diff options
| -rw-r--r-- | regress/agent-timeout.sh | 4 | ||||
| -rw-r--r-- | regress/agent.sh | 8 | ||||
| -rw-r--r-- | regress/broken-pipe.sh | 4 | ||||
| -rw-r--r-- | regress/cfgmatch.sh | 23 | ||||
| -rw-r--r-- | regress/cipher-speed.sh | 8 | ||||
| -rw-r--r-- | regress/connect-privsep.sh | 8 | ||||
| -rw-r--r-- | regress/connect.sh | 4 | ||||
| -rw-r--r-- | regress/dynamic-forward.sh | 4 | ||||
| -rw-r--r-- | regress/exit-status.sh | 4 | ||||
| -rw-r--r-- | regress/forcecommand.sh | 26 | ||||
| -rw-r--r-- | regress/forward-control.sh | 6 | ||||
| -rw-r--r-- | regress/forwarding.sh | 13 | ||||
| -rw-r--r-- | regress/host-expand.sh | 4 | ||||
| -rw-r--r-- | regress/key-options.sh | 10 | ||||
| -rw-r--r-- | regress/keygen-change.sh | 9 | ||||
| -rw-r--r-- | regress/keyscan.sh | 9 | ||||
| -rw-r--r-- | regress/localcommand.sh | 4 | ||||
| -rw-r--r-- | regress/proto-mismatch.sh | 6 | ||||
| -rw-r--r-- | regress/proto-version.sh | 10 | ||||
| -rw-r--r-- | regress/proxy-connect.sh | 6 | ||||
| -rw-r--r-- | regress/reconfigure.sh | 6 | ||||
| -rw-r--r-- | regress/reexec.sh | 4 | ||||
| -rw-r--r-- | regress/stderr-data.sh | 4 | ||||
| -rw-r--r-- | regress/test-exec.sh | 29 | ||||
| -rw-r--r-- | regress/transfer.sh | 4 | ||||
| -rw-r--r-- | regress/try-ciphers.sh | 8 | ||||
| -rw-r--r-- | regress/yes-head.sh | 4 |
27 files changed, 139 insertions, 90 deletions
diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh index 68826594e..9598c2032 100644 --- a/regress/agent-timeout.sh +++ b/regress/agent-timeout.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: agent-timeout.sh,v 1.2 2013/05/17 01:16:09 dtucker Exp $ | 1 | # $OpenBSD: agent-timeout.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="agent timeout test" | 4 | tid="agent timeout test" |
| @@ -12,7 +12,7 @@ if [ $r -ne 0 ]; then | |||
| 12 | fail "could not start ssh-agent: exit code $r" | 12 | fail "could not start ssh-agent: exit code $r" |
| 13 | else | 13 | else |
| 14 | trace "add keys with timeout" | 14 | trace "add keys with timeout" |
| 15 | for t in rsa rsa1; do | 15 | for t in ${SSH_KEYTYPES}; do |
| 16 | ${SSHADD} -t ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1 | 16 | ${SSHADD} -t ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1 |
| 17 | if [ $? -ne 0 ]; then | 17 | if [ $? -ne 0 ]; then |
| 18 | fail "ssh-add did succeed exit code 0" | 18 | fail "ssh-add did succeed exit code 0" |
diff --git a/regress/agent.sh b/regress/agent.sh index caad3c88e..c5e2794b7 100644 --- a/regress/agent.sh +++ b/regress/agent.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: agent.sh,v 1.10 2014/02/27 21:21:25 djm Exp $ | 1 | # $OpenBSD: agent.sh,v 1.11 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="simple agent test" | 4 | tid="simple agent test" |
| @@ -20,7 +20,7 @@ else | |||
| 20 | fi | 20 | fi |
| 21 | trace "overwrite authorized keys" | 21 | trace "overwrite authorized keys" |
| 22 | printf '' > $OBJ/authorized_keys_$USER | 22 | printf '' > $OBJ/authorized_keys_$USER |
| 23 | for t in ed25519 rsa rsa1; do | 23 | for t in ${SSH_KEYTYPES}; do |
| 24 | # generate user key for agent | 24 | # generate user key for agent |
| 25 | rm -f $OBJ/$t-agent | 25 | rm -f $OBJ/$t-agent |
| 26 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ | 26 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ |
| @@ -46,7 +46,7 @@ else | |||
| 46 | fi | 46 | fi |
| 47 | 47 | ||
| 48 | trace "simple connect via agent" | 48 | trace "simple connect via agent" |
| 49 | for p in 1 2; do | 49 | for p in ${SSH_PROTOCOLS}; do |
| 50 | ${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p | 50 | ${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p |
| 51 | r=$? | 51 | r=$? |
| 52 | if [ $r -ne 5$p ]; then | 52 | if [ $r -ne 5$p ]; then |
| @@ -55,7 +55,7 @@ else | |||
| 55 | done | 55 | done |
| 56 | 56 | ||
| 57 | trace "agent forwarding" | 57 | trace "agent forwarding" |
| 58 | for p in 1 2; do | 58 | for p in ${SSH_PROTOCOLS}; do |
| 59 | ${SSH} -A -$p -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 | 59 | ${SSH} -A -$p -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 |
| 60 | r=$? | 60 | r=$? |
| 61 | if [ $r -ne 0 ]; then | 61 | if [ $r -ne 0 ]; then |
diff --git a/regress/broken-pipe.sh b/regress/broken-pipe.sh index c08c849a7..a416f7a3b 100644 --- a/regress/broken-pipe.sh +++ b/regress/broken-pipe.sh | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # $OpenBSD: broken-pipe.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: broken-pipe.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="broken pipe test" | 4 | tid="broken pipe test" |
| 5 | 5 | ||
| 6 | for p in 1 2; do | 6 | for p in ${SSH_PROTOCOLS}; do |
| 7 | trace "protocol $p" | 7 | trace "protocol $p" |
| 8 | for i in 1 2 3 4; do | 8 | for i in 1 2 3 4; do |
| 9 | ${SSH} -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true | 9 | ${SSH} -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true |
