summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
Diffstat (limited to 'regress')
-rw-r--r--regress/Makefile21
-rw-r--r--regress/agent-getpeereid.sh2
-rw-r--r--regress/allow-deny-users.sh40
-rw-r--r--regress/cert-file.sh2
-rw-r--r--regress/cert-userkey.sh16
-rw-r--r--regress/connect-privsep.sh4
-rw-r--r--regress/integrity.sh2
-rw-r--r--regress/keygen-moduli.sh18
-rw-r--r--regress/keys-command.sh2
-rw-r--r--regress/login-timeout.sh4
-rw-r--r--regress/misc/kexfuzz/README4
-rw-r--r--regress/misc/kexfuzz/kexfuzz.c169
-rw-r--r--regress/moduli.in3
-rw-r--r--regress/principals-command.sh54
-rw-r--r--regress/putty-ciphers.sh4
-rw-r--r--regress/putty-kex.sh5
-rw-r--r--regress/putty-transfer.sh6
-rw-r--r--regress/reexec.sh11
-rw-r--r--regress/sftp-chroot.sh4
-rw-r--r--regress/test-exec.sh40
-rw-r--r--regress/unittests/Makefile4
-rw-r--r--regress/unittests/Makefile.inc10
-rw-r--r--regress/unittests/bitmap/Makefile4
-rw-r--r--regress/unittests/hostkeys/Makefile4
-rw-r--r--regress/unittests/kex/Makefile4
-rw-r--r--regress/unittests/match/Makefile10
-rw-r--r--regress/unittests/match/tests.c113
-rw-r--r--regress/unittests/sshbuf/Makefile2
-rw-r--r--regress/unittests/sshkey/Makefile4
-rw-r--r--regress/unittests/utf8/Makefile4
-rw-r--r--regress/unittests/utf8/tests.c7
31 files changed, 426 insertions, 151 deletions
diff --git a/regress/Makefile b/regress/Makefile
index 08fd82dbf..c2dba4fdf 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.88 2016/06/03 04:10:41 dtucker Exp $ 1# $OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $
2 2
3REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec 3REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec
4tests: prep $(REGRESS_TARGETS) 4tests: prep $(REGRESS_TARGETS)
@@ -39,6 +39,7 @@ LTESTS= connect \
39 keyscan \ 39 keyscan \
40 keygen-change \ 40 keygen-change \
41 keygen-convert \ 41 keygen-convert \
42 keygen-moduli \
42 key-options \ 43 key-options \
43 scp \ 44 scp \
44 sftp \ 45 sftp \
@@ -77,7 +78,8 @@ LTESTS= connect \
77 hostkey-rotate \ 78 hostkey-rotate \
78 principals-command \ 79 principals-command \
79 cert-file \ 80 cert-file \
80 cfginclude 81 cfginclude \
82 allow-deny-users
81 83
82 84
83# dhgex \ 85# dhgex \
@@ -87,9 +89,10 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
87 89
88#LTESTS= cipher-speed 90#LTESTS= cipher-speed
89 91
90USER!= id -un 92USERNAME!= id -un
91CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \ 93CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
92 authorized_keys_${USER}.* authorized_principals_${USER} \ 94 authorized_keys_${USERNAME}.* \
95 authorized_principals_${USERNAME} \
93 banner.in banner.out cert_host_key* cert_user_key* \ 96 banner.in banner.out cert_host_key* cert_user_key* \
94 copy.1 copy.2 data ed25519-agent ed25519-agent* \ 97 copy.1 copy.2 data ed25519-agent ed25519-agent* \
95 ed25519-agent.pub empty.in expect failed-regress.log \ 98 ed25519-agent.pub empty.in expect failed-regress.log \
@@ -111,10 +114,10 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \
111 t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ 114 t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \
112 t9.out t9.out.pub testdata user_*key* user_ca* user_key* 115 t9.out t9.out.pub testdata user_*key* user_ca* user_key*
113 116
114SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} 117SUDO_CLEAN+= /var/run/testdata_${USERNAME} /var/run/keycommand_${USERNAME}
115 118
116# Enable all malloc(3) randomisations and checks 119# Enable all malloc(3) randomisations and checks
117TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" 120TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX"
118 121
119TEST_SSH_SSHKEYGEN?=ssh-keygen 122TEST_SSH_SSHKEYGEN?=ssh-keygen
120 123
@@ -222,4 +225,8 @@ unit:
222 $$V ${.OBJDIR}/unittests/kex/test_kex ; \ 225 $$V ${.OBJDIR}/unittests/kex/test_kex ; \
223 $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ 226 $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \
224 -d ${.CURDIR}/unittests/hostkeys/testdata ; \ 227 -d ${.CURDIR}/unittests/hostkeys/testdata ; \
228 $$V ${.OBJDIR}/unittests/match/test_match ; \
229 if test "x${TEST_SSH_UTF8}" = "xyes" ; then \
230 $$V ${.OBJDIR}/unittests/utf8/test_utf8 ; \
231 fi \
225 fi 232 fi
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
index 24b71f458..91621a59c 100644
--- a/regress/agent-getpeereid.sh
+++ b/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent-getpeereid.sh,v 1.6 2016/05/03 14:41:04 djm Exp $ 1# $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="disallow agent attach from other uid" 4tid="disallow agent attach from other uid"
diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh
new file mode 100644
index 000000000..32a269afa
--- /dev/null
+++ b/regress/allow-deny-users.sh
@@ -0,0 +1,40 @@
1# Public Domain
2# Zev Weiss, 2016
3
4tid="AllowUsers/DenyUsers"
5
6me="$LOGNAME"
7if [ "x$me" == "x" ]; then
8 me=`whoami`
9fi
10other="nobody"
11
12test_auth()
13{
14 deny="$1"
15 allow="$2"
16 should_succeed="$3"
17 failmsg="$4"
18
19 start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow"
20
21 ${SSH} -F $OBJ/ssh_config "$me@somehost" true
22 status=$?
