11 files changed, 413 insertions, 25 deletions
diff --git a/regress/Makefile b/regress/Makefile
index cf65b3630..9e98e5880 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.27 2004/02/17 08:23:20 dtucker Exp $
+#       $OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $
 REGRESS_TARGETS=        t1 t2 t3 t4 t5 t6 t7 t-exec
 tests:          $(REGRESS_TARGETS)
@@ -13,6 +13,7 @@ LTESTS= 	connect \
                proto-version \
                proto-mismatch \
                exit-status \
+                envpass \
                transfer \
                banner \
                rekey \
@@ -28,13 +29,16 @@ LTESTS= 	connect \
                agent-ptrace \
                keyscan \
                keygen-change \
+                scp \
                sftp \
                sftp-cmds \
                sftp-badcmds \
                sftp-batch \
                reconfigure \
                dynamic-forward \
-                forwarding
+                forwarding \
+                multiplex \
+                reexec
 USER!=          id -un
 CLEANFILES=     t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
@@ -42,7 +46,9 @@ CLEANFILES=	t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
                ssh_config ssh_proxy sshd_config sshd_proxy \
                rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
                rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
-                ls.copy banner.in banner.out empty.in remote_pid
+                ls.copy banner.in banner.out empty.in \
+                scp-ssh-wrapper.exe \
+                remote_pid
 #LTESTS +=      ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
diff --git a/regress/README.regress b/regress/README.regress
index 6ff032b68..0c07c9cf1 100644
--- a/regress/README.regress
+++ b/regress/README.regress
@@ -27,15 +27,26 @@ TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
 TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
        SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
 OBJ: used by test scripts to access build dir.
+TEST_SHELL: shell used for running the test scripts.
+TEST_SSH_PORT: TCP port to be used for the listening tests.
+TEST_SSH_SSH_CONFOTPS: Configuration directives to be added to ssh_config
+        before running each test.
+TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config
+        before running each test.
 Individual tests.
-You can invoke test-exec.sh directly if you set up the path to find the
+You can run an individual test from the top-level Makefile, eg:
-binaries under test and the test scripts themselves, for example:
+$ make tests LTESTS=agent-timeout
+If you need to manipulate the environment more you can invoke test-exec.sh
+directly if you set up the path to find the binaries under test and the
+test scripts themselves, for example:
 $ cd regress
-$ PATH=`pwd`/..:$PATH:. sh test-exec.sh `pwd` agent-timeout.sh
+$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
+    agent-timeout.sh
 ok agent timeout test
@@ -82,16 +93,12 @@ Failed tests can be difficult to diagnose. Suggestions:
 Known Issues.
- If you build with tcpwrappers and try to run the regression tests,
-  your hosts.allow must permit connections from localhost and from
-  "unknown".  This is because some tests are performed via the loopback
-  interface, while others are done with "sshd -i" as a ProxyCommand.  In
-  the latter case, when sshd calls getpeername() on the socket it will
-  fail (because it's not a tcp socket) and will be identified as
-  "unknown", which is then checked against tcpwrappers.
 - If your build requires ssh-rand-helper regress tests will fail
  unless ssh-rand-helper is in pre-installed (the path to
  ssh-rand-helper is hard coded).
-$Id: README.regress,v 1.4 2004/03/08 20:12:18 tim Exp $
+- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
+  test to fail.  The old behaviour can be restored by setting (and
+  exporting) _POSIX2_VERSION=199209 before running the tests.
+$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh
index 3a6e5c1ef..392fc1978 100644
--- a/regress/dynamic-forward.sh
+++ b/regress/dynamic-forward.sh
@@ -3,8 +3,8 @@
 tid="dynamic forwarding"
-PORT=4242
+FWDPORT=`expr $PORT + 1`
-FWDPORT=4243
 DATA=/bin/ls${EXEEXT}
 if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then
diff --git a/regress/envpass.sh b/regress/envpass.sh
new file mode 100644
index 000000000..5a7e178d8
--- /dev/null
+++ b/regress/envpass.sh
@@ -0,0 +1,51 @@
+#       $OpenBSD: envpass.sh,v 1.3 2004/06/22 22:42:02 dtucker Exp $
+#       Placed in the Public Domain.