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 80cf22930..056296398 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: cfgmatch.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ | 1 | # $OpenBSD: cfgmatch.sh,v 1.9 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="sshd_config match" | 4 | tid="sshd_config match" |
| @@ -56,7 +56,7 @@ start_sshd | |||
| 56 | #set -x | 56 | #set -x |
| 57 | 57 | ||
| 58 | # Test Match + PermitOpen in sshd_config. This should be permitted | 58 | # Test Match + PermitOpen in sshd_config. This should be permitted |
| 59 | for p in 1 2; do | 59 | for p in ${SSH_PROTOCOLS}; do |
| 60 | trace "match permitopen localhost proto $p" | 60 | trace "match permitopen localhost proto $p" |
| 61 | start_client -F $OBJ/ssh_config | 61 | start_client -F $OBJ/ssh_config |
| 62 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 62 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ |
| @@ -65,7 +65,7 @@ for p in 1 2; do | |||
| 65 | done | 65 | done |
| 66 | 66 | ||
| 67 | # Same but from different source. This should not be permitted | 67 | # Same but from different source. This should not be permitted |
| 68 | for p in 1 2; do | 68 | for p in ${SSH_PROTOCOLS}; do |
| 69 | trace "match permitopen proxy proto $p" | 69 | trace "match permitopen proxy proto $p" |
| 70 | start_client -F $OBJ/ssh_proxy | 70 | start_client -F $OBJ/ssh_proxy |
| 71 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 71 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
| @@ -74,11 +74,12 @@ for p in 1 2; do | |||
| 74 | done | 74 | done |
| 75 | 75 | ||
| 76 | # Retry previous with key option, should also be denied. | 76 | # Retry previous with key option, should also be denied. |
| 77 | printf 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER | 77 | cp /dev/null $OBJ/authorized_keys_$USER |
| 78 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 78 | for t in ${SSH_KEYTYPES}; do |
| 79 | printf 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER | 79 | printf 'permitopen="127.0.0.1:'$PORT'" ' >> $OBJ/authorized_keys_$USER |
| 80 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 80 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER |
| 81 | for p in 1 2; do | 81 | done |
| 82 | for p in ${SSH_PROTOCOLS}; do | ||
| 82 | trace "match permitopen proxy w/key opts proto $p" | 83 | trace "match permitopen proxy w/key opts proto $p" |
| 83 | start_client -F $OBJ/ssh_proxy | 84 | start_client -F $OBJ/ssh_proxy |
| 84 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 85 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
| @@ -88,7 +89,7 @@ done | |||
| 88 | 89 | ||
| 89 | # Test both sshd_config and key options permitting the same dst/port pair. | 90 | # Test both sshd_config and key options permitting the same dst/port pair. |
| 90 | # Should be permitted. | 91 | # Should be permitted. |
| 91 | for p in 1 2; do | 92 | for p in ${SSH_PROTOCOLS}; do |
| 92 | trace "match permitopen localhost proto $p" | 93 | trace "match permitopen localhost proto $p" |
| 93 | start_client -F $OBJ/ssh_config | 94 | start_client -F $OBJ/ssh_config |
| 94 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 95 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ |
| @@ -102,7 +103,7 @@ echo "Match User $USER" >>$OBJ/sshd_proxy | |||
| 102 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy | 103 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy |
| 103 | 104 | ||
| 104 | # Test that a Match overrides a PermitOpen in the global section | 105 | # Test that a Match overrides a PermitOpen in the global section |
| 105 | for p in 1 2; do | 106 | for p in ${SSH_PROTOCOLS}; do |
| 106 | trace "match permitopen proxy w/key opts proto $p" | 107 | trace "match permitopen proxy w/key opts proto $p" |
| 107 | start_client -F $OBJ/ssh_proxy | 108 | start_client -F $OBJ/ssh_proxy |
| 108 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 109 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
| @@ -117,7 +118,7 @@ echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy | |||
| 117 | 118 | ||
| 118 | # Test that a rule that doesn't match doesn't override, plus test a | 119 | # Test that a rule that doesn't match doesn't override, plus test a |
| 119 | # PermitOpen entry that's not at the start of the list | 120 | # PermitOpen entry that's not at the start of the list |
| 120 | for p in 1 2; do | 121 | for p in ${SSH_PROTOCOLS}; do |
| 121 | trace "nomatch permitopen proxy w/key opts proto $p" | 122 | trace "nomatch permitopen proxy w/key opts proto $p" |
| 122 | start_client -F $OBJ/ssh_proxy | 123 | start_client -F $OBJ/ssh_proxy |
| 123 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 124 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ |
diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index a6d53a78d..ad2f9b90b 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: cipher-speed.sh,v 1.11 2013/11/21 03:18:51 djm Exp $ | 1 | # $OpenBSD: cipher-speed.sh,v 1.12 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="cipher speed" | 4 | tid="cipher speed" |
| @@ -31,7 +31,11 @@ for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do | |||