23
24 if (test $status -eq 0 && ! $should_succeed) \
25 || (test $status -ne 0 && $should_succeed); then
26 fail "$failmsg"
27 fi
28
29 stop_sshd
30}
31
32# DenyUsers AllowUsers should_succeed failure_message
33test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied"
34test_auth "$other $me" "" false "user in DenyUsers allowed"
35test_auth "$me $other" "" false "user in DenyUsers allowed"
36test_auth "" "$other" false "user not in AllowUsers allowed"
37test_auth "" "$other $me" true "user in AllowUsers denied"
38test_auth "" "$me $other" true "user in AllowUsers denied"
39test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed"
40test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed"
diff --git a/regress/cert-file.sh b/regress/cert-file.sh
index bad923ad0..b184e7fea 100644
--- a/regress/cert-file.sh
+++ b/regress/cert-file.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-file.sh,v 1.2 2015/09/24 07:15:39 djm Exp $ 1# $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="ssh with certificates" 4tid="ssh with certificates"
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 319746395..7005fd55e 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $ 1# $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="certified user keys" 4tid="certified user keys"
@@ -354,6 +354,20 @@ test_one "principals key option principals" success "-n mekmitasdigoat" \
354test_one "principals key option no principals" failure "" \ 354test_one "principals key option no principals" failure "" \
355 authorized_keys ',principals="mekmitasdigoat"' 355 authorized_keys ',principals="mekmitasdigoat"'
356 356
357# command= options vs. force-command in key
358test_one "force-command match true" success \
359 "-n ${USER} -Oforce-command=true" \
360 authorized_keys ',command="true"'
361test_one "force-command match true" failure \
362 "-n ${USER} -Oforce-command=false" \
363 authorized_keys ',command="false"'
364test_one "force-command mismatch 1" failure \
365 "-n ${USER} -Oforce-command=false" \
366 authorized_keys ',command="true"'
367test_one "force-command mismatch 2" failure \
368 "-n ${USER} -Oforce-command=true" \
369 authorized_keys ',command="false"'
370
357# Wrong certificate 371# Wrong certificate
358cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy 372cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
359for ktype in $PLAIN_TYPES ; do 373for ktype in $PLAIN_TYPES ; do
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh
index ea739f614..81cedc7e5 100644
--- a/regress/connect-privsep.sh
+++ b/regress/connect-privsep.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: connect-privsep.sh,v 1.6 2015/03/03 22:35:19 markus Exp $ 1# $OpenBSD: connect-privsep.sh,v 1.8 2016/11/01 13:43:27 tb Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="proxy connect with privsep" 4tid="proxy connect with privsep"
@@ -27,7 +27,7 @@ done
27# Because sandbox is sensitive to changes in libc, especially malloc, retest 27# Because sandbox is sensitive to changes in libc, especially malloc, retest
28# with every malloc.conf option (and none). 28# with every malloc.conf option (and none).
29if [ -z "TEST_MALLOC_OPTIONS" ]; then 29if [ -z "TEST_MALLOC_OPTIONS" ]; then
30 mopts="A F G H J P R S X < >" 30 mopts="C F G J R S U X < >"
31else 31else
32 mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` 32 mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'`
33fi 33fi
diff --git a/regress/integrity.sh b/regress/integrity.sh
index bfadc6b48..39d310deb 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: integrity.sh,v 1.18 2016/03/04 02:48:06 dtucker Exp $ 1# $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="integrity" 4tid="integrity"
diff --git a/regress/keygen-moduli.sh b/regress/keygen-moduli.sh
new file mode 100644
index 000000000..d4e771383
--- /dev/null
+++ b/regress/keygen-moduli.sh
@@ -0,0 +1,18 @@
1# $OpenBSD: keygen-moduli.sh,v 1.2 2016/09/14 00:45:31 dtucker Exp $
2# Placed in the Public Domain.
3
4tid="keygen moduli"
5
6# Try "start at the beginning and stop after 1", "skip 1 then stop after 1"
7# and "skip 2 and run to the end with checkpointing". Since our test data
8# file has 3 lines, these should always result in 1 line of output.
9for i in "-J1" "-j1 -J1" "-j2 -K $OBJ/moduli.ckpt"; do
10 trace "keygen $i"
11 rm -f $OBJ/moduli.out $OBJ/moduli.ckpt
12 ${SSHKEYGEN} -T $OBJ/moduli.out -f ${SRC}/moduli.in $i 2>/dev/null || \
13 fail "keygen screen failed $i"
14 lines=`wc -l <$OBJ/moduli.out`
15 test "$lines" -eq "1" || fail "expected 1 line, got $lines"
16done
17
18rm -f $OBJ/moduli.out $OBJ/moduli.ckpt
diff --git a/regress/keys-command.sh b/regress/keys-command.sh
index af68cf15c..9c9ada7c7 100644
--- a/regress/keys-command.sh
+++ b/regress/keys-command.sh
@@ -3,7 +3,7 @@
3 3
4tid="authorized keys from command" 4tid="authorized keys from command"
5 5
6if test -z "$SUDO" ; then 6if [ -z "$SUDO" -a ! -w /var/run ]; then
7 echo "skipped (SUDO not set)" 7 echo "skipped (SUDO not set)"
8 echo "need SUDO to create file in /var/run, test won't work without" 8 echo "need SUDO to create file in /var/run, test won't work without"
9 exit 0 9 exit 0
diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh
index eb76f554b..12207fd99 100644
--- a/regress/login-timeout.sh
+++ b/regress/login-timeout.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: login-timeout.sh,v 1.7 2014/03/13 20:44:49 djm Exp $ 1# $OpenBSD: login-timeout.sh,v 1.8 2016/12/16 01:06:27 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="connect after login grace timeout" 4tid="connect after login grace timeout"
@@ -17,7 +17,7 @@ if [ $? -ne 0 ]; then
17 fail "ssh connect after login grace timeout failed with privsep" 17 fail "ssh connect after login grace timeout failed with privsep"
18fi 18fi
19 19
20$SUDO kill `$SUDO cat $PIDFILE` 20stop_sshd
21 21
22trace "test login grace without privsep" 22trace "test login grace without privsep"
23echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config 23echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config
diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README
index 8b215b5bf..abd7b50ee 100644
--- a/regress/misc/kexfuzz/README
+++ b/regress/misc/kexfuzz/README
@@ -26,3 +26,7 @@ A comprehensive KEX fuzz run would fuzz every packet in both
26directions for each key exchange type and every hostkey type. 26directions for each key exchange type and every hostkey type.
27This will take some time. 27This will take some time.
28 28
29Limitations: kexfuzz can't change the ordering of packets at
30present. It is limited to replacing individual packets with
31fuzzed variants with the same type. It really should allow
32insertion, deletion on replacement of packets too.
