diff options
author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:42:53 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:42:53 +0000 |
commit | 87552344215a38d3a2b0d4d63dc151e05978bbe1 (patch) | |
tree | 9f4b96055e6ccaa915e8d59d9f2805e9e119371d /regress | |
parent | a25ec0b132c44c9e341e08464ff830de06b81126 (diff) | |
parent | ef94e5613d37bcbf880f21ee6094e4b1c7683a4c (diff) |
import openssh-5.1p1-gsskex-cjwatson-20080722.patch
Diffstat (limited to 'regress')
-rw-r--r-- | regress/Makefile | 26 | ||||
-rw-r--r-- | regress/addrmatch.sh | 42 | ||||
-rw-r--r-- | regress/agent-getpeereid.sh | 4 | ||||
-rw-r--r-- | regress/agent.sh | 4 | ||||
-rw-r--r-- | regress/cfgmatch.sh | 31 | ||||
-rw-r--r-- | regress/cipher-speed.sh | 4 | ||||
-rw-r--r-- | regress/conch-ciphers.sh | 30 | ||||
-rw-r--r-- | regress/key-options.sh | 71 | ||||
-rw-r--r-- | regress/localcommand.sh | 15 | ||||
-rw-r--r-- | regress/putty-ciphers.sh | 28 | ||||
-rw-r--r-- | regress/putty-kex.sh | 25 | ||||
-rw-r--r-- | regress/putty-transfer.sh | 43 | ||||
-rw-r--r-- | regress/sftp-badcmds.sh | 13 | ||||
-rw-r--r-- | regress/sftp-cmds.sh | 60 | ||||
-rw-r--r-- | regress/sftp-glob.sh | 72 | ||||
-rwxr-xr-x | regress/ssh2putty.sh | 33 | ||||
-rw-r--r-- | regress/test-exec.sh | 75 | ||||
-rw-r--r-- | regress/try-ciphers.sh | 4 |
18 files changed, 516 insertions, 64 deletions
diff --git a/regress/Makefile b/regress/Makefile index 539956398..3b8ea245b 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,10 +1,15 @@ | |||
1 | # $OpenBSD: Makefile,v 1.42 2006/07/19 13:34:52 dtucker Exp $ | 1 | # $OpenBSD: Makefile,v 1.48 2008/06/28 13:57:25 djm Exp $ |
2 | 2 | ||
3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec | 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec |
4 | tests: $(REGRESS_TARGETS) | 4 | tests: $(REGRESS_TARGETS) |
5 | 5 | ||
6 | # Interop tests are not run by default | ||
7 | interop interop-tests: t-exec-interop | ||
8 | |||
6 | clean: | 9 | clean: |
7 | for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done | 10 | for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done |
11 | rm -rf $(OBJ).putty | ||
12 | |||
8 | distclean: clean | 13 | distclean: clean |
9 | 14 | ||
10 | LTESTS= connect \ | 15 | LTESTS= connect \ |
@@ -29,6 +34,7 @@ LTESTS= connect \ | |||
29 | agent-ptrace \ | 34 | agent-ptrace \ |
30 | keyscan \ | 35 | keyscan \ |
31 | keygen-change \ | 36 | keygen-change \ |
37 | key-options \ | ||
32 | scp \ | 38 | scp \ |
33 | sftp \ | 39 | sftp \ |
34 | sftp-cmds \ | 40 | sftp-cmds \ |
@@ -42,8 +48,13 @@ LTESTS= connect \ | |||
42 | reexec \ | 48 | reexec \ |
43 | brokenkeys \ | 49 | brokenkeys \ |
44 | cfgmatch \ | 50 | cfgmatch \ |
51 | addrmatch \ | ||
52 | localcommand \ | ||
45 | forcecommand | 53 | forcecommand |
46 | 54 | ||
55 | INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers | ||
56 | #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp | ||
57 | |||
47 | USER!= id -un | 58 | USER!= id -un |
48 | CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ | 59 | CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ |
49 | authorized_keys_${USER} known_hosts pidfile \ | 60 | authorized_keys_${USER} known_hosts pidfile \ |
@@ -52,9 +63,8 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ | |||
52 | rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ | 63 | rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ |
53 | ls.copy banner.in banner.out empty.in \ | 64 | ls.copy banner.in banner.out empty.in \ |
54 | scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ | 65 | scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ |
55 | sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv | 66 | sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ |
56 | 67 | putty.rsa2 | |
57 | #LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp | ||
58 | 68 | ||
59 | t1: | 69 | t1: |
60 | ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv | 70 | ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv |
@@ -96,3 +106,11 @@ t-exec: ${LTESTS:=.sh} | |||
96 | echo "run test $${TEST}" ... 1>&2; \ | 106 | echo "run test $${TEST}" ... 1>&2; \ |
97 | (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ | 107 | (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ |
98 | done | 108 | done |
109 | |||
110 | t-exec-interop: ${INTEROP_TESTS:=.sh} | ||
111 | @if [ "x$?" = "x" ]; then exit 0; fi; \ | ||
112 | for TEST in ""$?; do \ | ||
113 | echo "run test $${TEST}" ... 1>&2; \ | ||
114 | (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ | ||
115 | done | ||
116 | |||
diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh new file mode 100644 index 000000000..a258f7bb4 --- /dev/null +++ b/regress/addrmatch.sh | |||
@@ -0,0 +1,42 @@ | |||
1 | # $OpenBSD: addrmatch.sh,v 1.1 2008/06/10 05:23:32 dtucker Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="address match" | ||
5 | |||
6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy_orig | ||
7 | |||
8 | run_trial() | ||
9 | { | ||
10 | user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5" | ||
11 | |||
12 | verbose "test $descr for $user $addr $host" | ||
13 | result=`${SSHD} -f $OBJ/sshd_proxy -T \ | ||
