diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | regress/Makefile | 5 | ||||
-rw-r--r-- | regress/forwarding.sh | 6 | ||||
-rw-r--r-- | regress/integrity.sh | 11 | ||||
-rw-r--r-- | regress/rekey.sh | 5 | ||||
-rw-r--r-- | regress/sshd-log-wrapper.sh | 4 | ||||
-rw-r--r-- | regress/test-exec.sh | 44 |
7 files changed, 59 insertions, 23 deletions
@@ -14,6 +14,13 @@ | |||
14 | Split the regress log into 3 parts: the debug output from ssh, the debug | 14 | Split the regress log into 3 parts: the debug output from ssh, the debug |
15 | log from sshd and the output from the client command (ssh, scp or sftp). | 15 | log from sshd and the output from the client command (ssh, scp or sftp). |
16 | Somewhat functional now, will become more useful when ssh/sshd -E is added. | 16 | Somewhat functional now, will become more useful when ssh/sshd -E is added. |
17 | - dtucker@cvs.openbsd.org 2013/04/07 02:16:03 | ||
18 | [regress/Makefile regress/rekey.sh regress/integrity.sh | ||
19 | regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh] | ||
20 | use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and | ||
21 | save the output from any failing tests. If a test fails the debug output | ||
22 | from ssh and sshd for the failing tests (and only the failing tests) should | ||
23 | be available in failed-ssh{,d}.log. | ||
17 | 24 | ||
18 | 20130516 | 25 | 20130516 |
19 | - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be | 26 | - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be |
diff --git a/regress/Makefile b/regress/Makefile index b99bd3e83..4ac5b4d42 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.63 2013/04/06 06:00:22 dtucker Exp $ | 1 | # $OpenBSD: Makefile,v 1.64 2013/04/07 02:16:03 dtucker Exp $ |
2 | 2 | ||
3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec | 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec |
4 | tests: $(REGRESS_TARGETS) | 4 | tests: $(REGRESS_TARGETS) |
@@ -83,7 +83,8 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ | |||
83 | key.rsa-* key.dsa-* key.ecdsa-* \ | 83 | key.rsa-* key.dsa-* key.ecdsa-* \ |
84 | authorized_principals_${USER} expect actual ready \ | 84 | authorized_principals_${USER} expect actual ready \ |
85 | sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \ | 85 | sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \ |
86 | ssh.log sshd.log regress.log | 86 | ssh.log failed-ssh.log sshd.log failed-sshd.log \ |
87 | regress.log failed-regress.log ssh-log-wrapper.sh | ||
87 | 88 | ||
88 | # Enable all malloc(3) randomisations and checks | 89 | # Enable all malloc(3) randomisations and checks |
89 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | 90 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" |
diff --git a/regress/forwarding.sh b/regress/forwarding.sh index f9c367beb..6a7003070 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: forwarding.sh,v 1.8 2012/06/01 00:47:35 djm Exp $ | 1 | # $OpenBSD: forwarding.sh,v 1.9 2013/04/07 02:16:03 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="local and remote forwarding" | 4 | tid="local and remote forwarding" |
@@ -75,7 +75,7 @@ for p in 1 2; do | |||
75 | else | 75 | else |
76 | # this one should fail | 76 | # this one should fail |
77 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ | 77 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ |
78 | 2>>$TEST_SSH_LOGFILE && \ | 78 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ |
79 | fail "local forwarding not cleared" | 79 | fail "local forwarding not cleared" |
80 | fi | 80 | fi |
81 | sleep 10 | 81 | sleep 10 |
@@ -88,7 +88,7 @@ for p in 1 2; do | |||
88 | else | 88 | else |
89 | # this one should fail | 89 | # this one should fail |
90 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ | 90 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ |
91 | 2>>$TEST_SSH_LOGFILE && \ | 91 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ |
92 | fail "remote forwarding not cleared" | 92 | fail "remote forwarding not cleared" |
93 | fi | 93 | fi |
94 | sleep 10 | 94 | sleep 10 |
diff --git a/regress/integrity.sh b/regress/integrity.sh index 1bd330a18..3950b7d1f 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: integrity.sh,v 1.8 2013/04/06 06:00:22 dtucker Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.9 2013/04/07 02:16:03 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="integrity" | 4 | tid="integrity" |
@@ -47,14 +47,15 @@ for m in $macs; do | |||
47 | aes*gcm*) macopt="-c $m";; | 47 | aes*gcm*) macopt="-c $m";; |
48 | *) macopt="-m $m";; | 48 | *) macopt="-m $m";; |
49 | esac | 49 | esac |
50 | output=`${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 50 | verbose "test $tid: $m @$off $output" |
51 | 999.999.999.999 'printf "%4096s" " "' 2>&1` | 51 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
52 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | ||
52 | if [ $? -eq 0 ]; then | 53 | if [ $? -eq 0 ]; then |
53 | fail "ssh -m $m succeeds with bit-flip at $off" | 54 | fail "ssh -m $m succeeds with bit-flip at $off" |
54 | fi | 55 | fi |
55 | ecnt=`expr $ecnt + 1` | 56 | ecnt=`expr $ecnt + 1` |
56 | output=`echo $output | tr -s '\r\n' '.'` | 57 | output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ |
57 | verbose "test $tid: $m @$off $output" | 58 | tr -s '\r\n' '.') |
58 | case "$output" in | 59 | case "$output" in |
59 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; | 60 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; |
60 | Corrupted?MAC* | Decryption?integrity?check?failed*) | 61 | Corrupted?MAC* | Decryption?integrity?check?failed*) |
diff --git a/regress/rekey.sh b/regress/rekey.sh index b23cfca70..d2542ecd4 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: rekey.sh,v 1.2 2013/04/06 06:00:22 dtucker Exp $ | 1 | # $OpenBSD: rekey.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="rekey during transfer data" | 4 | tid="rekey during transfer data" |
@@ -16,8 +16,7 @@ for s in 16 1k 128k 256k; do | |||
16 | rm -f ${COPY} | 16 | rm -f ${COPY} |
17 | cat $DATA | \ | 17 | cat $DATA | \ |
18 | ${SSH} -oCompression=no -oRekeyLimit=$s \ | 18 | ${SSH} -oCompression=no -oRekeyLimit=$s \ |
19 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" \ | 19 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" |
20 | 2> ${LOG} | ||
21 | if [ $? -ne 0 ]; then | 20 | if [ $? -ne 0 ]; then |
22 | fail "ssh failed" | 21 | fail "ssh failed" |
23 | fi | 22 | fi |
diff --git a/regress/sshd-log-wrapper.sh b/regress/sshd-log-wrapper.sh index c7a5ef3a6..a9386be4d 100644 --- a/regress/sshd-log-wrapper.sh +++ b/regress/sshd-log-wrapper.sh | |||
@@ -1,5 +1,5 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # $OpenBSD: sshd-log-wrapper.sh,v 1.2 2005/02/27 11:40:30 dtucker Exp $ | 2 | # $OpenBSD: sshd-log-wrapper.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $ |
3 | # Placed in the Public Domain. | 3 | # Placed in the Public Domain. |
4 | # | 4 | # |
5 | # simple wrapper for sshd proxy mode to catch stderr output | 5 | # simple wrapper for sshd proxy mode to catch stderr output |
@@ -10,4 +10,4 @@ log=$2 | |||
10 | shift | 10 | shift |
11 | shift | 11 | shift |
12 | 12 | ||
13 | exec $sshd $@ -e 2>>$log | 13 | exec $sshd -E$log $@ |
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index b02172c03..f797ab68d 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: test-exec.sh,v 1.39 2013/04/06 06:00:22 dtucker Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.40 2013/04/07 02:16:03 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | #SUDO=sudo | 4 | #SUDO=sudo |
@@ -159,6 +159,15 @@ fi | |||
159 | DATA=$OBJ/testdata | 159 | DATA=$OBJ/testdata |
160 | cat $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} >$DATA | 160 | cat $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} >$DATA |
161 | 161 | ||
162 | # Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..." | ||
163 | # because sftp and scp don't handle spaces in arguments. | ||