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
index 2894d3a1e..67058027f 100644
--- a/regress/misc/kexfuzz/kexfuzz.c
+++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexfuzz.c,v 1.1 2016/03/04 02:30:37 djm Exp $ */ 1/* $OpenBSD: kexfuzz.c,v 1.3 2016/10/11 21:49:54 djm Exp $ */
2/* 2/*
3 * Fuzz harness for KEX code 3 * Fuzz harness for KEX code
4 * 4 *
@@ -27,6 +27,7 @@
27#include "packet.h" 27#include "packet.h"
28#include "myproposal.h" 28#include "myproposal.h"
29#include "authfile.h" 29#include "authfile.h"
30#include "log.h"
30 31
31struct ssh *active_state = NULL; /* XXX - needed for linking */ 32struct ssh *active_state = NULL; /* XXX - needed for linking */
32 33
@@ -35,61 +36,93 @@ static int do_debug = 0;
35 36
36enum direction { S2C, C2S }; 37enum direction { S2C, C2S };
37 38
39struct hook_ctx {
40 struct ssh *client, *server, *server2;
41 int *c2s, *s2c;
42 int trigger_direction, packet_index;
43 const char *dump_path;
44 struct sshbuf *replace_data;
45};
46
38static int 47static int
39do_send_and_receive(struct ssh *from, struct ssh *to, int mydirection, 48packet_hook(struct ssh *ssh, struct sshbuf *packet, u_char *typep, void *_ctx)
40 int *packet_count, int trigger_direction, int packet_index, 49{
41 const char *dump_path, struct sshbuf *replace_data) 50 struct hook_ctx *ctx = (struct hook_ctx *)_ctx;
51 int mydirection = ssh == ctx->client ? S2C : C2S;
52 int *packet_count = mydirection == S2C ? ctx->s2c : ctx->c2s;
53 FILE *dumpfile;
54 int r;
55
56 if (do_debug) {
57 printf("%s packet %d type %u:\n",
58 mydirection == S2C ? "s2c" : "c2s",
59 *packet_count, *typep);
60 sshbuf_dump(packet, stdout);
61 }
62 if (mydirection == ctx->trigger_direction &&
63 ctx->packet_index == *packet_count) {
64 if (ctx->replace_data != NULL) {
65 sshbuf_reset(packet);
66 /* Type is first byte of packet */
67 if ((r = sshbuf_get_u8(ctx->replace_data,
68 typep)) != 0 ||
69 (r = sshbuf_putb(packet, ctx->replace_data)) != 0)
70 return r;
71 if (do_debug) {
72 printf("***** replaced packet type %u\n",
73 *typep);
74 sshbuf_dump(packet, stdout);
75 }
76 } else if (ctx->dump_path != NULL) {
77 if ((dumpfile = fopen(ctx->dump_path, "w+")) == NULL)
78 err(1, "fopen %s", ctx->dump_path);
79 /* Write { type, packet } */
80 if (fwrite(typep, 1, 1, dumpfile) != 1)
81 err(1, "fwrite type %s", ctx->dump_path);
82 if (sshbuf_len(packet) != 0 &&
83 fwrite(sshbuf_ptr(packet), sshbuf_len(packet),
84 1, dumpfile) != 1)
85 err(1, "fwrite body %s", ctx->dump_path);
86 if (do_debug) {
87 printf("***** dumped packet type %u len %zu\n",
88 *typep, sshbuf_len(packet));
89 }
90 fclose(dumpfile);
91 /* No point in continuing */
92 exit(0);
93 }
94 }
95 (*packet_count)++;
96 return 0;
97}
98
99static int
100do_send_and_receive(struct ssh *from, struct ssh *to)
42{ 101{
43 u_char type; 102 u_char type;
44 size_t len, olen; 103 size_t len;
45 const u_char *buf; 104 const u_char *buf;
46 int r; 105 int r;
47 FILE *dumpfile;
48 106
49 for (;;) { 107 for (;;) {
50 if ((r = ssh_packet_next(from, &type)) != 0) { 108 if ((r = ssh_packet_next(from, &type)) != 0) {
51 fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r)); 109 fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r));
52 return r; 110 return r;
53 } 111 }
112
54 if (type != 0) 113 if (type != 0)
55 return 0; 114 return 0;
56 buf = ssh_output_ptr(from, &len); 115 buf = ssh_output_ptr(from, &len);
57 olen = len;
58 if (do_debug) {
59 printf("%s packet %d type %u len %zu:\n",
60 mydirection == S2C ? "s2c" : "c2s",
61 *packet_count, type, len);
62 sshbuf_dump_data(buf, len, stdout);
63 }
64 if (mydirection == trigger_direction &&
65 packet_index == *packet_count) {
66 if (replace_data != NULL) {
67 buf = sshbuf_ptr(replace_data);
68 len = sshbuf_len(replace_data);
69 if (do_debug) {
70 printf("***** replaced packet "
71 "len %zu\n", len);
72 sshbuf_dump_data(buf, len, stdout);
73 }
74 } else if (dump_path != NULL) {
75 if ((dumpfile = fopen(dump_path, "w+")) == NULL)
76 err(1, "fopen %s", dump_path);
77 if (len != 0 &&
78 fwrite(buf, len, 1, dumpfile) != 1)
79 err(1, "fwrite %s", dump_path);
80 if (do_debug)
81 printf("***** dumped packet "
82 "len %zu\n", len);
83 fclose(dumpfile);
84 exit(0);
85 }
86 }
87 (*packet_count)++;
88 if (len == 0) 116 if (len == 0)
89 return 0; 117 return 0;
90 if ((r = ssh_input_append(to, buf, len)) != 0 || 118 if ((r = ssh_input_append(to, buf, len)) != 0) {
91 (r = ssh_output_consume(from, olen)) != 0) 119 debug("ssh_input_append: %s", ssh_err(r));
120 return r;
121 }
122 if ((r = ssh_output_consume(from, len)) != 0) {
123 debug("ssh_output_consume: %s", ssh_err(r));
92 return r; 124 return r;
125 }
93 } 126 }
94} 127}
95 128
@@ -141,19 +174,19 @@ const char *in_test = NULL;
141 174
142 175
143static void 176static void
144run_kex(struct ssh *client, struct ssh *server, int *s2c, int *c2s, 177run_kex(struct ssh *client, struct ssh *server)
145 int direction, int packet_index,
146 const char *dump_path, struct sshbuf *replace_data)
147{ 178{
148 int r = 0; 179 int r = 0;
149 180
150 while (!server->kex->done || !client->kex->done) { 181 while (!server->kex->done || !client->kex->done) {
151 if ((r = do_send_and_receive(server, client, S2C, s2c, 182 if ((r = do_send_and_receive(server, client)) != 0) {
152 direction, packet_index, dump_path, replace_data))) 183 debug("do_send_and_receive S2C: %s", ssh_err(r));
153 break; 184 break;
154 if ((r = do_send_and_receive(client, server, C2S, c2s, 185 }
155 direction, packet_index, dump_path, replace_data))) 186 if ((r = do_send_and_receive(client, server)) != 0) {
187 debug("do_send_and_receive C2S: %s", ssh_err(r));
156 break; 188 break;
189 }
157 } 190 }
158 if (do_debug) 191 if (do_debug)
159 printf("done: %s\n", ssh_err(r)); 192 printf("done: %s\n", ssh_err(r));
@@ -173,6 +206,7 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
173 struct kex_params kex_params; 206 struct kex_params kex_params;
174 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; 207 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
175 char *keyname = NULL; 208 char *keyname = NULL;
209 struct hook_ctx hook_ctx;
176 210
177 TEST_START("sshkey_from_private"); 211 TEST_START("sshkey_from_private");
178 ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0); 212 ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0);
@@ -187,30 +221,42 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
187 kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname; 221 kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname;
188 ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0); 222 ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0);
189 ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0); 223 ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0);
224 ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
190 ASSERT_PTR_NE(client, NULL); 225 ASSERT_PTR_NE(client, NULL);
191 ASSERT_PTR_NE(server, NULL); 226 ASSERT_PTR_NE(server, NULL);
227 ASSERT_PTR_NE(server2, NULL);
192 TEST_DONE(); 228 TEST_DONE();
193 229
230 hook_ctx.c2s = c2s;
231 hook_ctx.s2c = s2c;
232 hook_ctx.trigger_direction = direction;
233 hook_ctx.packet_index = packet_index;
234 hook_ctx.dump_path = dump_path;
235 hook_ctx.replace_data = replace_data;
236 hook_ctx.client = client;
237 hook_ctx.server = server;
