diff options
Diffstat (limited to 'regress')
31 files changed, 426 insertions, 151 deletions
diff --git a/regress/Makefile b/regress/Makefile index 08fd82dbf..c2dba4fdf 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.88 2016/06/03 04:10:41 dtucker Exp $ | 1 | # $OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $ |
| 2 | 2 | ||
| 3 | REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec | 3 | REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec |
| 4 | tests: prep $(REGRESS_TARGETS) | 4 | tests: prep $(REGRESS_TARGETS) |
| @@ -39,6 +39,7 @@ LTESTS= connect \ | |||
| 39 | keyscan \ | 39 | keyscan \ |
| 40 | keygen-change \ | 40 | keygen-change \ |
| 41 | keygen-convert \ | 41 | keygen-convert \ |
| 42 | keygen-moduli \ | ||
| 42 | key-options \ | 43 | key-options \ |
| 43 | scp \ | 44 | scp \ |
| 44 | sftp \ | 45 | sftp \ |
| @@ -77,7 +78,8 @@ LTESTS= connect \ | |||
| 77 | hostkey-rotate \ | 78 | hostkey-rotate \ |
| 78 | principals-command \ | 79 | principals-command \ |
| 79 | cert-file \ | 80 | cert-file \ |
| 80 | cfginclude | 81 | cfginclude \ |
| 82 | allow-deny-users | ||
| 81 | 83 | ||
| 82 | 84 | ||
| 83 | # dhgex \ | 85 | # dhgex \ |
| @@ -87,9 +89,10 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers | |||
| 87 | 89 | ||
| 88 | #LTESTS= cipher-speed | 90 | #LTESTS= cipher-speed |
| 89 | 91 | ||
| 90 | USER!= id -un | 92 | USERNAME!= id -un |
| 91 | CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \ | 93 | CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ |
| 92 | authorized_keys_${USER}.* authorized_principals_${USER} \ | 94 | authorized_keys_${USERNAME}.* \ |
| 95 | authorized_principals_${USERNAME} \ | ||
| 93 | banner.in banner.out cert_host_key* cert_user_key* \ | 96 | banner.in banner.out cert_host_key* cert_user_key* \ |
| 94 | copy.1 copy.2 data ed25519-agent ed25519-agent* \ | 97 | copy.1 copy.2 data ed25519-agent ed25519-agent* \ |
| 95 | ed25519-agent.pub empty.in expect failed-regress.log \ | 98 | ed25519-agent.pub empty.in expect failed-regress.log \ |
| @@ -111,10 +114,10 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \ | |||
| 111 | t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ | 114 | t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ |
| 112 | t9.out t9.out.pub testdata user_*key* user_ca* user_key* | 115 | t9.out t9.out.pub testdata user_*key* user_ca* user_key* |
| 113 | 116 | ||
| 114 | SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} | 117 | SUDO_CLEAN+= /var/run/testdata_${USERNAME} /var/run/keycommand_${USERNAME} |
| 115 | 118 | ||
| 116 | # Enable all malloc(3) randomisations and checks | 119 | # Enable all malloc(3) randomisations and checks |
| 117 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | 120 | TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX" |
| 118 | 121 | ||
| 119 | TEST_SSH_SSHKEYGEN?=ssh-keygen | 122 | TEST_SSH_SSHKEYGEN?=ssh-keygen |
| 120 | 123 | ||
| @@ -222,4 +225,8 @@ unit: | |||
| 222 | $$V ${.OBJDIR}/unittests/kex/test_kex ; \ | 225 | $$V ${.OBJDIR}/unittests/kex/test_kex ; \ |
| 223 | $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ | 226 | $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ |
| 224 | -d ${.CURDIR}/unittests/hostkeys/testdata ; \ | 227 | -d ${.CURDIR}/unittests/hostkeys/testdata ; \ |
| 228 | $$V ${.OBJDIR}/unittests/match/test_match ; \ | ||
| 229 | if test "x${TEST_SSH_UTF8}" = "xyes" ; then \ | ||
| 230 | $$V ${.OBJDIR}/unittests/utf8/test_utf8 ; \ | ||
| 231 | fi \ | ||
| 225 | fi | 232 | fi |
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 24b71f458..91621a59c 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: agent-getpeereid.sh,v 1.6 2016/05/03 14:41:04 djm Exp $ | 1 | # $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="disallow agent attach from other uid" | 4 | tid="disallow agent attach from other uid" |
diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh new file mode 100644 index 000000000..32a269afa --- /dev/null +++ b/regress/allow-deny-users.sh | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | # Public Domain | ||
| 2 | # Zev Weiss, 2016 | ||
| 3 | |||
| 4 | tid="AllowUsers/DenyUsers" | ||
| 5 | |||
| 6 | me="$LOGNAME" | ||
| 7 | if [ "x$me" == "x" ]; then | ||
| 8 | me=`whoami` | ||
| 9 | fi | ||
| 10 | other="nobody" | ||
| 11 | |||
| 12 | test_auth() | ||
| 13 | { | ||
| 14 | deny="$1" | ||
| 15 | allow="$2" | ||
| 16 | should_succeed="$3" | ||
| 17 | failmsg="$4" | ||
| 18 | |||
| 19 | start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow" | ||
| 20 | |||
| 21 | ${SSH} -F $OBJ/ssh_config "$me@somehost" true | ||
| 22 | status=$? | ||
| 23 | |||
| 24 | if (test $status -eq 0 && ! $should_succeed) \ | ||
| 25 | || (test $status -ne 0 && $should_succeed); then | ||
| 26 | fail "$failmsg" | ||
| 27 | fi | ||
| 28 | |||
| 29 | stop_sshd | ||
| 30 | } | ||
| 31 | |||
| 32 | # DenyUsers AllowUsers should_succeed failure_message | ||
| 33 | test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied" | ||
| 34 | test_auth "$other $me" "" false "user in DenyUsers allowed" | ||
| 35 | test_auth "$me $other" "" false "user in DenyUsers allowed" | ||
| 36 | test_auth "" "$other" false "user not in AllowUsers allowed" | ||
| 37 | test_auth "" "$other $me" true "user in AllowUsers denied" | ||
| 38 | test_auth "" "$me $other" true "user in AllowUsers denied" | ||
| 39 | test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed" | ||
| 40 | test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed" | ||
diff --git a/regress/cert-file.sh b/regress/cert-file.sh index bad923ad0..b184e7fea 100644 --- a/regress/cert-file.sh +++ b/regress/cert-file.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: cert-file.sh,v 1.2 2015/09/24 07:15:39 djm Exp $ | 1 | # $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="ssh with certificates" | 4 | tid="ssh with certificates" |
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 319746395..7005fd55e 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="certified user keys" | 4 | tid="certified user keys" |
| @@ -354,6 +354,20 @@ test_one "principals key option principals" success "-n mekmitasdigoat" \ | |||
| 354 | test_one "principals key option no principals" failure "" \ | 354 | test_one "principals key option no principals" failure "" \ |
| 355 | authorized_keys ',principals="mekmitasdigoat"' | 355 | authorized_keys ',principals="mekmitasdigoat"' |
| 356 | 356 | ||
| 357 | # command= options vs. force-command in key | ||
| 358 | test_one "force-command match true" success \ | ||
| 359 | "-n ${USER} -Oforce-command=true" \ | ||
| 360 | authorized_keys ',command="true"' | ||
| 361 | test_one "force-command match true" failure \ | ||
| 362 | "-n ${USER} -Oforce-command=false" \ | ||
| 363 | authorized_keys ',command="false"' | ||
| 364 | test_one "force-command mismatch 1" failure \ | ||
| 365 | "-n ${USER} -Oforce-command=false" \ | ||
| 366 | authorized_keys ',command="true"' | ||
| 367 | test_one "force-command mismatch 2" failure \ | ||
| 368 | "-n ${USER} -Oforce-command=true" \ | ||