| 31 | n=`expr $n + 1` | 31 | n=`expr $n + 1` |
| 32 | done; done | 32 | done; done |
| 33 | 33 | ||
| 34 | ciphers="3des blowfish" | 34 | if ssh_version 1; then |
| 35 | ciphers="3des blowfish" | ||
| 36 | else | ||
| 37 | ciphers="" | ||
| 38 | fi | ||
| 35 | for c in $ciphers; do | 39 | for c in $ciphers; do |
| 36 | trace "proto 1 cipher $c" | 40 | trace "proto 1 cipher $c" |
| 37 | for x in $tries; do | 41 | for x in $tries; do |
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh index 41cb7af69..9a51f5690 100644 --- a/regress/connect-privsep.sh +++ b/regress/connect-privsep.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: connect-privsep.sh,v 1.5 2014/05/04 10:40:59 logan Exp $ | 1 | # $OpenBSD: connect-privsep.sh,v 1.6 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="proxy connect with privsep" | 4 | tid="proxy connect with privsep" |
| @@ -6,7 +6,7 @@ tid="proxy connect with privsep" | |||
| 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig |
| 7 | echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy | 7 | echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy |
| 8 | 8 | ||
| 9 | for p in 1 2; do | 9 | for p in ${SSH_PROTOCOLS}; do |
| 10 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | 10 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true |
| 11 | if [ $? -ne 0 ]; then | 11 | if [ $? -ne 0 ]; then |
| 12 | fail "ssh privsep+proxyconnect protocol $p failed" | 12 | fail "ssh privsep+proxyconnect protocol $p failed" |
| @@ -16,7 +16,7 @@ done | |||
| 16 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy | 16 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy |
| 17 | echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy | 17 | echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy |
| 18 | 18 | ||
| 19 | for p in 1 2; do | 19 | for p in ${SSH_PROTOCOLS}; do |
| 20 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | 20 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true |
| 21 | if [ $? -ne 0 ]; then | 21 | if [ $? -ne 0 ]; then |
| 22 | # XXX replace this with fail once sandbox has stabilised | 22 | # XXX replace this with fail once sandbox has stabilised |
| @@ -27,7 +27,7 @@ done | |||
| 27 | # Because sandbox is sensitive to changes in libc, especially malloc, retest | 27 | # Because sandbox is sensitive to changes in libc, especially malloc, retest |
| 28 | # with every malloc.conf option (and none). | 28 | # with every malloc.conf option (and none). |
| 29 | for m in '' A F G H J P R S X '<' '>'; do | 29 | for m in '' A F G H J P R S X '<' '>'; do |
| 30 | for p in 1 2; do | 30 | for p in ${SSH_PROTOCOLS}; do |
| 31 | env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | 31 | env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true |
| 32 | if [ $? -ne 0 ]; then | 32 | if [ $? -ne 0 ]; then |
| 33 | fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed" | 33 | fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed" |
diff --git a/regress/connect.sh b/regress/connect.sh index 2186fa6e7..f0d55d343 100644 --- a/regress/connect.sh +++ b/regress/connect.sh | |||
| @@ -1,11 +1,11 @@ | |||
| 1 | # $OpenBSD: connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: connect.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="simple connect" | 4 | tid="simple connect" |
| 5 | 5 | ||
| 6 | start_sshd | 6 | start_sshd |
| 7 | 7 | ||
| 8 | for p in 1 2; do | 8 | for p in ${SSH_PROTOCOLS}; do |
| 9 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true | 9 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true |
| 10 | if [ $? -ne 0 ]; then | 10 | if [ $? -ne 0 ]; then |
| 11 | fail "ssh connect with protocol $p failed" | 11 | fail "ssh connect with protocol $p failed" |
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index 42fa8acdc..dd67c9639 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: dynamic-forward.sh,v 1.10 2013/05/17 04:29:14 dtucker Exp $ | 1 | # $OpenBSD: dynamic-forward.sh,v 1.11 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="dynamic forwarding" | 4 | tid="dynamic forwarding" |
| @@ -17,7 +17,7 @@ trace "will use ProxyCommand $proxycmd" | |||
| 17 | 17 | ||
| 18 | start_sshd | 18 | start_sshd |
| 19 | 19 | ||
| 20 | for p in 1 2; do | 20 | for p in ${SSH_PROTOCOLS}; do |
| 21 | n=0 | 21 | n=0 |
| 22 | error="1" | 22 | error="1" |
| 23 | trace "start dynamic forwarding, fork to background" | 23 | trace "start dynamic forwarding, fork to background" |
diff --git a/regress/exit-status.sh b/regress/exit-status.sh index 56b78a622..397d8d732 100644 --- a/regress/exit-status.sh +++ b/regress/exit-status.sh | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # $OpenBSD: exit-status.sh,v 1.6 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: exit-status.sh,v 1.7 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="remote exit status" | 4 | tid="remote exit status" |
| 5 | 5 | ||
| 6 | for p in 1 2; do | 6 | for p in ${SSH_PROTOCOLS}; do |
| 7 | for s in 0 1 4 5 44; do | 7 | for s in 0 1 4 5 44; do |
| 8 | trace "proto $p status $s" | 8 | trace "proto $p status $s" |