238 hook_ctx.server2 = server2;
239 ssh_packet_set_input_hook(client, packet_hook, &hook_ctx);
240 ssh_packet_set_input_hook(server, packet_hook, &hook_ctx);
241 ssh_packet_set_input_hook(server2, packet_hook, &hook_ctx);
242
194 TEST_START("ssh_add_hostkey"); 243 TEST_START("ssh_add_hostkey");
195 ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0); 244 ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0);
196 ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0); 245 ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0);
197 TEST_DONE(); 246 TEST_DONE();
198 247
199 TEST_START("kex"); 248 TEST_START("kex");
200 run_kex(client, server, s2c, c2s, direction, packet_index, 249 run_kex(client, server);
201 dump_path, replace_data);
202 TEST_DONE(); 250 TEST_DONE();
203 251
204 TEST_START("rekeying client"); 252 TEST_START("rekeying client");
205 ASSERT_INT_EQ(kex_send_kexinit(client), 0); 253 ASSERT_INT_EQ(kex_send_kexinit(client), 0);
206 run_kex(client, server, s2c, c2s, direction, packet_index, 254 run_kex(client, server);
207 dump_path, replace_data);
208 TEST_DONE(); 255 TEST_DONE();
209 256
210 TEST_START("rekeying server"); 257 TEST_START("rekeying server");
211 ASSERT_INT_EQ(kex_send_kexinit(server), 0); 258 ASSERT_INT_EQ(kex_send_kexinit(server), 0);
212 run_kex(client, server, s2c, c2s, direction, packet_index, 259 run_kex(client, server);
213 dump_path, replace_data);
214 TEST_DONE(); 260 TEST_DONE();
215 261
216 TEST_START("ssh_packet_get_state"); 262 TEST_START("ssh_packet_get_state");
@@ -221,9 +267,6 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
221 TEST_DONE(); 267 TEST_DONE();
222 268
223 TEST_START("ssh_packet_set_state"); 269 TEST_START("ssh_packet_set_state");
224 server2 = NULL;
225 ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
226 ASSERT_PTR_NE(server2, NULL);
227 ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0); 270 ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0);
228 kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */ 271 kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */
229 ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0); 272 ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0);
@@ -231,12 +274,17 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
231 sshbuf_free(state); 274 sshbuf_free(state);
232 ASSERT_PTR_NE(server2->kex, NULL); 275 ASSERT_PTR_NE(server2->kex, NULL);
233 /* XXX we need to set the callbacks */ 276 /* XXX we need to set the callbacks */
277#ifdef WITH_OPENSSL
234 server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 278 server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
235 server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 279 server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
280 server2->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
281 server2->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
282 server2->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
236 server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 283 server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
237 server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 284 server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
238#ifdef OPENSSL_HAS_ECC 285# ifdef OPENSSL_HAS_ECC
239 server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 286 server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
287# endif
240#endif 288#endif
241 server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; 289 server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
242 server2->kex->load_host_public_key = server->kex->load_host_public_key; 290 server2->kex->load_host_public_key = server->kex->load_host_public_key;
@@ -246,11 +294,9 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
246 294
247 TEST_START("rekeying server2"); 295 TEST_START("rekeying server2");
248 ASSERT_INT_EQ(kex_send_kexinit(server2), 0); 296 ASSERT_INT_EQ(kex_send_kexinit(server2), 0);
249 run_kex(client, server2, s2c, c2s, direction, packet_index, 297 run_kex(client, server2);
250 dump_path, replace_data);
251 ASSERT_INT_EQ(kex_send_kexinit(client), 0); 298 ASSERT_INT_EQ(kex_send_kexinit(client), 0);
252 run_kex(client, server2, s2c, c2s, direction, packet_index, 299 run_kex(client, server2);
253 dump_path, replace_data);
254 TEST_DONE(); 300 TEST_DONE();
255 301
256 TEST_START("cleanup"); 302 TEST_START("cleanup");
@@ -352,6 +398,9 @@ main(int argc, char **argv)
352 argc -= optind; 398 argc -= optind;
353 argv += optind; 399 argv += optind;
354 400
401 log_init(argv[0], do_debug ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO,
402 SYSLOG_FACILITY_USER, 1);
403
355 /* Must select a single mode */ 404 /* Must select a single mode */
356 if ((count_flag + dump_flag + replace_flag) != 1) 405 if ((count_flag + dump_flag + replace_flag) != 1)
357 badusage("Must select one mode: -c, -d or -r"); 406 badusage("Must select one mode: -c, -d or -r");
diff --git a/regress/moduli.in b/regress/moduli.in
new file mode 100644
index 000000000..e69c902a2
--- /dev/null
+++ b/regress/moduli.in
@@ -0,0 +1,3 @@
120160301052556 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D19F4647
220160301052601 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1A5C13B
320160301052612 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1B7A3EF
diff --git a/regress/principals-command.sh b/regress/principals-command.sh
index c0be7e747..9b38eb105 100644
--- a/regress/principals-command.sh
+++ b/regress/principals-command.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: principals-command.sh,v 1.1 2015/05/21 06:44:25 djm Exp $ 1# $OpenBSD: principals-command.sh,v 1.3 2016/09/26 21:34:38 bluhm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="authorized principals command" 4tid="authorized principals command"
@@ -6,41 +6,56 @@ tid="authorized principals command"
6rm -f $OBJ/user_ca_key* $OBJ/cert_user_key* 6rm -f $OBJ/user_ca_key* $OBJ/cert_user_key*
7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
8 8
9if test -z "$SUDO" ; then 9if [ -z "$SUDO" -a ! -w /var/run ]; then
10 echo "skipped (SUDO not set)" 10 echo "skipped (SUDO not set)"
11 echo "need SUDO to create file in /var/run, test won't work without" 11 echo "need SUDO to create file in /var/run, test won't work without"
12 exit 0 12 exit 0
13fi 13fi
14 14
15SERIAL=$$
16
17# Create a CA key and a user certificate.
18${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \
19 fatal "ssh-keygen of user_ca_key failed"
20${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/cert_user_key || \
21 fatal "ssh-keygen of cert_user_key failed"
22${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "Joanne User" \
23 -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \
24 fatal "couldn't sign cert_user_key"
25
26CERT_BODY=`cat $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'`
27CA_BODY=`cat $OBJ/user_ca_key.pub | awk '{ print $2 }'`
28CERT_FP=`${SSHKEYGEN} -lf $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'`
29CA_FP=`${SSHKEYGEN} -lf $OBJ/user_ca_key.pub | awk '{ print $2 }'`
30
15# Establish a AuthorizedPrincipalsCommand in /var/run where it will have 31# Establish a AuthorizedPrincipalsCommand in /var/run where it will have
16# acceptable directory permissions. 32# acceptable directory permissions.