| 369 | authorized_keys ',command="false"' | ||
| 370 | |||
| 357 | # Wrong certificate | 371 | # Wrong certificate |
| 358 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | 372 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy |
| 359 | for ktype in $PLAIN_TYPES ; do | 373 | for ktype in $PLAIN_TYPES ; do |
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh index ea739f614..81cedc7e5 100644 --- a/regress/connect-privsep.sh +++ b/regress/connect-privsep.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: connect-privsep.sh,v 1.6 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: connect-privsep.sh,v 1.8 2016/11/01 13:43:27 tb Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="proxy connect with privsep" | 4 | tid="proxy connect with privsep" |
| @@ -27,7 +27,7 @@ done | |||
| 27 | # Because sandbox is sensitive to changes in libc, especially malloc, retest | 27 | # Because sandbox is sensitive to changes in libc, especially malloc, retest |
| 28 | # with every malloc.conf option (and none). | 28 | # with every malloc.conf option (and none). |
| 29 | if [ -z "TEST_MALLOC_OPTIONS" ]; then | 29 | if [ -z "TEST_MALLOC_OPTIONS" ]; then |
| 30 | mopts="A F G H J P R S X < >" | 30 | mopts="C F G J R S U X < >" |
| 31 | else | 31 | else |
| 32 | mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` | 32 | mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` |
| 33 | fi | 33 | fi |
diff --git a/regress/integrity.sh b/regress/integrity.sh index bfadc6b48..39d310deb 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: integrity.sh,v 1.18 2016/03/04 02:48:06 dtucker Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="integrity" | 4 | tid="integrity" |
diff --git a/regress/keygen-moduli.sh b/regress/keygen-moduli.sh new file mode 100644 index 000000000..d4e771383 --- /dev/null +++ b/regress/keygen-moduli.sh | |||
| @@ -0,0 +1,18 @@ | |||
| 1 | # $OpenBSD: keygen-moduli.sh,v 1.2 2016/09/14 00:45:31 dtucker Exp $ | ||
| 2 | # Placed in the Public Domain. | ||
| 3 | |||
| 4 | tid="keygen moduli" | ||
| 5 | |||
| 6 | # Try "start at the beginning and stop after 1", "skip 1 then stop after 1" | ||
| 7 | # and "skip 2 and run to the end with checkpointing". Since our test data | ||
| 8 | # file has 3 lines, these should always result in 1 line of output. | ||
| 9 | for i in "-J1" "-j1 -J1" "-j2 -K $OBJ/moduli.ckpt"; do | ||
| 10 | trace "keygen $i" | ||
| 11 | rm -f $OBJ/moduli.out $OBJ/moduli.ckpt | ||
| 12 | ${SSHKEYGEN} -T $OBJ/moduli.out -f ${SRC}/moduli.in $i 2>/dev/null || \ | ||
| 13 | fail "keygen screen failed $i" | ||
| 14 | lines=`wc -l <$OBJ/moduli.out` | ||
| 15 | test "$lines" -eq "1" || fail "expected 1 line, got $lines" | ||
| 16 | done | ||
| 17 | |||
| 18 | rm -f $OBJ/moduli.out $OBJ/moduli.ckpt | ||
diff --git a/regress/keys-command.sh b/regress/keys-command.sh index af68cf15c..9c9ada7c7 100644 --- a/regress/keys-command.sh +++ b/regress/keys-command.sh | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | 3 | ||
| 4 | tid="authorized keys from command" | 4 | tid="authorized keys from command" |
| 5 | 5 | ||
| 6 | if test -z "$SUDO" ; then | 6 | if [ -z "$SUDO" -a ! -w /var/run ]; then |
| 7 | echo "skipped (SUDO not set)" | 7 | echo "skipped (SUDO not set)" |
| 8 | echo "need SUDO to create file in /var/run, test won't work without" | 8 | echo "need SUDO to create file in /var/run, test won't work without" |
| 9 | exit 0 | 9 | exit 0 |
diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh index eb76f554b..12207fd99 100644 --- a/regress/login-timeout.sh +++ b/regress/login-timeout.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: login-timeout.sh,v 1.7 2014/03/13 20:44:49 djm Exp $ | 1 | # $OpenBSD: login-timeout.sh,v 1.8 2016/12/16 01:06:27 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="connect after login grace timeout" | 4 | tid="connect after login grace timeout" |
| @@ -17,7 +17,7 @@ if [ $? -ne 0 ]; then | |||
| 17 | fail "ssh connect after login grace timeout failed with privsep" | 17 | fail "ssh connect after login grace timeout failed with privsep" |
| 18 | fi | 18 | fi |
| 19 | 19 | ||
| 20 | $SUDO kill `$SUDO cat $PIDFILE` | 20 | stop_sshd |
| 21 | 21 | ||
| 22 | trace "test login grace without privsep" | 22 | trace "test login grace without privsep" |
| 23 | echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config | 23 | echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config |
diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README index 8b215b5bf..abd7b50ee 100644 --- a/regress/misc/kexfuzz/README +++ b/regress/misc/kexfuzz/README | |||
| @@ -26,3 +26,7 @@ A comprehensive KEX fuzz run would fuzz every packet in both | |||
| 26 | directions for each key exchange type and every hostkey type. | 26 | directions for each key exchange type and every hostkey type. |
| 27 | This will take some time. | 27 | This will take some time. |
| 28 | 28 | ||
| 29 | Limitations: kexfuzz can't change the ordering of packets at | ||
| 30 | present. It is limited to replacing individual packets with | ||
| 31 | fuzzed variants with the same type. It really should allow | ||
| 32 | insertion, deletion on replacement of packets too. | ||
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 2894d3a1e..67058027f 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexfuzz.c,v 1.1 2016/03/04 02:30:37 djm Exp $ */ | 1 | /* $OpenBSD: kexfuzz.c,v 1.3 2016/10/11 21:49:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Fuzz harness for KEX code | 3 | * Fuzz harness for KEX code |
| 4 | * | 4 | * |
| @@ -27,6 +27,7 @@ | |||
| 27 | #include "packet.h" | 27 | #include "packet.h" |
| 28 | #include "myproposal.h" | 28 | #include "myproposal.h" |
| 29 | #include "authfile.h" | 29 | #include "authfile.h" |
| 30 | #include "log.h" | ||
| 30 | 31 | ||
| 31 | struct ssh *active_state = NULL; /* XXX - needed for linking */ | 32 | struct ssh *active_state = NULL; /* XXX - needed for linking */ |
| 32 | 33 | ||
| @@ -35,61 +36,93 @@ static int do_debug = 0; | |||
| 35 | 36 | ||
| 36 | enum direction { S2C, C2S }; | 37 | enum direction { S2C, C2S }; |
| 37 | 38 | ||
| 39 | struct hook_ctx { | ||
| 40 | struct ssh *client, *server, *server2; | ||
| 41 | int *c2s, *s2c; | ||
| 42 | int trigger_direction, packet_index; | ||
| 43 | const char *dump_path; | ||
| 44 | struct sshbuf *replace_data; | ||
| 45 | }; | ||
| 46 | |||
| 38 | static int | 47 | static int |
| 39 | do_send_and_receive(struct ssh *from, struct ssh *to, int mydirection, | 48 | packet_hook(struct ssh *ssh, struct sshbuf *packet, u_char *typep, void *_ctx) |
| 40 | int *packet_count, int trigger_direction, int packet_index, | 49 | { |
| 41 | const char *dump_path, struct sshbuf *replace_data) | 50 | struct hook_ctx *ctx = (struct hook_ctx *)_ctx; |
| 51 | int mydirection = ssh == ctx->client ? S2C : C2S; | ||
| 52 | int *packet_count = mydirection == S2C ? ctx->s2c : ctx->c2s; | ||
| 53 | FILE *dumpfile; | ||
| 54 | int r; | ||
| 55 | |||
| 56 | if (do_debug) { | ||
