diff options
Diffstat (limited to 'regress')
39 files changed, 482 insertions, 649 deletions
diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh index 3aa20c8b1..db3018b88 100644 --- a/regress/agent-pkcs11.sh +++ b/regress/agent-pkcs11.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent-pkcs11.sh,v 1.2 2015/01/12 11:46:32 djm Exp $ | 1 | # $OpenBSD: agent-pkcs11.sh,v 1.3 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="pkcs11 agent test" | 4 | tid="pkcs11 agent test" |
@@ -53,7 +53,7 @@ else | |||
53 | fi | 53 | fi |
54 | 54 | ||
55 | trace "pkcs11 connect via agent" | 55 | trace "pkcs11 connect via agent" |
56 | ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5 | 56 | ${SSH} -F $OBJ/ssh_proxy somehost exit 5 |
57 | r=$? | 57 | r=$? |
58 | if [ $r -ne 5 ]; then | 58 | if [ $r -ne 5 ]; then |
59 | fail "ssh connect failed (exit code $r)" | 59 | fail "ssh connect failed (exit code $r)" |
diff --git a/regress/agent.sh b/regress/agent.sh index c5e2794b7..0baf0c74a 100644 --- a/regress/agent.sh +++ b/regress/agent.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent.sh,v 1.11 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: agent.sh,v 1.12 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple agent test" | 4 | tid="simple agent test" |
@@ -46,28 +46,24 @@ else | |||
46 | fi | 46 | fi |
47 | 47 | ||
48 | trace "simple connect via agent" | 48 | trace "simple connect via agent" |
49 | for p in ${SSH_PROTOCOLS}; do | 49 | ${SSH} -F $OBJ/ssh_proxy somehost exit 52 |
50 | ${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p | 50 | r=$? |
51 | r=$? | 51 | if [ $r -ne 52 ]; then |
52 | if [ $r -ne 5$p ]; then | 52 | fail "ssh connect with failed (exit code $r)" |
53 | fail "ssh connect with protocol $p failed (exit code $r)" | 53 | fi |
54 | fi | ||
55 | done | ||
56 | 54 | ||
57 | trace "agent forwarding" | 55 | trace "agent forwarding" |
58 | for p in ${SSH_PROTOCOLS}; do | 56 | ${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 |
59 | ${SSH} -A -$p -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 | 57 | r=$? |
60 | r=$? | 58 | if [ $r -ne 0 ]; then |
61 | if [ $r -ne 0 ]; then | 59 | fail "ssh-add -l via agent fwd failed (exit code $r)" |
62 | fail "ssh-add -l via agent fwd proto $p failed (exit code $r)" | 60 | fi |
63 | fi | 61 | ${SSH} -A -F $OBJ/ssh_proxy somehost \ |
64 | ${SSH} -A -$p -F $OBJ/ssh_proxy somehost \ | 62 | "${SSH} -F $OBJ/ssh_proxy somehost exit 52" |
65 | "${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p" | 63 | r=$? |
66 | r=$? | 64 | if [ $r -ne 52 ]; then |
67 | if [ $r -ne 5$p ]; then | 65 | fail "agent fwd failed (exit code $r)" |
68 | fail "agent fwd proto $p failed (exit code $r)" | 66 | fi |
69 | fi | ||
70 | done | ||
71 | 67 | ||
72 | trace "delete all agent keys" | 68 | trace "delete all agent keys" |
73 | ${SSHADD} -D > /dev/null 2>&1 | 69 | ${SSHADD} -D > /dev/null 2>&1 |
diff --git a/regress/banner.sh b/regress/banner.sh index 0b9c95007..0d9654fe2 100644 --- a/regress/banner.sh +++ b/regress/banner.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: banner.sh,v 1.2 2003/10/11 11:49:49 dtucker Exp $ | 1 | # $OpenBSD: banner.sh,v 1.3 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="banner" | 4 | tid="banner" |
@@ -9,7 +9,7 @@ touch $OBJ/empty.in | |||
9 | 9 | ||
10 | trace "test missing banner file" | 10 | trace "test missing banner file" |
11 | verbose "test $tid: missing banner file" | 11 | verbose "test $tid: missing banner file" |
12 | ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ | 12 | ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ |
13 | cmp $OBJ/empty.in $OBJ/banner.out ) || \ | 13 | cmp $OBJ/empty.in $OBJ/banner.out ) || \ |
14 | fail "missing banner file" | 14 | fail "missing banner file" |
15 | 15 | ||
@@ -30,14 +30,14 @@ for s in 0 10 100 1000 10000 100000 ; do | |||
30 | 30 | ||
31 | trace "test banner size $s" | 31 | trace "test banner size $s" |
32 | verbose "test $tid: size $s" | 32 | verbose "test $tid: size $s" |
33 | ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ | 33 | ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ |
34 | cmp $OBJ/banner.in $OBJ/banner.out ) || \ | 34 | cmp $OBJ/banner.in $OBJ/banner.out ) || \ |
35 | fail "banner size $s mismatch" | 35 | fail "banner size $s mismatch" |
36 | done | 36 | done |
37 | 37 | ||
38 | trace "test suppress banner (-q)" | 38 | trace "test suppress banner (-q)" |
39 | verbose "test $tid: suppress banner (-q)" | 39 | verbose "test $tid: suppress banner (-q)" |
40 | ( ${SSH} -q -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ | 40 | ( ${SSH} -q -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ |
41 | cmp $OBJ/empty.in $OBJ/banner.out ) || \ | 41 | cmp $OBJ/empty.in $OBJ/banner.out ) || \ |
42 | fail "suppress banner (-q)" | 42 | fail "suppress banner (-q)" |
43 | 43 | ||
diff --git a/regress/broken-pipe.sh b/regress/broken-pipe.sh index a416f7a3b..c69276e27 100644 --- a/regress/broken-pipe.sh +++ b/regress/broken-pipe.sh | |||
@@ -1,15 +1,12 @@ | |||
1 | # $OpenBSD: broken-pipe.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: broken-pipe.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="broken pipe test" | 4 | tid="broken pipe test" |
5 | 5 | ||
6 | for p in ${SSH_PROTOCOLS}; do | 6 | for i in 1 2 3 4; do |
7 | trace "protocol $p" | 7 | ${SSH} -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true |
8 | for i in 1 2 3 4; do | 8 | r=$? |
9 | ${SSH} -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true | 9 | if [ $r -ne 0 ]; then |
10 | r=$? | 10 | fail "broken pipe returns $r" |
11 | if [ $r -ne 0 ]; then | 11 | fi |
12 | fail "broken pipe returns $r for protocol $p" | ||
13 | fi | ||
14 | done | ||
15 | done | 12 | done |
diff --git a/regress/brokenkeys.sh b/regress/brokenkeys.sh index 3e70c348a..9d5a54fa9 100644 --- a/regress/brokenkeys.sh +++ b/regress/brokenkeys.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: brokenkeys.sh,v 1.1 2004/10/29 23:59:22 djm Exp $ | 1 | # $OpenBSD: brokenkeys.sh,v 1.2 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="broken keys" | 4 | tid="broken keys" |
@@ -14,9 +14,9 @@ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEABTM= bad key" > $KEYS | |||
14 | cat ${KEYS}.bak >> ${KEYS} | 14 | cat ${KEYS}.bak >> ${KEYS} |
15 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | 15 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER |
16 | 16 | ||
17 | ${SSH} -2 -F $OBJ/ssh_config somehost true | 17 | ${SSH} -F $OBJ/ssh_config somehost true |
18 | if [ $? -ne 0 ]; then | 18 | if [ $? -ne 0 ]; then |
19 | fail "ssh connect with protocol $p failed" | 19 | fail "ssh connect with failed" |
20 | fi | 20 | fi |
21 | 21 | ||
22 | mv ${KEYS}.bak ${KEYS} | 22 | mv ${KEYS}.bak ${KEYS} |
diff --git a/regress/cert-file.sh b/regress/cert-file.sh index 43b8e0201..8fd62c773 100644 --- a/regress/cert-file.sh +++ b/regress/cert-file.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-file.sh,v 1.5 2017/03/11 23:44:16 djm Exp $ | 1 | # $OpenBSD: cert-file.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="ssh with certificates" | 4 | tid="ssh with certificates" |
@@ -54,66 +54,64 @@ cat $OBJ/ssh_proxy | grep -v IdentityFile > $OBJ/no_identity_config | |||
54 | # XXX: verify that certificate used was what we expect. Needs exposure of | 54 | # XXX: verify that certificate used was what we expect. Needs exposure of |
55 | # keys via enviornment variable or similar. | 55 | # keys via enviornment variable or similar. |
56 | 56 | ||
57 | for p in ${SSH_PROTOCOLS}; do | ||
58 | # Key with no .pub should work - finding the equivalent *-cert.pub. | 57 | # Key with no .pub should work - finding the equivalent *-cert.pub. |
59 | verbose "protocol $p: identity cert with no plain public file" | 58 | verbose "identity cert with no plain public file" |
60 | ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \ | 59 | ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \ |
61 | -i $OBJ/user_key3 somehost exit 5$p | 60 | -i $OBJ/user_key3 somehost exit 52 |
62 | [ $? -ne 5$p ] && fail "ssh failed" | 61 | [ $? -ne 52 ] && fail "ssh failed" |
63 | 62 | ||
64 | # CertificateFile matching private key with no .pub file should work. | 63 | # CertificateFile matching private key with no .pub file should work. |
65 | verbose "protocol $p: CertificateFile with no plain public file" | 64 | verbose "CertificateFile with no plain public file" |
66 | ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \ | 65 | ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \ |
67 | -oCertificateFile=$OBJ/user_key3-cert.pub \ | 66 | -oCertificateFile=$OBJ/user_key3-cert.pub \ |
68 | -i $OBJ/user_key3 somehost exit 5$p | 67 | -i $OBJ/user_key3 somehost exit 52 |
69 | [ $? -ne 5$p ] && fail "ssh failed" | 68 | [ $? -ne 52 ] && fail "ssh failed" |
70 | 69 | ||
71 | # Just keys should fail | 70 | # Just keys should fail |
72 | verbose "protocol $p: plain keys" | 71 | verbose "plain keys" |
73 | ${SSH} $opts2 somehost exit 5$p | 72 | ${SSH} $opts2 somehost exit 52 |
74 | r=$? | 73 | r=$? |
75 | if [ $r -eq 5$p ]; then | 74 | if [ $r -eq 52 ]; then |
76 | fail "ssh succeeded with no certs in protocol $p" | 75 | fail "ssh succeeded with no certs" |
77 | fi | 76 | fi |
78 | 77 | ||
79 | # Keys with untrusted cert should fail. | 78 | # Keys with untrusted cert should fail. |
80 | verbose "protocol $p: untrusted cert" | 79 | verbose "untrusted cert" |
81 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" | 80 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" |
82 | ${SSH} $opts3 somehost exit 5$p | 81 | ${SSH} $opts3 somehost exit 52 |
83 | r=$? | 82 | r=$? |
84 | if [ $r -eq 5$p ]; then | 83 | if [ $r -eq 52 ]; then |
85 | fail "ssh succeeded with bad cert in protocol $p" | 84 | fail "ssh succeeded with bad cert" |
86 | fi | 85 | fi |
87 | 86 | ||
88 | # Good cert with bad key should fail. | 87 | # Good cert with bad key should fail. |
89 | verbose "protocol $p: good cert, bad key" | 88 | verbose "good cert, bad key" |
90 | opts3="$opts -i $OBJ/user_key2" | 89 | opts3="$opts -i $OBJ/user_key2" |
91 | opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" | 90 | opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" |
92 | ${SSH} $opts3 somehost exit 5$p | 91 | ${SSH} $opts3 somehost exit 52 |
93 | r=$? | 92 | r=$? |
94 | if [ $r -eq 5$p ]; then | 93 | if [ $r -eq 52 ]; then |
95 | fail "ssh succeeded with no matching key in protocol $p" | 94 | fail "ssh succeeded with no matching key" |
96 | fi | 95 | fi |
97 | 96 | ||
98 | # Keys with one trusted cert, should succeed. | 97 | # Keys with one trusted cert, should succeed. |
99 | verbose "protocol $p: single trusted" | 98 | verbose "single trusted" |
100 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" | 99 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" |
101 | ${SSH} $opts3 somehost exit 5$p | 100 | ${SSH} $opts3 somehost exit 52 |
102 | r=$? | 101 | r=$? |
103 | if [ $r -ne 5$p ]; then | 102 | if [ $r -ne 52 ]; then |
104 | fail "ssh failed with trusted cert and key in protocol $p" | 103 | fail "ssh failed with trusted cert and key" |
105 | fi | 104 | fi |
106 | 105 | ||
107 | # Multiple certs and keys, with one trusted cert, should succeed. | 106 | # Multiple certs and keys, with one trusted cert, should succeed. |
108 | verbose "protocol $p: multiple trusted" | 107 | verbose "multiple trusted" |
109 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" | 108 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" |
110 | opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" | 109 | opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" |
111 | ${SSH} $opts3 somehost exit 5$p | 110 | ${SSH} $opts3 somehost exit 52 |
112 | r=$? | 111 | r=$? |
113 | if [ $r -ne 5$p ]; then | 112 | if [ $r -ne 52 ]; then |
114 | fail "ssh failed with multiple certs in protocol $p" | 113 | fail "ssh failed with multiple certs" |
115 | fi | 114 | fi |
116 | done | ||
117 | 115 | ||
118 | #next, using an agent in combination with the keys | 116 | #next, using an agent in combination with the keys |
119 | SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 | 117 | SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 |
@@ -139,26 +137,25 @@ if [ $? -ne 0 ]; then | |||
139 | fi | 137 | fi |
140 | 138 | ||
141 | # try ssh with the agent and certificates | 139 | # try ssh with the agent and certificates |
142 | # note: ssh agent only uses certificates in protocol 2 | ||
143 | opts="-F $OBJ/ssh_proxy" | 140 | opts="-F $OBJ/ssh_proxy" |
144 | # with no certificates, shoud fail | 141 | # with no certificates, shoud fail |
145 | ${SSH} -2 $opts somehost exit 52 | 142 | ${SSH} $opts somehost exit 52 |