| 9 | verbose "test $tid: proto $p status $s" | 9 | verbose "test $tid: proto $p status $s" |
diff --git a/regress/forcecommand.sh b/regress/forcecommand.sh index 44d2b7ffd..8a9b090ea 100644 --- a/regress/forcecommand.sh +++ b/regress/forcecommand.sh | |||
| @@ -1,30 +1,32 @@ | |||
| 1 | # $OpenBSD: forcecommand.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $ | 1 | # $OpenBSD: forcecommand.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="forced command" | 4 | tid="forced command" |
| 5 | 5 | ||
| 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
| 7 | 7 | ||
| 8 | printf 'command="true" ' >$OBJ/authorized_keys_$USER | 8 | cp /dev/null $OBJ/authorized_keys_$USER |
| 9 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 9 | for t in ${SSH_KEYTYPES}; do |
| 10 | printf 'command="true" ' >>$OBJ/authorized_keys_$USER | 10 | printf 'command="true" ' >>$OBJ/authorized_keys_$USER |
| 11 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 11 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER |
| 12 | done | ||
| 12 | 13 | ||
| 13 | for p in 1 2; do | 14 | for p in ${SSH_PROTOCOLS}; do |
| 14 | trace "forced command in key option proto $p" | 15 | trace "forced command in key option proto $p" |
| 15 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || | 16 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || |
| 16 | fail "forced command in key proto $p" | 17 | fail "forced command in key proto $p" |
| 17 | done | 18 | done |
| 18 | 19 | ||
| 19 | printf 'command="false" ' >$OBJ/authorized_keys_$USER | 20 | cp /dev/null $OBJ/authorized_keys_$USER |
| 20 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 21 | for t in ${SSH_KEYTYPES}; do |
| 21 | printf 'command="false" ' >>$OBJ/authorized_keys_$USER | 22 | printf 'command="false" ' >> $OBJ/authorized_keys_$USER |
| 22 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 23 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER |
| 24 | done | ||
| 23 | 25 | ||
| 24 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 26 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
| 25 | echo "ForceCommand true" >> $OBJ/sshd_proxy | 27 | echo "ForceCommand true" >> $OBJ/sshd_proxy |
| 26 | 28 | ||
| 27 | for p in 1 2; do | 29 | for p in ${SSH_PROTOCOLS}; do |
| 28 | trace "forced command in sshd_config overrides key option proto $p" | 30 | trace "forced command in sshd_config overrides key option proto $p" |
| 29 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || | 31 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || |
| 30 | fail "forced command in key proto $p" | 32 | fail "forced command in key proto $p" |
| @@ -35,7 +37,7 @@ echo "ForceCommand false" >> $OBJ/sshd_proxy | |||
| 35 | echo "Match User $USER" >> $OBJ/sshd_proxy | 37 | echo "Match User $USER" >> $OBJ/sshd_proxy |
| 36 | echo " ForceCommand true" >> $OBJ/sshd_proxy | 38 | echo " ForceCommand true" >> $OBJ/sshd_proxy |
| 37 | 39 | ||
| 38 | for p in 1 2; do | 40 | for p in ${SSH_PROTOCOLS}; do |
| 39 | trace "forced command with match proto $p" | 41 | trace "forced command with match proto $p" |
| 40 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || | 42 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || |
| 41 | fail "forced command in key proto $p" | 43 | fail "forced command in key proto $p" |
diff --git a/regress/forward-control.sh b/regress/forward-control.sh index 7f7d105e8..91957098f 100644 --- a/regress/forward-control.sh +++ b/regress/forward-control.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: forward-control.sh,v 1.2 2013/11/18 05:09:32 naddy Exp $ | 1 | # $OpenBSD: forward-control.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="sshd control of local and remote forwarding" | 4 | tid="sshd control of local and remote forwarding" |
| @@ -99,7 +99,7 @@ cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak | |||
| 99 | cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak | 99 | cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak |
| 100 | 100 | ||
| 101 | # Sanity check: ensure the default config allows forwarding | 101 | # Sanity check: ensure the default config allows forwarding |
| 102 | for p in 1 2 ; do | 102 | for p in ${SSH_PROTOCOLS} ; do |
| 103 | check_lfwd $p Y "proto $p, default configuration" | 103 | check_lfwd $p Y "proto $p, default configuration" |
| 104 | check_rfwd $p Y "proto $p, default configuration" | 104 | check_rfwd $p Y "proto $p, default configuration" |
| 105 | done | 105 | done |
| @@ -115,7 +115,7 @@ all_tests() { | |||
| 115 | _permit_rfwd=$7 | 115 | _permit_rfwd=$7 |
| 116 | _badfwd=127.0.0.1:22 | 116 | _badfwd=127.0.0.1:22 |
| 117 | _goodfwd=127.0.0.1:${PORT} | 117 | _goodfwd=127.0.0.1:${PORT} |
| 118 | for _proto in 1 2 ; do | 118 | for _proto in ${SSH_PROTOCOLS} ; do |
| 119 | cp ${OBJ}/authorized_keys_${USER}.bak \ | 119 | cp ${OBJ}/authorized_keys_${USER}.bak \ |
| 120 | ${OBJ}/authorized_keys_${USER} | 120 | ${OBJ}/authorized_keys_${USER} |
| 121 | _prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd" | 121 | _prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd" |