| 57 | printf("%s packet %d type %u:\n", | ||
| 58 | mydirection == S2C ? "s2c" : "c2s", | ||
| 59 | *packet_count, *typep); | ||
| 60 | sshbuf_dump(packet, stdout); | ||
| 61 | } | ||
| 62 | if (mydirection == ctx->trigger_direction && | ||
| 63 | ctx->packet_index == *packet_count) { | ||
| 64 | if (ctx->replace_data != NULL) { | ||
| 65 | sshbuf_reset(packet); | ||
| 66 | /* Type is first byte of packet */ | ||
| 67 | if ((r = sshbuf_get_u8(ctx->replace_data, | ||
| 68 | typep)) != 0 || | ||
| 69 | (r = sshbuf_putb(packet, ctx->replace_data)) != 0) | ||
| 70 | return r; | ||
| 71 | if (do_debug) { | ||
| 72 | printf("***** replaced packet type %u\n", | ||
| 73 | *typep); | ||
| 74 | sshbuf_dump(packet, stdout); | ||
| 75 | } | ||
| 76 | } else if (ctx->dump_path != NULL) { | ||
| 77 | if ((dumpfile = fopen(ctx->dump_path, "w+")) == NULL) | ||
| 78 | err(1, "fopen %s", ctx->dump_path); | ||
| 79 | /* Write { type, packet } */ | ||
| 80 | if (fwrite(typep, 1, 1, dumpfile) != 1) | ||
| 81 | err(1, "fwrite type %s", ctx->dump_path); | ||
| 82 | if (sshbuf_len(packet) != 0 && | ||
| 83 | fwrite(sshbuf_ptr(packet), sshbuf_len(packet), | ||
| 84 | 1, dumpfile) != 1) | ||
| 85 | err(1, "fwrite body %s", ctx->dump_path); | ||
| 86 | if (do_debug) { | ||
| 87 | printf("***** dumped packet type %u len %zu\n", | ||
| 88 | *typep, sshbuf_len(packet)); | ||
| 89 | } | ||
| 90 | fclose(dumpfile); | ||
| 91 | /* No point in continuing */ | ||
| 92 | exit(0); | ||
| 93 | } | ||
| 94 | } | ||
| 95 | (*packet_count)++; | ||
| 96 | return 0; | ||
| 97 | } | ||
| 98 | |||
| 99 | static int | ||
| 100 | do_send_and_receive(struct ssh *from, struct ssh *to) | ||
| 42 | { | 101 | { |
| 43 | u_char type; | 102 | u_char type; |
| 44 | size_t len, olen; | 103 | size_t len; |
| 45 | const u_char *buf; | 104 | const u_char *buf; |
| 46 | int r; | 105 | int r; |
| 47 | FILE *dumpfile; | ||
| 48 | 106 | ||
| 49 | for (;;) { | 107 | for (;;) { |
| 50 | if ((r = ssh_packet_next(from, &type)) != 0) { | 108 | if ((r = ssh_packet_next(from, &type)) != 0) { |
| 51 | fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r)); | 109 | fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r)); |
| 52 | return r; | 110 | return r; |
| 53 | } | 111 | } |
| 112 | |||
| 54 | if (type != 0) | 113 | if (type != 0) |
| 55 | return 0; | 114 | return 0; |
| 56 | buf = ssh_output_ptr(from, &len); | 115 | buf = ssh_output_ptr(from, &len); |
| 57 | olen = len; | ||
| 58 | if (do_debug) { | ||
| 59 | printf("%s packet %d type %u len %zu:\n", | ||
| 60 | mydirection == S2C ? "s2c" : "c2s", | ||
| 61 | *packet_count, type, len); | ||
| 62 | sshbuf_dump_data(buf, len, stdout); | ||
| 63 | } | ||
| 64 | if (mydirection == trigger_direction && | ||
| 65 | packet_index == *packet_count) { | ||
| 66 | if (replace_data != NULL) { | ||
| 67 | buf = sshbuf_ptr(replace_data); | ||
| 68 | len = sshbuf_len(replace_data); | ||
| 69 | if (do_debug) { | ||
| 70 | printf("***** replaced packet " | ||
| 71 | "len %zu\n", len); | ||
| 72 | sshbuf_dump_data(buf, len, stdout); | ||
| 73 | } | ||
| 74 | } else if (dump_path != NULL) { | ||
| 75 | if ((dumpfile = fopen(dump_path, "w+")) == NULL) | ||
| 76 | err(1, "fopen %s", dump_path); | ||
| 77 | if (len != 0 && | ||
| 78 | fwrite(buf, len, 1, dumpfile) != 1) | ||
| 79 | err(1, "fwrite %s", dump_path); | ||
| 80 | if (do_debug) | ||
| 81 | printf("***** dumped packet " | ||
| 82 | "len %zu\n", len); | ||
| 83 | fclose(dumpfile); | ||
| 84 | exit(0); | ||
| 85 | } | ||
| 86 | } | ||
| 87 | (*packet_count)++; | ||
| 88 | if (len == 0) | 116 | if (len == 0) |
| 89 | return 0; | 117 | return 0; |
| 90 | if ((r = ssh_input_append(to, buf, len)) != 0 || | 118 | if ((r = ssh_input_append(to, buf, len)) != 0) { |
| 91 | (r = ssh_output_consume(from, olen)) != 0) | 119 | debug("ssh_input_append: %s", ssh_err(r)); |
| 120 | return r; | ||
| 121 | } | ||
| 122 | if ((r = ssh_output_consume(from, len)) != 0) { | ||
| 123 | debug("ssh_output_consume: %s", ssh_err(r)); | ||
| 92 | return r; | 124 | return r; |
| 125 | } | ||
| 93 | } | 126 | } |
| 94 | } | 127 | } |
| 95 | 128 | ||
| @@ -141,19 +174,19 @@ const char *in_test = NULL; | |||
| 141 | 174 | ||
| 142 | 175 | ||
| 143 | static void | 176 | static void |
| 144 | run_kex(struct ssh *client, struct ssh *server, int *s2c, int *c2s, | 177 | run_kex(struct ssh *client, struct ssh *server) |
| 145 | int direction, int packet_index, | ||
| 146 | const char *dump_path, struct sshbuf *replace_data) | ||
| 147 | { | 178 | { |
| 148 | int r = 0; | 179 | int r = 0; |
| 149 | 180 | ||
| 150 | while (!server->kex->done || !client->kex->done) { | 181 | while (!server->kex->done || !client->kex->done) { |
| 151 | if ((r = do_send_and_receive(server, client, S2C, s2c, | 182 | if ((r = do_send_and_receive(server, client)) != 0) { |
| 152 | direction, packet_index, dump_path, replace_data))) | 183 | debug("do_send_and_receive S2C: %s", ssh_err(r)); |
| 153 | break; | 184 | break; |
| 154 | if ((r = do_send_and_receive(client, server, C2S, c2s, | 185 | } |
| 155 | direction, packet_index, dump_path, replace_data))) | 186 | if ((r = do_send_and_receive(client, server)) != 0) { |
| 187 | debug("do_send_and_receive C2S: %s", ssh_err(r)); | ||
| 156 | break; | 188 | break; |
| 189 | } | ||
| 157 | } | 190 | } |
| 158 | if (do_debug) | 191 | if (do_debug) |
| 159 | printf("done: %s\n", ssh_err(r)); | 192 | printf("done: %s\n", ssh_err(r)); |
| @@ -173,6 +206,7 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, | |||
| 173 | struct kex_params kex_params; | 206 | struct kex_params kex_params; |
| 174 | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; | 207 | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; |
| 175 | char *keyname = NULL; | 208 | char *keyname = NULL; |
| 209 | struct hook_ctx hook_ctx; | ||
| 176 | 210 | ||
| 177 | TEST_START("sshkey_from_private"); | 211 | TEST_START("sshkey_from_private"); |
| 178 | ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0); | 212 | ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0); |
| @@ -187,30 +221,42 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, | |||
| 187 | kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname; | 221 | kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname; |
| 188 | ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0); | 222 | ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0); |
| 189 | ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0); | 223 | ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0); |
| 224 | ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0); | ||
| 190 | ASSERT_PTR_NE(client, NULL); | 225 | ASSERT_PTR_NE(client, NULL); |
| 191 | ASSERT_PTR_NE(server, NULL); | 226 | ASSERT_PTR_NE(server, NULL); |
| 227 | ASSERT_PTR_NE(server2, NULL); | ||
| 192 | TEST_DONE(); | 228 | TEST_DONE(); |
| 193 | 229 | ||
| 230 | hook_ctx.c2s = c2s; | ||
| 231 | hook_ctx.s2c = s2c; | ||
| 232 | hook_ctx.trigger_direction = direction; | ||
| 233 | hook_ctx.packet_index = packet_index; | ||