14 | -C user=${user},addr=${addr},host=${host} | \ | ||
15 | awk '/passwordauthentication/ {print $2}'` | ||
16 | if [ "$result" != "$expected" ]; then | ||
17 | fail "failed for $user $addr $host: expected $expected, got $result" | ||
18 | fi | ||
19 | } | ||
20 | |||
21 | cp $OBJ/sshd_proxy_orig $OBJ/sshd_proxy | ||
22 | cat >>$OBJ/sshd_proxy <<EOD | ||
23 | PasswordAuthentication no | ||
24 | Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com | ||
25 | PasswordAuthentication yes | ||
26 | Match Address 1.1.1.1,::1,!::3,2000::/16 | ||
27 | PasswordAuthentication yes | ||
28 | EOD | ||
29 | |||
30 | run_trial user 192.168.0.1 somehost yes "permit, first entry" | ||
31 | run_trial user 192.168.30.1 somehost no "deny, negative match" | ||
32 | run_trial user 19.0.0.1 somehost no "deny, no match" | ||
33 | run_trial user 10.255.255.254 somehost yes "permit, list middle" | ||
34 | run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname" | ||
35 | run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address" | ||
36 | test "$TEST_SSH_IPV6" = "no" && exit | ||
37 | run_trial user ::1 somehost.example.com yes "permit, bare IP6 address" | ||
38 | run_trial user ::2 somehost.exaple.com no "deny IPv6" | ||
39 | run_trial user ::3 somehost no "deny IP6 negated" | ||
40 | run_trial user ::4 somehost no "deny, IP6 no match" | ||
41 | run_trial user 2000::1 somehost yes "permit, IP6 network" | ||
42 | run_trial user 2001::1 somehost no "deny, IP6 network" | ||
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index d71324241..5d7f73291 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh | |||
@@ -1,11 +1,11 @@ | |||
1 | # $OpenBSD: agent-getpeereid.sh,v 1.3 2006/07/06 12:01:53 grunk Exp $ | 1 | # $OpenBSD: agent-getpeereid.sh,v 1.4 2007/11/25 15:35:09 jmc Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="disallow agent attach from other uid" | 4 | tid="disallow agent attach from other uid" |
5 | 5 | ||
6 | UNPRIV=nobody | 6 | UNPRIV=nobody |
7 | ASOCK=${OBJ}/agent | 7 | ASOCK=${OBJ}/agent |
8 | SSH_AUTH_SOCK=/nonexistant | 8 | SSH_AUTH_SOCK=/nonexistent |
9 | 9 | ||
10 | if grep "#undef.*HAVE_GETPEEREID" ${BUILDDIR}/config.h >/dev/null 2>&1 && \ | 10 | if grep "#undef.*HAVE_GETPEEREID" ${BUILDDIR}/config.h >/dev/null 2>&1 && \ |
11 | grep "#undef.*HAVE_GETPEERUCRED" ${BUILDDIR}/config.h >/dev/null && \ | 11 | grep "#undef.*HAVE_GETPEERUCRED" ${BUILDDIR}/config.h >/dev/null && \ |
diff --git a/regress/agent.sh b/regress/agent.sh index b34487767..094cf694b 100644 --- a/regress/agent.sh +++ b/regress/agent.sh | |||
@@ -1,9 +1,9 @@ | |||
1 | # $OpenBSD: agent.sh,v 1.6 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: agent.sh,v 1.7 2007/11/25 15:35:09 jmc Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple agent test" | 4 | tid="simple agent test" |
5 | 5 | ||
6 | SSH_AUTH_SOCK=/nonexistant ${SSHADD} -l > /dev/null 2>&1 | 6 | SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 |
7 | if [ $? -ne 2 ]; then | 7 | if [ $? -ne 2 ]; then |
8 | fail "ssh-add -l did not fail with exit code 2" | 8 | fail "ssh-add -l did not fail with exit code 2" |
9 | fi | 9 | fi |
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index d987dcb97..35c5e52a1 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cfgmatch.sh,v 1.2 2006/07/22 01:50:00 dtucker Exp $ | 1 | # $OpenBSD: cfgmatch.sh,v 1.4 2006/12/13 08:36:36 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd_config match" | 4 | tid="sshd_config match" |
@@ -35,7 +35,7 @@ for p in 1 2; do | |||
35 | rm -f $pidfile | 35 | rm -f $pidfile |
36 | trace "match permitopen localhost proto $p" | 36 | trace "match permitopen localhost proto $p" |
37 | ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ | 37 | ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ |
38 | "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ | 38 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ |
39 | fail "match permitopen proto $p sshd failed" | 39 | fail "match permitopen proto $p sshd failed" |
40 | sleep 1; | 40 | sleep 1; |
41 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 41 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ |
@@ -48,7 +48,7 @@ for p in 1 2; do | |||
48 | rm -f $pidfile | 48 | rm -f $pidfile |
49 | trace "match permitopen proxy proto $p" | 49 | trace "match permitopen proxy proto $p" |
50 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ | 50 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ |
51 | "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ | 51 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ |
52 | fail "match permitopen proxy proto $p sshd failed" | 52 | fail "match permitopen proxy proto $p sshd failed" |
53 | sleep 1; | 53 | sleep 1; |
54 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 54 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
@@ -65,7 +65,7 @@ for p in 1 2; do | |||
65 | rm -f $pidfile | 65 | rm -f $pidfile |
66 | trace "match permitopen proxy w/key opts proto $p" | 66 | trace "match permitopen proxy w/key opts proto $p" |
67 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ | 67 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ |
68 | "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ | 68 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ |
69 | fail "match permitopen w/key opt proto $p sshd failed" | 69 | fail "match permitopen w/key opt proto $p sshd failed" |
70 | sleep 1; | 70 | sleep 1; |
71 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 71 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
@@ -79,7 +79,7 @@ for p in 1 2; do | |||
79 | rm -f $pidfile | 79 | rm -f $pidfile |
80 | trace "match permitopen localhost proto $p" | 80 | trace "match permitopen localhost proto $p" |
81 | ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ | 81 | ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ |
82 | "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ | 82 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ |
83 | fail "match permitopen proto $p sshd failed" | 83 | fail "match permitopen proto $p sshd failed" |
84 | sleep 1; | 84 | sleep 1; |
85 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 85 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ |
@@ -97,10 +97,29 @@ for p in 1 2; do | |||
97 | rm -f $pidfile | 97 | rm -f $pidfile |
98 | trace "match permitopen proxy w/key opts proto $p" | 98 | trace "match permitopen proxy w/key opts proto $p" |
99 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ | 99 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ |
100 | "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ | 100 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ |
101 | fail "match override permitopen proto $p sshd failed" | 101 | fail "match override permitopen proto $p sshd failed" |
102 | sleep 1; | 102 | sleep 1; |
103 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 103 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
104 | fail "match override permitopen proto $p" | 104 | fail "match override permitopen proto $p" |
105 | stop_client | 105 | stop_client |
106 | done | 106 | done |
107 | |||
108 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | ||
109 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy | ||
110 | echo "Match User NoSuchUser" >>$OBJ/sshd_proxy | ||
111 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy | ||
112 | |||
113 | # Test that a rule that doesn't match doesn't override, plus test a | ||
114 | # PermitOpen entry that's not at the start of the list | ||
115 | for p in 1 2; do | ||
116 | rm -f $pidfile | ||
117 | trace "nomatch permitopen proxy w/key opts proto $p" | ||
118 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ | ||
119 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ | ||
120 | fail "nomatch override permitopen proto $p sshd failed" | ||
121 | sleep 1; | ||
122 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | ||
123 | fail "nomatch override permitopen proto $p" | ||
124 | stop_client | ||
125 | done | ||
diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 592511143..d39a829d4 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cipher-speed.sh,v 1.2 2005/05/24 04:09:54 djm Exp $ | 1 | # $OpenBSD: cipher-speed.sh,v 1.3 2007/06/07 19:41:46 pvalchev Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="cipher speed" | 4 | tid="cipher speed" |
@@ -12,7 +12,7 @@ tries="1 2" | |||
12 | DATA=/bin/ls | 12 | DATA=/bin/ls |
13 | DATA=/bsd | 13 | DATA=/bsd |
14 | 14 | ||
15 | macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96" | 15 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" |
16 | ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc | 16 | ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc |
17 | arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc aes128-ctr" | 17 | arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc aes128-ctr" |
18 | 18 | ||
diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh new file mode 100644 index 000000000..84b190618 --- /dev/null +++ b/regress/conch-ciphers.sh | |||
@@ -0,0 +1,30 @@ | |||
1 | # $OpenBSD: conch-ciphers.sh,v 1.2 2008/06/30 10:43:03 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="conch ciphers" | ||
5 | |||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then | ||
10 | fatal "conch interop tests not enabled" | ||
11 | fi | ||
12 | |||
13 | start_sshd | ||
14 | |||
15 | for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ | ||
16 | cast128-cbc blowfish 3des-cbc ; do | ||
17 | verbose "$tid: cipher $c" | ||
18 | rm -f ${COPY} | ||
19 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling | ||
20 | # in conch | ||
21 | ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ | ||
22 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ | ||
23 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} | ||
24 | if [ $? -ne 0 ]; then | ||
25 | fail "ssh cat $DATA failed" | ||
26 | fi | ||
27 | cmp ${DATA} ${COPY} || fail "corrupted copy" | ||
28 | done | ||
29 | rm -f ${COPY} | ||
30 | |||
diff --git a/regress/key-options.sh b/regress/key-options.sh new file mode 100644 index 000000000..f98d78b30 --- /dev/null +++ b/regress/key-options.sh | |||
@@ -0,0 +1,71 @@ | |||
1 | # $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="key options" | ||
5 | |||
6 | origkeys="$OBJ/authkeys_orig" | ||
7 | authkeys="$OBJ/authorized_keys_${USER}" | ||