146 | if [ $? -eq 52 ]; then | 143 | if [ $? -eq 52 ]; then |
147 | fail "ssh connect with agent in protocol 2 succeeded with no cert" | 144 | fail "ssh connect with agent in succeeded with no cert" |
148 | fi | 145 | fi |
149 | 146 | ||
150 | #with an untrusted certificate, should fail | 147 | #with an untrusted certificate, should fail |
151 | opts="$opts -oCertificateFile=$OBJ/cert_user_key1_2.pub" | 148 | opts="$opts -oCertificateFile=$OBJ/cert_user_key1_2.pub" |
152 | ${SSH} -2 $opts somehost exit 52 | 149 | ${SSH} $opts somehost exit 52 |
153 | if [ $? -eq 52 ]; then | 150 | if [ $? -eq 52 ]; then |
154 | fail "ssh connect with agent in protocol 2 succeeded with bad cert" | 151 | fail "ssh connect with agent in succeeded with bad cert" |
155 | fi | 152 | fi |
156 | 153 | ||
157 | #with an additional trusted certificate, should succeed | 154 | #with an additional trusted certificate, should succeed |
158 | opts="$opts -oCertificateFile=$OBJ/cert_user_key1_1.pub" | 155 | opts="$opts -oCertificateFile=$OBJ/cert_user_key1_1.pub" |
159 | ${SSH} -2 $opts somehost exit 52 | 156 | ${SSH} $opts somehost exit 52 |
160 | if [ $? -ne 52 ]; then | 157 | if [ $? -ne 52 ]; then |
161 | fail "ssh connect with agent in protocol 2 failed with good cert" | 158 | fail "ssh connect with agent in failed with good cert" |
162 | fi | 159 | fi |
163 | 160 | ||
164 | trace "kill agent" | 161 | trace "kill agent" |
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 62261cf8b..3d5732a5d 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.14 2016/05/02 09:52:00 djm Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.15 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
@@ -104,7 +104,7 @@ attempt_connect() { | |||
104 | shift; shift | 104 | shift; shift |
105 | verbose "$tid: $_ident expect success $_expect_success" | 105 | verbose "$tid: $_ident expect success $_expect_success" |
106 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | 106 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert |
107 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 107 | ${SSH} -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
108 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 108 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
109 | "$@" -F $OBJ/ssh_proxy somehost true | 109 | "$@" -F $OBJ/ssh_proxy somehost true |
110 | _r=$? | 110 | _r=$? |
@@ -169,7 +169,7 @@ for privsep in yes no ; do | |||
169 | ) > $OBJ/sshd_proxy | 169 | ) > $OBJ/sshd_proxy |
170 | 170 | ||
171 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | 171 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert |
172 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 172 | ${SSH} -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
173 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 173 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
174 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 174 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
175 | if [ $? -eq 0 ]; then | 175 | if [ $? -eq 0 ]; then |
@@ -190,7 +190,7 @@ for ktype in $PLAIN_TYPES ; do | |||
190 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub | 190 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub |
191 | ) > $OBJ/sshd_proxy | 191 | ) > $OBJ/sshd_proxy |
192 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | 192 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert |
193 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 193 | ${SSH} -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
194 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 194 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
195 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 195 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
196 | if [ $? -eq 0 ]; then | 196 | if [ $? -eq 0 ]; then |
@@ -222,7 +222,7 @@ test_one() { | |||
222 | ) > $OBJ/sshd_proxy | 222 | ) > $OBJ/sshd_proxy |
223 | 223 | ||
224 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | 224 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert |
225 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 225 | ${SSH} -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
226 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 226 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
227 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 227 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
228 | rc=$? | 228 | rc=$? |
@@ -271,7 +271,7 @@ for ktype in $PLAIN_TYPES ; do | |||
271 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub | 271 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub |
272 | ) > $OBJ/sshd_proxy | 272 | ) > $OBJ/sshd_proxy |
273 | 273 | ||
274 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 274 | ${SSH} -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
275 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 275 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
276 | -F $OBJ/ssh_proxy somehost true | 276 | -F $OBJ/ssh_proxy somehost true |
277 | if [ $? -ne 0 ]; then | 277 | if [ $? -ne 0 ]; then |
@@ -303,7 +303,7 @@ for kt in $PLAIN_TYPES ; do | |||
303 | ) > $OBJ/sshd_proxy | 303 | ) > $OBJ/sshd_proxy |
304 | 304 | ||
305 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | 305 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert |
306 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 306 | ${SSH} -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
307 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 307 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
308 | -F $OBJ/ssh_proxy -q somehost true >/dev/null 2>&1 | 308 | -F $OBJ/ssh_proxy -q somehost true >/dev/null 2>&1 |
309 | if [ $? -eq 0 ]; then | 309 | if [ $? -eq 0 ]; then |
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 7005fd55e..6a23fe300 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.18 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified user keys" | 4 | tid="certified user keys" |
@@ -67,7 +67,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
67 | # Missing authorized_principals | 67 | # Missing authorized_principals |
68 | verbose "$tid: ${_prefix} missing authorized_principals" | 68 | verbose "$tid: ${_prefix} missing authorized_principals" |
69 | rm -f $OBJ/authorized_principals_$USER | 69 | rm -f $OBJ/authorized_principals_$USER |
70 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 70 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
71 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 71 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
72 | if [ $? -eq 0 ]; then | 72 | if [ $? -eq 0 ]; then |
73 | fail "ssh cert connect succeeded unexpectedly" | 73 | fail "ssh cert connect succeeded unexpectedly" |
@@ -76,7 +76,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
76 | # Empty authorized_principals | 76 | # Empty authorized_principals |
77 | verbose "$tid: ${_prefix} empty authorized_principals" | 77 | verbose "$tid: ${_prefix} empty authorized_principals" |
78 | echo > $OBJ/authorized_principals_$USER | 78 | echo > $OBJ/authorized_principals_$USER |
79 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 79 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
80 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 80 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
81 | if [ $? -eq 0 ]; then | 81 | if [ $? -eq 0 ]; then |
82 | fail "ssh cert connect succeeded unexpectedly" | 82 | fail "ssh cert connect succeeded unexpectedly" |
@@ -85,7 +85,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
85 | # Wrong authorized_principals | 85 | # Wrong authorized_principals |
86 | verbose "$tid: ${_prefix} wrong authorized_principals" | 86 | verbose "$tid: ${_prefix} wrong authorized_principals" |
87 | echo gregorsamsa > $OBJ/authorized_principals_$USER | 87 | echo gregorsamsa > $OBJ/authorized_principals_$USER |
88 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 88 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
89 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 89 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
90 | if [ $? -eq 0 ]; then | 90 | if [ $? -eq 0 ]; then |
91 | fail "ssh cert connect succeeded unexpectedly" | 91 | fail "ssh cert connect succeeded unexpectedly" |
@@ -94,7 +94,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
94 | # Correct authorized_principals | 94 | # Correct authorized_principals |
95 | verbose "$tid: ${_prefix} correct authorized_principals" | 95 | verbose "$tid: ${_prefix} correct authorized_principals" |
96 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER | 96 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER |
97 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 97 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
98 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 98 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
99 | if [ $? -ne 0 ]; then | 99 | if [ $? -ne 0 ]; then |
100 | fail "ssh cert connect failed" | 100 | fail "ssh cert connect failed" |
@@ -103,7 +103,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
103 | # authorized_principals with bad key option | 103 | # authorized_principals with bad key option |
104 | verbose "$tid: ${_prefix} authorized_principals bad key opt" | 104 | verbose "$tid: ${_prefix} authorized_principals bad key opt" |
105 | echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER | 105 | echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER |
106 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 106 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
107 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 107 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
108 | if [ $? -eq 0 ]; then | 108 | if [ $? -eq 0 ]; then |
109 | fail "ssh cert connect succeeded unexpectedly" | 109 | fail "ssh cert connect succeeded unexpectedly" |
@@ -113,7 +113,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
113 | verbose "$tid: ${_prefix} authorized_principals command=false" | 113 | verbose "$tid: ${_prefix} authorized_principals command=false" |
114 | echo 'command="false" mekmitasdigoat' > \ | 114 | echo 'command="false" mekmitasdigoat' > \ |
115 | $OBJ/authorized_principals_$USER | 115 | $OBJ/authorized_principals_$USER |
116 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 116 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
117 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 117 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
118 | if [ $? -eq 0 ]; then | 118 | if [ $? -eq 0 ]; then |
119 | fail "ssh cert connect succeeded unexpectedly" | 119 | fail "ssh cert connect succeeded unexpectedly" |
@@ -124,7 +124,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
124 | verbose "$tid: ${_prefix} authorized_principals command=true" | 124 | verbose "$tid: ${_prefix} authorized_principals command=true" |
125 | echo 'command="true" mekmitasdigoat' > \ | 125 | echo 'command="true" mekmitasdigoat' > \ |
126 | $OBJ/authorized_principals_$USER | 126 | $OBJ/authorized_principals_$USER |
127 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 127 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
128 | -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 | 128 | -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 |
129 | if [ $? -ne 0 ]; then | 129 | if [ $? -ne 0 ]; then |
130 | fail "ssh cert connect failed" | 130 | fail "ssh cert connect failed" |
@@ -148,7 +148,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
148 | printf 'cert-authority,principals="gregorsamsa" ' | 148 | printf 'cert-authority,principals="gregorsamsa" ' |
149 | cat $OBJ/user_ca_key.pub | 149 | cat $OBJ/user_ca_key.pub |
150 | ) > $OBJ/authorized_keys_$USER | 150 | ) > $OBJ/authorized_keys_$USER |
151 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 151 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
152 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 152 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
153 | if [ $? -eq 0 ]; then | 153 | if [ $? -eq 0 ]; then |
154 | fail "ssh cert connect succeeded unexpectedly" | 154 | fail "ssh cert connect succeeded unexpectedly" |
@@ -160,7 +160,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
160 | printf 'cert-authority,principals="mekmitasdigoat" ' | 160 | printf 'cert-authority,principals="mekmitasdigoat" ' |
161 | cat $OBJ/user_ca_key.pub | 161 | cat $OBJ/user_ca_key.pub |
162 | ) > $OBJ/authorized_keys_$USER | 162 | ) > $OBJ/authorized_keys_$USER |
163 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 163 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