| 234 | hook_ctx.dump_path = dump_path; | ||
| 235 | hook_ctx.replace_data = replace_data; | ||
| 236 | hook_ctx.client = client; | ||
| 237 | hook_ctx.server = server; | ||
| 238 | hook_ctx.server2 = server2; | ||
| 239 | ssh_packet_set_input_hook(client, packet_hook, &hook_ctx); | ||
| 240 | ssh_packet_set_input_hook(server, packet_hook, &hook_ctx); | ||
| 241 | ssh_packet_set_input_hook(server2, packet_hook, &hook_ctx); | ||
| 242 | |||
| 194 | TEST_START("ssh_add_hostkey"); | 243 | TEST_START("ssh_add_hostkey"); |
| 195 | ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0); | 244 | ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0); |
| 196 | ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0); | 245 | ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0); |
| 197 | TEST_DONE(); | 246 | TEST_DONE(); |
| 198 | 247 | ||
| 199 | TEST_START("kex"); | 248 | TEST_START("kex"); |
| 200 | run_kex(client, server, s2c, c2s, direction, packet_index, | 249 | run_kex(client, server); |
| 201 | dump_path, replace_data); | ||
| 202 | TEST_DONE(); | 250 | TEST_DONE(); |
| 203 | 251 | ||
| 204 | TEST_START("rekeying client"); | 252 | TEST_START("rekeying client"); |
| 205 | ASSERT_INT_EQ(kex_send_kexinit(client), 0); | 253 | ASSERT_INT_EQ(kex_send_kexinit(client), 0); |
| 206 | run_kex(client, server, s2c, c2s, direction, packet_index, | 254 | run_kex(client, server); |
| 207 | dump_path, replace_data); | ||
| 208 | TEST_DONE(); | 255 | TEST_DONE(); |
| 209 | 256 | ||
| 210 | TEST_START("rekeying server"); | 257 | TEST_START("rekeying server"); |
| 211 | ASSERT_INT_EQ(kex_send_kexinit(server), 0); | 258 | ASSERT_INT_EQ(kex_send_kexinit(server), 0); |
| 212 | run_kex(client, server, s2c, c2s, direction, packet_index, | 259 | run_kex(client, server); |
| 213 | dump_path, replace_data); | ||
| 214 | TEST_DONE(); | 260 | TEST_DONE(); |
| 215 | 261 | ||
| 216 | TEST_START("ssh_packet_get_state"); | 262 | TEST_START("ssh_packet_get_state"); |
| @@ -221,9 +267,6 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, | |||
| 221 | TEST_DONE(); | 267 | TEST_DONE(); |
| 222 | 268 | ||
| 223 | TEST_START("ssh_packet_set_state"); | 269 | TEST_START("ssh_packet_set_state"); |
| 224 | server2 = NULL; | ||
| 225 | ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0); | ||
| 226 | ASSERT_PTR_NE(server2, NULL); | ||
| 227 | ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0); | 270 | ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0); |
| 228 | kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */ | 271 | kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */ |
| 229 | ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0); | 272 | ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0); |
| @@ -231,12 +274,17 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, | |||
| 231 | sshbuf_free(state); | 274 | sshbuf_free(state); |
| 232 | ASSERT_PTR_NE(server2->kex, NULL); | 275 | ASSERT_PTR_NE(server2->kex, NULL); |
| 233 | /* XXX we need to set the callbacks */ | 276 | /* XXX we need to set the callbacks */ |
| 277 | #ifdef WITH_OPENSSL | ||
| 234 | server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 278 | server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
| 235 | server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 279 | server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
| 280 | server2->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; | ||
| 281 | server2->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; | ||
| 282 | server2->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; | ||
| 236 | server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 283 | server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 237 | server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 284 | server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 238 | #ifdef OPENSSL_HAS_ECC | 285 | # ifdef OPENSSL_HAS_ECC |
| 239 | server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 286 | server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
| 287 | # endif | ||
| 240 | #endif | 288 | #endif |
| 241 | server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 289 | server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
| 242 | server2->kex->load_host_public_key = server->kex->load_host_public_key; | 290 | server2->kex->load_host_public_key = server->kex->load_host_public_key; |
| @@ -246,11 +294,9 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, | |||
| 246 | 294 | ||
| 247 | TEST_START("rekeying server2"); | 295 | TEST_START("rekeying server2"); |
| 248 | ASSERT_INT_EQ(kex_send_kexinit(server2), 0); | 296 | ASSERT_INT_EQ(kex_send_kexinit(server2), 0); |
| 249 | run_kex(client, server2, s2c, c2s, direction, packet_index, | 297 | run_kex(client, server2); |
| 250 | dump_path, replace_data); | ||
| 251 | ASSERT_INT_EQ(kex_send_kexinit(client), 0); | 298 | ASSERT_INT_EQ(kex_send_kexinit(client), 0); |
| 252 | run_kex(client, server2, s2c, c2s, direction, packet_index, | 299 | run_kex(client, server2); |
| 253 | dump_path, replace_data); | ||
| 254 | TEST_DONE(); | 300 | TEST_DONE(); |
| 255 | 301 | ||
| 256 | TEST_START("cleanup"); | 302 | TEST_START("cleanup"); |
| @@ -352,6 +398,9 @@ main(int argc, char **argv) | |||
| 352 | argc -= optind; | 398 | argc -= optind; |
| 353 | argv += optind; | 399 | argv += optind; |
| 354 | 400 | ||
| 401 | log_init(argv[0], do_debug ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO, | ||
| 402 | SYSLOG_FACILITY_USER, 1); | ||
| 403 | |||
| 355 | /* Must select a single mode */ | 404 | /* Must select a single mode */ |
| 356 | if ((count_flag + dump_flag + replace_flag) != 1) | 405 | if ((count_flag + dump_flag + replace_flag) != 1) |
| 357 | badusage("Must select one mode: -c, -d or -r"); | 406 | badusage("Must select one mode: -c, -d or -r"); |
diff --git a/regress/moduli.in b/regress/moduli.in new file mode 100644 index 000000000..e69c902a2 --- /dev/null +++ b/regress/moduli.in | |||
| @@ -0,0 +1,3 @@ | |||
| 1 | 20160301052556 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D19F4647 | ||
| 2 | 20160301052601 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1A5C13B | ||
| 3 | 20160301052612 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1B7A3EF | ||
diff --git a/regress/principals-command.sh b/regress/principals-command.sh index c0be7e747..9b38eb105 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: principals-command.sh,v 1.1 2015/05/21 06:44:25 djm Exp $ | 1 | # $OpenBSD: principals-command.sh,v 1.3 2016/09/26 21:34:38 bluhm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="authorized principals command" | 4 | tid="authorized principals command" |
| @@ -6,41 +6,56 @@ tid="authorized principals command" | |||
| 6 | rm -f $OBJ/user_ca_key* $OBJ/cert_user_key* | 6 | rm -f $OBJ/user_ca_key* $OBJ/cert_user_key* |
| 7 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 7 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
| 8 | 8 | ||
| 9 | if test -z "$SUDO" ; then | 9 | if [ -z "$SUDO" -a ! -w /var/run ]; then |