8 | cp $authkeys $origkeys | ||
9 | |||
10 | # Test command= forced command | ||
11 | for p in 1 2; do | ||
12 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do | ||
13 | sed "s/.*/$c &/" $origkeys >$authkeys | ||
14 | verbose "key option proto $p $c" | ||
15 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo` | ||
16 | if [ "$r" = "foo" ]; then | ||
17 | fail "key option forced command not restricted" | ||
18 | fi | ||
19 | if [ "$r" != "bar" ]; then | ||
20 | fail "key option forced command not executed" | ||
21 | fi | ||
22 | done | ||
23 | done | ||
24 | |||
25 | # Test no-pty | ||
26 | sed 's/.*/no-pty &/' $origkeys >$authkeys | ||
27 | for p in 1 2; do | ||
28 | verbose "key option proto $p no-pty" | ||
29 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` | ||
30 | if [ -f "$r" ]; then | ||
31 | fail "key option failed proto $p no-pty (pty $r)" | ||
32 | fi | ||
33 | done | ||
34 | |||
35 | # Test environment= | ||
36 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy | ||
37 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys | ||
38 | for p in 1 2; do | ||
39 | verbose "key option proto $p environment" | ||
40 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` | ||
41 | if [ "$r" != "bar" ]; then | ||
42 | fail "key option environment not set" | ||
43 | fi | ||
44 | done | ||
45 | |||
46 | # Test from= restriction | ||
47 | start_sshd | ||
48 | for p in 1 2; do | ||
49 | for f in 127.0.0.1 '127.0.0.0\/8'; do | ||
50 | cat $origkeys >$authkeys | ||
51 | ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true | ||
52 | if [ $? -ne 0 ]; then | ||
53 | fail "key option proto $p failed without restriction" | ||
54 | fi | ||
55 | |||
56 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys | ||
57 | from=`head -1 $authkeys | cut -f1 -d ' '` | ||
58 | verbose "key option proto $p $from" | ||
59 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` | ||
60 | if [ "$r" = "true" ]; then | ||
61 | fail "key option proto $p $from not restricted" | ||
62 | fi | ||
63 | |||
64 | r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'` | ||
65 | if [ "$r" != "true" ]; then | ||
66 | fail "key option proto $p $from not allowed but should be" | ||
67 | fi | ||
68 | done | ||
69 | done | ||
70 | |||
71 | rm -f "$origkeys" | ||
diff --git a/regress/localcommand.sh b/regress/localcommand.sh new file mode 100644 index 000000000..feade7a9d --- /dev/null +++ b/regress/localcommand.sh | |||
@@ -0,0 +1,15 @@ | |||
1 | # $OpenBSD: localcommand.sh,v 1.1 2007/10/29 06:57:13 dtucker Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="localcommand" | ||
5 | |||
6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy | ||
7 | echo 'LocalCommand echo foo' >> $OBJ/ssh_proxy | ||
8 | |||
9 | for p in 1 2; do | ||
10 | verbose "test $tid: proto $p localcommand" | ||
11 | a=`${SSH} -F $OBJ/ssh_proxy -$p somehost true` | ||
12 | if [ "$a" != "foo" ] ; then | ||
13 | fail "$tid proto $p" | ||
14 | fi | ||
15 | done | ||
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh new file mode 100644 index 000000000..40435ef41 --- /dev/null +++ b/regress/putty-ciphers.sh | |||
@@ -0,0 +1,28 @@ | |||
1 | # $OpenBSD: putty-ciphers.sh,v 1.2 2008/06/30 10:31:11 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="putty ciphers" | ||
5 | |||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | ||
10 | fatal "putty interop tests not enabled" | ||
11 | fi | ||
12 | |||
13 | for c in aes blowfish 3des arcfour ; do | ||
14 | verbose "$tid: cipher $c" | ||
15 | cp ${OBJ}/.putty/sessions/localhost_proxy \ | ||
16 | ${OBJ}/.putty/sessions/cipher_$c | ||
17 | echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c | ||
18 | |||
19 | rm -f ${COPY} | ||
20 | env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ | ||
21 | 127.0.0.1 cat ${DATA} > ${COPY} | ||
22 | if [ $? -ne 0 ]; then | ||
23 | fail "ssh cat $DATA failed" | ||
24 | fi | ||
25 | cmp ${DATA} ${COPY} || fail "corrupted copy" | ||
26 | done | ||
27 | rm -f ${COPY} | ||
28 | |||
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh new file mode 100644 index 000000000..2534b8575 --- /dev/null +++ b/regress/putty-kex.sh | |||
@@ -0,0 +1,25 @@ | |||
1 | # $OpenBSD: putty-kex.sh,v 1.2 2008/06/30 10:31:11 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="putty KEX" | ||
5 | |||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | ||
10 | fatal "putty interop tests not enabled" | ||
11 | fi | ||
12 | |||
13 | for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do | ||
14 | verbose "$tid: kex $k" | ||
15 | cp ${OBJ}/.putty/sessions/localhost_proxy \ | ||
16 | ${OBJ}/.putty/sessions/kex_$k | ||
17 | echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k | ||
18 | |||
19 | env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \ | ||
20 | 127.0.0.1 true | ||
21 | if [ $? -ne 0 ]; then | ||
22 | fail "KEX $k failed" | ||
23 | fi | ||
24 | done | ||
25 | |||
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh new file mode 100644 index 000000000..6b21f3be7 --- /dev/null +++ b/regress/putty-transfer.sh | |||
@@ -0,0 +1,43 @@ | |||
1 | # $OpenBSD: putty-transfer.sh,v 1.2 2008/06/30 10:31:11 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="putty transfer data" | ||