164 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 164 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
165 | if [ $? -ne 0 ]; then | 165 | if [ $? -ne 0 ]; then |
166 | fail "ssh cert connect failed" | 166 | fail "ssh cert connect failed" |
@@ -198,7 +198,7 @@ basic_tests() { | |||
198 | echo "PubkeyAcceptedKeyTypes ${t}" | 198 | echo "PubkeyAcceptedKeyTypes ${t}" |
199 | ) > $OBJ/ssh_proxy | 199 | ) > $OBJ/ssh_proxy |
200 | 200 | ||
201 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 201 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
202 | -F $OBJ/ssh_proxy somehost true | 202 | -F $OBJ/ssh_proxy somehost true |
203 | if [ $? -ne 0 ]; then | 203 | if [ $? -ne 0 ]; then |
204 | fail "ssh cert connect failed" | 204 | fail "ssh cert connect failed" |
@@ -215,7 +215,7 @@ basic_tests() { | |||
215 | ) > $OBJ/sshd_proxy | 215 | ) > $OBJ/sshd_proxy |
216 | cp $OBJ/cert_user_key_${ktype}.pub \ | 216 | cp $OBJ/cert_user_key_${ktype}.pub \ |
217 | $OBJ/cert_user_key_revoked | 217 | $OBJ/cert_user_key_revoked |
218 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 218 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
219 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 219 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
220 | if [ $? -eq 0 ]; then | 220 | if [ $? -eq 0 ]; then |
221 | fail "ssh cert connect succeeded unexpecedly" | 221 | fail "ssh cert connect succeeded unexpecedly" |
@@ -224,14 +224,14 @@ basic_tests() { | |||
224 | rm $OBJ/cert_user_key_revoked | 224 | rm $OBJ/cert_user_key_revoked |
225 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \ | 225 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \ |
226 | $OBJ/cert_user_key_${ktype}.pub | 226 | $OBJ/cert_user_key_${ktype}.pub |
227 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 227 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
228 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 228 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
229 | if [ $? -eq 0 ]; then | 229 | if [ $? -eq 0 ]; then |
230 | fail "ssh cert connect succeeded unexpecedly" | 230 | fail "ssh cert connect succeeded unexpecedly" |
231 | fi | 231 | fi |
232 | verbose "$tid: ${_prefix} empty KRL" | 232 | verbose "$tid: ${_prefix} empty KRL" |
233 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked | 233 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked |
234 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 234 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
235 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 235 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
236 | if [ $? -ne 0 ]; then | 236 | if [ $? -ne 0 ]; then |
237 | fail "ssh cert connect failed" | 237 | fail "ssh cert connect failed" |
@@ -246,7 +246,7 @@ basic_tests() { | |||
246 | echo "PubkeyAcceptedKeyTypes ${t}" | 246 | echo "PubkeyAcceptedKeyTypes ${t}" |
247 | echo "$extra_sshd" | 247 | echo "$extra_sshd" |
248 | ) > $OBJ/sshd_proxy | 248 | ) > $OBJ/sshd_proxy |
249 | ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ | 249 | ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ |
250 | somehost true >/dev/null 2>&1 | 250 | somehost true >/dev/null 2>&1 |
251 | if [ $? -eq 0 ]; then | 251 | if [ $? -eq 0 ]; then |
252 | fail "ssh cert connect succeeded unexpecedly" | 252 | fail "ssh cert connect succeeded unexpecedly" |
@@ -260,7 +260,7 @@ basic_tests() { | |||
260 | echo "$extra_sshd" | 260 | echo "$extra_sshd" |
261 | ) > $OBJ/sshd_proxy | 261 | ) > $OBJ/sshd_proxy |
262 | verbose "$tid: ensure CA key does not authenticate user" | 262 | verbose "$tid: ensure CA key does not authenticate user" |
263 | ${SSH} -2i $OBJ/user_ca_key \ | 263 | ${SSH} -i $OBJ/user_ca_key \ |
264 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 264 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
265 | if [ $? -eq 0 ]; then | 265 | if [ $? -eq 0 ]; then |
266 | fail "ssh cert connect with CA key succeeded unexpectedly" | 266 | fail "ssh cert connect with CA key succeeded unexpectedly" |
@@ -307,7 +307,7 @@ test_one() { | |||
307 | $sign_opts $OBJ/cert_user_key_${ktype} || | 307 | $sign_opts $OBJ/cert_user_key_${ktype} || |
308 | fail "couldn't sign cert_user_key_${ktype}" | 308 | fail "couldn't sign cert_user_key_${ktype}" |
309 | 309 | ||
310 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 310 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
311 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 311 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
312 | rc=$? | 312 | rc=$? |
313 | if [ "x$result" = "xsuccess" ] ; then | 313 | if [ "x$result" = "xsuccess" ] ; then |
@@ -378,7 +378,7 @@ for ktype in $PLAIN_TYPES ; do | |||
378 | -n $USER $OBJ/cert_user_key_${ktype} || | 378 | -n $USER $OBJ/cert_user_key_${ktype} || |
379 | fatal "couldn't sign cert_user_key_${ktype}" | 379 | fatal "couldn't sign cert_user_key_${ktype}" |
380 | verbose "$tid: user ${ktype} connect wrong cert" | 380 | verbose "$tid: user ${ktype} connect wrong cert" |
381 | ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ | 381 | ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ |
382 | somehost true >/dev/null 2>&1 | 382 | somehost true >/dev/null 2>&1 |
383 | if [ $? -eq 0 ]; then | 383 | if [ $? -eq 0 ]; then |
384 | fail "ssh cert connect $ident succeeded unexpectedly" | 384 | fail "ssh cert connect $ident succeeded unexpectedly" |
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 056296398..2504d04f4 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cfgmatch.sh,v 1.9 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: cfgmatch.sh,v 1.10 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd_config match" | 4 | tid="sshd_config match" |
@@ -13,7 +13,7 @@ echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_proxy | |||
13 | start_client() | 13 | start_client() |
14 | { | 14 | { |
15 | rm -f $pidfile | 15 | rm -f $pidfile |
16 | ${SSH} -q -$p $fwd "$@" somehost \ | 16 | ${SSH} -q $fwd "$@" somehost \ |
17 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ | 17 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ |
18 | >>$TEST_REGRESS_LOGFILE 2>&1 & | 18 | >>$TEST_REGRESS_LOGFILE 2>&1 & |
19 | client_pid=$! | 19 | client_pid=$! |
@@ -56,22 +56,18 @@ start_sshd | |||
56 | #set -x | 56 | #set -x |
57 | 57 | ||
58 | # Test Match + PermitOpen in sshd_config. This should be permitted | 58 | # Test Match + PermitOpen in sshd_config. This should be permitted |
59 | for p in ${SSH_PROTOCOLS}; do | 59 | trace "match permitopen localhost" |
60 | trace "match permitopen localhost proto $p" | 60 | start_client -F $OBJ/ssh_config |
61 | start_client -F $OBJ/ssh_config | 61 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ |
62 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 62 | fail "match permitopen permit" |
63 | fail "match permitopen permit proto $p" | 63 | stop_client |
64 | stop_client | ||
65 | done | ||
66 | 64 | ||
67 | # Same but from different source. This should not be permitted | 65 | # Same but from different source. This should not be permitted |
68 | for p in ${SSH_PROTOCOLS}; do | 66 | trace "match permitopen proxy" |
69 | trace "match permitopen proxy proto $p" | 67 | start_client -F $OBJ/ssh_proxy |
70 | start_client -F $OBJ/ssh_proxy | 68 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true && \ |
71 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 69 | fail "match permitopen deny" |
72 | fail "match permitopen deny proto $p" | 70 | stop_client |
73 | stop_client | ||
74 | done | ||
75 | 71 | ||
76 | # Retry previous with key option, should also be denied. | 72 | # Retry previous with key option, should also be denied. |
77 | cp /dev/null $OBJ/authorized_keys_$USER | 73 | cp /dev/null $OBJ/authorized_keys_$USER |
@@ -79,23 +75,19 @@ for t in ${SSH_KEYTYPES}; do | |||
79 | printf 'permitopen="127.0.0.1:'$PORT'" ' >> $OBJ/authorized_keys_$USER | 75 | printf 'permitopen="127.0.0.1:'$PORT'" ' >> $OBJ/authorized_keys_$USER |
80 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | 76 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER |
81 | done | 77 | done |
82 | for p in ${SSH_PROTOCOLS}; do | 78 | trace "match permitopen proxy w/key opts" |
83 | trace "match permitopen proxy w/key opts proto $p" | 79 | start_client -F $OBJ/ssh_proxy |
84 | start_client -F $OBJ/ssh_proxy | 80 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true && \ |
85 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 81 | fail "match permitopen deny w/key opt" |
86 | fail "match permitopen deny w/key opt proto $p" | 82 | stop_client |
87 | stop_client | ||
88 | done | ||
89 | 83 | ||
90 | # Test both sshd_config and key options permitting the same dst/port pair. | 84 | # Test both sshd_config and key options permitting the same dst/port pair. |
91 | # Should be permitted. | 85 | # Should be permitted. |
92 | for p in ${SSH_PROTOCOLS}; do | 86 | trace "match permitopen localhost" |
93 | trace "match permitopen localhost proto $p" | 87 | start_client -F $OBJ/ssh_config |
94 | start_client -F $OBJ/ssh_config | 88 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ |
95 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 89 | fail "match permitopen permit" |
96 | fail "match permitopen permit proto $p" | 90 | stop_client |
97 | stop_client | ||
98 | done | ||
99 | 91 | ||
100 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 92 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
101 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy | 93 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy |
@@ -103,13 +95,11 @@ echo "Match User $USER" >>$OBJ/sshd_proxy | |||
103 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy | 95 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy |
104 | 96 | ||
105 | # Test that a Match overrides a PermitOpen in the global section | 97 | # Test that a Match overrides a PermitOpen in the global section |
106 | for p in ${SSH_PROTOCOLS}; do | 98 | trace "match permitopen proxy w/key opts" |
107 | trace "match permitopen proxy w/key opts proto $p" | 99 | start_client -F $OBJ/ssh_proxy |
108 | start_client -F $OBJ/ssh_proxy | 100 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true && \ |
109 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 101 | fail "match override permitopen" |
110 | fail "match override permitopen proto $p" | 102 | stop_client |
111 | stop_client | ||
112 | done | ||
113 | 103 | ||
114 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 104 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
115 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy | 105 | echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy |
@@ -118,10 +108,8 @@ echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy | |||
118 | 108 | ||
119 | # Test that a rule that doesn't match doesn't override, plus test a | 109 | # Test that a rule that doesn't match doesn't override, plus test a |
120 | # PermitOpen entry that's not at the start of the list | 110 | # PermitOpen entry that's not at the start of the list |
121 | for p in ${SSH_PROTOCOLS}; do | 111 | trace "nomatch permitopen proxy w/key opts" |
122 | trace "nomatch permitopen proxy w/key opts proto $p" | 112 | start_client -F $OBJ/ssh_proxy |
123 | start_client -F $OBJ/ssh_proxy | 113 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ |
124 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 114 | fail "nomatch override permitopen" |
125 | fail "nomatch override permitopen proto $p" | 115 | stop_client |
126 | stop_client | ||
127 | done | ||
diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 575dc2341..5da95b3a9 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cipher-speed.sh,v 1.13 2015/03/24 20:22:17 markus Exp $ | 1 | # $OpenBSD: cipher-speed.sh,v 1.14 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="cipher speed" | 4 | tid="cipher speed" |
@@ -12,16 +12,16 @@ getbytes () | |||
12 | tries="1 2" | 12 | tries="1 2" |
13 | 13 | ||
14 | for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do | 14 | for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do |
15 | trace "proto 2 cipher $c mac $m" | 15 | trace "cipher $c mac $m" |
16 | for x in $tries; do | 16 | for x in $tries; do |
17 | printf "%-60s" "$c/$m:" | 17 | printf "%-60s" "$c/$m:" |
18 | ( ${SSH} -o 'compression no' \ | 18 | ( ${SSH} -o 'compression no' \ |
19 | -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ | 19 | -F $OBJ/ssh_proxy -m $m -c $c somehost \ |
20 | exec sh -c \'"dd of=/dev/null obs=32k"\' \ | 20 | exec sh -c \'"dd of=/dev/null obs=32k"\' \ |
21 | < ${DATA} ) 2>&1 | getbytes | 21 | < ${DATA} ) 2>&1 | getbytes |