+tid="environment passing"
+# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
+trace "pass env, don't accept"
+verbose "test $tid: pass env, don't accept"
+_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
+        sh << 'EOF'
+        test -z "$_TEST_ENV"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+        fail "environment found"
+fi
+trace "don't pass env, accept"
+verbose "test $tid: don't pass env, accept"
+${SSH} -F $OBJ/ssh_proxy otherhost \
+        sh << 'EOF'
+        test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+        fail "environment found"
+fi
+trace "pass single env, accept single env"
+verbose "test $tid: pass single env, accept single env"
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
+        sh << 'EOF'
+        test X"$_XXX_TEST" = X"blah"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+        fail "environment not found"
+fi
+trace "pass multiple env, accept multiple env"
+verbose "test $tid: pass multiple env, accept multiple env"
+_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
+    -F $OBJ/ssh_proxy otherhost \
+        sh << 'EOF'
+        test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+        fail "environment not found"
+fi
diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh
index dfc6e6b44..ce6edade5 100644
--- a/regress/login-timeout.sh
+++ b/regress/login-timeout.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: login-timeout.sh,v 1.1 2004/02/17 08:23:20 dtucker Exp $
+#       $OpenBSD: login-timeout.sh,v 1.3 2004/03/08 10:17:12 dtucker Exp $
 #       Placed in the Public Domain.
 tid="connect after login grace timeout"
@@ -15,7 +15,7 @@ if [ $? -ne 0 ]; then
        fail "ssh connect after login grace timeout failed with privsep"
 fi
-kill `cat $PIDFILE`
+$SUDO kill `cat $PIDFILE`
 trace "test login grace without privsep"
 echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config
diff --git a/regress/multiplex.sh b/regress/multiplex.sh
new file mode 100644
index 000000000..dbf2025be
--- /dev/null
+++ b/regress/multiplex.sh
@@ -0,0 +1,74 @@
+#       $OpenBSD: multiplex.sh,v 1.8 2004/06/22 03:12:13 markus Exp $
+#       Placed in the Public Domain.
+CTL=$OBJ/ctl-sock
+tid="connection multiplexing"
+DATA=/bin/ls${EXEEXT}
+COPY=$OBJ/ls.copy
+start_sshd
+trace "start master, fork to background"
+${SSH} -2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -f somehost sleep 120
+verbose "test $tid: envpass"
+trace "env passing over multiplexed connection"
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -S$CTL otherhost sh << 'EOF'
+        test X"$_XXX_TEST" = X"blah"
+EOF
+if [ $? -ne 0 ]; then
+        fail "environment not found"
+fi
+verbose "test $tid: transfer"
+rm -f ${COPY}
+trace "ssh transfer over multiplexed connection and check result"
+${SSH} -S$CTL otherhost cat ${DATA} > ${COPY}
+test -f ${COPY}                 || fail "ssh -Sctl: failed copy ${DATA}" 
+cmp ${DATA} ${COPY}             || fail "ssh -Sctl: corrupted copy of ${DATA}"
+rm -f ${COPY}
+trace "ssh transfer over multiplexed connection and check result"
+${SSH} -S $CTL otherhost cat ${DATA} > ${COPY}
+test -f ${COPY}                 || fail "ssh -S ctl: failed copy ${DATA}" 
+cmp ${DATA} ${COPY}             || fail "ssh -S ctl: corrupted copy of ${DATA}"
+rm -f ${COPY}
+trace "sftp transfer over multiplexed connection and check result"
+echo "get ${DATA} ${COPY}" | \
+        ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >/dev/null 2>&1
+test -f ${COPY}                 || fail "sftp: failed copy ${DATA}" 
+cmp ${DATA} ${COPY}             || fail "sftp: corrupted copy of ${DATA}"
+rm -f ${COPY}
+trace "scp transfer over multiplexed connection and check result"
+${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >/dev/null 2>&1
+test -f ${COPY}                 || fail "scp: failed copy ${DATA}" 
+cmp ${DATA} ${COPY}             || fail "scp: corrupted copy of ${DATA}"
+rm -f ${COPY}
+for s in 0 1 4 5 44; do
+        trace "exit status $s over multiplexed connection"
+        verbose "test $tid: status $s"
+        ${SSH} -S $CTL otherhost exit $s
+        r=$?