17PRINCIPALS_CMD="/var/run/principals_command_${LOGNAME}" 33PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}"
18cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_CMD'" 34cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'"
19#!/bin/sh 35#!/bin/sh
20test "x\$1" != "x${LOGNAME}" && exit 1 36test "x\$1" != "x${LOGNAME}" && exit 1
37test "x\$2" != "xssh-rsa-cert-v01@openssh.com" && exit 1
38test "x\$3" != "xssh-ed25519" && exit 1
39test "x\$4" != "xJoanne User" && exit 1
40test "x\$5" != "x${SERIAL}" && exit 1
41test "x\$6" != "x${CA_FP}" && exit 1
42test "x\$7" != "x${CERT_FP}" && exit 1
43test "x\$8" != "x${CERT_BODY}" && exit 1
44test "x\$9" != "x${CA_BODY}" && exit 1
21test -f "$OBJ/authorized_principals_${LOGNAME}" && 45test -f "$OBJ/authorized_principals_${LOGNAME}" &&
22 exec cat "$OBJ/authorized_principals_${LOGNAME}" 46 exec cat "$OBJ/authorized_principals_${LOGNAME}"
23_EOF 47_EOF
24test $? -eq 0 || fatal "couldn't prepare principals command" 48test $? -eq 0 || fatal "couldn't prepare principals command"
25$SUDO chmod 0755 "$PRINCIPALS_CMD" 49$SUDO chmod 0755 "$PRINCIPALS_COMMAND"
26 50
27if ! $OBJ/check-perm -m keys-command $PRINCIPALS_CMD ; then 51if ! $OBJ/check-perm -m keys-command $PRINCIPALS_COMMAND ; then
28 echo "skipping: $PRINCIPALS_CMD is unsuitable as " \ 52 echo "skipping: $PRINCIPALS_COMMAND is unsuitable as " \
29 "AuthorizedPrincipalsCommand" 53 "AuthorizedPrincipalsCommand"
30 $SUDO rm -f $PRINCIPALS_CMD 54 $SUDO rm -f $PRINCIPALS_COMMAND
31 exit 0 55 exit 0
32fi 56fi
33 57
34# Create a CA key and a user certificate. 58if [ -x $PRINCIPALS_COMMAND ]; then
35${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \
36 fatal "ssh-keygen of user_ca_key failed"
37${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/cert_user_key || \
38 fatal "ssh-keygen of cert_user_key failed"
39${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
40 -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \
41 fatal "couldn't sign cert_user_key"
42
43if [ -x $PRINCIPALS_CMD ]; then
44 # Test explicitly-specified principals 59 # Test explicitly-specified principals
45 for privsep in yes no ; do 60 for privsep in yes no ; do
46 _prefix="privsep $privsep" 61 _prefix="privsep $privsep"
@@ -51,7 +66,8 @@ if [ -x $PRINCIPALS_CMD ]; then
51 cat $OBJ/sshd_proxy_bak 66 cat $OBJ/sshd_proxy_bak
52 echo "UsePrivilegeSeparation $privsep" 67 echo "UsePrivilegeSeparation $privsep"
53 echo "AuthorizedKeysFile none" 68 echo "AuthorizedKeysFile none"
54 echo "AuthorizedPrincipalsCommand $PRINCIPALS_CMD %u" 69 echo "AuthorizedPrincipalsCommand $PRINCIPALS_COMMAND" \
70 "%u %t %T %i %s %F %f %k %K"
55 echo "AuthorizedPrincipalsCommandUser ${LOGNAME}" 71 echo "AuthorizedPrincipalsCommandUser ${LOGNAME}"
56 echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" 72 echo "TrustedUserCAKeys $OBJ/user_ca_key.pub"
57 ) > $OBJ/sshd_proxy 73 ) > $OBJ/sshd_proxy
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
index 724a98cc1..9adba674e 100644
--- a/regress/putty-ciphers.sh
+++ b/regress/putty-ciphers.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $ 1# $OpenBSD: putty-ciphers.sh,v 1.5 2016/11/25 03:02:01 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="putty ciphers" 4tid="putty ciphers"
@@ -16,7 +16,7 @@ for c in aes blowfish 3des arcfour aes128-ctr aes192-ctr aes256-ctr ; do
16 16
17 rm -f ${COPY} 17 rm -f ${COPY}
18 env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ 18 env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \
19 127.0.0.1 cat ${DATA} > ${COPY} 19 cat ${DATA} > ${COPY}
20 if [ $? -ne 0 ]; then 20 if [ $? -ne 0 ]; then
21 fail "ssh cat $DATA failed" 21 fail "ssh cat $DATA failed"
22 fi 22 fi
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh
index 1844d6599..9d3c6a9f0 100644
--- a/regress/putty-kex.sh
+++ b/regress/putty-kex.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 1# $OpenBSD: putty-kex.sh,v 1.4 2016/11/25 03:02:01 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="putty KEX" 4tid="putty KEX"
@@ -14,8 +14,7 @@ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
14 ${OBJ}/.putty/sessions/kex_$k 14 ${OBJ}/.putty/sessions/kex_$k
15 echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k 15 echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
16 16
17 env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \ 17 env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 true
18 127.0.0.1 true
19 if [ $? -ne 0 ]; then 18 if [ $? -ne 0 ]; then
20 fail "KEX $k failed" 19 fail "KEX $k failed"
21 fi 20 fi
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh
index aec0e04ee..8eb6ae0c0 100644
--- a/regress/putty-transfer.sh
+++ b/regress/putty-transfer.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 1# $OpenBSD: putty-transfer.sh,v 1.4 2016/11/25 03:02:01 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="putty transfer data" 4tid="putty transfer data"
@@ -17,7 +17,7 @@ for p in 2; do
17 ${OBJ}/.putty/sessions/compression_$c 17 ${OBJ}/.putty/sessions/compression_$c
18 echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k 18 echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k
19 env HOME=$PWD ${PLINK} -load compression_$c -batch \ 19 env HOME=$PWD ${PLINK} -load compression_$c -batch \
20 -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY} 20 -i putty.rsa$p cat ${DATA} > ${COPY}
21 if [ $? -ne 0 ]; then 21 if [ $? -ne 0 ]; then
22 fail "ssh cat $DATA failed" 22 fail "ssh cat $DATA failed"
23 fi 23 fi
@@ -28,7 +28,7 @@ for p in 2; do
28 rm -f ${COPY} 28 rm -f ${COPY}
29 dd if=$DATA obs=${s} 2> /dev/null | \ 29 dd if=$DATA obs=${s} 2> /dev/null | \
30 env HOME=$PWD ${PLINK} -load compression_$c \ 30 env HOME=$PWD ${PLINK} -load compression_$c \