22 | 22 | ||
23 | if [ $? -ne 0 ]; then | 23 | if [ $? -ne 0 ]; then |
24 | fail "ssh -2 failed with mac $m cipher $c" | 24 | fail "ssh failed with mac $m cipher $c" |
25 | fi | 25 | fi |
26 | done | 26 | done |
27 | # No point trying all MACs for AEAD ciphers since they are ignored. | 27 | # No point trying all MACs for AEAD ciphers since they are ignored. |
@@ -30,22 +30,3 @@ for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do | |||
30 | fi | 30 | fi |
31 | n=`expr $n + 1` | 31 | n=`expr $n + 1` |
32 | done; done | 32 | done; done |
33 | |||
34 | if ssh_version 1; then | ||
35 | ciphers="3des blowfish" | ||
36 | else | ||
37 | ciphers="" | ||
38 | fi | ||
39 | for c in $ciphers; do | ||
40 | trace "proto 1 cipher $c" | ||
41 | for x in $tries; do | ||
42 | printf "%-60s" "$c:" | ||
43 | ( ${SSH} -o 'compression no' \ | ||
44 | -F $OBJ/ssh_proxy -1 -c $c somehost \ | ||
45 | exec sh -c \'"dd of=/dev/null obs=32k"\' \ | ||
46 | < ${DATA} ) 2>&1 | getbytes | ||
47 | if [ $? -ne 0 ]; then | ||
48 | fail "ssh -1 failed with cipher $c" | ||
49 | fi | ||
50 | done | ||
51 | done | ||
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh index 81cedc7e5..b6abb65e3 100644 --- a/regress/connect-privsep.sh +++ b/regress/connect-privsep.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: connect-privsep.sh,v 1.8 2016/11/01 13:43:27 tb Exp $ | 1 | # $OpenBSD: connect-privsep.sh,v 1.9 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="proxy connect with privsep" | 4 | tid="proxy connect with privsep" |
@@ -6,23 +6,19 @@ tid="proxy connect with privsep" | |||
6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig |
7 | echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy | 7 | echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy |
8 | 8 | ||
9 | for p in ${SSH_PROTOCOLS}; do | 9 | ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true |
10 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | 10 | if [ $? -ne 0 ]; then |
11 | if [ $? -ne 0 ]; then | 11 | fail "ssh privsep+proxyconnect failed" |
12 | fail "ssh privsep+proxyconnect protocol $p failed" | 12 | fi |
13 | fi | ||
14 | done | ||
15 | 13 | ||
16 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy | 14 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy |
17 | echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy | 15 | echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy |
18 | 16 | ||
19 | for p in ${SSH_PROTOCOLS}; do | 17 | ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true |
20 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | 18 | if [ $? -ne 0 ]; then |
21 | if [ $? -ne 0 ]; then | 19 | # XXX replace this with fail once sandbox has stabilised |
22 | # XXX replace this with fail once sandbox has stabilised | 20 | warn "ssh privsep/sandbox+proxyconnect failed" |
23 | warn "ssh privsep/sandbox+proxyconnect protocol $p failed" | 21 | fi |
24 | fi | ||
25 | done | ||
26 | 22 | ||
27 | # Because sandbox is sensitive to changes in libc, especially malloc, retest | 23 | # Because sandbox is sensitive to changes in libc, especially malloc, retest |
28 | # with every malloc.conf option (and none). | 24 | # with every malloc.conf option (and none). |
@@ -32,10 +28,8 @@ else | |||
32 | mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` | 28 | mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` |
33 | fi | 29 | fi |
34 | for m in '' $mopts ; do | 30 | for m in '' $mopts ; do |
35 | for p in ${SSH_PROTOCOLS}; do | 31 | env MALLOC_OPTIONS="$m" ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true |
36 | env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | ||
37 | if [ $? -ne 0 ]; then | 32 | if [ $? -ne 0 ]; then |
38 | fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed" | 33 | fail "ssh privsep/sandbox+proxyconnect mopt '$m' failed" |
39 | fi | 34 | fi |
40 | done | ||
41 | done | 35 | done |
diff --git a/regress/connect.sh b/regress/connect.sh index f0d55d343..1b344b603 100644 --- a/regress/connect.sh +++ b/regress/connect.sh | |||
@@ -1,13 +1,11 @@ | |||
1 | # $OpenBSD: connect.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: connect.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple connect" | 4 | tid="simple connect" |
5 | 5 | ||
6 | start_sshd | 6 | start_sshd |
7 | 7 | ||
8 | for p in ${SSH_PROTOCOLS}; do | 8 | ${SSH} -F $OBJ/ssh_config somehost true |
9 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true | 9 | if [ $? -ne 0 ]; then |
10 | if [ $? -ne 0 ]; then | 10 | fail "ssh connect with failed" |
11 | fail "ssh connect with protocol $p failed" | 11 | fi |
12 | fi | ||
13 | done | ||
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index dd67c9639..2e2115f84 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: dynamic-forward.sh,v 1.11 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: dynamic-forward.sh,v 1.12 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="dynamic forwarding" | 4 | tid="dynamic forwarding" |
diff --git a/regress/exit-status.sh b/regress/exit-status.sh index 397d8d732..aadf99fb3 100644 --- a/regress/exit-status.sh +++ b/regress/exit-status.sh | |||
@@ -1,24 +1,22 @@ | |||
1 | # $OpenBSD: exit-status.sh,v 1.7 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: exit-status.sh,v 1.8 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="remote exit status" | 4 | tid="remote exit status" |
5 | 5 | ||
6 | for p in ${SSH_PROTOCOLS}; do | 6 | for s in 0 1 4 5 44; do |
7 | for s in 0 1 4 5 44; do | 7 | trace "status $s" |
8 | trace "proto $p status $s" | 8 | verbose "test $tid: status $s" |
9 | verbose "test $tid: proto $p status $s" | 9 | ${SSH} -F $OBJ/ssh_proxy otherhost exit $s |
10 | ${SSH} -$p -F $OBJ/ssh_proxy otherhost exit $s | 10 | r=$? |
11 | r=$? | 11 | if [ $r -ne $s ]; then |
12 | if [ $r -ne $s ]; then | 12 | fail "exit code mismatch for: $r != $s" |
13 | fail "exit code mismatch for protocol $p: $r != $s" | 13 | fi |
14 | fi | ||
15 | 14 | ||
16 | # same with early close of stdout/err | 15 | # same with early close of stdout/err |
17 | ${SSH} -$p -F $OBJ/ssh_proxy -n otherhost \ | 16 | ${SSH} -F $OBJ/ssh_proxy -n otherhost exec \ |
18 | exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' | 17 | sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' |
19 | r=$? | 18 | r=$? |
20 | if [ $r -ne $s ]; then | 19 | if [ $r -ne $s ]; then |
21 | fail "exit code (with sleep) mismatch for protocol $p: $r != $s" | 20 | fail "exit code (with sleep) mismatch for: $r != $s" |
22 | fi | 21 | fi |
23 | done | ||
24 | done | 22 | done |
diff --git a/regress/forcecommand.sh b/regress/forcecommand.sh index 8a9b090ea..e059f1fdb 100644 --- a/regress/forcecommand.sh +++ b/regress/forcecommand.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: forcecommand.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: forcecommand.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="forced command" | 4 | tid="forced command" |
@@ -11,11 +11,8 @@ for t in ${SSH_KEYTYPES}; do | |||
11 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | 11 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER |
12 | done | 12 | done |
13 | 13 | ||
14 | for p in ${SSH_PROTOCOLS}; do | 14 | trace "forced command in key option" |
15 | trace "forced command in key option proto $p" | 15 | ${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key" |
16 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || | ||
17 | fail "forced command in key proto $p" | ||
18 | done | ||
19 | 16 | ||
20 | cp /dev/null $OBJ/authorized_keys_$USER | 17 | cp /dev/null $OBJ/authorized_keys_$USER |
21 | for t in ${SSH_KEYTYPES}; do | 18 | for t in ${SSH_KEYTYPES}; do |
@@ -26,19 +23,13 @@ done | |||
26 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 23 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
27 | echo "ForceCommand true" >> $OBJ/sshd_proxy | 24 | echo "ForceCommand true" >> $OBJ/sshd_proxy |
28 | 25 | ||
29 | for p in ${SSH_PROTOCOLS}; do | 26 | trace "forced command in sshd_config overrides key option" |
30 | trace "forced command in sshd_config overrides key option proto $p" | 27 | ${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key" |
31 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || | ||
32 | fail "forced command in key proto $p" | ||
33 | done | ||
34 | 28 | ||
35 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 29 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
36 | echo "ForceCommand false" >> $OBJ/sshd_proxy | 30 | echo "ForceCommand false" >> $OBJ/sshd_proxy |
37 | echo "Match User $USER" >> $OBJ/sshd_proxy | 31 | echo "Match User $USER" >> $OBJ/sshd_proxy |
38 | echo " ForceCommand true" >> $OBJ/sshd_proxy | 32 | echo " ForceCommand true" >> $OBJ/sshd_proxy |
39 | 33 | ||
40 | for p in ${SSH_PROTOCOLS}; do | 34 | trace "forced command with match" |
41 | trace "forced command with match proto $p" | 35 | ${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key" |
42 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || | ||
43 | fail "forced command in key proto $p" | ||
44 | done | ||
diff --git a/regress/forward-control.sh b/regress/forward-control.sh index 91957098f..2e9dbb53a 100644 --- a/regress/forward-control.sh +++ b/regress/forward-control.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: forward-control.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: forward-control.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd control of local and remote forwarding" | 4 | tid="sshd control of local and remote forwarding" |
@@ -32,13 +32,12 @@ wait_for_process_to_exit() { | |||
32 | return 0 | 32 | return 0 |
33 | } | 33 | } |
34 | 34 | ||
35 | # usage: check_lfwd protocol Y|N message | 35 | # usage: check_lfwd Y|N message |
36 | check_lfwd() { | 36 | check_lfwd() { |
37 | _proto=$1 | 37 | _expected=$1 |
38 | _expected=$2 | 38 | _message=$2 |
39 | _message=$3 | ||
40 | rm -f $READY | 39 | rm -f $READY |
41 | ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \ | 40 | ${SSH} -F $OBJ/ssh_proxy \ |
42 | -L$LFWD_PORT:127.0.0.1:$PORT \ | 41 | -L$LFWD_PORT:127.0.0.1:$PORT \ |
43 | -o ExitOnForwardFailure=yes \ | 42 | -o ExitOnForwardFailure=yes \ |
44 | -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ | 43 | -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ |
@@ -62,13 +61,12 @@ check_lfwd() { | |||
62 | fi | 61 | fi |
63 | } | 62 | } |
64 | 63 | ||
65 | # usage: check_rfwd protocol Y|N message | 64 | # usage: check_rfwd Y|N message |
66 | check_rfwd() { | 65 | check_rfwd() { |
67 | _proto=$1 | 66 | _expected=$1 |
68 | _expected=$2 | 67 | _message=$2 |
69 | _message=$3 | ||
70 | rm -f $READY | 68 | rm -f $READY |
71 | ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \ | 69 | ${SSH} -F $OBJ/ssh_proxy \ |
72 | -R$RFWD_PORT:127.0.0.1:$PORT \ | 70 | -R$RFWD_PORT:127.0.0.1:$PORT \ |
73 | -o ExitOnForwardFailure=yes \ | 71 | -o ExitOnForwardFailure=yes \ |
74 | -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ | 72 | -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ |
@@ -99,10 +97,8 @@ cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak | |||
99 | cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak | 97 | cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak |
100 | 98 | ||
101 | # Sanity check: ensure the default config allows forwarding | 99 | # Sanity check: ensure the default config allows forwarding |
102 | for p in ${SSH_PROTOCOLS} ; do | 100 | check_lfwd Y "default configuration" |
103 | check_lfwd $p Y "proto $p, default configuration" | 101 | check_rfwd Y "default configuration" |
104 | check_rfwd $p Y "proto $p, default configuration" | ||
105 | done | ||
106 | 102 | ||
107 | # Usage: all_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N | 103 | # Usage: all_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N |
108 | all_tests() { | 104 | all_tests() { |
@@ -115,49 +111,46 @@ all_tests() { | |||
115 | _permit_rfwd=$7 | 111 | _permit_rfwd=$7 |
116 | _badfwd=127.0.0.1:22 | 112 | _badfwd=127.0.0.1:22 |
117 | _goodfwd=127.0.0.1:${PORT} | 113 | _goodfwd=127.0.0.1:${PORT} |
118 | for _proto in ${SSH_PROTOCOLS} ; do | 114 | cp ${OBJ}/authorized_keys_${USER}.bak ${OBJ}/authorized_keys_${USER} |
119 | cp ${OBJ}/authorized_keys_${USER}.bak \ | 115 | _prefix="AllowTcpForwarding=$_tcpfwd" |
120 | ${OBJ}/authorized_keys_${USER} | 116 | # No PermitOpen |
121 | _prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd" | 117 | ( cat ${OBJ}/sshd_proxy.bak ; |
122 | # No PermitOpen | 118 | echo "AllowTcpForwarding $_tcpfwd" ) \ |
123 | ( cat ${OBJ}/sshd_proxy.bak ; | 119 | > ${OBJ}/sshd_proxy |
124 | echo "AllowTcpForwarding $_tcpfwd" ) \ | 120 | check_lfwd $_plain_lfwd "$_prefix" |