+        if [ $r -ne $s ]; then
+                fail "exit code mismatch for protocol $p: $r != $s"
+        fi
+        # same with early close of stdout/err
+        trace "exit status $s with early close over multiplexed connection"
+        ${SSH} -S $CTL -n otherhost \
+                exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
+        r=$?
+        if [ $r -ne $s ]; then
+                fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
+        fi
+done
+# kill master, remove control socket.  ssh -MS will exit when sleep exits
+$SUDO kill `cat $PIDFILE`
+rm -f $CTL
diff --git a/regress/reexec.sh b/regress/reexec.sh
new file mode 100644
index 000000000..39fffefbc
--- /dev/null
+++ b/regress/reexec.sh
@@ -0,0 +1,87 @@
+#       $OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $
+#       Placed in the Public Domain.
+tid="reexec tests"
+DATA=/bin/ls
+COPY=${OBJ}/copy
+SSHD_ORIG=$SSHD
+SSHD_COPY=$OBJ/sshd.copy
+# Start a sshd and then delete it
+start_sshd_copy_zap ()
+{
+        cp $SSHD_ORIG $SSHD_COPY
+        SSHD=$SSHD_COPY
+        start_sshd
+        rm -f $SSHD_COPY
+        SSHD=$SSHD_ORIG
+}
+verbose "test config passing"
+cp $OBJ/sshd_config $OBJ/sshd_config.orig
+start_sshd
+echo "InvalidXXX=no" >> $OBJ/sshd_config
+rm -f ${COPY}
+for p in 1 2; do
+        verbose "$tid: proto $p"
+        ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+            cat ${DATA} > ${COPY}
+        if [ $? -ne 0 ]; then
+                fail "ssh cat $DATA failed"
+        fi
+        cmp ${DATA} ${COPY}             || fail "corrupted copy"
+        rm -f ${COPY}
+done
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+verbose "test reexec fallback"
+start_sshd_copy_zap
+rm -f ${COPY}
+for p in 1 2; do
+        verbose "$tid: proto $p"
+        ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+            cat ${DATA} > ${COPY}
+        if [ $? -ne 0 ]; then
+                fail "ssh cat $DATA failed"
+        fi
+        cmp ${DATA} ${COPY}             || fail "corrupted copy"
+        rm -f ${COPY}
+done
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+verbose "test reexec fallback without privsep"
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config
+start_sshd_copy_zap
+rm -f ${COPY}
+for p in 1 2; do
+        verbose "$tid: proto $p"
+        ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+            cat ${DATA} > ${COPY}
+        if [ $? -ne 0 ]; then
+                fail "ssh cat $DATA failed"
+        fi
+        cmp ${DATA} ${COPY}             || fail "corrupted copy"
+        rm -f ${COPY}
+done
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh
new file mode 100644
index 000000000..8e4314773
--- /dev/null
+++ b/regress/scp-ssh-wrapper.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+#       $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $
+#       Placed in the Public Domain.
+printname () {
+        NAME=$1
+        save_IFS=$IFS
+        IFS=/
+        set -- `echo "$NAME"`
+        IFS="$save_IFS"
+        while [ $# -ge 1 ] ; do
+                if [ "x$1" != "x" ]; then
+                        echo "D0755 0 $1"
+                fi
+                shift;
+        done
+}
+# discard first 5 args
+shift; shift; shift; shift; shift
+BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
+case "$SCPTESTMODE" in
+badserver_0)
+        echo "D0755 0 /${DIR}/rootpathdir"
+        echo "C755 2 rootpathfile"
+        echo "X"
+        ;;
+badserver_1)
+        echo "D0755 0 $BAD"
+        echo "C755 2 file"
+        echo "X"
+        ;;
+badserver_2)
+        echo "D0755 0 $BAD"
+        echo "C755 2 file"
+        echo "X"
+        ;;
+badserver_3)
+        printname $BAD
+        echo "C755 2 file"
+        echo "X"
+        ;;
+badserver_4)
+        printname $BAD
+        echo "D0755 0 .."
+        echo "C755 2 file"
+        echo "X"
+        ;;
+*)
+        exec $1
+        ;;
+esac
diff --git a/regress/scp.sh b/regress/scp.sh
new file mode 100644
index 000000000..703cc0893
--- /dev/null
+++ b/regress/scp.sh
@@ -0,0 +1,82 @@
+#       $OpenBSD: scp.sh,v 1.2 2004/06/16 13:15:09 dtucker Exp $
+#       Placed in the Public Domain.