31 -batch -i putty.rsa$p 127.0.0.1 \ 31 -batch -i putty.rsa$p \
32 "cat > ${COPY}" 32 "cat > ${COPY}"
33 if [ $? -ne 0 ]; then 33 if [ $? -ne 0 ]; then
34 fail "ssh cat $DATA failed" 34 fail "ssh cat $DATA failed"
diff --git a/regress/reexec.sh b/regress/reexec.sh
index 5c0a7b46f..72957d4cd 100644
--- a/regress/reexec.sh
+++ b/regress/reexec.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: reexec.sh,v 1.8 2015/03/03 22:35:19 markus Exp $ 1# $OpenBSD: reexec.sh,v 1.10 2016/12/16 01:06:27 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="reexec tests" 4tid="reexec tests"
@@ -39,8 +39,7 @@ echo "InvalidXXX=no" >> $OBJ/sshd_config
39 39
40copy_tests 40copy_tests
41 41
42$SUDO kill `$SUDO cat $PIDFILE` 42stop_sshd
43rm -f $PIDFILE
44 43
45cp $OBJ/sshd_config.orig $OBJ/sshd_config 44cp $OBJ/sshd_config.orig $OBJ/sshd_config
46 45
@@ -54,8 +53,7 @@ rm -f $SSHD_COPY
54 53
55copy_tests 54copy_tests
56 55
57$SUDO kill `$SUDO cat $PIDFILE` 56stop_sshd
58rm -f $PIDFILE
59 57
60verbose "test reexec fallback without privsep" 58verbose "test reexec fallback without privsep"
61 59
@@ -67,7 +65,6 @@ rm -f $SSHD_COPY
67 65
68copy_tests 66copy_tests
69 67
70$SUDO kill `$SUDO cat $PIDFILE` 68stop_sshd
71rm -f $PIDFILE
72 69
73fi 70fi
diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh
index 9c26eb680..4ea2fce85 100644
--- a/regress/sftp-chroot.sh
+++ b/regress/sftp-chroot.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: sftp-chroot.sh,v 1.4 2014/01/20 00:00:30 dtucker Exp $ 1# $OpenBSD: sftp-chroot.sh,v 1.5 2016/09/26 21:34:38 bluhm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="sftp in chroot" 4tid="sftp in chroot"
@@ -7,7 +7,7 @@ CHROOT=/var/run
7FILENAME=testdata_${USER} 7FILENAME=testdata_${USER}
8PRIVDATA=${CHROOT}/${FILENAME} 8PRIVDATA=${CHROOT}/${FILENAME}
9 9
10if [ -z "$SUDO" ]; then 10if [ -z "$SUDO" -a ! -w /var/run ]; then
11 echo "skipped: need SUDO to create file in /var/run, test won't work without" 11 echo "skipped: need SUDO to create file in /var/run, test won't work without"
12 exit 0 12 exit 0
13fi 13fi
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 1b6526d0b..bfa48803b 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: test-exec.sh,v 1.53 2016/04/15 02:57:10 djm Exp $ 1# $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4#SUDO=sudo 4#SUDO=sudo
@@ -130,7 +130,8 @@ if [ "x$TEST_SSH_CONCH" != "x" ]; then
130 esac 130 esac
131fi 131fi
132 132
133SSH_PROTOCOLS=`$SSH -Q protocol-version` 133SSH_PROTOCOLS=2
134#SSH_PROTOCOLS=`$SSH -Q protocol-version`
134if [ "x$TEST_SSH_PROTOCOLS" != "x" ]; then 135if [ "x$TEST_SSH_PROTOCOLS" != "x" ]; then
135 SSH_PROTOCOLS="${TEST_SSH_PROTOCOLS}" 136 SSH_PROTOCOLS="${TEST_SSH_PROTOCOLS}"
136fi 137fi
@@ -292,16 +293,8 @@ md5 () {
292} 293}
293# End of portable specific functions 294# End of portable specific functions
294 295
295# helper 296stop_sshd ()
296cleanup ()
297{ 297{
298 if [ "x$SSH_PID" != "x" ]; then
299 if [ $SSH_PID -lt 2 ]; then
300 echo bad pid for ssh: $SSH_PID
301 else
302 kill $SSH_PID
303 fi
304 fi
305 if [ -f $PIDFILE ]; then 298 if [ -f $PIDFILE ]; then
306 pid=`$SUDO cat $PIDFILE` 299 pid=`$SUDO cat $PIDFILE`
307 if [ "X$pid" = "X" ]; then 300 if [ "X$pid" = "X" ]; then
@@ -324,6 +317,19 @@ cleanup ()
324 fi 317 fi
325} 318}
326 319
320# helper
321cleanup ()
322{
323 if [ "x$SSH_PID" != "x" ]; then
324 if [ $SSH_PID -lt 2 ]; then
325 echo bad pid for ssh: $SSH_PID
326 else
327 kill $SSH_PID
328 fi
329 fi
330 stop_sshd
331}
332
327start_debug_log () 333start_debug_log ()
328{ 334{
329 echo "trace: $@" >$TEST_REGRESS_LOGFILE 335 echo "trace: $@" >$TEST_REGRESS_LOGFILE
@@ -400,7 +406,6 @@ fi
400cat << EOF > $OBJ/sshd_config 406cat << EOF > $OBJ/sshd_config
401 StrictModes no 407 StrictModes no
402 Port $PORT 408 Port $PORT
403 Protocol $PROTO
404 AddressFamily inet 409 AddressFamily inet
405 ListenAddress 127.0.0.1 410 ListenAddress 127.0.0.1
406 #ListenAddress ::1 411 #ListenAddress ::1
@@ -433,7 +438,6 @@ echo 'StrictModes no' >> $OBJ/sshd_proxy
433# create client config 438# create client config
434cat << EOF > $OBJ/ssh_config 439cat << EOF > $OBJ/ssh_config
435Host * 440Host *
436 Protocol $PROTO
437 Hostname 127.0.0.1 441 Hostname 127.0.0.1
438 HostKeyAlias localhost-with-alias 442 HostKeyAlias localhost-with-alias
439 Port $PORT 443 Port $PORT
@@ -513,7 +517,11 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
513 517
514 # Add a PuTTY key to authorized_keys 518 # Add a PuTTY key to authorized_keys
515 rm -f ${OBJ}/putty.rsa2 519 rm -f ${OBJ}/putty.rsa2
516 puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null 520 if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \
521 --new-passphrase /dev/null < /dev/null > /dev/null; then
522 echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2
523 puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
524 fi
517 puttygen -O public-openssh ${OBJ}/putty.rsa2 \ 525 puttygen -O public-openssh ${OBJ}/putty.rsa2 \
518 >> $OBJ/authorized_keys_$USER 526 >> $OBJ/authorized_keys_$USER
519 527
@@ -526,10 +534,12 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
526 # Setup proxied session 534 # Setup proxied session
527 mkdir -p ${OBJ}/.putty/sessions 535 mkdir -p ${OBJ}/.putty/sessions
528 rm -f ${OBJ}/.putty/sessions/localhost_proxy 536 rm -f ${OBJ}/.putty/sessions/localhost_proxy
529 echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy 537 echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy
538 echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
530 echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy 539 echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