5 | |||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | ||
10 | fatal "putty interop tests not enabled" | ||
11 | fi | ||
12 | |||
13 | # XXX support protocol 1 too | ||
14 | for p in 2; do | ||
15 | for c in 0 1 ; do | ||
16 | verbose "$tid: proto $p compression $c" | ||
17 | rm -f ${COPY} | ||
18 | cp ${OBJ}/.putty/sessions/localhost_proxy \ | ||
19 | ${OBJ}/.putty/sessions/compression_$c | ||
20 | echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k | ||
21 | env HOME=$PWD ${PLINK} -load compression_$c -batch \ | ||
22 | -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY} | ||
23 | if [ $? -ne 0 ]; then | ||
24 | fail "ssh cat $DATA failed" | ||
25 | fi | ||
26 | cmp ${DATA} ${COPY} || fail "corrupted copy" | ||
27 | |||
28 | for s in 10 100 1k 32k 64k 128k 256k; do | ||
29 | trace "proto $p compression $c dd-size ${s}" | ||
30 | rm -f ${COPY} | ||
31 | dd if=$DATA obs=${s} 2> /dev/null | \ | ||
32 | env HOME=$PWD ${PLINK} -load compression_$c \ | ||
33 | -batch -i putty.rsa$p 127.0.0.1 \ | ||
34 | "cat > ${COPY}" | ||
35 | if [ $? -ne 0 ]; then | ||
36 | fail "ssh cat $DATA failed" | ||
37 | fi | ||
38 | cmp $DATA ${COPY} || fail "corrupted copy" | ||
39 | done | ||
40 | done | ||
41 | done | ||
42 | rm -f ${COPY} | ||
43 | |||
diff --git a/regress/sftp-badcmds.sh b/regress/sftp-badcmds.sh index eac189aaf..b48b1cb01 100644 --- a/regress/sftp-badcmds.sh +++ b/regress/sftp-badcmds.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sftp-badcmds.sh,v 1.2 2003/05/15 04:07:12 mouring Exp $ | 1 | # $OpenBSD: sftp-badcmds.sh,v 1.3 2008/03/24 21:46:54 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sftp invalid commands" | 4 | tid="sftp invalid commands" |
@@ -45,17 +45,6 @@ echo "rename $NONEXIST ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | |||
45 | || fail "rename nonexist failed" | 45 | || fail "rename nonexist failed" |
46 | test -f ${COPY}.1 && fail "file exists after rename nonexistent" | 46 | test -f ${COPY}.1 && fail "file exists after rename nonexistent" |
47 | 47 | ||
48 | rm -f ${COPY} ${COPY}.1 | ||
49 | cp $DATA $COPY | ||
50 | cp $DATA2 ${COPY}.1 | ||
51 | verbose "$tid: rename target exists" | ||
52 | echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
53 | || fail "rename target exists failed" | ||
54 | test -f ${COPY} || fail "oldname missing after rename target exists" | ||
55 | test -f ${COPY}.1 || fail "newname missing after rename target exists" | ||
56 | cmp $DATA ${COPY} >/dev/null 2>&1 || fail "corrupted oldname after rename target exists" | ||
57 | cmp $DATA2 ${COPY}.1 >/dev/null 2>&1 || fail "corrupted newname after rename target exists" | ||
58 | |||
59 | rm -rf ${COPY} ${COPY}.dd | 48 | rm -rf ${COPY} ${COPY}.dd |
60 | cp $DATA $COPY | 49 | cp $DATA $COPY |
61 | mkdir ${COPY}.dd | 50 | mkdir ${COPY}.dd |
diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh index 31b21d1f2..3b453c5e8 100644 --- a/regress/sftp-cmds.sh +++ b/regress/sftp-cmds.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sftp-cmds.sh,v 1.6 2003/10/07 07:04:52 djm Exp $ | 1 | # $OpenBSD: sftp-cmds.sh,v 1.9 2007/12/12 05:04:03 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | # XXX - TODO: | 4 | # XXX - TODO: |
@@ -34,14 +34,22 @@ fi | |||
34 | # Path with embedded quote | 34 | # Path with embedded quote |
35 | QUOTECOPY=${COPY}".\"blah\"" | 35 | QUOTECOPY=${COPY}".\"blah\"" |
36 | QUOTECOPY_ARG=${COPY}'.\"blah\"' | 36 | QUOTECOPY_ARG=${COPY}'.\"blah\"' |
37 | # File with spaces | ||
38 | SPACECOPY="${COPY} this has spaces.txt" | ||
39 | SPACECOPY_ARG="${COPY}\ this\ has\ spaces.txt" | ||
40 | # File with glob metacharacters | ||
41 | GLOBMETACOPY="${COPY} [metachar].txt" | ||
37 | 42 | ||
38 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 | 43 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 |
39 | mkdir ${COPY}.dd | 44 | mkdir ${COPY}.dd |
40 | 45 | ||
41 | verbose "$tid: lls" | 46 | verbose "$tid: lls" |
42 | echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 47 | (echo "lcd ${OBJ}" ; echo "lls") | ${SFTP} -P ${SFTPSERVER} 2>&1 | \ |
43 | || fail "lls failed" | 48 | grep copy.dd >/dev/null 2>&1 || fail "lls failed" |
44 | # XXX always successful | 49 | |
50 | verbose "$tid: lls w/path" | ||
51 | echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} 2>&1 | \ | ||
52 | grep copy.dd >/dev/null 2>&1 || fail "lls w/path failed" | ||
45 | 53 | ||
46 | verbose "$tid: ls" | 54 | verbose "$tid: ls" |
47 | echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 55 | echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ |
@@ -89,12 +97,27 @@ if [ "$os" != "cygwin" ]; then | |||
89 | rm -f ${QUOTECOPY} | 97 | rm -f ${QUOTECOPY} |
90 | cp $DATA ${QUOTECOPY} | 98 | cp $DATA ${QUOTECOPY} |
91 | verbose "$tid: get filename with quotes" | 99 | verbose "$tid: get filename with quotes" |
92 | echo "get \"$QUOTECOPY_ARG\" ${COPY}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 100 | echo "get \"$QUOTECOPY_ARG\" ${COPY}" | \ |
93 | || fail "put failed" | 101 | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ || fail "get failed" |
94 | cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes" | 102 | cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes" |