diff --git a/regress/forwarding.sh b/regress/forwarding.sh index 0eee3176a..fb4f35aff 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: forwarding.sh,v 1.14 2015/02/23 20:32:15 djm Exp $ | 1 | # $OpenBSD: forwarding.sh,v 1.15 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="local and remote forwarding" | 4 | tid="local and remote forwarding" |
| @@ -23,8 +23,11 @@ for j in 0 1 2; do | |||
| 23 | last=$a | 23 | last=$a |
| 24 | done | 24 | done |
| 25 | done | 25 | done |
| 26 | for p in 1 2; do | 26 | for p in ${SSH_PROTOCOLS}; do |
| 27 | q=`expr 3 - $p` | 27 | q=`expr 3 - $p` |
| 28 | if ! ssh_version $q; then | ||
| 29 | q=$p | ||
| 30 | fi | ||
| 28 | trace "start forwarding, fork to background" | 31 | trace "start forwarding, fork to background" |
| 29 | ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 | 32 | ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 |
| 30 | 33 | ||
| @@ -37,7 +40,7 @@ for p in 1 2; do | |||
| 37 | sleep 10 | 40 | sleep 10 |
| 38 | done | 41 | done |
| 39 | 42 | ||
| 40 | for p in 1 2; do | 43 | for p in ${SSH_PROTOCOLS}; do |
| 41 | for d in L R; do | 44 | for d in L R; do |
| 42 | trace "exit on -$d forward failure, proto $p" | 45 | trace "exit on -$d forward failure, proto $p" |
| 43 | 46 | ||
| @@ -67,7 +70,7 @@ for d in L R; do | |||
| 67 | done | 70 | done |
| 68 | done | 71 | done |
| 69 | 72 | ||
| 70 | for p in 1 2; do | 73 | for p in ${SSH_PROTOCOLS}; do |
| 71 | trace "simple clear forwarding proto $p" | 74 | trace "simple clear forwarding proto $p" |
| 72 | ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true | 75 | ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true |
| 73 | 76 | ||
| @@ -110,7 +113,7 @@ done | |||
| 110 | 113 | ||
| 111 | echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config | 114 | echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config |
| 112 | echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config | 115 | echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config |
| 113 | for p in 1 2; do | 116 | for p in ${SSH_PROTOCOLS}; do |
| 114 | trace "config file: start forwarding, fork to background" | 117 | trace "config file: start forwarding, fork to background" |
| 115 | ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10 | 118 | ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10 |
| 116 | 119 | ||
diff --git a/regress/host-expand.sh b/regress/host-expand.sh index 6cc0e6055..2a95bfe1b 100644 --- a/regress/host-expand.sh +++ b/regress/host-expand.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: host-expand.sh,v 1.3 2014/02/27 23:17:41 djm Exp $ | 1 | # $OpenBSD: host-expand.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="expand %h and %n" | 4 | tid="expand %h and %n" |
| @@ -11,7 +11,7 @@ somehost | |||
| 11 | 127.0.0.1 | 11 | 127.0.0.1 |
| 12 | EOE | 12 | EOE |
| 13 | 13 | ||
| 14 | for p in 1 2; do | 14 | for p in ${SSH_PROTOCOLS}; do |
| 15 | verbose "test $tid: proto $p" | 15 | verbose "test $tid: proto $p" |
| 16 | ${SSH} -F $OBJ/ssh_proxy -$p somehost true >$OBJ/actual | 16 | ${SSH} -F $OBJ/ssh_proxy -$p somehost true >$OBJ/actual |
| 17 | diff $OBJ/expect $OBJ/actual || fail "$tid proto $p" | 17 | diff $OBJ/expect $OBJ/actual || fail "$tid proto $p" |
diff --git a/regress/key-options.sh b/regress/key-options.sh index f98d78b30..7a68ad358 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $ | 1 | # $OpenBSD: key-options.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="key options" | 4 | tid="key options" |
| @@ -8,7 +8,7 @@ authkeys="$OBJ/authorized_keys_${USER}" | |||
| 8 | cp $authkeys $origkeys | 8 | cp $authkeys $origkeys |
| 9 | 9 | ||
| 10 | # Test command= forced command | 10 | # Test command= forced command |
| 11 | for p in 1 2; do | 11 | for p in ${SSH_PROTOCOLS}; do |
| 12 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do | 12 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do |
| 13 | sed "s/.*/$c &/" $origkeys >$authkeys | 13 | sed "s/.*/$c &/" $origkeys >$authkeys |
| 14 | verbose "key option proto $p $c" | 14 | verbose "key option proto $p $c" |
| @@ -24,7 +24,7 @@ done | |||
| 24 | 24 | ||
| 25 | # Test no-pty | 25 | # Test no-pty |
| 26 | sed 's/.*/no-pty &/' $origkeys >$authkeys | 26 | sed 's/.*/no-pty &/' $origkeys >$authkeys |
| 27 | for p in 1 2; do | 27 | for p in ${SSH_PROTOCOLS}; do |
| 28 | verbose "key option proto $p no-pty" | 28 | verbose "key option proto $p no-pty" |
| 29 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` | 29 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` |
| 30 | if [ -f "$r" ]; then | 30 | if [ -f "$r" ]; then |
| @@ -35,7 +35,7 @@ done | |||
| 35 | # Test environment= | 35 | # Test environment= |
| 36 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy | 36 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy |
| 37 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys | 37 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys |
| 38 | for p in 1 2; do | 38 | for p in ${SSH_PROTOCOLS}; do |