| 10 | echo "skipped (SUDO not set)" | 10 | echo "skipped (SUDO not set)" |
| 11 | echo "need SUDO to create file in /var/run, test won't work without" | 11 | echo "need SUDO to create file in /var/run, test won't work without" |
| 12 | exit 0 | 12 | exit 0 |
| 13 | fi | 13 | fi |
| 14 | 14 | ||
| 15 | SERIAL=$$ | ||
| 16 | |||
| 17 | # Create a CA key and a user certificate. | ||
| 18 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ | ||
| 19 | fatal "ssh-keygen of user_ca_key failed" | ||
| 20 | ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/cert_user_key || \ | ||
| 21 | fatal "ssh-keygen of cert_user_key failed" | ||
| 22 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "Joanne User" \ | ||
| 23 | -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \ | ||
| 24 | fatal "couldn't sign cert_user_key" | ||
| 25 | |||
| 26 | CERT_BODY=`cat $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'` | ||
| 27 | CA_BODY=`cat $OBJ/user_ca_key.pub | awk '{ print $2 }'` | ||
| 28 | CERT_FP=`${SSHKEYGEN} -lf $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'` | ||
| 29 | CA_FP=`${SSHKEYGEN} -lf $OBJ/user_ca_key.pub | awk '{ print $2 }'` | ||
| 30 | |||
| 15 | # Establish a AuthorizedPrincipalsCommand in /var/run where it will have | 31 | # Establish a AuthorizedPrincipalsCommand in /var/run where it will have |
| 16 | # acceptable directory permissions. | 32 | # acceptable directory permissions. |
| 17 | PRINCIPALS_CMD="/var/run/principals_command_${LOGNAME}" | 33 | PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}" |
| 18 | cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_CMD'" | 34 | cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'" |
| 19 | #!/bin/sh | 35 | #!/bin/sh |
| 20 | test "x\$1" != "x${LOGNAME}" && exit 1 | 36 | test "x\$1" != "x${LOGNAME}" && exit 1 |
| 37 | test "x\$2" != "xssh-rsa-cert-v01@openssh.com" && exit 1 | ||
| 38 | test "x\$3" != "xssh-ed25519" && exit 1 | ||
| 39 | test "x\$4" != "xJoanne User" && exit 1 | ||
| 40 | test "x\$5" != "x${SERIAL}" && exit 1 | ||
| 41 | test "x\$6" != "x${CA_FP}" && exit 1 | ||
| 42 | test "x\$7" != "x${CERT_FP}" && exit 1 | ||
| 43 | test "x\$8" != "x${CERT_BODY}" && exit 1 | ||
| 44 | test "x\$9" != "x${CA_BODY}" && exit 1 | ||
| 21 | test -f "$OBJ/authorized_principals_${LOGNAME}" && | 45 | test -f "$OBJ/authorized_principals_${LOGNAME}" && |
| 22 | exec cat "$OBJ/authorized_principals_${LOGNAME}" | 46 | exec cat "$OBJ/authorized_principals_${LOGNAME}" |
| 23 | _EOF | 47 | _EOF |
| 24 | test $? -eq 0 || fatal "couldn't prepare principals command" | 48 | test $? -eq 0 || fatal "couldn't prepare principals command" |
| 25 | $SUDO chmod 0755 "$PRINCIPALS_CMD" | 49 | $SUDO chmod 0755 "$PRINCIPALS_COMMAND" |
| 26 | 50 | ||
| 27 | if ! $OBJ/check-perm -m keys-command $PRINCIPALS_CMD ; then | 51 | if ! $OBJ/check-perm -m keys-command $PRINCIPALS_COMMAND ; then |
| 28 | echo "skipping: $PRINCIPALS_CMD is unsuitable as " \ | 52 | echo "skipping: $PRINCIPALS_COMMAND is unsuitable as " \ |
| 29 | "AuthorizedPrincipalsCommand" | 53 | "AuthorizedPrincipalsCommand" |
| 30 | $SUDO rm -f $PRINCIPALS_CMD | 54 | $SUDO rm -f $PRINCIPALS_COMMAND |
| 31 | exit 0 | 55 | exit 0 |
| 32 | fi | 56 | fi |
| 33 | 57 | ||
| 34 | # Create a CA key and a user certificate. | 58 | if [ -x $PRINCIPALS_COMMAND ]; then |
| 35 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ | ||
| 36 | fatal "ssh-keygen of user_ca_key failed" | ||
| 37 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/cert_user_key || \ | ||
| 38 | fatal "ssh-keygen of cert_user_key failed" | ||
| 39 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ | ||
| 40 | -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \ | ||
| 41 | fatal "couldn't sign cert_user_key" | ||
| 42 | |||
| 43 | if [ -x $PRINCIPALS_CMD ]; then | ||
| 44 | # Test explicitly-specified principals | 59 | # Test explicitly-specified principals |
| 45 | for privsep in yes no ; do | 60 | for privsep in yes no ; do |
| 46 | _prefix="privsep $privsep" | 61 | _prefix="privsep $privsep" |
| @@ -51,7 +66,8 @@ if [ -x $PRINCIPALS_CMD ]; then | |||
| 51 | cat $OBJ/sshd_proxy_bak | 66 | cat $OBJ/sshd_proxy_bak |
| 52 | echo "UsePrivilegeSeparation $privsep" | 67 | echo "UsePrivilegeSeparation $privsep" |
| 53 | echo "AuthorizedKeysFile none" | 68 | echo "AuthorizedKeysFile none" |
| 54 | echo "AuthorizedPrincipalsCommand $PRINCIPALS_CMD %u" | 69 | echo "AuthorizedPrincipalsCommand $PRINCIPALS_COMMAND" \ |
| 70 | "%u %t %T %i %s %F %f %k %K" | ||
| 55 | echo "AuthorizedPrincipalsCommandUser ${LOGNAME}" | 71 | echo "AuthorizedPrincipalsCommandUser ${LOGNAME}" |
| 56 | echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" | 72 | echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" |
| 57 | ) > $OBJ/sshd_proxy | 73 | ) > $OBJ/sshd_proxy |
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index 724a98cc1..9adba674e 100644 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $ | 1 | # $OpenBSD: putty-ciphers.sh,v 1.5 2016/11/25 03:02:01 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="putty ciphers" | 4 | tid="putty ciphers" |
| @@ -16,7 +16,7 @@ for c in aes blowfish 3des arcfour aes128-ctr aes192-ctr aes256-ctr ; do | |||
| 16 | 16 | ||
| 17 | rm -f ${COPY} | 17 | rm -f ${COPY} |
| 18 | env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ | 18 | env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ |
| 19 | 127.0.0.1 cat ${DATA} > ${COPY} | 19 | cat ${DATA} > ${COPY} |
| 20 | if [ $? -ne 0 ]; then | 20 | if [ $? -ne 0 ]; then |
| 21 | fail "ssh cat $DATA failed" | 21 | fail "ssh cat $DATA failed" |
| 22 | fi | 22 | fi |
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh index 1844d6599..9d3c6a9f0 100644 --- a/regress/putty-kex.sh +++ b/regress/putty-kex.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ | 1 | # $OpenBSD: putty-kex.sh,v 1.4 2016/11/25 03:02:01 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="putty KEX" | 4 | tid="putty KEX" |
| @@ -14,8 +14,7 @@ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do | |||
| 14 | ${OBJ}/.putty/sessions/kex_$k | 14 | ${OBJ}/.putty/sessions/kex_$k |
| 15 | echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k | 15 | echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k |
| 16 | 16 | ||
| 17 | env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \ | 17 | env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 true |
| 18 | 127.0.0.1 true | ||
| 19 | if [ $? -ne 0 ]; then | 18 | if [ $? -ne 0 ]; then |
| 20 | fail "KEX $k failed" | 19 | fail "KEX $k failed" |
| 21 | fi | 20 | fi |
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index aec0e04ee..8eb6ae0c0 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ | 1 | # $OpenBSD: putty-transfer.sh,v 1.4 2016/11/25 03:02:01 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="putty transfer data" | 4 | tid="putty transfer data" |
| @@ -17,7 +17,7 @@ for p in 2; do | |||
| 17 | ${OBJ}/.putty/sessions/compression_$c | 17 | ${OBJ}/.putty/sessions/compression_$c |