95 | rm -f ${QUOTECOPY} ${COPY} | 103 | rm -f ${QUOTECOPY} ${COPY} |
96 | fi | 104 | fi |
97 | 105 | ||
106 | rm -f "$SPACECOPY" ${COPY} | ||
107 | cp $DATA "$SPACECOPY" | ||
108 | verbose "$tid: get filename with spaces" | ||
109 | echo "get ${SPACECOPY_ARG} ${COPY}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
110 | || fail "get failed" | ||
111 | cmp ${COPY} "$SPACECOPY" || fail "corrupted copy after get with spaces" | ||
112 | |||
113 | rm -f "$GLOBMETACOPY" ${COPY} | ||
114 | cp $DATA "$GLOBMETACOPY" | ||
115 | verbose "$tid: get filename with glob metacharacters" | ||
116 | echo "get \"${GLOBMETACOPY}\" ${COPY}" | \ | ||
117 | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "get failed" | ||
118 | cmp ${COPY} "$GLOBMETACOPY" || \ | ||
119 | fail "corrupted copy after get with glob metacharacters" | ||
120 | |||
98 | rm -f ${COPY}.dd/* | 121 | rm -f ${COPY}.dd/* |
99 | verbose "$tid: get to directory" | 122 | verbose "$tid: get to directory" |
100 | echo "get $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 123 | echo "get $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ |
@@ -125,18 +148,24 @@ done | |||
125 | 148 | ||
126 | rm -f ${COPY} | 149 | rm -f ${COPY} |
127 | verbose "$tid: put" | 150 | verbose "$tid: put" |
128 | echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 151 | echo "put $DATA $COPY" | \ |
129 | || fail "put failed" | 152 | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed" |
130 | cmp $DATA ${COPY} || fail "corrupted copy after put" | 153 | cmp $DATA ${COPY} || fail "corrupted copy after put" |
131 | 154 | ||
132 | if [ "$os" != "cygwin" ]; then | 155 | if [ "$os" != "cygwin" ]; then |
133 | rm -f ${QUOTECOPY} | 156 | rm -f ${QUOTECOPY} |
134 | verbose "$tid: put filename with quotes" | 157 | verbose "$tid: put filename with quotes" |
135 | echo "put $DATA \"$QUOTECOPY_ARG\"" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 158 | echo "put $DATA \"$QUOTECOPY_ARG\"" | \ |
136 | || fail "put failed" | 159 | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed" |
137 | cmp $DATA ${QUOTECOPY} || fail "corrupted copy after put with quotes" | 160 | cmp $DATA ${QUOTECOPY} || fail "corrupted copy after put with quotes" |
138 | fi | 161 | fi |
139 | 162 | ||
163 | rm -f "$SPACECOPY" | ||
164 | verbose "$tid: put filename with spaces" | ||
165 | echo "put $DATA ${SPACECOPY_ARG}" | \ | ||
166 | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed" | ||
167 | cmp $DATA "$SPACECOPY" || fail "corrupted copy after put with spaces" | ||
168 | |||
140 | rm -f ${COPY}.dd/* | 169 | rm -f ${COPY}.dd/* |
141 | verbose "$tid: put to directory" | 170 | verbose "$tid: put to directory" |
142 | echo "put $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 171 | echo "put $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ |
@@ -145,7 +174,7 @@ cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put" | |||
145 | 174 | ||
146 | rm -f ${COPY}.dd/* | 175 | rm -f ${COPY}.dd/* |
147 | verbose "$tid: glob put to directory" | 176 | verbose "$tid: glob put to directory" |
148 | echo "put /bin/l* ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 177 | echo "put /bin/l? ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ |
149 | || fail "put failed" | 178 | || fail "put failed" |
150 | for x in $GLOBFILES; do | 179 | for x in $GLOBFILES; do |
151 | cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put" | 180 | cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put" |
@@ -159,7 +188,7 @@ cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put" | |||
159 | 188 | ||
160 | rm -f ${COPY}.dd/* | 189 | rm -f ${COPY}.dd/* |
161 | verbose "$tid: glob put to local dir" | 190 | verbose "$tid: glob put to local dir" |
162 | (echo "cd ${COPY}.dd"; echo "put /bin/l*") | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 191 | (echo "cd ${COPY}.dd"; echo "put /bin/l?") | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ |
163 | || fail "put failed" | 192 | || fail "put failed" |
164 | for x in $GLOBFILES; do | 193 | for x in $GLOBFILES; do |
165 | cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put" | 194 | cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put" |
@@ -172,8 +201,9 @@ test -f ${COPY}.1 || fail "missing file after rename" | |||
172 | cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename" | 201 | cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename" |
173 | 202 | ||
174 | verbose "$tid: rename directory" | 203 | verbose "$tid: rename directory" |
175 | echo "rename ${COPY}.dd ${COPY}.dd2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | 204 | echo "rename ${COPY}.dd ${COPY}.dd2" | \ |
176 | || fail "rename directory failed" | 205 | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || \ |
206 | fail "rename directory failed" | ||
177 | test -d ${COPY}.dd && fail "oldname exists after rename directory" | 207 | test -d ${COPY}.dd && fail "oldname exists after rename directory" |
178 | test -d ${COPY}.dd2 || fail "missing newname after rename directory" | 208 | test -d ${COPY}.dd2 || fail "missing newname after rename directory" |
179 | 209 | ||