164 | SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh | ||
165 | echo "#!/bin/sh" > $SSHLOGWRAP | ||
166 | echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP | ||
167 | |||
168 | chmod a+rx $OBJ/ssh-log-wrapper.sh | ||
169 | SSH="$SSHLOGWRAP" | ||
170 | |||
162 | # these should be used in tests | 171 | # these should be used in tests |
163 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP | 172 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
164 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | 173 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP |
@@ -214,9 +223,26 @@ cleanup () | |||
214 | fi | 223 | fi |
215 | } | 224 | } |
216 | 225 | ||
226 | start_debug_log () | ||
227 | { | ||
228 | echo "trace: $@" >$TEST_REGRESS_LOGFILE | ||
229 | echo "trace: $@" >$TEST_SSH_LOGFILE | ||
230 | echo "trace: $@" >$TEST_SSHD_LOGFILE | ||
231 | } | ||
232 | |||
233 | save_debug_log () | ||
234 | { | ||
235 | echo $@ >>$TEST_REGRESS_LOGFILE | ||
236 | echo $@ >>$TEST_SSH_LOGFILE | ||
237 | echo $@ >>$TEST_SSHD_LOGFILE | ||
238 | (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log | ||
239 | (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log | ||
240 | (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log | ||
241 | } | ||
242 | |||
217 | trace () | 243 | trace () |
218 | { | 244 | { |
219 | echo "trace: $@" >>$TEST_REGRESS_LOGFILE | 245 | start_debug_log $@ |
220 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then | 246 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then |
221 | echo "$@" | 247 | echo "$@" |
222 | fi | 248 | fi |
@@ -224,7 +250,7 @@ trace () | |||
224 | 250 | ||
225 | verbose () | 251 | verbose () |
226 | { | 252 | { |
227 | echo "verbose: $@" >>$TEST_REGRESS_LOGFILE | 253 | start_debug_log $@ |
228 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then | 254 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then |
229 | echo "$@" | 255 | echo "$@" |
230 | fi | 256 | fi |
@@ -238,15 +264,16 @@ warn () | |||
238 | 264 | ||
239 | fail () | 265 | fail () |
240 | { | 266 | { |
241 | echo "FAIL: $@" >>$TEST_REGRESS_LOGFILE | 267 | save_debug_log "FAIL: $@" |
242 | RESULT=1 | 268 | RESULT=1 |
243 | echo "$@" | 269 | echo "$@" |
270 | |||
244 | } | 271 | } |
245 | 272 | ||
246 | fatal () | 273 | fatal () |
247 | { | 274 | { |
248 | echo "FATAL: $@" >>$TEST_REGRESS_LOGFILE | 275 | save_debug_log "FATAL: $@" |
249 | echon "FATAL: " | 276 | echo -n "FATAL: " |
250 | fail "$@" | 277 | fail "$@" |
251 | cleanup | 278 | cleanup |
252 | exit $RESULT | 279 | exit $RESULT |
@@ -278,7 +305,7 @@ cat << EOF > $OBJ/sshd_config | |||
278 | #ListenAddress ::1 | 305 | #ListenAddress ::1 |
279 | PidFile $PIDFILE | 306 | PidFile $PIDFILE |
280 | AuthorizedKeysFile $OBJ/authorized_keys_%u | 307 | AuthorizedKeysFile $OBJ/authorized_keys_%u |
281 | LogLevel VERBOSE | 308 | LogLevel DEBUG3 |
282 | AcceptEnv _XXX_TEST_* | 309 | AcceptEnv _XXX_TEST_* |
283 | AcceptEnv _XXX_TEST | 310 | AcceptEnv _XXX_TEST |
284 | Subsystem sftp $SFTPSERVER | 311 | Subsystem sftp $SFTPSERVER |
@@ -312,6 +339,7 @@ Host * | |||
312 | PasswordAuthentication no | 339 | PasswordAuthentication no |
313 | BatchMode yes | 340 | BatchMode yes |
314 | StrictHostKeyChecking yes | 341 | StrictHostKeyChecking yes |
342 | LogLevel DEBUG3 | ||
315 | EOF | 343 | EOF |
316 | 344 | ||
317 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then | 345 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
@@ -405,7 +433,7 @@ start_sshd () | |||
405 | { | 433 | { |
406 | # start sshd | 434 | # start sshd |
407 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" | 435 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" |
408 | $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSHD_LOGFILE 2>&1 | 436 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE |
409 | 437 | ||
410 | trace "wait for sshd" | 438 | trace "wait for sshd" |
411 | i=0; | 439 | i=0; |