| 39 | verbose "key option proto $p environment" | 39 | verbose "key option proto $p environment" |
| 40 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` | 40 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` |
| 41 | if [ "$r" != "bar" ]; then | 41 | if [ "$r" != "bar" ]; then |
| @@ -45,7 +45,7 @@ done | |||
| 45 | 45 | ||
| 46 | # Test from= restriction | 46 | # Test from= restriction |
| 47 | start_sshd | 47 | start_sshd |
| 48 | for p in 1 2; do | 48 | for p in ${SSH_PROTOCOLS}; do |
| 49 | for f in 127.0.0.1 '127.0.0.0\/8'; do | 49 | for f in 127.0.0.1 '127.0.0.0\/8'; do |
| 50 | cat $origkeys >$authkeys | 50 | cat $origkeys >$authkeys |
| 51 | ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true | 51 | ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true |
diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh index 04a0d54fc..e56185050 100644 --- a/regress/keygen-change.sh +++ b/regress/keygen-change.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: keygen-change.sh,v 1.4 2015/01/13 08:23:26 djm Exp $ | 1 | # $OpenBSD: keygen-change.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="change passphrase for key" | 4 | tid="change passphrase for key" |
| @@ -6,7 +6,12 @@ tid="change passphrase for key" | |||
| 6 | S1="secret1" | 6 | S1="secret1" |
| 7 | S2="2secret" | 7 | S2="2secret" |
| 8 | 8 | ||
| 9 | for t in `${SSH} -Q key-plain` ; do | 9 | KEYTYPES=`${SSH} -Q key-plain` |
| 10 | if ssh_version 1; then | ||
| 11 | KEYTYPES="${KEYTYPES} rsa1" | ||
| 12 | fi | ||
| 13 | |||
| 14 | for t in $KEYTYPES; do | ||
| 10 | # generate user key for agent | 15 | # generate user key for agent |
| 11 | trace "generating $t key" | 16 | trace "generating $t key" |
| 12 | rm -f $OBJ/$t-key | 17 | rm -f $OBJ/$t-key |
diff --git a/regress/keyscan.sh b/regress/keyscan.sh index 33f14f0fc..886f3295a 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: keyscan.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: keyscan.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="keyscan" | 4 | tid="keyscan" |
| @@ -8,7 +8,12 @@ rm -f ${OBJ}/host.dsa | |||
| 8 | 8 | ||
| 9 | start_sshd | 9 | start_sshd |
| 10 | 10 | ||
| 11 | for t in rsa1 rsa dsa; do | 11 | KEYTYPES="rsa dsa" |
| 12 | if ssh_version 1; then | ||
| 13 | KEYTYPES="${KEYTYPES} rsa1" | ||
| 14 | fi | ||
| 15 | |||
| 16 | for t in $KEYTYPES; do | ||
| 12 | trace "keyscan type $t" | 17 | trace "keyscan type $t" |
| 13 | ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ | 18 | ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ |
| 14 | > /dev/null 2>&1 | 19 | > /dev/null 2>&1 |
diff --git a/regress/localcommand.sh b/regress/localcommand.sh index 8a9b56971..220f19a4d 100644 --- a/regress/localcommand.sh +++ b/regress/localcommand.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: localcommand.sh,v 1.2 2013/05/17 10:24:48 dtucker Exp $ | 1 | # $OpenBSD: localcommand.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="localcommand" | 4 | tid="localcommand" |
| @@ -6,7 +6,7 @@ tid="localcommand" | |||
| 6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy | 6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy |
| 7 | echo 'LocalCommand echo foo' >> $OBJ/ssh_proxy | 7 | echo 'LocalCommand echo foo' >> $OBJ/ssh_proxy |
| 8 | 8 | ||
| 9 | for p in 1 2; do | 9 | for p in ${SSH_PROTOCOLS}; do |
| 10 | verbose "test $tid: proto $p localcommand" | 10 | verbose "test $tid: proto $p localcommand" |
| 11 | a=`${SSH} -F $OBJ/ssh_proxy -$p somehost true` | 11 | a=`${SSH} -F $OBJ/ssh_proxy -$p somehost true` |
| 12 | if [ "$a" != "foo" ] ; then | 12 | if [ "$a" != "foo" ] ; then |
diff --git a/regress/proto-mismatch.sh b/regress/proto-mismatch.sh index fb521f214..9e8024beb 100644 --- a/regress/proto-mismatch.sh +++ b/regress/proto-mismatch.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: proto-mismatch.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: proto-mismatch.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="protocol version mismatch" | 4 | tid="protocol version mismatch" |
| @@ -16,4 +16,6 @@ mismatch () | |||
| 16 | } | 16 | } |
| 17 | 17 | ||
| 18 | mismatch 2 SSH-1.5-HALLO | 18 | mismatch 2 SSH-1.5-HALLO |
| 19 | mismatch 1 SSH-2.0-HALLO | 19 | if ssh_version 1; then |
| 20 | mismatch 1 SSH-2.0-HALLO | ||
| 21 | fi | ||
diff --git a/regress/proto-version.sh b/regress/proto-version.sh index b876dd7ec..cf4946115 100644 --- a/regress/proto-version.sh +++ b/regress/proto-version.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: proto-version.sh,v 1.4 2013/05/17 00:37:40 dtucker Exp $ | 1 | # $OpenBSD: proto-version.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="sshd version with different protocol combinations" | 4 | tid="sshd version with different protocol combinations" |
| @@ -28,7 +28,9 @@ check_version () | |||
| 28 | fi | 28 | fi |
| 29 | } | 29 | } |
| 30 | 30 | ||
| 31 | check_version 2,1 199 | ||
| 32 | check_version 1,2 199 | ||
| 33 | check_version 2 20 | 31 | check_version 2 20 |
| 34 | check_version 1 15 | 32 | if ssh_version 1; then |