@@ -207,5 +237,5 @@ echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | |||
207 | || fail "lchdir failed" | 237 | || fail "lchdir failed" |
208 | 238 | ||
209 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 | 239 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 |
210 | 240 | rm -rf ${QUOTECOPY} "$SPACECOPY" "$GLOBMETACOPY" | |
211 | 241 | ||
diff --git a/regress/sftp-glob.sh b/regress/sftp-glob.sh index e238356a2..60116a748 100644 --- a/regress/sftp-glob.sh +++ b/regress/sftp-glob.sh | |||
@@ -1,28 +1,68 @@ | |||
1 | # $OpenBSD: sftp-glob.sh,v 1.1 2004/12/10 01:31:30 fgsch Exp $ | 1 | # $OpenBSD: sftp-glob.sh,v 1.3 2007/10/26 05:30:01 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sftp glob" | 4 | tid="sftp glob" |
5 | 5 | ||
6 | sftp_ls() { | ||
7 | target=$1 | ||
8 | errtag=$2 | ||
9 | expected=$3 | ||
10 | unexpected=$4 | ||
11 | verbose "$tid: $errtag" | ||
12 | printf "ls -l %s" "${target}" | \ | ||
13 | ${SFTP} -b - -P ${SFTPSERVER} 2>/dev/null | \ | ||
14 | grep -v "^sftp>" > ${RESULTS} | ||
15 | if [ $? -ne 0 ]; then | ||
16 | fail "$errtag failed" | ||
17 | fi | ||
18 | if test "x$expected" != "x" ; then | ||
19 | if fgrep "$expected" ${RESULTS} >/dev/null 2>&1 ; then | ||
20 | : | ||
21 | else | ||
22 | fail "$expected missing from $errtag results" | ||
23 | fi | ||
24 | fi | ||
25 | if test "x$unexpected" != "x" && \ | ||
26 | fgrep "$unexpected" ${RESULTS} >/dev/null 2>&1 ; then | ||
27 | fail "$unexpected present in $errtag results" | ||
28 | fi | ||
29 | rm -f ${RESULTS} | ||
30 | } | ||
31 | |||
6 | BASE=${OBJ}/glob | 32 | BASE=${OBJ}/glob |
33 | RESULTS=${OBJ}/results | ||
7 | DIR=${BASE}/dir | 34 | DIR=${BASE}/dir |
8 | DATA=${DIR}/file | 35 | DATA=${DIR}/file |
9 | 36 | ||
37 | GLOB1="${DIR}/g-wild*" | ||
38 | GLOB2="${DIR}/g-wildx" | ||
39 | QUOTE="${DIR}/g-quote\"" | ||
40 | SLASH="${DIR}/g-sl\\ash" | ||
41 | ESLASH="${DIR}/g-slash\\" | ||
42 | QSLASH="${DIR}/g-qs\\\"" | ||
43 | SPACE="${DIR}/g-q space" | ||
44 | |||
10 | rm -rf ${BASE} | 45 | rm -rf ${BASE} |
11 | mkdir -p ${DIR} | 46 | mkdir -p ${DIR} |
12 | touch ${DATA} | 47 | touch "${DATA}" "${GLOB1}" "${GLOB2}" "${QUOTE}" |
13 | 48 | touch "${QSLASH}" "${ESLASH}" "${SLASH}" "${SPACE}" | |
14 | verbose "$tid: ls file" | 49 | |
15 | echo "ls -l ${DIR}/fil*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \ | 50 | # target message expected unexpected |
16 | grep ${DATA} >/dev/null 2>&1 | 51 | sftp_ls "${DIR}/fil*" "file glob" "${DATA}" "" |
17 | if [ $? -ne 0 ]; then | 52 | sftp_ls "${BASE}/d*" "dir glob" "`basename ${DATA}`" "" |
18 | fail "globbed ls file failed" | 53 | sftp_ls "${DIR}/g-wild\"*\"" "quoted glob" "g-wild*" "g-wildx" |
19 | fi | 54 | sftp_ls "${DIR}/g-wild\*" "escaped glob" "g-wild*" "g-wildx" |
20 | 55 | sftp_ls "${DIR}/g-quote\\\"" "escaped quote" "g-quote\"" "" | |
21 | verbose "$tid: ls dir" | 56 | sftp_ls "\"${DIR}/g-quote\\\"\"" "quoted quote" "g-quote\"" "" |
22 | echo "ls -l ${BASE}/d*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \ | 57 | sftp_ls "'${DIR}/g-quote\"'" "single-quoted quote" "g-quote\"" "" |
23 | grep file >/dev/null 2>&1 | 58 | sftp_ls "${DIR}/g-sl\\\\ash" "escaped slash" "g-sl\\ash" "" |
24 | if [ $? -ne 0 ]; then | 59 | sftp_ls "'${DIR}/g-sl\\\\ash'" "quoted slash" "g-sl\\ash" "" |
25 | fail "globbed ls dir failed" | 60 | sftp_ls "${DIR}/g-slash\\\\" "escaped slash at EOL" "g-slash\\" "" |
26 | fi | 61 | sftp_ls "'${DIR}/g-slash\\\\'" "quoted slash at EOL" "g-slash\\" "" |
62 | sftp_ls "${DIR}/g-qs\\\\\\\"" "escaped slash+quote" "g-qs\\\"" "" | ||
63 | sftp_ls "'${DIR}/g-qs\\\\\"'" "quoted slash+quote" "g-qs\\\"" "" | ||
64 | sftp_ls "${DIR}/g-q\\ space" "escaped space" "g-q space" "" | ||
65 | sftp_ls "'${DIR}/g-q space'" "quoted space" "g-q space" "" | ||
27 | 66 | ||
28 | rm -rf ${BASE} | 67 | rm -rf ${BASE} |
68 | |||
diff --git a/regress/ssh2putty.sh b/regress/ssh2putty.sh new file mode 100755 index 000000000..dfdeeff4a --- /dev/null +++ b/regress/ssh2putty.sh | |||
@@ -0,0 +1,33 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then | ||
4 | echo "Usage: ssh2putty hostname port ssh-private-key" | ||
5 | exit 1 | ||
6 | fi | ||
7 | |||
8 | HOST=$1 | ||
9 | PORT=$2 | ||
10 | KEYFILE=$3 | ||
11 | |||
12 | # XXX - support DSA keys too | ||
13 | if grep "BEGIN RSA PRIVATE KEY" $KEYFILE >/dev/null 2>&1 ; then | ||
14 | : | ||
15 | else | ||
16 | echo "Unsupported private key format" | ||
17 | exit 1 | ||
18 | fi | ||
19 | |||
20 | public_exponent=` | ||
21 | openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent | | ||
22 | sed 's/.*(//;s/).*//' | ||
23 | ` | ||
24 | test $? -ne 0 && exit 1 | ||
25 | |||
26 | modulus=` | ||
27 | openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= | | ||
28 | sed 's/^Modulus=/0x/' | tr A-Z a-z | ||
29 | ` | ||
30 | test $? -ne 0 && exit 1 | ||
31 | |||
32 | echo "rsa2@$PORT:$HOST $public_exponent,$modulus" | ||
33 | |||
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 59ae33c08..b54448912 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.35 2008/06/28 13:57:25 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | #SUDO=sudo | 4 | #SUDO=sudo |
@@ -69,6 +69,11 @@ SFTP=sftp | |||