125 | > ${OBJ}/sshd_proxy | 121 | check_rfwd $_plain_rfwd "$_prefix" |
126 | check_lfwd $_proto $_plain_lfwd "$_prefix" | 122 | # PermitOpen via sshd_config that doesn't match |
127 | check_rfwd $_proto $_plain_rfwd "$_prefix" | 123 | ( cat ${OBJ}/sshd_proxy.bak ; |
128 | # PermitOpen via sshd_config that doesn't match | 124 | echo "AllowTcpForwarding $_tcpfwd" ; |
129 | ( cat ${OBJ}/sshd_proxy.bak ; | 125 | echo "PermitOpen $_badfwd" ) \ |
130 | echo "AllowTcpForwarding $_tcpfwd" ; | 126 | > ${OBJ}/sshd_proxy |
131 | echo "PermitOpen $_badfwd" ) \ | 127 | check_lfwd $_nopermit_lfwd "$_prefix, !PermitOpen" |
132 | > ${OBJ}/sshd_proxy | 128 | check_rfwd $_nopermit_rfwd "$_prefix, !PermitOpen" |
133 | check_lfwd $_proto $_nopermit_lfwd "$_prefix, !PermitOpen" | 129 | # PermitOpen via sshd_config that does match |
134 | check_rfwd $_proto $_nopermit_rfwd "$_prefix, !PermitOpen" | 130 | ( cat ${OBJ}/sshd_proxy.bak ; |
135 | # PermitOpen via sshd_config that does match | 131 | echo "AllowTcpForwarding $_tcpfwd" ; |
136 | ( cat ${OBJ}/sshd_proxy.bak ; | 132 | echo "PermitOpen $_badfwd $_goodfwd" ) \ |
137 | echo "AllowTcpForwarding $_tcpfwd" ; | 133 | > ${OBJ}/sshd_proxy |
138 | echo "PermitOpen $_badfwd $_goodfwd" ) \ | 134 | # NB. permitopen via authorized_keys should have same |
139 | > ${OBJ}/sshd_proxy | 135 | # success/fail as via sshd_config |
140 | # NB. permitopen via authorized_keys should have same | 136 | # permitopen via authorized_keys that doesn't match |
141 | # success/fail as via sshd_config | 137 | sed "s/^/permitopen=\"$_badfwd\" /" \ |
142 | # permitopen via authorized_keys that doesn't match | 138 | < ${OBJ}/authorized_keys_${USER}.bak \ |
143 | sed "s/^/permitopen=\"$_badfwd\" /" \ | 139 | > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail" |
144 | < ${OBJ}/authorized_keys_${USER}.bak \ | 140 | ( cat ${OBJ}/sshd_proxy.bak ; |
145 | > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail" | 141 | echo "AllowTcpForwarding $_tcpfwd" ) \ |
146 | ( cat ${OBJ}/sshd_proxy.bak ; | 142 | > ${OBJ}/sshd_proxy |
147 | echo "AllowTcpForwarding $_tcpfwd" ) \ | 143 | check_lfwd $_nopermit_lfwd "$_prefix, !permitopen" |
148 | > ${OBJ}/sshd_proxy | 144 | check_rfwd $_nopermit_rfwd "$_prefix, !permitopen" |
149 | check_lfwd $_proto $_nopermit_lfwd "$_prefix, !permitopen" | 145 | # permitopen via authorized_keys that does match |
150 | check_rfwd $_proto $_nopermit_rfwd "$_prefix, !permitopen" | 146 | sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \ |
151 | # permitopen via authorized_keys that does match | 147 | < ${OBJ}/authorized_keys_${USER}.bak \ |
152 | sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \ | 148 | > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail" |
153 | < ${OBJ}/authorized_keys_${USER}.bak \ | 149 | ( cat ${OBJ}/sshd_proxy.bak ; |
154 | > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail" | 150 | echo "AllowTcpForwarding $_tcpfwd" ) \ |
155 | ( cat ${OBJ}/sshd_proxy.bak ; | 151 | > ${OBJ}/sshd_proxy |
156 | echo "AllowTcpForwarding $_tcpfwd" ) \ | 152 | check_lfwd $_permit_lfwd "$_prefix, permitopen" |
157 | > ${OBJ}/sshd_proxy | 153 | check_rfwd $_permit_rfwd "$_prefix, permitopen" |
158 | check_lfwd $_proto $_permit_lfwd "$_prefix, permitopen" | ||
159 | check_rfwd $_proto $_permit_rfwd "$_prefix, permitopen" | ||
160 | done | ||
161 | } | 154 | } |
162 | 155 | ||
163 | # no-permitopen mismatch-permitopen match-permitopen | 156 | # no-permitopen mismatch-permitopen match-permitopen |
diff --git a/regress/forwarding.sh b/regress/forwarding.sh index 45c596d7d..39fccba73 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: forwarding.sh,v 1.19 2017/01/30 05:22:14 djm Exp $ | 1 | # $OpenBSD: forwarding.sh,v 1.20 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="local and remote forwarding" | 4 | tid="local and remote forwarding" |
@@ -22,30 +22,24 @@ for j in 0 1 2; do | |||
22 | last=$a | 22 | last=$a |
23 | done | 23 | done |
24 | done | 24 | done |
25 | for p in ${SSH_PROTOCOLS}; do | ||
26 | q=`expr 3 - $p` | ||
27 | if ! ssh_version $q; then | ||
28 | q=$p | ||
29 | fi | ||
30 | trace "start forwarding, fork to background" | ||
31 | rm -f $CTL | ||
32 | ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 | ||
33 | 25 | ||
34 | trace "transfer over forwarded channels and check result" | 26 | trace "start forwarding, fork to background" |
35 | ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ | 27 | rm -f $CTL |
36 | somehost cat ${DATA} > ${COPY} | 28 | ${SSH} -S $CTL -M -F $OBJ/ssh_config -f $fwd somehost sleep 10 |
37 | test -s ${COPY} || fail "failed copy of ${DATA}" | ||
38 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" | ||
39 | 29 | ||
40 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost | 30 | trace "transfer over forwarded channels and check result" |
41 | done | 31 | ${SSH} -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ |
32 | somehost cat ${DATA} > ${COPY} | ||
33 | test -s ${COPY} || fail "failed copy of ${DATA}" | ||
34 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" | ||
35 | |||
36 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost | ||
42 | 37 | ||
43 | for p in ${SSH_PROTOCOLS}; do | ||
44 | for d in L R; do | 38 | for d in L R; do |
45 | trace "exit on -$d forward failure, proto $p" | 39 | trace "exit on -$d forward failure" |
46 | 40 | ||
47 | # this one should succeed | 41 | # this one should succeed |
48 | ${SSH} -$p -F $OBJ/ssh_config \ | 42 | ${SSH} -F $OBJ/ssh_config \ |
49 | -$d ${base}01:127.0.0.1:$PORT \ | 43 | -$d ${base}01:127.0.0.1:$PORT \ |
50 | -$d ${base}02:127.0.0.1:$PORT \ | 44 | -$d ${base}02:127.0.0.1:$PORT \ |
51 | -$d ${base}03:127.0.0.1:$PORT \ | 45 | -$d ${base}03:127.0.0.1:$PORT \ |
@@ -55,7 +49,7 @@ for d in L R; do | |||
55 | fatal "connection failed, should not" | 49 | fatal "connection failed, should not" |
56 | else | 50 | else |
57 | # this one should fail | 51 | # this one should fail |
58 | ${SSH} -q -$p -F $OBJ/ssh_config \ | 52 | ${SSH} -q -F $OBJ/ssh_config \ |
59 | -$d ${base}01:127.0.0.1:$PORT \ | 53 | -$d ${base}01:127.0.0.1:$PORT \ |
60 | -$d ${base}02:127.0.0.1:$PORT \ | 54 | -$d ${base}02:127.0.0.1:$PORT \ |
61 | -$d ${base}03:127.0.0.1:$PORT \ | 55 | -$d ${base}03:127.0.0.1:$PORT \ |
@@ -68,82 +62,74 @@ for d in L R; do | |||
68 | fi | 62 | fi |
69 | fi | 63 | fi |
70 | done | 64 | done |
71 | done | ||
72 | 65 | ||
73 | for p in ${SSH_PROTOCOLS}; do | 66 | trace "simple clear forwarding" |
74 | trace "simple clear forwarding proto $p" | 67 | ${SSH} -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true |
75 | ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true | 68 | |
76 | 69 | trace "clear local forward" | |
77 | trace "clear local forward proto $p" | 70 | rm -f $CTL |
78 | rm -f $CTL | 71 | ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \ |
79 | ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \ | 72 | -oClearAllForwardings=yes somehost sleep 10 |
80 | -oClearAllForwardings=yes somehost sleep 10 | 73 | if [ $? != 0 ]; then |
81 | if [ $? != 0 ]; then | 74 | fail "connection failed with cleared local forwarding" |
82 | fail "connection failed with cleared local forwarding" | 75 | else |
83 | else | 76 | # this one should fail |
84 | # this one should fail | 77 | ${SSH} -F $OBJ/ssh_config -p ${base}01 somehost true \ |
85 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \ | 78 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ |
86 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ | 79 | fail "local forwarding not cleared" |
87 | fail "local forwarding not cleared" | 80 | fi |
88 | fi | 81 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost |
89 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost | 82 | |
90 | 83 | trace "clear remote forward" | |
91 | trace "clear remote forward proto $p" | 84 | rm -f $CTL |
92 | rm -f $CTL | 85 | ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \ |
93 | ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \ | 86 | -oClearAllForwardings=yes somehost sleep 10 |
94 | -oClearAllForwardings=yes somehost sleep 10 | 87 | if [ $? != 0 ]; then |
95 | if [ $? != 0 ]; then | 88 | fail "connection failed with cleared remote forwarding" |
96 | fail "connection failed with cleared remote forwarding" | 89 | else |
97 | else | 90 | # this one should fail |
98 | # this one should fail | 91 | ${SSH} -F $OBJ/ssh_config -p ${base}01 somehost true \ |
99 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \ | 92 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ |
100 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ | 93 | fail "remote forwarding not cleared" |
101 | fail "remote forwarding not cleared" | 94 | fi |
102 | fi | 95 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost |
103 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost | 96 | |
104 | done | 97 | trace "stdio forwarding" |
105 | 98 | cmd="${SSH} -F $OBJ/ssh_config" | |
106 | for p in 2; do | 99 | $cmd -o "ProxyCommand $cmd -q -W localhost:$PORT somehost" somehost true |
107 | trace "stdio forwarding proto $p" | 100 | if [ $? != 0 ]; then |
108 | cmd="${SSH} -$p -F $OBJ/ssh_config" | 101 | fail "stdio forwarding" |
109 | $cmd -o "ProxyCommand $cmd -q -W localhost:$PORT somehost" \ | 102 | fi |
110 | somehost true | ||
111 | if [ $? != 0 ]; then | ||
112 | fail "stdio forwarding proto $p" | ||
113 | fi | ||
114 | done | ||
115 | 103 | ||
116 | echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config | 104 | echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config |
117 | echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config | 105 | echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config |
118 | for p in ${SSH_PROTOCOLS}; do | ||
119 | trace "config file: start forwarding, fork to background" | ||
120 | rm -f $CTL | ||
121 | ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10 | ||
122 | |||
123 | trace "config file: transfer over forwarded channels and check result" | ||
124 | ${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \ | ||
125 | somehost cat ${DATA} > ${COPY} | ||
126 | test -s ${COPY} || fail "failed copy of ${DATA}" | ||
127 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" | ||
128 | |||
129 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost | ||
130 | done | ||
131 | 106 | ||
132 | for p in 2; do | 107 | trace "config file: start forwarding, fork to background" |
133 | trace "transfer over chained unix domain socket forwards and check result" | 108 | rm -f $CTL |
134 | rm -f $OBJ/unix-[123].fwd | 109 | ${SSH} -S $CTL -M -F $OBJ/ssh_config -f somehost sleep 10 |
135 | rm -f $CTL $CTL.[123] | 110 | |
136 | ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10 | 111 | trace "config file: transfer over forwarded channels and check result" |
137 | ${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10 | 112 | ${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \ |
138 | ${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10 | 113 | somehost cat ${DATA} > ${COPY} |
139 | ${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10 | 114 | test -s ${COPY} || fail "failed copy of ${DATA}" |
140 | ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \ | 115 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" |
141 | somehost cat ${DATA} > ${COPY} | 116 | |
142 | test -s ${COPY} || fail "failed copy ${DATA}" | 117 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost |
143 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" | 118 | |
144 | 119 | trace "transfer over chained unix domain socket forwards and check result" | |
145 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost | 120 | rm -f $OBJ/unix-[123].fwd |
146 | ${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost | 121 | rm -f $CTL $CTL.[123] |
147 | ${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost | 122 | ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10 |
148 | ${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost | 123 | ${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10 |
149 | done | 124 | ${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10 |
125 | ${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10 | ||
126 | ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \ | ||
127 | somehost cat ${DATA} > ${COPY} | ||
128 | test -s ${COPY} || fail "failed copy ${DATA}" | ||
129 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" | ||
130 | |||
131 | ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost | ||
132 | ${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost | ||
133 | ${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost | ||