| 33 | check_version 2,1 199 | ||
| 34 | check_version 1,2 199 | ||
| 35 | check_version 1 15 | ||
| 36 | fi | ||
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index 023ba7367..f816962b5 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: proxy-connect.sh,v 1.7 2014/05/03 18:46:14 dtucker Exp $ | 1 | # $OpenBSD: proxy-connect.sh,v 1.8 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="proxy connect" | 4 | tid="proxy connect" |
| @@ -9,7 +9,7 @@ for ps in no yes; do | |||
| 9 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy | 9 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy |
| 10 | echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy | 10 | echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy |
| 11 | 11 | ||
| 12 | for p in 1 2; do | 12 | for p in ${SSH_PROTOCOLS}; do |
| 13 | for c in no yes; do | 13 | for c in no yes; do |
| 14 | verbose "plain username protocol $p privsep=$ps comp=$c" | 14 | verbose "plain username protocol $p privsep=$ps comp=$c" |
| 15 | opts="-$p -oCompression=$c -F $OBJ/ssh_proxy" | 15 | opts="-$p -oCompression=$c -F $OBJ/ssh_proxy" |
| @@ -24,7 +24,7 @@ for ps in no yes; do | |||
| 24 | done | 24 | done |
| 25 | done | 25 | done |
| 26 | 26 | ||
| 27 | for p in 1 2; do | 27 | for p in ${SSH_PROTOCOLS}; do |
| 28 | verbose "username with style protocol $p" | 28 | verbose "username with style protocol $p" |
| 29 | ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \ | 29 | ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \ |
| 30 | fail "ssh proxyconnect protocol $p failed" | 30 | fail "ssh proxyconnect protocol $p failed" |
diff --git a/regress/reconfigure.sh b/regress/reconfigure.sh index e6af9eab1..eecddd3c7 100644 --- a/regress/reconfigure.sh +++ b/regress/reconfigure.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: reconfigure.sh,v 1.4 2015/01/14 09:58:21 markus Exp $ | 1 | # $OpenBSD: reconfigure.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="simple connect after reconfigure" | 4 | tid="simple connect after reconfigure" |
| @@ -18,7 +18,7 @@ fi | |||
| 18 | start_sshd | 18 | start_sshd |
| 19 | 19 | ||
| 20 | trace "connect before restart" | 20 | trace "connect before restart" |
| 21 | for p in 1 2; do | 21 | for p in ${SSH_PROTOCOLS} ; do |
| 22 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true | 22 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true |
| 23 | if [ $? -ne 0 ]; then | 23 | if [ $? -ne 0 ]; then |
| 24 | fail "ssh connect with protocol $p failed before reconfigure" | 24 | fail "ssh connect with protocol $p failed before reconfigure" |
| @@ -39,7 +39,7 @@ done | |||
| 39 | test -f $PIDFILE || fatal "sshd did not restart" | 39 | test -f $PIDFILE || fatal "sshd did not restart" |
| 40 | 40 | ||
| 41 | trace "connect after restart" | 41 | trace "connect after restart" |
| 42 | for p in 1 2; do | 42 | for p in ${SSH_PROTOCOLS} ; do |
| 43 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true | 43 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true |
| 44 | if [ $? -ne 0 ]; then | 44 | if [ $? -ne 0 ]; then |
| 45 | fail "ssh connect with protocol $p failed after reconfigure" | 45 | fail "ssh connect with protocol $p failed after reconfigure" |
diff --git a/regress/reexec.sh b/regress/reexec.sh index 433573f06..5c0a7b46f 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: reexec.sh,v 1.7 2013/05/17 10:23:52 dtucker Exp $ | 1 | # $OpenBSD: reexec.sh,v 1.8 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="reexec tests" | 4 | tid="reexec tests" |
| @@ -19,7 +19,7 @@ start_sshd_copy () | |||
| 19 | copy_tests () | 19 | copy_tests () |
| 20 | { | 20 | { |
| 21 | rm -f ${COPY} | 21 | rm -f ${COPY} |
| 22 | for p in 1 2; do | 22 | for p in ${SSH_PROTOCOLS} ; do |
| 23 | verbose "$tid: proto $p" | 23 | verbose "$tid: proto $p" |
| 24 | ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ | 24 | ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ |
| 25 | cat ${DATA} > ${COPY} | 25 | cat ${DATA} > ${COPY} |
diff --git a/regress/stderr-data.sh b/regress/stderr-data.sh index b0bd2355c..8c8149a73 100644 --- a/regress/stderr-data.sh +++ b/regress/stderr-data.sh | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | # $OpenBSD: stderr-data.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ | 1 | # $OpenBSD: stderr-data.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="stderr data transfer" | 4 | tid="stderr data transfer" |
| 5 | 5 | ||
| 6 | for n in '' -n; do | 6 | for n in '' -n; do |
| 7 | for p in 1 2; do | 7 | for p in ${SSH_PROTOCOLS}; do |
| 8 | verbose "test $tid: proto $p ($n)" | 8 | verbose "test $tid: proto $p ($n)" |
| 9 | ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ | 9 | ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ |
| 10 | exec sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ | 10 | exec sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ |
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index ff0768a04..12ba094a9 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: test-exec.sh,v 1.48 2014/07/06 07:42:03 djm Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | #SUDO=sudo | 4 | #SUDO=sudo |