| 18 | echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k | 18 | echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k |
| 19 | env HOME=$PWD ${PLINK} -load compression_$c -batch \ | 19 | env HOME=$PWD ${PLINK} -load compression_$c -batch \ |
| 20 | -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY} | 20 | -i putty.rsa$p cat ${DATA} > ${COPY} |
| 21 | if [ $? -ne 0 ]; then | 21 | if [ $? -ne 0 ]; then |
| 22 | fail "ssh cat $DATA failed" | 22 | fail "ssh cat $DATA failed" |
| 23 | fi | 23 | fi |
| @@ -28,7 +28,7 @@ for p in 2; do | |||
| 28 | rm -f ${COPY} | 28 | rm -f ${COPY} |
| 29 | dd if=$DATA obs=${s} 2> /dev/null | \ | 29 | dd if=$DATA obs=${s} 2> /dev/null | \ |
| 30 | env HOME=$PWD ${PLINK} -load compression_$c \ | 30 | env HOME=$PWD ${PLINK} -load compression_$c \ |
| 31 | -batch -i putty.rsa$p 127.0.0.1 \ | 31 | -batch -i putty.rsa$p \ |
| 32 | "cat > ${COPY}" | 32 | "cat > ${COPY}" |
| 33 | if [ $? -ne 0 ]; then | 33 | if [ $? -ne 0 ]; then |
| 34 | fail "ssh cat $DATA failed" | 34 | fail "ssh cat $DATA failed" |
diff --git a/regress/reexec.sh b/regress/reexec.sh index 5c0a7b46f..72957d4cd 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: reexec.sh,v 1.8 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: reexec.sh,v 1.10 2016/12/16 01:06:27 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="reexec tests" | 4 | tid="reexec tests" |
| @@ -39,8 +39,7 @@ echo "InvalidXXX=no" >> $OBJ/sshd_config | |||
| 39 | 39 | ||
| 40 | copy_tests | 40 | copy_tests |
| 41 | 41 | ||
| 42 | $SUDO kill `$SUDO cat $PIDFILE` | 42 | stop_sshd |
| 43 | rm -f $PIDFILE | ||
| 44 | 43 | ||
| 45 | cp $OBJ/sshd_config.orig $OBJ/sshd_config | 44 | cp $OBJ/sshd_config.orig $OBJ/sshd_config |
| 46 | 45 | ||
| @@ -54,8 +53,7 @@ rm -f $SSHD_COPY | |||
| 54 | 53 | ||
| 55 | copy_tests | 54 | copy_tests |
| 56 | 55 | ||
| 57 | $SUDO kill `$SUDO cat $PIDFILE` | 56 | stop_sshd |
| 58 | rm -f $PIDFILE | ||
| 59 | 57 | ||
| 60 | verbose "test reexec fallback without privsep" | 58 | verbose "test reexec fallback without privsep" |
| 61 | 59 | ||
| @@ -67,7 +65,6 @@ rm -f $SSHD_COPY | |||
| 67 | 65 | ||
| 68 | copy_tests | 66 | copy_tests |
| 69 | 67 | ||
| 70 | $SUDO kill `$SUDO cat $PIDFILE` | 68 | stop_sshd |
| 71 | rm -f $PIDFILE | ||
| 72 | 69 | ||
| 73 | fi | 70 | fi |
diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh index 9c26eb680..4ea2fce85 100644 --- a/regress/sftp-chroot.sh +++ b/regress/sftp-chroot.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: sftp-chroot.sh,v 1.4 2014/01/20 00:00:30 dtucker Exp $ | 1 | # $OpenBSD: sftp-chroot.sh,v 1.5 2016/09/26 21:34:38 bluhm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="sftp in chroot" | 4 | tid="sftp in chroot" |
| @@ -7,7 +7,7 @@ CHROOT=/var/run | |||
| 7 | FILENAME=testdata_${USER} | 7 | FILENAME=testdata_${USER} |
| 8 | PRIVDATA=${CHROOT}/${FILENAME} | 8 | PRIVDATA=${CHROOT}/${FILENAME} |
| 9 | 9 | ||
| 10 | if [ -z "$SUDO" ]; then | 10 | if [ -z "$SUDO" -a ! -w /var/run ]; then |
| 11 | echo "skipped: need SUDO to create file in /var/run, test won't work without" | 11 | echo "skipped: need SUDO to create file in /var/run, test won't work without" |
| 12 | exit 0 | 12 | exit 0 |
| 13 | fi | 13 | fi |
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 1b6526d0b..bfa48803b 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: test-exec.sh,v 1.53 2016/04/15 02:57:10 djm Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | #SUDO=sudo | 4 | #SUDO=sudo |
| @@ -130,7 +130,8 @@ if [ "x$TEST_SSH_CONCH" != "x" ]; then | |||
| 130 | esac | 130 | esac |
| 131 | fi | 131 | fi |
| 132 | 132 | ||
| 133 | SSH_PROTOCOLS=`$SSH -Q protocol-version` | 133 | SSH_PROTOCOLS=2 |
| 134 | #SSH_PROTOCOLS=`$SSH -Q protocol-version` | ||
| 134 | if [ "x$TEST_SSH_PROTOCOLS" != "x" ]; then | 135 | if [ "x$TEST_SSH_PROTOCOLS" != "x" ]; then |
| 135 | SSH_PROTOCOLS="${TEST_SSH_PROTOCOLS}" | 136 | SSH_PROTOCOLS="${TEST_SSH_PROTOCOLS}" |
| 136 | fi | 137 | fi |
| @@ -292,16 +293,8 @@ md5 () { | |||
| 292 | } | 293 | } |
| 293 | # End of portable specific functions | 294 | # End of portable specific functions |
| 294 | 295 | ||
| 295 | # helper | 296 | stop_sshd () |
| 296 | cleanup () | ||
| 297 | { | 297 | { |
| 298 | if [ "x$SSH_PID" != "x" ]; then | ||
| 299 | if [ $SSH_PID -lt 2 ]; then | ||
| 300 | echo bad pid for ssh: $SSH_PID | ||
| 301 | else | ||
| 302 | kill $SSH_PID | ||
| 303 | fi | ||
| 304 | fi | ||
| 305 | if [ -f $PIDFILE ]; then | 298 | if [ -f $PIDFILE ]; then |
| 306 | pid=`$SUDO cat $PIDFILE` | 299 | pid=`$SUDO cat $PIDFILE` |
| 307 | if [ "X$pid" = "X" ]; then | 300 | if [ "X$pid" = "X" ]; then |
| @@ -324,6 +317,19 @@ cleanup () | |||
| 324 | fi | 317 | fi |
| 325 | } | 318 | } |
| 326 | 319 | ||
| 320 | # helper | ||
| 321 | cleanup () | ||
| 322 | { | ||
| 323 | if [ "x$SSH_PID" != "x" ]; then | ||
| 324 | if [ $SSH_PID -lt 2 ]; then | ||
| 325 | echo bad pid for ssh: $SSH_PID | ||
| 326 | else | ||
| 327 | kill $SSH_PID | ||
| 328 | fi | ||
| 329 | fi | ||
| 330 | stop_sshd | ||
| 331 | } | ||
| 332 | |||
| 327 | start_debug_log () | 333 | start_debug_log () |
| 328 | { | 334 | { |
| 329 | echo "trace: $@" >$TEST_REGRESS_LOGFILE | 335 | echo "trace: $@" >$TEST_REGRESS_LOGFILE |
| @@ -400,7 +406,6 @@ fi | |||
| 400 | cat << EOF > $OBJ/sshd_config | 406 | cat << EOF > $OBJ/sshd_config |
| 401 | StrictModes no | 407 | StrictModes no |
| 402 | Port $PORT | 408 | Port $PORT |
| 403 | Protocol $PROTO | ||
| 404 | AddressFamily inet | 409 | AddressFamily inet |
| 405 | ListenAddress 127.0.0.1 | 410 | ListenAddress 127.0.0.1 |
| 406 | #ListenAddress ::1 | 411 | #ListenAddress ::1 |
| @@ -433,7 +438,6 @@ echo 'StrictModes no' >> $OBJ/sshd_proxy | |||
| 433 | # create client config | 438 | # create client config |
| 434 | cat << EOF > $OBJ/ssh_config | 439 | cat << EOF > $OBJ/ssh_config |
| 435 | Host * | 440 | Host * |
| 436 | Protocol $PROTO | ||
| 437 | Hostname 127.0.0.1 | 441 | Hostname 127.0.0.1 |
| 438 | HostKeyAlias localhost-with-alias | 442 | HostKeyAlias localhost-with-alias |
| 439 | Port $PORT | 443 | Port $PORT |
| @@ -513,7 +517,11 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then | |||
| 513 | 517 | ||
| 514 | # Add a PuTTY key to authorized_keys | 518 | # Add a PuTTY key to authorized_keys |
| 515 | rm -f ${OBJ}/putty.rsa2 | 519 | rm -f ${OBJ}/putty.rsa2 |
| 516 | puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null | 520 | if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \ |
| 521 | --new-passphrase /dev/null < /dev/null > /dev/null; then | ||
| 522 | echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2 | ||
| 523 | puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null | ||
| 524 | fi | ||
| 517 | puttygen -O public-openssh ${OBJ}/putty.rsa2 \ | 525 | puttygen -O public-openssh ${OBJ}/putty.rsa2 \ |
| 518 | >> $OBJ/authorized_keys_$USER | 526 | >> $OBJ/authorized_keys_$USER |
| 519 | 527 | ||
| @@ -526,10 +534,12 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then | |||