134 | ${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost | ||
135 | |||
diff --git a/regress/host-expand.sh b/regress/host-expand.sh index 2a95bfe1b..9444f7fb6 100644 --- a/regress/host-expand.sh +++ b/regress/host-expand.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: host-expand.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: host-expand.sh,v 1.5 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="expand %h and %n" | 4 | tid="expand %h and %n" |
@@ -11,9 +11,6 @@ somehost | |||
11 | 127.0.0.1 | 11 | 127.0.0.1 |
12 | EOE | 12 | EOE |
13 | 13 | ||
14 | for p in ${SSH_PROTOCOLS}; do | 14 | ${SSH} -F $OBJ/ssh_proxy somehost true >$OBJ/actual |
15 | verbose "test $tid: proto $p" | 15 | diff $OBJ/expect $OBJ/actual || fail "$tid" |
16 | ${SSH} -F $OBJ/ssh_proxy -$p somehost true >$OBJ/actual | ||
17 | diff $OBJ/expect $OBJ/actual || fail "$tid proto $p" | ||
18 | done | ||
19 | 16 | ||
diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh index 094700da6..811b6b9ab 100644 --- a/regress/hostkey-agent.sh +++ b/regress/hostkey-agent.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: hostkey-agent.sh,v 1.6 2015/07/10 06:23:25 markus Exp $ | 1 | # $OpenBSD: hostkey-agent.sh,v 1.7 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="hostkey agent" | 4 | tid="hostkey agent" |
@@ -40,7 +40,7 @@ for ps in no yes; do | |||
40 | cp $OBJ/known_hosts.orig $OBJ/known_hosts | 40 | cp $OBJ/known_hosts.orig $OBJ/known_hosts |
41 | SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` | 41 | SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` |
42 | if [ $? -ne 0 ]; then | 42 | if [ $? -ne 0 ]; then |
43 | fail "protocol $p privsep=$ps failed" | 43 | fail "privsep=$ps failed" |
44 | fi | 44 | fi |
45 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then | 45 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then |
46 | fail "bad SSH_CONNECTION key type $k privsep=$ps" | 46 | fail "bad SSH_CONNECTION key type $k privsep=$ps" |
diff --git a/regress/integrity.sh b/regress/integrity.sh index b71aa46fd..3eda40f0a 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: integrity.sh,v 1.22 2017/04/28 04:16:27 dtucker Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.23 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="integrity" | 4 | tid="integrity" |
@@ -46,7 +46,7 @@ for m in $macs; do | |||
46 | macopt="-m $m -c aes128-ctr" | 46 | macopt="-m $m -c aes128-ctr" |
47 | fi | 47 | fi |
48 | verbose "test $tid: $m @$off" | 48 | verbose "test $tid: $m @$off" |
49 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 49 | ${SSH} $macopt -F $OBJ/ssh_proxy -o "$pxy" \ |
50 | -oServerAliveInterval=1 -oServerAliveCountMax=30 \ | 50 | -oServerAliveInterval=1 -oServerAliveCountMax=30 \ |
51 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | 51 | 999.999.999.999 'printf "%4096s" " "' >/dev/null |
52 | if [ $? -eq 0 ]; then | 52 | if [ $? -eq 0 ]; then |
diff --git a/regress/key-options.sh b/regress/key-options.sh index 7a68ad358..2adee6833 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: key-options.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: key-options.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="key options" | 4 | tid="key options" |
@@ -8,64 +8,56 @@ authkeys="$OBJ/authorized_keys_${USER}" | |||
8 | cp $authkeys $origkeys | 8 | cp $authkeys $origkeys |
9 | 9 | ||
10 | # Test command= forced command | 10 | # Test command= forced command |
11 | for p in ${SSH_PROTOCOLS}; do | 11 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do |
12 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do | ||
13 | sed "s/.*/$c &/" $origkeys >$authkeys | 12 | sed "s/.*/$c &/" $origkeys >$authkeys |
14 | verbose "key option proto $p $c" | 13 | verbose "key option $c" |
15 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo` | 14 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost echo foo` |
16 | if [ "$r" = "foo" ]; then | 15 | if [ "$r" = "foo" ]; then |
17 | fail "key option forced command not restricted" | 16 | fail "key option forced command not restricted" |
18 | fi | 17 | fi |
19 | if [ "$r" != "bar" ]; then | 18 | if [ "$r" != "bar" ]; then |
20 | fail "key option forced command not executed" | 19 | fail "key option forced command not executed" |
21 | fi | 20 | fi |
22 | done | ||
23 | done | 21 | done |
24 | 22 | ||
25 | # Test no-pty | 23 | # Test no-pty |
26 | sed 's/.*/no-pty &/' $origkeys >$authkeys | 24 | sed 's/.*/no-pty &/' $origkeys >$authkeys |
27 | for p in ${SSH_PROTOCOLS}; do | 25 | verbose "key option proto no-pty" |
28 | verbose "key option proto $p no-pty" | 26 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost tty` |
29 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` | 27 | if [ -f "$r" ]; then |
30 | if [ -f "$r" ]; then | 28 | fail "key option failed no-pty (pty $r)" |
31 | fail "key option failed proto $p no-pty (pty $r)" | 29 | fi |
32 | fi | ||
33 | done | ||
34 | 30 | ||
35 | # Test environment= | 31 | # Test environment= |
36 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy | 32 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy |
37 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys | 33 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys |
38 | for p in ${SSH_PROTOCOLS}; do | 34 | verbose "key option environment" |
39 | verbose "key option proto $p environment" | 35 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` |
40 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` | 36 | if [ "$r" != "bar" ]; then |
41 | if [ "$r" != "bar" ]; then | 37 | fail "key option environment not set" |
42 | fail "key option environment not set" | 38 | fi |
43 | fi | ||
44 | done | ||
45 | 39 | ||
46 | # Test from= restriction | 40 | # Test from= restriction |
47 | start_sshd | 41 | start_sshd |
48 | for p in ${SSH_PROTOCOLS}; do | 42 | for f in 127.0.0.1 '127.0.0.0\/8'; do |
49 | for f in 127.0.0.1 '127.0.0.0\/8'; do | ||
50 | cat $origkeys >$authkeys | 43 | cat $origkeys >$authkeys |
51 | ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true | 44 | ${SSH} -q -F $OBJ/ssh_proxy somehost true |
52 | if [ $? -ne 0 ]; then | 45 | if [ $? -ne 0 ]; then |
53 | fail "key option proto $p failed without restriction" | 46 | fail "key option failed without restriction" |
54 | fi | 47 | fi |
55 | 48 | ||
56 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys | 49 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys |
57 | from=`head -1 $authkeys | cut -f1 -d ' '` | 50 | from=`head -1 $authkeys | cut -f1 -d ' '` |
58 | verbose "key option proto $p $from" | 51 | verbose "key option $from" |
59 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` | 52 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'` |
60 | if [ "$r" = "true" ]; then | 53 | if [ "$r" = "true" ]; then |
61 | fail "key option proto $p $from not restricted" | 54 | fail "key option $from not restricted" |
62 | fi | 55 | fi |
63 | 56 | ||
64 | r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'` | 57 | r=`${SSH} -q -F $OBJ/ssh_config somehost 'echo true'` |
65 | if [ "$r" != "true" ]; then | 58 | if [ "$r" != "true" ]; then |
66 | fail "key option proto $p $from not allowed but should be" | 59 | fail "key option $from not allowed but should be" |
67 | fi | 60 | fi |
68 | done | ||
69 | done | 61 | done |
70 | 62 | ||
71 | rm -f "$origkeys" | 63 | rm -f "$origkeys" |
diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh index e56185050..8b8acd52f 100644 --- a/regress/keygen-change.sh +++ b/regress/keygen-change.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: keygen-change.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: keygen-change.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="change passphrase for key" | 4 | tid="change passphrase for key" |
@@ -7,9 +7,6 @@ S1="secret1" | |||
7 | S2="2secret" | 7 | S2="2secret" |
8 | 8 | ||
9 | KEYTYPES=`${SSH} -Q key-plain` | 9 | KEYTYPES=`${SSH} -Q key-plain` |
10 | if ssh_version 1; then | ||
11 | KEYTYPES="${KEYTYPES} rsa1" | ||
12 | fi | ||
13 | 10 | ||
14 | for t in $KEYTYPES; do | 11 | for t in $KEYTYPES; do |
15 | # generate user key for agent | 12 | # generate user key for agent |
diff --git a/regress/keyscan.sh b/regress/keyscan.sh index f97364b76..3bde1219a 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: keyscan.sh,v 1.5 2015/09/11 03:44:21 djm Exp $ | 1 | # $OpenBSD: keyscan.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="keyscan" | 4 | tid="keyscan" |
@@ -9,10 +9,6 @@ rm -f ${OBJ}/host.dsa | |||
9 | start_sshd | 9 | start_sshd |
10 | 10 | ||
11 | KEYTYPES=`${SSH} -Q key-plain` | 11 | KEYTYPES=`${SSH} -Q key-plain` |
12 | if ssh_version 1; then | ||
13 | KEYTYPES="${KEYTYPES} rsa1" | ||
14 | fi | ||
15 | |||
16 | for t in $KEYTYPES; do | 12 | for t in $KEYTYPES; do |
17 | trace "keyscan type $t" | 13 | trace "keyscan type $t" |
18 | ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ | 14 | ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ |
diff --git a/regress/localcommand.sh b/regress/localcommand.sh index 220f19a4d..5224a16b2 100644 --- a/regress/localcommand.sh +++ b/regress/localcommand.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: localcommand.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: localcommand.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="localcommand" | 4 | tid="localcommand" |
@@ -6,10 +6,8 @@ tid="localcommand" | |||
6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy | 6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy |
7 | echo 'LocalCommand echo foo' >> $OBJ/ssh_proxy | 7 | echo 'LocalCommand echo foo' >> $OBJ/ssh_proxy |
8 | 8 | ||
9 | for p in ${SSH_PROTOCOLS}; do | 9 | verbose "test $tid: proto $p localcommand" |
10 | verbose "test $tid: proto $p localcommand" | 10 | a=`${SSH} -F $OBJ/ssh_proxy somehost true` |
11 | a=`${SSH} -F $OBJ/ssh_proxy -$p somehost true` | 11 | if [ "$a" != "foo" ] ; then |
12 | if [ "$a" != "foo" ] ; then | 12 | fail "$tid proto $p" |
13 | fail "$tid proto $p" | 13 | fi |
14 | fi | ||
15 | done | ||
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 67058027f..3e2c48160 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexfuzz.c,v 1.3 2016/10/11 21:49:54 djm Exp $ */ | 1 | /* $OpenBSD: kexfuzz.c,v 1.4 2017/04/30 23:34:55 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Fuzz harness for KEX code | 3 | * Fuzz harness for KEX code |
4 | * | 4 | * |
@@ -418,7 +418,7 @@ main(int argc, char **argv) | |||
418 | close(fd); | 418 | close(fd); |
419 | /* XXX check that it is a private key */ | 419 | /* XXX check that it is a private key */ |
420 | /* XXX support certificates */ | 420 | /* XXX support certificates */ |
421 | if (key == NULL || key->type == KEY_UNSPEC || key->type == KEY_RSA1) | 421 | if (key == NULL || key->type == KEY_UNSPEC) |
422 | badusage("Invalid key file (-k flag)"); | 422 | badusage("Invalid key file (-k flag)"); |
423 | 423 | ||
424 | /* Replace (fuzz) mode */ | 424 | /* Replace (fuzz) mode */ |
diff --git a/regress/multiplex.sh b/regress/multiplex.sh index acb9234d9..078a53a88 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: multiplex.sh,v 1.27 2014/12/22 06:14:29 djm Exp $ | 1 | # $OpenBSD: multiplex.sh,v 1.28 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | CTL=/tmp/openssh.regress.ctl-sock.$$ | 4 | CTL=/tmp/openssh.regress.ctl-sock.$$ |
@@ -101,7 +101,7 @@ for s in 0 1 4 5 44; do | |||
101 | ${SSH} -F $OBJ/ssh_config -S $CTL otherhost exit $s | 101 | ${SSH} -F $OBJ/ssh_config -S $CTL otherhost exit $s |
102 | r=$? | 102 | r=$? |
103 | if [ $r -ne $s ]; then | 103 | if [ $r -ne $s ]; then |
104 | fail "exit code mismatch for protocol $p: $r != $s" | 104 | fail "exit code mismatch: $r != $s" |
105 | fi | 105 | fi |
106 | 106 | ||
107 | # same with early close of stdout/err | 107 | # same with early close of stdout/err |
@@ -110,7 +110,7 @@ for s in 0 1 4 5 44; do | |||
110 | exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' | 110 | exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' |
111 | r=$? | 111 | r=$? |
112 | if [ $r -ne $s ]; then | 112 | if [ $r -ne $s ]; then |
113 | fail "exit code (with sleep) mismatch for protocol $p: $r != $s" | 113 | fail "exit code (with sleep) mismatch: $r != $s" |
114 | fi | 114 | fi |
115 | done | 115 | done |
116 | 116 | ||
diff --git a/regress/principals-command.sh b/regress/principals-command.sh index 9b38eb105..bcc68e80b 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: principals-command.sh,v 1.3 2016/09/26 21:34:38 bluhm Exp $ | 1 | # $OpenBSD: principals-command.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="authorized principals command" | 4 | tid="authorized principals command" |