531 echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy 540 echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
532 echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy 541 echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
542 echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
533 543
534 REGRESS_INTEROP_PUTTY=yes 544 REGRESS_INTEROP_PUTTY=yes
535fi 545fi
diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile
index 0a95d4b20..e70b16644 100644
--- a/regress/unittests/Makefile
+++ b/regress/unittests/Makefile
@@ -1,5 +1,5 @@
1# $OpenBSD: Makefile,v 1.6 2016/05/26 19:14:25 schwarze Exp $ 1# $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $
2REGRESS_FAIL_EARLY= yes 2REGRESS_FAIL_EARLY= yes
3SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 3SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match
4 4
5.include <bsd.subdir.mk> 5.include <bsd.subdir.mk>
diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc
index 7385e2ba3..3d9eaba5c 100644
--- a/regress/unittests/Makefile.inc
+++ b/regress/unittests/Makefile.inc
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile.inc,v 1.6 2015/07/01 23:11:18 djm Exp $ 1# $OpenBSD: Makefile.inc,v 1.9 2016/11/01 13:43:27 tb Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4.include <bsd.obj.mk> 4.include <bsd.obj.mk>
@@ -49,11 +49,15 @@ DPADD+=${.CURDIR}/../test_helper/libtest_helper.a
49 49
50.if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) 50.if exists(${.CURDIR}/${SSHREL}/lib/${__objdir})
51LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh 51LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh
52DPADD+=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a 52LIBSSH=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a
53.else 53.else
54LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh 54LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh
55DPADD+=${.CURDIR}/${SSHREL}/lib/libssh.a 55LIBSSH=${.CURDIR}/${SSHREL}/lib/libssh.a
56.endif 56.endif
57DPADD+=${LIBSSH}
58${PROG}: ${LIBSSH}
59${LIBSSH}:
60 cd ${.CURDIR}/${SSHREL} && ${MAKE} lib
57 61
58LDADD+= -lcrypto 62LDADD+= -lcrypto
59DPADD+= ${LIBCRYPTO} 63DPADD+= ${LIBCRYPTO}
diff --git a/regress/unittests/bitmap/Makefile b/regress/unittests/bitmap/Makefile
index b704d22d6..bd21949f8 100644
--- a/regress/unittests/bitmap/Makefile
+++ b/regress/unittests/bitmap/Makefile
@@ -1,6 +1,4 @@
1# $OpenBSD: Makefile,v 1.1 2015/01/15 07:36:28 djm Exp $ 1# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $
2
3TEST_ENV= "MALLOC_OPTIONS=AFGJPRX"
4 2
5PROG=test_bitmap 3PROG=test_bitmap
6SRCS=tests.c 4SRCS=tests.c
diff --git a/regress/unittests/hostkeys/Makefile b/regress/unittests/hostkeys/Makefile
index f52a85fb1..ae3c342bd 100644
--- a/regress/unittests/hostkeys/Makefile
+++ b/regress/unittests/hostkeys/Makefile
@@ -1,6 +1,4 @@
1# $OpenBSD: Makefile,v 1.1 2015/02/16 22:18:34 djm Exp $ 1# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $
2
3TEST_ENV= "MALLOC_OPTIONS=AFGJPRX"
4 2
5PROG=test_hostkeys 3PROG=test_hostkeys
6SRCS=tests.c test_iterate.c 4SRCS=tests.c test_iterate.c
diff --git a/regress/unittests/kex/Makefile b/regress/unittests/kex/Makefile
index 6532cb00a..7ed312675 100644
--- a/regress/unittests/kex/Makefile
+++ b/regress/unittests/kex/Makefile
@@ -1,6 +1,4 @@
1# $OpenBSD: Makefile,v 1.2 2015/01/24 10:39:21 miod Exp $ 1# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $
2
3TEST_ENV= "MALLOC_OPTIONS=AFGJPRX"
4 2
5PROG=test_kex 3PROG=test_kex
6SRCS=tests.c test_kex.c 4SRCS=tests.c test_kex.c
diff --git a/regress/unittests/match/Makefile b/regress/unittests/match/Makefile
new file mode 100644
index 000000000..bd4aed844
--- /dev/null
+++ b/regress/unittests/match/Makefile
@@ -0,0 +1,10 @@
1# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $
2
3PROG=test_match
4SRCS=tests.c
5REGRESS_TARGETS=run-regress-${PROG}
6
7run-regress-${PROG}: ${PROG}
8 env ${TEST_ENV} ./${PROG}
9
10.include <bsd.regress.mk>
diff --git a/regress/unittests/match/tests.c b/regress/unittests/match/tests.c
new file mode 100644
index 000000000..7ff319c16
--- /dev/null
+++ b/regress/unittests/match/tests.c
@@ -0,0 +1,113 @@
1/* $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */
2/*
3 * Regress test for matching functions
4 *
5 * Placed in the public domain
6 */
7
8#include "includes.h"
9
10#include <sys/types.h>
11#include <sys/param.h>
12#include <stdio.h>
13#ifdef HAVE_STDINT_H
14#include <stdint.h>
15#endif
16#include <stdlib.h>
17#include <string.h>
18
19#include "../test_helper/test_helper.h"
20
21#include "match.h"
22
23void
24tests(void)
25{
26 TEST_START("match_pattern");
27 ASSERT_INT_EQ(match_pattern("", ""), 1);
28 ASSERT_INT_EQ(match_pattern("", "aaa"), 0);
29 ASSERT_INT_EQ(match_pattern("aaa", ""), 0);
30 ASSERT_INT_EQ(match_pattern("aaa", "aaaa"), 0);
31 ASSERT_INT_EQ(match_pattern("aaaa", "aaa"), 0);
32 TEST_DONE();
33
34 TEST_START("match_pattern wildcard");
35 ASSERT_INT_EQ(match_pattern("", "*"), 1);
36 ASSERT_INT_EQ(match_pattern("a", "?"), 1);
37 ASSERT_INT_EQ(match_pattern("aa", "a?"), 1);
38 ASSERT_INT_EQ(match_pattern("a", "*"), 1);
39 ASSERT_INT_EQ(match_pattern("aa", "a*"), 1);
40 ASSERT_INT_EQ(match_pattern("aa", "?*"), 1);
41 ASSERT_INT_EQ(match_pattern("aa", "**"), 1);
42 ASSERT_INT_EQ(match_pattern("aa", "?a"), 1);
43 ASSERT_INT_EQ(match_pattern("aa", "*a"), 1);
44 ASSERT_INT_EQ(match_pattern("ba", "a?"), 0);
45 ASSERT_INT_EQ(match_pattern("ba", "a*"), 0);
46 ASSERT_INT_EQ(match_pattern("ab", "?a"), 0);
47 ASSERT_INT_EQ(match_pattern("ab", "*a"), 0);
48 TEST_DONE();
49
50 TEST_START("match_pattern_list");
51 ASSERT_INT_EQ(match_pattern_list("", "", 0), 0); /* no patterns */
52 ASSERT_INT_EQ(match_pattern_list("", "*", 0), 1);
53 ASSERT_INT_EQ(match_pattern_list("", "!*", 0), -1);