| 526 | # Setup proxied session | 534 | # Setup proxied session |
| 527 | mkdir -p ${OBJ}/.putty/sessions | 535 | mkdir -p ${OBJ}/.putty/sessions |
| 528 | rm -f ${OBJ}/.putty/sessions/localhost_proxy | 536 | rm -f ${OBJ}/.putty/sessions/localhost_proxy |
| 529 | echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy | 537 | echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy |
| 538 | echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy | ||
| 530 | echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy | 539 | echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy |
| 531 | echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy | 540 | echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy |
| 532 | echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy | 541 | echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy |
| 542 | echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy | ||
| 533 | 543 | ||
| 534 | REGRESS_INTEROP_PUTTY=yes | 544 | REGRESS_INTEROP_PUTTY=yes |
| 535 | fi | 545 | fi |
diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile index 0a95d4b20..e70b16644 100644 --- a/regress/unittests/Makefile +++ b/regress/unittests/Makefile | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.6 2016/05/26 19:14:25 schwarze Exp $ | 1 | # $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $ |
| 2 | REGRESS_FAIL_EARLY= yes | 2 | REGRESS_FAIL_EARLY= yes |
| 3 | SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 | 3 | SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match |
| 4 | 4 | ||
| 5 | .include <bsd.subdir.mk> | 5 | .include <bsd.subdir.mk> |
diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc index 7385e2ba3..3d9eaba5c 100644 --- a/regress/unittests/Makefile.inc +++ b/regress/unittests/Makefile.inc | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile.inc,v 1.6 2015/07/01 23:11:18 djm Exp $ | 1 | # $OpenBSD: Makefile.inc,v 1.9 2016/11/01 13:43:27 tb Exp $ |
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
| 4 | .include <bsd.obj.mk> | 4 | .include <bsd.obj.mk> |
| @@ -49,11 +49,15 @@ DPADD+=${.CURDIR}/../test_helper/libtest_helper.a | |||
| 49 | 49 | ||
| 50 | .if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) | 50 | .if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) |
| 51 | LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh | 51 | LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh |
| 52 | DPADD+=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a | 52 | LIBSSH=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a |
| 53 | .else | 53 | .else |
| 54 | LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh | 54 | LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh |
| 55 | DPADD+=${.CURDIR}/${SSHREL}/lib/libssh.a | 55 | LIBSSH=${.CURDIR}/${SSHREL}/lib/libssh.a |
| 56 | .endif | 56 | .endif |
| 57 | DPADD+=${LIBSSH} | ||
| 58 | ${PROG}: ${LIBSSH} | ||
| 59 | ${LIBSSH}: | ||
| 60 | cd ${.CURDIR}/${SSHREL} && ${MAKE} lib | ||
| 57 | 61 | ||
| 58 | LDADD+= -lcrypto | 62 | LDADD+= -lcrypto |
| 59 | DPADD+= ${LIBCRYPTO} | 63 | DPADD+= ${LIBCRYPTO} |
diff --git a/regress/unittests/bitmap/Makefile b/regress/unittests/bitmap/Makefile index b704d22d6..bd21949f8 100644 --- a/regress/unittests/bitmap/Makefile +++ b/regress/unittests/bitmap/Makefile | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2015/01/15 07:36:28 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ |
| 2 | |||
| 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | ||
| 4 | 2 | ||
| 5 | PROG=test_bitmap | 3 | PROG=test_bitmap |
| 6 | SRCS=tests.c | 4 | SRCS=tests.c |
diff --git a/regress/unittests/hostkeys/Makefile b/regress/unittests/hostkeys/Makefile index f52a85fb1..ae3c342bd 100644 --- a/regress/unittests/hostkeys/Makefile +++ b/regress/unittests/hostkeys/Makefile | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2015/02/16 22:18:34 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ |
| 2 | |||
| 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | ||
| 4 | 2 | ||
| 5 | PROG=test_hostkeys | 3 | PROG=test_hostkeys |
| 6 | SRCS=tests.c test_iterate.c | 4 | SRCS=tests.c test_iterate.c |
diff --git a/regress/unittests/kex/Makefile b/regress/unittests/kex/Makefile index 6532cb00a..7ed312675 100644 --- a/regress/unittests/kex/Makefile +++ b/regress/unittests/kex/Makefile | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.2 2015/01/24 10:39:21 miod Exp $ | 1 | # $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ |
| 2 | |||
| 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | ||
| 4 | 2 | ||
| 5 | PROG=test_kex | 3 | PROG=test_kex |
| 6 | SRCS=tests.c test_kex.c | 4 | SRCS=tests.c test_kex.c |
diff --git a/regress/unittests/match/Makefile b/regress/unittests/match/Makefile new file mode 100644 index 000000000..bd4aed844 --- /dev/null +++ b/regress/unittests/match/Makefile | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ | ||
| 2 | |||
| 3 | PROG=test_match | ||
| 4 | SRCS=tests.c | ||
| 5 | REGRESS_TARGETS=run-regress-${PROG} | ||
| 6 | |||
| 7 | run-regress-${PROG}: ${PROG} | ||
| 8 | env ${TEST_ENV} ./${PROG} | ||
| 9 | |||
| 10 | .include <bsd.regress.mk> | ||
diff --git a/regress/unittests/match/tests.c b/regress/unittests/match/tests.c new file mode 100644 index 000000000..7ff319c16 --- /dev/null +++ b/regress/unittests/match/tests.c | |||
| @@ -0,0 +1,113 @@ | |||
| 1 | /* $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */ | ||
| 2 | /* | ||
| 3 | * Regress test for matching functions | ||
| 4 | * | ||
| 5 | * Placed in the public domain | ||
| 6 | */ | ||
| 7 | |||
| 8 | #include "includes.h" | ||
| 9 | |||
| 10 | #include <sys/types.h> | ||
| 11 | #include <sys/param.h> | ||
| 12 | #include <stdio.h> | ||
| 13 | #ifdef HAVE_STDINT_H | ||
| 14 | #include <stdint.h> | ||
| 15 | #endif | ||
| 16 | #include <stdlib.h> | ||
| 17 | #include <string.h> | ||
| 18 | |||
| 19 | #include "../test_helper/test_helper.h" | ||
| 20 | |||
| 21 | #include "match.h" | ||
| 22 | |||
| 23 | void | ||
| 24 | tests(void) | ||
| 25 | { | ||
| 26 | TEST_START("match_pattern"); | ||
| 27 | ASSERT_INT_EQ(match_pattern("", ""), 1); | ||
| 28 | ASSERT_INT_EQ(match_pattern("", "aaa"), 0); | ||
| 29 | ASSERT_INT_EQ(match_pattern("aaa", ""), 0); | ||
| 30 | ASSERT_INT_EQ(match_pattern("aaa", "aaaa"), 0); | ||
| 31 | ASSERT_INT_EQ(match_pattern("aaaa", "aaa"), 0); | ||
| 32 | TEST_DONE(); | ||
| 33 | |||
| 34 | TEST_START("match_pattern wildcard"); | ||
| 35 | ASSERT_INT_EQ(match_pattern("", "*"), 1); | ||
| 36 | ASSERT_INT_EQ(match_pattern("a", "?"), 1); | ||
| 37 | ASSERT_INT_EQ(match_pattern("aa", "a?"), 1); | ||
| 38 | ASSERT_INT_EQ(match_pattern("a", "*"), 1); | ||
| 39 | ASSERT_INT_EQ(match_pattern("aa", "a*"), 1); | ||
| 40 | ASSERT_INT_EQ(match_pattern("aa", "?*"), 1); | ||
| 41 | ASSERT_INT_EQ(match_pattern("aa", "**"), 1); | ||
| 42 | ASSERT_INT_EQ(match_pattern("aa", "?a"), 1); | ||
| 43 | ASSERT_INT_EQ(match_pattern("aa", "*a"), 1); | ||
| 44 | ASSERT_INT_EQ(match_pattern("ba", "a?"), 0); | ||
| 45 | ASSERT_INT_EQ(match_pattern("ba", "a*"), 0); | ||