@@ -78,7 +78,7 @@ if [ -x $PRINCIPALS_COMMAND ]; then | |||
78 | # Empty authorized_principals | 78 | # Empty authorized_principals |
79 | verbose "$tid: ${_prefix} empty authorized_principals" | 79 | verbose "$tid: ${_prefix} empty authorized_principals" |
80 | echo > $OBJ/authorized_principals_$USER | 80 | echo > $OBJ/authorized_principals_$USER |
81 | ${SSH} -2i $OBJ/cert_user_key \ | 81 | ${SSH} -i $OBJ/cert_user_key \ |
82 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 82 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
83 | if [ $? -eq 0 ]; then | 83 | if [ $? -eq 0 ]; then |
84 | fail "ssh cert connect succeeded unexpectedly" | 84 | fail "ssh cert connect succeeded unexpectedly" |
@@ -87,7 +87,7 @@ if [ -x $PRINCIPALS_COMMAND ]; then | |||
87 | # Wrong authorized_principals | 87 | # Wrong authorized_principals |
88 | verbose "$tid: ${_prefix} wrong authorized_principals" | 88 | verbose "$tid: ${_prefix} wrong authorized_principals" |
89 | echo gregorsamsa > $OBJ/authorized_principals_$USER | 89 | echo gregorsamsa > $OBJ/authorized_principals_$USER |
90 | ${SSH} -2i $OBJ/cert_user_key \ | 90 | ${SSH} -i $OBJ/cert_user_key \ |
91 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 91 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
92 | if [ $? -eq 0 ]; then | 92 | if [ $? -eq 0 ]; then |
93 | fail "ssh cert connect succeeded unexpectedly" | 93 | fail "ssh cert connect succeeded unexpectedly" |
@@ -96,7 +96,7 @@ if [ -x $PRINCIPALS_COMMAND ]; then | |||
96 | # Correct authorized_principals | 96 | # Correct authorized_principals |
97 | verbose "$tid: ${_prefix} correct authorized_principals" | 97 | verbose "$tid: ${_prefix} correct authorized_principals" |
98 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER | 98 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER |
99 | ${SSH} -2i $OBJ/cert_user_key \ | 99 | ${SSH} -i $OBJ/cert_user_key \ |
100 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 100 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
101 | if [ $? -ne 0 ]; then | 101 | if [ $? -ne 0 ]; then |
102 | fail "ssh cert connect failed" | 102 | fail "ssh cert connect failed" |
@@ -105,7 +105,7 @@ if [ -x $PRINCIPALS_COMMAND ]; then | |||
105 | # authorized_principals with bad key option | 105 | # authorized_principals with bad key option |
106 | verbose "$tid: ${_prefix} authorized_principals bad key opt" | 106 | verbose "$tid: ${_prefix} authorized_principals bad key opt" |
107 | echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER | 107 | echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER |
108 | ${SSH} -2i $OBJ/cert_user_key \ | 108 | ${SSH} -i $OBJ/cert_user_key \ |
109 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 109 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
110 | if [ $? -eq 0 ]; then | 110 | if [ $? -eq 0 ]; then |
111 | fail "ssh cert connect succeeded unexpectedly" | 111 | fail "ssh cert connect succeeded unexpectedly" |
@@ -115,7 +115,7 @@ if [ -x $PRINCIPALS_COMMAND ]; then | |||
115 | verbose "$tid: ${_prefix} authorized_principals command=false" | 115 | verbose "$tid: ${_prefix} authorized_principals command=false" |
116 | echo 'command="false" mekmitasdigoat' > \ | 116 | echo 'command="false" mekmitasdigoat' > \ |
117 | $OBJ/authorized_principals_$USER | 117 | $OBJ/authorized_principals_$USER |
118 | ${SSH} -2i $OBJ/cert_user_key \ | 118 | ${SSH} -i $OBJ/cert_user_key \ |
119 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 119 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
120 | if [ $? -eq 0 ]; then | 120 | if [ $? -eq 0 ]; then |
121 | fail "ssh cert connect succeeded unexpectedly" | 121 | fail "ssh cert connect succeeded unexpectedly" |
@@ -125,7 +125,7 @@ if [ -x $PRINCIPALS_COMMAND ]; then | |||
125 | verbose "$tid: ${_prefix} authorized_principals command=true" | 125 | verbose "$tid: ${_prefix} authorized_principals command=true" |
126 | echo 'command="true" mekmitasdigoat' > \ | 126 | echo 'command="true" mekmitasdigoat' > \ |
127 | $OBJ/authorized_principals_$USER | 127 | $OBJ/authorized_principals_$USER |
128 | ${SSH} -2i $OBJ/cert_user_key \ | 128 | ${SSH} -i $OBJ/cert_user_key \ |
129 | -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 | 129 | -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 |
130 | if [ $? -ne 0 ]; then | 130 | if [ $? -ne 0 ]; then |
131 | fail "ssh cert connect failed" | 131 | fail "ssh cert connect failed" |
@@ -144,7 +144,7 @@ if [ -x $PRINCIPALS_COMMAND ]; then | |||
144 | printf 'cert-authority,principals="gregorsamsa" ' | 144 | printf 'cert-authority,principals="gregorsamsa" ' |
145 | cat $OBJ/user_ca_key.pub | 145 | cat $OBJ/user_ca_key.pub |
146 | ) > $OBJ/authorized_keys_$USER | 146 | ) > $OBJ/authorized_keys_$USER |
147 | ${SSH} -2i $OBJ/cert_user_key \ | 147 | ${SSH} -i $OBJ/cert_user_key \ |
148 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 148 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
149 | if [ $? -eq 0 ]; then | 149 | if [ $? -eq 0 ]; then |
150 | fail "ssh cert connect succeeded unexpectedly" | 150 | fail "ssh cert connect succeeded unexpectedly" |
@@ -156,7 +156,7 @@ if [ -x $PRINCIPALS_COMMAND ]; then | |||
156 | printf 'cert-authority,principals="mekmitasdigoat" ' | 156 | printf 'cert-authority,principals="mekmitasdigoat" ' |
157 | cat $OBJ/user_ca_key.pub | 157 | cat $OBJ/user_ca_key.pub |
158 | ) > $OBJ/authorized_keys_$USER | 158 | ) > $OBJ/authorized_keys_$USER |
159 | ${SSH} -2i $OBJ/cert_user_key \ | 159 | ${SSH} -i $OBJ/cert_user_key \ |
160 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 160 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
161 | if [ $? -ne 0 ]; then | 161 | if [ $? -ne 0 ]; then |
162 | fail "ssh cert connect failed" | 162 | fail "ssh cert connect failed" |
diff --git a/regress/proto-mismatch.sh b/regress/proto-mismatch.sh index 9e8024beb..6ab28c9a7 100644 --- a/regress/proto-mismatch.sh +++ b/regress/proto-mismatch.sh | |||
@@ -1,21 +1,17 @@ | |||
1 | # $OpenBSD: proto-mismatch.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: proto-mismatch.sh,v 1.5 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="protocol version mismatch" | 4 | tid="protocol version mismatch" |
5 | 5 | ||
6 | mismatch () | 6 | mismatch () |
7 | { | 7 | { |
8 | server=$1 | ||
9 | client=$2 | 8 | client=$2 |
10 | banner=`echo ${client} | ${SSHD} -o "Protocol=${server}" -i -f ${OBJ}/sshd_proxy` | 9 | banner=`echo ${client} | ${SSHD} -i -f ${OBJ}/sshd_proxy` |
11 | r=$? | 10 | r=$? |
12 | trace "sshd prints ${banner}" | 11 | trace "sshd prints ${banner}" |
13 | if [ $r -ne 255 ]; then | 12 | if [ $r -ne 255 ]; then |
14 | fail "sshd prints ${banner} and accepts connect with version ${client}" | 13 | fail "sshd prints ${banner} but accepts version ${client}" |
15 | fi | 14 | fi |
16 | } | 15 | } |
17 | 16 | ||
18 | mismatch 2 SSH-1.5-HALLO | 17 | mismatch SSH-1.5-HALLO |
19 | if ssh_version 1; then | ||
20 | mismatch 1 SSH-2.0-HALLO | ||
21 | fi | ||
diff --git a/regress/proto-version.sh b/regress/proto-version.sh index cf4946115..5faeb758c 100644 --- a/regress/proto-version.sh +++ b/regress/proto-version.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: proto-version.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: proto-version.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd version with different protocol combinations" | 4 | tid="sshd version with different protocol combinations" |
@@ -6,9 +6,8 @@ tid="sshd version with different protocol combinations" | |||
6 | # we just start sshd in inetd mode and check the banner | 6 | # we just start sshd in inetd mode and check the banner |
7 | check_version () | 7 | check_version () |
8 | { | 8 | { |
9 | version=$1 | ||
10 | expect=$2 | 9 | expect=$2 |
11 | banner=`printf '' | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` | 10 | banner=`printf '' | ${SSHD} -i -f ${OBJ}/sshd_proxy` |
12 | case ${banner} in | 11 | case ${banner} in |
13 | SSH-1.99-*) | 12 | SSH-1.99-*) |
14 | proto=199 | 13 | proto=199 |
@@ -24,13 +23,8 @@ check_version () | |||
24 | ;; | 23 | ;; |
25 | esac | 24 | esac |
26 | if [ ${expect} -ne ${proto} ]; then | 25 | if [ ${expect} -ne ${proto} ]; then |
27 | fail "wrong protocol version ${banner} for ${version}" | 26 | fail "wrong protocol version ${banner}" |
28 | fi | 27 | fi |
29 | } | 28 | } |
30 | 29 | ||
31 | check_version 2 20 | 30 | check_version 20 |
32 | if ssh_version 1; then | ||
33 | check_version 2,1 199 | ||
34 | check_version 1,2 199 | ||
35 | check_version 1 15 | ||
36 | fi | ||
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index b7a43fabe..f1b9d9f76 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: proxy-connect.sh,v 1.9 2016/02/17 02:24:17 djm Exp $ | 1 | # $OpenBSD: proxy-connect.sh,v 1.10 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="proxy connect" | 4 | tid="proxy connect" |
@@ -6,27 +6,22 @@ tid="proxy connect" | |||
6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig | 6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig |
7 | 7 | ||
8 | for ps in no yes; do | 8 | for ps in no yes; do |
9 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy | 9 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy |
10 | echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy | 10 | echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy |
11 | 11 | for c in no yes; do | |
12 | for p in ${SSH_PROTOCOLS}; do | 12 | verbose "plain username privsep=$ps comp=$c" |
13 | for c in no yes; do | 13 | opts="-oCompression=$c -F $OBJ/ssh_proxy" |
14 | verbose "plain username protocol $p privsep=$ps comp=$c" | 14 | SSH_CONNECTION=`${SSH} $opts 999.999.999.999 'echo $SSH_CONNECTION'` |
15 | opts="-$p -oCompression=$c -F $OBJ/ssh_proxy" | 15 | if [ $? -ne 0 ]; then |
16 | SSH_CONNECTION=`${SSH} $opts 999.999.999.999 'echo $SSH_CONNECTION'` | 16 | fail "ssh proxyconnect privsep=$ps comp=$c failed" |
17 | if [ $? -ne 0 ]; then | 17 | fi |
18 | fail "ssh proxyconnect protocol $p privsep=$ps comp=$c failed" | 18 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then |
19 | fi | 19 | fail "bad SSH_CONNECTION privsep=$ps comp=$c: " \ |
20 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then | 20 | "$SSH_CONNECTION" |
21 | fail "bad SSH_CONNECTION protocol $p privsep=$ps comp=$c: " \ | 21 | fi |
22 | "$SSH_CONNECTION" | 22 | done |
23 | fi | ||
24 | done | ||
25 | done | ||
26 | done | 23 | done |
27 | 24 | ||
28 | for p in ${SSH_PROTOCOLS}; do | 25 | verbose "username with style" |
29 | verbose "username with style protocol $p" | 26 | ${SSH} -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \ |
30 | ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \ | 27 | fail "ssh proxyconnect failed" |
31 | fail "ssh proxyconnect protocol $p failed" | ||
32 | done | ||
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index 8eb6ae0c0..32c79f9ea 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: putty-transfer.sh,v 1.4 2016/11/25 03:02:01 dtucker Exp $ | 1 | # $OpenBSD: putty-transfer.sh,v 1.5 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="putty transfer data" | 4 | tid="putty transfer data" |
@@ -8,33 +8,30 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | |||
8 | exit 0 | 8 | exit 0 |
9 | fi | 9 | fi |
10 | 10 | ||
11 | # XXX support protocol 1 too | 11 | for c in 0 1 ; do |
12 | for p in 2; do | 12 | verbose "$tid: compression $c" |
13 | for c in 0 1 ; do | 13 | rm -f ${COPY} |
14 | verbose "$tid: proto $p compression $c" | 14 | cp ${OBJ}/.putty/sessions/localhost_proxy \ |
15 | ${OBJ}/.putty/sessions/compression_$c | ||
16 | echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k | ||
17 | env HOME=$PWD ${PLINK} -load compression_$c -batch \ | ||
18 | -i putty.rsa cat ${DATA} > ${COPY} | ||
19 | if [ $? -ne 0 ]; then | ||
20 | fail "ssh cat $DATA failed" | ||
21 | fi | ||
22 | cmp ${DATA} ${COPY} || fail "corrupted copy" | ||
23 | |||
24 | for s in 10 100 1k 32k 64k 128k 256k; do | ||
25 | trace "compression $c dd-size ${s}" | ||
15 | rm -f ${COPY} | 26 | rm -f ${COPY} |
16 | cp ${OBJ}/.putty/sessions/localhost_proxy \ | 27 | dd if=$DATA obs=${s} 2> /dev/null | \ |
17 | ${OBJ}/.putty/sessions/compression_$c | 28 | env HOME=$PWD ${PLINK} -load compression_$c \ |
18 | echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k | 29 | -batch -i putty.rsa \ |
19 | env HOME=$PWD ${PLINK} -load compression_$c -batch \ | 30 | "cat > ${COPY}" |
20 | -i putty.rsa$p cat ${DATA} > ${COPY} | ||
21 | if [ $? -ne 0 ]; then | 31 | if [ $? -ne 0 ]; then |
22 | fail "ssh cat $DATA failed" | 32 | fail "ssh cat $DATA failed" |
23 | fi | 33 | fi |