| @@ -130,6 +130,11 @@ if [ "x$TEST_SSH_CONCH" != "x" ]; then | |||
| 130 | esac | 130 | esac |
| 131 | fi | 131 | fi |
| 132 | 132 | ||
| 133 | SSH_PROTOCOLS=`$SSH -Q protocol-version` | ||
| 134 | if [ "x$TEST_SSH_PROTOCOLS" != "x" ]; then | ||
| 135 | SSH_PROTOCOLS="${TEST_SSH_PROTOCOLS}" | ||
| 136 | fi | ||
| 137 | |||
| 133 | # Path to sshd must be absolute for rexec | 138 | # Path to sshd must be absolute for rexec |
| 134 | case "$SSHD" in | 139 | case "$SSHD" in |
| 135 | /*) ;; | 140 | /*) ;; |
| @@ -374,16 +379,27 @@ fatal () | |||
| 374 | exit $RESULT | 379 | exit $RESULT |
| 375 | } | 380 | } |
| 376 | 381 | ||
| 382 | ssh_version () | ||
| 383 | { | ||
| 384 | echo ${SSH_PROTOCOLS} | grep -q "$1" | ||
| 385 | } | ||
| 386 | |||
| 377 | RESULT=0 | 387 | RESULT=0 |
| 378 | PIDFILE=$OBJ/pidfile | 388 | PIDFILE=$OBJ/pidfile |
| 379 | 389 | ||
| 380 | trap fatal 3 2 | 390 | trap fatal 3 2 |
| 381 | 391 | ||
| 392 | if ssh_version 1; then | ||
| 393 | PROTO="2,1" | ||
| 394 | else | ||
| 395 | PROTO="2" | ||
| 396 | fi | ||
| 397 | |||
| 382 | # create server config | 398 | # create server config |
| 383 | cat << EOF > $OBJ/sshd_config | 399 | cat << EOF > $OBJ/sshd_config |
| 384 | StrictModes no | 400 | StrictModes no |
| 385 | Port $PORT | 401 | Port $PORT |
| 386 | Protocol 2,1 | 402 | Protocol $PROTO |
| 387 | AddressFamily inet | 403 | AddressFamily inet |
| 388 | ListenAddress 127.0.0.1 | 404 | ListenAddress 127.0.0.1 |
| 389 | #ListenAddress ::1 | 405 | #ListenAddress ::1 |
| @@ -409,7 +425,7 @@ echo 'StrictModes no' >> $OBJ/sshd_proxy | |||
| 409 | # create client config | 425 | # create client config |
| 410 | cat << EOF > $OBJ/ssh_config | 426 | cat << EOF > $OBJ/ssh_config |
| 411 | Host * | 427 | Host * |
| 412 | Protocol 2,1 | 428 | Protocol $PROTO |
| 413 | Hostname 127.0.0.1 | 429 | Hostname 127.0.0.1 |
| 414 | HostKeyAlias localhost-with-alias | 430 | HostKeyAlias localhost-with-alias |
| 415 | Port $PORT | 431 | Port $PORT |
| @@ -434,8 +450,13 @@ fi | |||
| 434 | 450 | ||
| 435 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER | 451 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
| 436 | 452 | ||
| 453 | if ssh_version 1; then | ||
| 454 | SSH_KEYTYPES="rsa rsa1" | ||
| 455 | else | ||
| 456 | SSH_KEYTYPES="rsa ed25519" | ||
| 457 | fi | ||
| 437 | trace "generate keys" | 458 | trace "generate keys" |
| 438 | for t in rsa rsa1; do | 459 | for t in ${SSH_KEYTYPES}; do |
| 439 | # generate user key | 460 | # generate user key |
| 440 | if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then | 461 | if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then |
| 441 | rm -f $OBJ/$t | 462 | rm -f $OBJ/$t |
diff --git a/regress/transfer.sh b/regress/transfer.sh index 1ae3ef5bf..36c14634a 100644 --- a/regress/transfer.sh +++ b/regress/transfer.sh | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # $OpenBSD: transfer.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ | 1 | # $OpenBSD: transfer.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="transfer data" | 4 | tid="transfer data" |
| 5 | 5 | ||
| 6 | for p in 1 2; do | 6 | for p in ${SSH_PROTOCOLS}; do |
| 7 | verbose "$tid: proto $p" | 7 | verbose "$tid: proto $p" |
| 8 | rm -f ${COPY} | 8 | rm -f ${COPY} |
| 9 | ${SSH} -n -q -$p -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY} | 9 | ${SSH} -n -q -$p -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY} |
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 2881ce16c..4165c7b88 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: try-ciphers.sh,v 1.23 2014/04/21 22:15:37 djm Exp $ | 1 | # $OpenBSD: try-ciphers.sh,v 1.24 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="try ciphers" | 4 | tid="try ciphers" |
| @@ -26,7 +26,11 @@ for c in `${SSH} -Q cipher`; do | |||
| 26 | done | 26 | done |
| 27 | done | 27 | done |
| 28 | 28 | ||
| 29 | ciphers="3des blowfish" | 29 | if ssh_version 1; then |
| 30 | ciphers="3des blowfish" | ||
| 31 | else | ||
| 32 | ciphers="" | ||
| 33 | fi | ||
| 30 | for c in $ciphers; do | 34 | for c in $ciphers; do |
| 31 | trace "proto 1 cipher $c" | 35 | trace "proto 1 cipher $c" |
| 32 | verbose "test $tid: proto 1 cipher $c" | 36 | verbose "test $tid: proto 1 cipher $c" |
diff --git a/regress/yes-head.sh b/regress/yes-head.sh index a8e6bc800..1fc754211 100644 --- a/regress/yes-head.sh +++ b/regress/yes-head.sh | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | # $OpenBSD: yes-head.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: yes-head.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="yes pipe head" | 4 | tid="yes pipe head" |
| 5 | 5 | ||
| 6 | for p in 1 2; do | 6 | for p in ${SSH_PROTOCOLS}; do |
| 7 | lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` | 7 | lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` |
| 8 | if [ $? -ne 0 ]; then | 8 | if [ $? -ne 0 ]; then |
| 9 | fail "yes|head test failed" | 9 | fail "yes|head test failed" |