54 ASSERT_INT_EQ(match_pattern_list("", "!a,*", 0), 1);
55 ASSERT_INT_EQ(match_pattern_list("", "*,!a", 0), 1);
56 ASSERT_INT_EQ(match_pattern_list("", "a,!*", 0), -1);
57 ASSERT_INT_EQ(match_pattern_list("", "!*,a", 0), -1);
58 ASSERT_INT_EQ(match_pattern_list("a", "", 0), 0);
59 ASSERT_INT_EQ(match_pattern_list("a", "*", 0), 1);
60 ASSERT_INT_EQ(match_pattern_list("a", "!*", 0), -1);
61 ASSERT_INT_EQ(match_pattern_list("a", "!a", 0), -1);
62 /* XXX negated ASSERT_INT_EQ(match_pattern_list("a", "!b", 0), 1); */
63 ASSERT_INT_EQ(match_pattern_list("a", "!a,*", 0), -1);
64 ASSERT_INT_EQ(match_pattern_list("b", "!a,*", 0), 1);
65 ASSERT_INT_EQ(match_pattern_list("a", "*,!a", 0), -1);
66 ASSERT_INT_EQ(match_pattern_list("b", "*,!a", 0), 1);
67 ASSERT_INT_EQ(match_pattern_list("a", "a,!*", 0), -1);
68 ASSERT_INT_EQ(match_pattern_list("b", "a,!*", 0), -1);
69 ASSERT_INT_EQ(match_pattern_list("a", "a,!a", 0), -1);
70 /* XXX negated ASSERT_INT_EQ(match_pattern_list("b", "a,!a", 0), 1); */
71 ASSERT_INT_EQ(match_pattern_list("a", "!*,a", 0), -1);
72 ASSERT_INT_EQ(match_pattern_list("b", "!*,a", 0), -1);
73 TEST_DONE();
74
75 TEST_START("match_pattern_list lowercase");
76 ASSERT_INT_EQ(match_pattern_list("abc", "ABC", 0), 0);
77 ASSERT_INT_EQ(match_pattern_list("ABC", "abc", 0), 0);
78 ASSERT_INT_EQ(match_pattern_list("abc", "ABC", 1), 1);
79 ASSERT_INT_EQ(match_pattern_list("ABC", "abc", 1), 0);
80 TEST_DONE();
81
82 TEST_START("addr_match_list");
83 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.1/44"), -2);
84 ASSERT_INT_EQ(addr_match_list(NULL, "127.0.0.1/44"), -2);
85 ASSERT_INT_EQ(addr_match_list("a", "*"), 0);
86 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "*"), 1);
87 ASSERT_INT_EQ(addr_match_list(NULL, "*"), 0);
88 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.1"), 1);
89 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.2"), 0);
90 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.1"), -1);
91 /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2"), 1); */
92 ASSERT_INT_EQ(addr_match_list("127.0.0.255", "127.0.0.0/24"), 1);
93 ASSERT_INT_EQ(addr_match_list("127.0.1.1", "127.0.0.0/24"), 0);
94 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.0/24"), 1);
95 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.1.0/24"), 0);
96 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.0/24"), -1);
97 /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.1.0/24"), 1); */
98 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,!127.0.0.1"), -1);
99 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.1,10.0.0.1"), -1);
100 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,127.0.0.2"), 0);
101 ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.2,10.0.0.1"), 0);
102 /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,!127.0.0.2"), 1); */
103 /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */
104 TEST_DONE();
105
106/*
107 * XXX TODO
108 * int match_host_and_ip(const char *, const char *, const char *);
109 * int match_user(const char *, const char *, const char *, const char *);
110 * char *match_list(const char *, const char *, u_int *);
111 * int addr_match_cidr_list(const char *, const char *);
112 */
113}
diff --git a/regress/unittests/sshbuf/Makefile b/regress/unittests/sshbuf/Makefile
index 85f99ac38..69b27566b 100644
--- a/regress/unittests/sshbuf/Makefile
+++ b/regress/unittests/sshbuf/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.1 2014/04/30 05:32:00 djm Exp $ 1# $OpenBSD: Makefile,v 1.5 2016/11/01 13:43:27 tb Exp $
2 2
3PROG=test_sshbuf 3PROG=test_sshbuf
4SRCS=tests.c 4SRCS=tests.c
diff --git a/regress/unittests/sshkey/Makefile b/regress/unittests/sshkey/Makefile
index 1bcd26676..cfbfcf8f1 100644
--- a/regress/unittests/sshkey/Makefile
+++ b/regress/unittests/sshkey/Makefile
@@ -1,6 +1,4 @@
1# $OpenBSD: Makefile,v 1.1 2014/06/24 01:14:18 djm Exp $ 1# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $
2
3TEST_ENV= "MALLOC_OPTIONS=AFGJPRX"
4 2
5PROG=test_sshkey 3PROG=test_sshkey
6SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c 4SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c
diff --git a/regress/unittests/utf8/Makefile b/regress/unittests/utf8/Makefile
index 150ea2f2e..a975264fc 100644
--- a/regress/unittests/utf8/Makefile
+++ b/regress/unittests/utf8/Makefile
@@ -1,6 +1,4 @@
1# $OpenBSD: Makefile,v 1.2 2016/05/30 12:14:08 schwarze Exp $ 1# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $
2
3TEST_ENV= "MALLOC_OPTIONS=CFGJPRSUX"
4 2
5PROG=test_utf8 3PROG=test_utf8
6SRCS=tests.c 4SRCS=tests.c
diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c
index fad2ec279..31f9fe9c3 100644
--- a/regress/unittests/utf8/tests.c
+++ b/regress/unittests/utf8/tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tests.c,v 1.2 2016/05/30 12:05:56 schwarze Exp $ */ 1/* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */
2/* 2/*
3 * Regress test for the utf8.h *mprintf() API 3 * Regress test for the utf8.h *mprintf() API
4 * 4 *
@@ -6,10 +6,12 @@
6 * and placed in the public domain. 6 * and placed in the public domain.
7 */ 7 */
8 8
9#include "includes.h"
10
9#include <locale.h> 11#include <locale.h>
10#include <string.h> 12#include <string.h>
11 13
12#include "test_helper.h" 14#include "../test_helper/test_helper.h"
13 15
14#include "utf8.h" 16#include "utf8.h"
15 17
@@ -63,7 +65,6 @@ tests(void)
63 TEST_DONE(); 65 TEST_DONE();
64 66
65 badarg(); 67 badarg();
66 one("null", NULL, 8, 6, 6, "(null)");
67 one("empty", "", 2, 0, 0, ""); 68 one("empty", "", 2, 0, 0, "");
68 one("ascii", "x", -2, -2, -2, "x"); 69 one("ascii", "x", -2, -2, -2, "x");
69 one("newline", "a\nb", -2, -2, -2, "a\nb"); 70 one("newline", "a\nb", -2, -2, -2, "a\nb");