24 | cmp ${DATA} ${COPY} || fail "corrupted copy" | 34 | cmp $DATA ${COPY} || fail "corrupted copy" |
25 | |||
26 | for s in 10 100 1k 32k 64k 128k 256k; do | ||
27 | trace "proto $p compression $c dd-size ${s}" | ||
28 | rm -f ${COPY} | ||
29 | dd if=$DATA obs=${s} 2> /dev/null | \ | ||
30 | env HOME=$PWD ${PLINK} -load compression_$c \ | ||
31 | -batch -i putty.rsa$p \ | ||
32 | "cat > ${COPY}" | ||
33 | if [ $? -ne 0 ]; then | ||
34 | fail "ssh cat $DATA failed" | ||
35 | fi | ||
36 | cmp $DATA ${COPY} || fail "corrupted copy" | ||
37 | done | ||
38 | done | 35 | done |
39 | done | 36 | done |
40 | rm -f ${COPY} | 37 | rm -f ${COPY} |
diff --git a/regress/reconfigure.sh b/regress/reconfigure.sh index eecddd3c7..dd15eddb2 100644 --- a/regress/reconfigure.sh +++ b/regress/reconfigure.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: reconfigure.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: reconfigure.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple connect after reconfigure" | 4 | tid="simple connect after reconfigure" |
@@ -18,12 +18,10 @@ fi | |||
18 | start_sshd | 18 | start_sshd |
19 | 19 | ||
20 | trace "connect before restart" | 20 | trace "connect before restart" |
21 | for p in ${SSH_PROTOCOLS} ; do | 21 | ${SSH} -F $OBJ/ssh_config somehost true |
22 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true | 22 | if [ $? -ne 0 ]; then |
23 | if [ $? -ne 0 ]; then | 23 | fail "ssh connect with failed before reconfigure" |
24 | fail "ssh connect with protocol $p failed before reconfigure" | 24 | fi |
25 | fi | ||
26 | done | ||
27 | 25 | ||
28 | PID=`$SUDO cat $PIDFILE` | 26 | PID=`$SUDO cat $PIDFILE` |
29 | rm -f $PIDFILE | 27 | rm -f $PIDFILE |
@@ -39,9 +37,7 @@ done | |||
39 | test -f $PIDFILE || fatal "sshd did not restart" | 37 | test -f $PIDFILE || fatal "sshd did not restart" |
40 | 38 | ||
41 | trace "connect after restart" | 39 | trace "connect after restart" |
42 | for p in ${SSH_PROTOCOLS} ; do | 40 | ${SSH} -F $OBJ/ssh_config somehost true |
43 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true | 41 | if [ $? -ne 0 ]; then |
44 | if [ $? -ne 0 ]; then | 42 | fail "ssh connect with failed after reconfigure" |
45 | fail "ssh connect with protocol $p failed after reconfigure" | 43 | fi |
46 | fi | ||
47 | done | ||
diff --git a/regress/reexec.sh b/regress/reexec.sh index 72957d4cd..ce23a1af3 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: reexec.sh,v 1.10 2016/12/16 01:06:27 dtucker Exp $ | 1 | # $OpenBSD: reexec.sh,v 1.11 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="reexec tests" | 4 | tid="reexec tests" |
@@ -19,16 +19,13 @@ start_sshd_copy () | |||
19 | copy_tests () | 19 | copy_tests () |
20 | { | 20 | { |
21 | rm -f ${COPY} | 21 | rm -f ${COPY} |
22 | for p in ${SSH_PROTOCOLS} ; do | 22 | ${SSH} -nq -F $OBJ/ssh_config somehost \ |
23 | verbose "$tid: proto $p" | 23 | cat ${DATA} > ${COPY} |
24 | ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ | 24 | if [ $? -ne 0 ]; then |
25 | cat ${DATA} > ${COPY} | 25 | fail "ssh cat $DATA failed" |
26 | if [ $? -ne 0 ]; then | 26 | fi |
27 | fail "ssh cat $DATA failed" | 27 | cmp ${DATA} ${COPY} || fail "corrupted copy" |
28 | fi | 28 | rm -f ${COPY} |
29 | cmp ${DATA} ${COPY} || fail "corrupted copy" | ||
30 | rm -f ${COPY} | ||
31 | done | ||
32 | } | 29 | } |
33 | 30 | ||
34 | verbose "test config passing" | 31 | verbose "test config passing" |
diff --git a/regress/stderr-after-eof.sh b/regress/stderr-after-eof.sh index 218ac6b68..9065245e8 100644 --- a/regress/stderr-after-eof.sh +++ b/regress/stderr-after-eof.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: stderr-after-eof.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ | 1 | # $OpenBSD: stderr-after-eof.sh,v 1.3 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="stderr data after eof" | 4 | tid="stderr data after eof" |
@@ -10,7 +10,7 @@ for i in 1 2 3 4 5 6; do | |||
10 | (date;echo $i) | md5 >> ${DATA} | 10 | (date;echo $i) | md5 >> ${DATA} |
11 | done | 11 | done |
12 | 12 | ||
13 | ${SSH} -2 -F $OBJ/ssh_proxy otherhost \ | 13 | ${SSH} -F $OBJ/ssh_proxy otherhost \ |
14 | exec sh -c \'"exec > /dev/null; sleep 2; cat ${DATA} 1>&2 $s"\' \ | 14 | exec sh -c \'"exec > /dev/null; sleep 2; cat ${DATA} 1>&2 $s"\' \ |
15 | 2> ${COPY} | 15 | 2> ${COPY} |
16 | r=$? | 16 | r=$? |
diff --git a/regress/stderr-data.sh b/regress/stderr-data.sh index 8c8149a73..0ceb72b3a 100644 --- a/regress/stderr-data.sh +++ b/regress/stderr-data.sh | |||
@@ -1,13 +1,12 @@ | |||
1 | # $OpenBSD: stderr-data.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: stderr-data.sh,v 1.5 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="stderr data transfer" | 4 | tid="stderr data transfer" |
5 | 5 | ||
6 | for n in '' -n; do | 6 | for n in '' -n; do |
7 | for p in ${SSH_PROTOCOLS}; do | 7 | verbose "test $tid: ($n)" |
8 | verbose "test $tid: proto $p ($n)" | 8 | ${SSH} $n -F $OBJ/ssh_proxy otherhost exec \ |
9 | ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ | 9 | sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ |
10 | exec sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ | ||
11 | 2> ${COPY} | 10 | 2> ${COPY} |
12 | r=$? | 11 | r=$? |
13 | if [ $r -ne 0 ]; then | 12 | if [ $r -ne 0 ]; then |
@@ -16,8 +15,8 @@ for p in ${SSH_PROTOCOLS}; do | |||
16 | cmp ${DATA} ${COPY} || fail "stderr corrupt" | 15 | cmp ${DATA} ${COPY} || fail "stderr corrupt" |
17 | rm -f ${COPY} | 16 | rm -f ${COPY} |
18 | 17 | ||
19 | ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ | 18 | ${SSH} $n -F $OBJ/ssh_proxy otherhost exec \ |
20 | exec sh -c \'"echo a; exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ | 19 | sh -c \'"echo a; exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ |
21 | > /dev/null 2> ${COPY} | 20 | > /dev/null 2> ${COPY} |
22 | r=$? | 21 | r=$? |
23 | if [ $r -ne 0 ]; then | 22 | if [ $r -ne 0 ]; then |
@@ -26,4 +25,3 @@ for p in ${SSH_PROTOCOLS}; do | |||
26 | cmp ${DATA} ${COPY} || fail "stderr corrupt" | 25 | cmp ${DATA} ${COPY} || fail "stderr corrupt" |
27 | rm -f ${COPY} | 26 | rm -f ${COPY} |
28 | done | 27 | done |
29 | done | ||
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index dc033cd96..1480f13fc 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.60 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | #SUDO=sudo | 4 | #SUDO=sudo |
@@ -130,12 +130,6 @@ if [ "x$TEST_SSH_CONCH" != "x" ]; then | |||
130 | esac | 130 | esac |
131 | fi | 131 | fi |
132 | 132 | ||
133 | SSH_PROTOCOLS=2 | ||
134 | #SSH_PROTOCOLS=`$SSH -Q protocol-version` | ||
135 | if [ "x$TEST_SSH_PROTOCOLS" != "x" ]; then | ||
136 | SSH_PROTOCOLS="${TEST_SSH_PROTOCOLS}" | ||
137 | fi | ||
138 | |||
139 | # Path to sshd must be absolute for rexec | 133 | # Path to sshd must be absolute for rexec |
140 | case "$SSHD" in | 134 | case "$SSHD" in |
141 | /*) ;; | 135 | /*) ;; |
@@ -386,22 +380,11 @@ fatal () | |||
386 | exit $RESULT | 380 | exit $RESULT |
387 | } | 381 | } |
388 | 382 | ||
389 | ssh_version () | ||
390 | { | ||
391 | echo ${SSH_PROTOCOLS} | grep "$1" >/dev/null | ||
392 | } | ||
393 | |||
394 | RESULT=0 | 383 | RESULT=0 |
395 | PIDFILE=$OBJ/pidfile | 384 | PIDFILE=$OBJ/pidfile |
396 | 385 | ||
397 | trap fatal 3 2 | 386 | trap fatal 3 2 |
398 | 387 | ||
399 | if ssh_version 1; then | ||
400 | PROTO="2,1" | ||
401 | else | ||
402 | PROTO="2" | ||
403 | fi | ||
404 | |||
405 | # create server config | 388 | # create server config |
406 | cat << EOF > $OBJ/sshd_config | 389 | cat << EOF > $OBJ/sshd_config |
407 | StrictModes no | 390 | StrictModes no |
@@ -460,11 +443,8 @@ fi | |||
460 | 443 | ||
461 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER | 444 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
462 | 445 | ||
463 | if ssh_version 1; then | 446 | SSH_KEYTYPES="rsa ed25519" |
464 | SSH_KEYTYPES="rsa rsa1" | 447 | |
465 | else | ||
466 | SSH_KEYTYPES="rsa ed25519" | ||
467 | fi | ||
468 | trace "generate keys" | 448 | trace "generate keys" |
469 | for t in ${SSH_KEYTYPES}; do | 449 | for t in ${SSH_KEYTYPES}; do |
470 | # generate user key | 450 | # generate user key |
diff --git a/regress/transfer.sh b/regress/transfer.sh index 36c14634a..cf174a006 100644 --- a/regress/transfer.sh +++ b/regress/transfer.sh | |||
@@ -1,26 +1,23 @@ | |||
1 | # $OpenBSD: transfer.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: transfer.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="transfer data" | 4 | tid="transfer data" |
5 | 5 | ||
6 | for p in ${SSH_PROTOCOLS}; do | 6 | rm -f ${COPY} |
7 | verbose "$tid: proto $p" | 7 | ${SSH} -n -q -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY} |
8 | if [ $? -ne 0 ]; then | ||
9 | fail "ssh cat $DATA failed" | ||
10 | fi | ||
11 | cmp ${DATA} ${COPY} || fail "corrupted copy" | ||
12 | |||
13 | for s in 10 100 1k 32k 64k 128k 256k; do | ||
14 | trace "dd-size ${s}" | ||
8 | rm -f ${COPY} | 15 | rm -f ${COPY} |
9 | ${SSH} -n -q -$p -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY} | 16 | dd if=$DATA obs=${s} 2> /dev/null | \ |
17 | ${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}" | ||
10 | if [ $? -ne 0 ]; then | 18 | if [ $? -ne 0 ]; then |
11 | fail "ssh cat $DATA failed" | 19 | fail "ssh cat $DATA failed" |
12 | fi | 20 | fi |
13 | cmp ${DATA} ${COPY} || fail "corrupted copy" | 21 | cmp $DATA ${COPY} || fail "corrupted copy" |
14 | |||
15 | for s in 10 100 1k 32k 64k 128k 256k; do | ||
16 | trace "proto $p dd-size ${s}" | ||
17 | rm -f ${COPY} | ||
18 | dd if=$DATA obs=${s} 2> /dev/null | \ | ||
19 | ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}" | ||
20 | if [ $? -ne 0 ]; then | ||
21 | fail "ssh cat $DATA failed" | ||
22 | fi | ||
23 | cmp $DATA ${COPY} || fail "corrupted copy" | ||
24 | done | ||
25 | done | 22 | done |
26 | rm -f ${COPY} | 23 | rm -f ${COPY} |
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 889a735d2..e04268ba3 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: try-ciphers.sh,v 1.25 2015/03/24 20:22:17 markus Exp $ | 1 | # $OpenBSD: try-ciphers.sh,v 1.26 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="try ciphers" | 4 | tid="try ciphers" |
@@ -8,14 +8,14 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | |||
8 | for c in `${SSH} -Q cipher`; do | 8 | for c in `${SSH} -Q cipher`; do |
9 | n=0 | 9 | n=0 |
10 | for m in `${SSH} -Q mac`; do | 10 | for m in `${SSH} -Q mac`; do |
11 | trace "proto 2 cipher $c mac $m" | 11 | trace "cipher $c mac $m" |
12 | verbose "test $tid: proto 2 cipher $c mac $m" | 12 | verbose "test $tid: cipher $c mac $m" |
13 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 13 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
14 | echo "Ciphers=$c" >> $OBJ/sshd_proxy | 14 | echo "Ciphers=$c" >> $OBJ/sshd_proxy |
15 | echo "MACs=$m" >> $OBJ/sshd_proxy | 15 | echo "MACs=$m" >> $OBJ/sshd_proxy |
16 | ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true | 16 | ${SSH} -F $OBJ/ssh_proxy -m $m -c $c somehost true |
17 | if [ $? -ne 0 ]; then | 17 | if [ $? -ne 0 ]; then |
18 | fail "ssh -2 failed with mac $m cipher $c" | 18 | fail "ssh failed with mac $m cipher $c" |
19 | fi | 19 | fi |
20 | # No point trying all MACs for AEAD ciphers since they | 20 | # No point trying all MACs for AEAD ciphers since they |
21 | # are ignored. | 21 | # are ignored. |
@@ -26,17 +26,3 @@ for c in `${SSH} -Q cipher`; do | |||
26 | done | 26 | done |
27 | done | 27 | done |
28 | 28 | ||
29 | if ssh_version 1; then | ||
30 | ciphers="3des blowfish" | ||
31 | else | ||
32 | ciphers="" | ||
33 | fi | ||
34 | for c in $ciphers; do | ||
35 | trace "proto 1 cipher $c" | ||
36 | verbose "test $tid: proto 1 cipher $c" | ||
37 | ${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true | ||
38 | if [ $? -ne 0 ]; then | ||
39 | fail "ssh -1 failed with cipher $c" | ||
40 | fi | ||
41 | done | ||
42 | |||
diff --git a/regress/yes-head.sh b/regress/yes-head.sh index 1fc754211..fce2f6580 100644 --- a/regress/yes-head.sh +++ b/regress/yes-head.sh | |||
@@ -3,13 +3,11 @@ | |||
3 | 3 | ||
4 | tid="yes pipe head" | 4 | tid="yes pipe head" |
5 | 5 | ||
6 | for p in ${SSH_PROTOCOLS}; do | 6 | lines=`${SSH} -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` |
7 | lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` | 7 | if [ $? -ne 0 ]; then |
8 | if [ $? -ne 0 ]; then | 8 | fail "yes|head test failed" |
9 | fail "yes|head test failed" | 9 | lines = 0; |
10 | lines = 0; | 10 | fi |
11 | fi | 11 | if [ $lines -ne 2000 ]; then |
12 | if [ $lines -ne 2000 ]; then | 12 | fail "yes|head returns $lines lines instead of 2000" |
13 | fail "yes|head returns $lines lines instead of 2000" | 13 | fi |
14 | fi | ||
15 | done | ||