");
+            auto ret = read(conn.get(), buffer, sizeof(buffer));
+            assert(ret >= 0);
+
+            if (ret == 0) {
+                debug("client closed connection");
+                assert(!shutdown(server.get(), SHUT_WR));
+                from_client = false;
+            } else {
+                // Forward intercepted data to the server
+                debug("write to server");
+                assert(write(server.get(), buffer, ret) >= 0);
+            }
+        }
+    }
+    return EXIT_SUCCESS;
+}

tests/functional/ssh-handshake.sh

@@ -0,0 +1,28 @@
+source common.sh
+
+ourSocket="$TEST_ROOT/our-socket"
+storeArgs=(--store "unix://$ourSocket")
+log=ssh-handshake-log.bin
+
+if test -n "${_NIX_TEST_ACCEPT-}"; then
+    startDaemon
+    ./snoop-socket/snoop-socket "$NIX_DAEMON_SOCKET_PATH" "$ourSocket" > "$log" &
+    pid=$!
+    nix store info "${storeArgs[@]}"
+    wait "$pid"
+    rm "ourSocket" || true
+
+    skipTest "regenerating golden masters"
+else
+    ./mock-daemon/mock-daemon "$ourSocket" &
+    pid=$!
+    expectStderr 1 nix store info "${storeArgs[@]}" | grepQuiet "Nix daemon disconnected unexpectedly"
+    wait "$pid"
+    rm "ourSocket" || true
+
+    ./mock-daemon/mock-daemon "$ourSocket" "$log" 100 &
+    pid=$!
+    nix store info "${storeArgs[@]}"
+    wait "$pid"
+    rm "ourSocket" || true
+fi