69 | SFTPSERVER=/usr/libexec/openssh/sftp-server | 69 | SFTPSERVER=/usr/libexec/openssh/sftp-server |
70 | SCP=scp | 70 | SCP=scp |
71 | 71 | ||
72 | # Interop testing | ||
73 | PLINK=plink | ||
74 | PUTTYGEN=puttygen | ||
75 | CONCH=conch | ||
76 | |||
72 | if [ "x$TEST_SSH_SSH" != "x" ]; then | 77 | if [ "x$TEST_SSH_SSH" != "x" ]; then |
73 | SSH="${TEST_SSH_SSH}" | 78 | SSH="${TEST_SSH_SSH}" |
74 | fi | 79 | fi |
@@ -96,6 +101,27 @@ fi | |||
96 | if [ "x$TEST_SSH_SCP" != "x" ]; then | 101 | if [ "x$TEST_SSH_SCP" != "x" ]; then |
97 | SCP="${TEST_SSH_SCP}" | 102 | SCP="${TEST_SSH_SCP}" |
98 | fi | 103 | fi |
104 | if [ "x$TEST_SSH_PLINK" != "x" ]; then | ||
105 | # Find real binary, if it exists | ||
106 | case "${TEST_SSH_PLINK}" in | ||
107 | /*) PLINK="${TEST_SSH_PLINK}" ;; | ||
108 | *) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;; | ||
109 | esac | ||
110 | fi | ||
111 | if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then | ||
112 | # Find real binary, if it exists | ||
113 | case "${TEST_SSH_PUTTYGEN}" in | ||
114 | /*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;; | ||
115 | *) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;; | ||
116 | esac | ||
117 | fi | ||
118 | if [ "x$TEST_SSH_CONCH" != "x" ]; then | ||
119 | # Find real binary, if it exists | ||
120 | case "${TEST_SSH_CONCH}" in | ||
121 | /*) CONCH="${TEST_SSH_CONCH}" ;; | ||
122 | *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;; | ||
123 | esac | ||
124 | fi | ||
99 | 125 | ||
100 | # Path to sshd must be absolute for rexec | 126 | # Path to sshd must be absolute for rexec |
101 | case "$SSHD" in | 127 | case "$SSHD" in |
@@ -269,6 +295,49 @@ for t in rsa rsa1; do | |||
269 | done | 295 | done |
270 | chmod 644 $OBJ/authorized_keys_$USER | 296 | chmod 644 $OBJ/authorized_keys_$USER |
271 | 297 | ||
298 | # Activate Twisted Conch tests if the binary is present | ||
299 | REGRESS_INTEROP_CONCH=no | ||
300 | if test -x "$CONCH" ; then | ||
301 | REGRESS_INTEROP_CONCH=yes | ||
302 | fi | ||
303 | |||
304 | # If PuTTY is present and we are running a PuTTY test, prepare keys and | ||
305 | # configuration | ||
306 | REGRESS_INTEROP_PUTTY=no | ||
307 | if test -x "$PUTTYGEN" -a -x "$PLINK" ; then | ||
308 | REGRESS_INTEROP_PUTTY=yes | ||
309 | fi | ||
310 | case "$SCRIPT" in | ||
311 | *putty*) ;; | ||
312 | *) REGRESS_INTEROP_PUTTY=no ;; | ||
313 | esac | ||
314 | |||
315 | if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then | ||
316 | mkdir -p ${OBJ}/.putty | ||
317 | |||
318 | # Add a PuTTY key to authorized_keys | ||
319 | rm -f ${OBJ}/putty.rsa2 | ||
320 | puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null | ||
321 | puttygen -O public-openssh ${OBJ}/putty.rsa2 \ | ||
322 | >> $OBJ/authorized_keys_$USER | ||
323 | |||
324 | # Convert rsa2 host key to PuTTY format | ||
325 | ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \ | ||
326 | ${OBJ}/.putty/sshhostkeys | ||
327 | ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \ | ||
328 | ${OBJ}/.putty/sshhostkeys | ||
329 | |||
330 | # Setup proxied session | ||
331 | mkdir -p ${OBJ}/.putty/sessions | ||
332 | rm -f ${OBJ}/.putty/sessions/localhost_proxy | ||
333 | echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy | ||
334 | echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy | ||
335 | echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy | ||
336 | echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy | ||
337 | |||
338 | REGRESS_INTEROP_PUTTY=yes | ||
339 | fi | ||
340 | |||
272 | # create a proxy version of the client config | 341 | # create a proxy version of the client config |
273 | ( | 342 | ( |
274 | cat $OBJ/ssh_config | 343 | cat $OBJ/ssh_config |
@@ -281,8 +350,8 @@ ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" | |||
281 | start_sshd () | 350 | start_sshd () |
282 | { | 351 | { |
283 | # start sshd | 352 | # start sshd |
284 | $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" | 353 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" |
285 | $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1 | 354 | $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1 |
286 | 355 | ||
287 | trace "wait for sshd" | 356 | trace "wait for sshd" |
288 | i=0; | 357 | i=0; |
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 379fe353a..ef776d2ee 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: try-ciphers.sh,v 1.10 2005/05/24 04:10:54 djm Exp $ | 1 | # $OpenBSD: try-ciphers.sh,v 1.11 2007/06/07 19:41:46 pvalchev Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="try ciphers" | 4 | tid="try ciphers" |
@@ -7,7 +7,7 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc | |||
7 | arcfour128 arcfour256 arcfour | 7 | arcfour128 arcfour256 arcfour |
8 | aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se | 8 | aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se |
9 | aes128-ctr aes192-ctr aes256-ctr" | 9 | aes128-ctr aes192-ctr aes256-ctr" |
10 | macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96" | 10 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" |
11 | 11 | ||
12 | for c in $ciphers; do | 12 | for c in $ciphers; do |
13 | for m in $macs; do | 13 | for m in $macs; do |