| 46 | ASSERT_INT_EQ(match_pattern("ab", "?a"), 0); | ||
| 47 | ASSERT_INT_EQ(match_pattern("ab", "*a"), 0); | ||
| 48 | TEST_DONE(); | ||
| 49 | |||
| 50 | TEST_START("match_pattern_list"); | ||
| 51 | ASSERT_INT_EQ(match_pattern_list("", "", 0), 0); /* no patterns */ | ||
| 52 | ASSERT_INT_EQ(match_pattern_list("", "*", 0), 1); | ||
| 53 | ASSERT_INT_EQ(match_pattern_list("", "!*", 0), -1); | ||
| 54 | ASSERT_INT_EQ(match_pattern_list("", "!a,*", 0), 1); | ||
| 55 | ASSERT_INT_EQ(match_pattern_list("", "*,!a", 0), 1); | ||
| 56 | ASSERT_INT_EQ(match_pattern_list("", "a,!*", 0), -1); | ||
| 57 | ASSERT_INT_EQ(match_pattern_list("", "!*,a", 0), -1); | ||
| 58 | ASSERT_INT_EQ(match_pattern_list("a", "", 0), 0); | ||
| 59 | ASSERT_INT_EQ(match_pattern_list("a", "*", 0), 1); | ||
| 60 | ASSERT_INT_EQ(match_pattern_list("a", "!*", 0), -1); | ||
| 61 | ASSERT_INT_EQ(match_pattern_list("a", "!a", 0), -1); | ||
| 62 | /* XXX negated ASSERT_INT_EQ(match_pattern_list("a", "!b", 0), 1); */ | ||
| 63 | ASSERT_INT_EQ(match_pattern_list("a", "!a,*", 0), -1); | ||
| 64 | ASSERT_INT_EQ(match_pattern_list("b", "!a,*", 0), 1); | ||
| 65 | ASSERT_INT_EQ(match_pattern_list("a", "*,!a", 0), -1); | ||
| 66 | ASSERT_INT_EQ(match_pattern_list("b", "*,!a", 0), 1); | ||
| 67 | ASSERT_INT_EQ(match_pattern_list("a", "a,!*", 0), -1); | ||
| 68 | ASSERT_INT_EQ(match_pattern_list("b", "a,!*", 0), -1); | ||
| 69 | ASSERT_INT_EQ(match_pattern_list("a", "a,!a", 0), -1); | ||
| 70 | /* XXX negated ASSERT_INT_EQ(match_pattern_list("b", "a,!a", 0), 1); */ | ||
| 71 | ASSERT_INT_EQ(match_pattern_list("a", "!*,a", 0), -1); | ||
| 72 | ASSERT_INT_EQ(match_pattern_list("b", "!*,a", 0), -1); | ||
| 73 | TEST_DONE(); | ||
| 74 | |||
| 75 | TEST_START("match_pattern_list lowercase"); | ||
| 76 | ASSERT_INT_EQ(match_pattern_list("abc", "ABC", 0), 0); | ||
| 77 | ASSERT_INT_EQ(match_pattern_list("ABC", "abc", 0), 0); | ||
| 78 | ASSERT_INT_EQ(match_pattern_list("abc", "ABC", 1), 1); | ||
| 79 | ASSERT_INT_EQ(match_pattern_list("ABC", "abc", 1), 0); | ||
| 80 | TEST_DONE(); | ||
| 81 | |||
| 82 | TEST_START("addr_match_list"); | ||
| 83 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.1/44"), -2); | ||
| 84 | ASSERT_INT_EQ(addr_match_list(NULL, "127.0.0.1/44"), -2); | ||
| 85 | ASSERT_INT_EQ(addr_match_list("a", "*"), 0); | ||
| 86 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "*"), 1); | ||
| 87 | ASSERT_INT_EQ(addr_match_list(NULL, "*"), 0); | ||
| 88 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.1"), 1); | ||
| 89 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.2"), 0); | ||
| 90 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.1"), -1); | ||
| 91 | /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2"), 1); */ | ||
| 92 | ASSERT_INT_EQ(addr_match_list("127.0.0.255", "127.0.0.0/24"), 1); | ||
| 93 | ASSERT_INT_EQ(addr_match_list("127.0.1.1", "127.0.0.0/24"), 0); | ||
| 94 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.0/24"), 1); | ||
| 95 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.1.0/24"), 0); | ||
| 96 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.0/24"), -1); | ||
| 97 | /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.1.0/24"), 1); */ | ||
| 98 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,!127.0.0.1"), -1); | ||
| 99 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.1,10.0.0.1"), -1); | ||
| 100 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,127.0.0.2"), 0); | ||
| 101 | ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.2,10.0.0.1"), 0); | ||
| 102 | /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,!127.0.0.2"), 1); */ | ||
| 103 | /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */ | ||
| 104 | TEST_DONE(); | ||
| 105 | |||
| 106 | /* | ||
| 107 | * XXX TODO | ||
| 108 | * int match_host_and_ip(const char *, const char *, const char *); | ||
| 109 | * int match_user(const char *, const char *, const char *, const char *); | ||
| 110 | * char *match_list(const char *, const char *, u_int *); | ||
| 111 | * int addr_match_cidr_list(const char *, const char *); | ||
| 112 | */ | ||
| 113 | } | ||
diff --git a/regress/unittests/sshbuf/Makefile b/regress/unittests/sshbuf/Makefile index 85f99ac38..69b27566b 100644 --- a/regress/unittests/sshbuf/Makefile +++ b/regress/unittests/sshbuf/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2014/04/30 05:32:00 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.5 2016/11/01 13:43:27 tb Exp $ |
| 2 | 2 | ||
| 3 | PROG=test_sshbuf | 3 | PROG=test_sshbuf |
| 4 | SRCS=tests.c | 4 | SRCS=tests.c |
diff --git a/regress/unittests/sshkey/Makefile b/regress/unittests/sshkey/Makefile index 1bcd26676..cfbfcf8f1 100644 --- a/regress/unittests/sshkey/Makefile +++ b/regress/unittests/sshkey/Makefile | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2014/06/24 01:14:18 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ |
| 2 | |||
| 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | ||
| 4 | 2 | ||
| 5 | PROG=test_sshkey | 3 | PROG=test_sshkey |
| 6 | SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c | 4 | SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c |
diff --git a/regress/unittests/utf8/Makefile b/regress/unittests/utf8/Makefile index 150ea2f2e..a975264fc 100644 --- a/regress/unittests/utf8/Makefile +++ b/regress/unittests/utf8/Makefile | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.2 2016/05/30 12:14:08 schwarze Exp $ | 1 | # $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ |
| 2 | |||
| 3 | TEST_ENV= "MALLOC_OPTIONS=CFGJPRSUX" | ||
| 4 | 2 | ||
| 5 | PROG=test_utf8 | 3 | PROG=test_utf8 |
| 6 | SRCS=tests.c | 4 | SRCS=tests.c |
diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c index fad2ec279..31f9fe9c3 100644 --- a/regress/unittests/utf8/tests.c +++ b/regress/unittests/utf8/tests.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tests.c,v 1.2 2016/05/30 12:05:56 schwarze Exp $ */ | 1 | /* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Regress test for the utf8.h *mprintf() API | 3 | * Regress test for the utf8.h *mprintf() API |
| 4 | * | 4 | * |
| @@ -6,10 +6,12 @@ | |||
| 6 | * and placed in the public domain. | 6 | * and placed in the public domain. |
| 7 | */ | 7 | */ |
| 8 | 8 | ||
| 9 | #include "includes.h" | ||
| 10 | |||
| 9 | #include <locale.h> | 11 | #include <locale.h> |
| 10 | #include <string.h> | 12 | #include <string.h> |
| 11 | 13 | ||
| 12 | #include "test_helper.h" | 14 | #include "../test_helper/test_helper.h" |
| 13 | 15 | ||
| 14 | #include "utf8.h" | 16 | #include "utf8.h" |
| 15 | 17 | ||
| @@ -63,7 +65,6 @@ tests(void) | |||
| 63 | TEST_DONE(); | 65 | TEST_DONE(); |
| 64 | 66 | ||
| 65 | badarg(); | 67 | badarg(); |
| 66 | one("null", NULL, 8, 6, 6, "(null)"); | ||
| 67 | one("empty", "", 2, 0, 0, ""); | 68 | one("empty", "", 2, 0, 0, ""); |
| 68 | one("ascii", "x", -2, -2, -2, "x"); | 69 | one("ascii", "x", -2, -2, -2, "x"); |
| 69 | one("newline", "a\nb", -2, -2, -2, "a\nb"); | 70 | one("newline", "a\nb", -2, -2, -2, "a\nb"); |