+tid="scp"
+#set -x
+# Figure out if diff understands "-N"
+if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then
+        DIFFOPT="-rN"
+else
+        DIFFOPT="-r"
+fi
+DATA=/bin/ls
+COPY=${OBJ}/copy
+COPY2=${OBJ}/copy2
+DIR=${COPY}.dd
+DIR2=${COPY}.dd2
+SRC=`dirname ${SCRIPT}`
+cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.exe
+chmod 755 ${OBJ}/scp-ssh-wrapper.exe
+scpopts="-q -S ${OBJ}/scp-ssh-wrapper.exe"
+scpclean() {
+        rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
+        mkdir ${DIR} ${DIR2}
+}
+verbose "$tid: simple copy local file to remote file"
+scpclean
+$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+verbose "$tid: simple copy remote file to local file"
+scpclean
+$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+verbose "$tid: simple copy local file to remote dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+verbose "$tid: simple copy remote file to local dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+verbose "$tid: recursive local dir to remote dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+verbose "$tid: recursive remote dir to local dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+for i in 0 1 2 3 4; do
+        verbose "$tid: disallow bad server #$i"
+        SCPTESTMODE=badserver_$i
+        export DIR SCPTESTMODE
+        scpclean
+        $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null
+        [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir"
+        [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode"
+        scpclean
+        $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+        [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
+done
+scpclean
+rm -f ${OBJ}/scp-ssh-wrapper.exe
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 986d99287..70250acd7 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,9 +1,14 @@
-#       $OpenBSD: test-exec.sh,v 1.15 2004/02/24 16:56:30 markus Exp $
+#       $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $
 #       Placed in the Public Domain.
-PORT=4242
 #SUDO=sudo
+if [ ! -z "$TEST_SSH_PORT" ]; then
+        PORT="$TEST_SSH_PORT"
+else
+        PORT=4242
+fi
 if [ -x /usr/ucb/whoami ]; then
        USER=`/usr/ucb/whoami`
 elif whoami >/dev/null 2>&1; then
@@ -47,6 +52,7 @@ SSHKEYGEN=ssh-keygen
 SSHKEYSCAN=ssh-keyscan
 SFTP=sftp
 SFTPSERVER=/usr/libexec/openssh/sftp-server
+SCP=scp
 if [ "x$TEST_SSH_SSH" != "x" ]; then
        SSH="${TEST_SSH_SSH}"
@@ -72,10 +78,16 @@ fi
 if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
        SFTPSERVER="${TEST_SSH_SFTPSERVER}"
 fi
+if [ "x$TEST_SSH_SCP" != "x" ]; then
+        SCP="${TEST_SSH_SCP}"
+fi
+# Path to sshd must be absolute for rexec
+SSHD=`which sshd`
 # these should be used in tests
-export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER
+export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
-#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER
+#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
 # helper
 echon()
@@ -156,15 +168,23 @@ trap fatal 3 2
 # create server config
 cat << EOF > $OBJ/sshd_config
+        StrictModes             no
        Port                    $PORT
        ListenAddress           127.0.0.1
        #ListenAddress          ::1
        PidFile                 $PIDFILE
        AuthorizedKeysFile      $OBJ/authorized_keys_%u
        LogLevel                QUIET
-        StrictModes             no
+        AcceptEnv               _XXX_TEST_*
+        AcceptEnv               _XXX_TEST
+        Subsystem       sftp    $SFTPSERVER
 EOF
+if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
+        trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
+        echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
+fi
 # server config for proxy connects
 cp $OBJ/sshd_config $OBJ/sshd_proxy
@@ -190,6 +210,11 @@ Host *
        StrictHostKeyChecking   yes
 EOF
+if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
+        trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
+        echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
+fi
 rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
 trace "generate keys"
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh
index 15827e250..c6e1b9152 100644
--- a/regress/try-ciphers.sh
+++ b/regress/try-ciphers.sh
@@ -29,8 +29,10 @@ for c in $ciphers; do
        fi
 done
-if ! ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
+if ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
 then
+        :
+else
 echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy
 c=acss@openssh.org

diff --git a/regress/Makefile b/regress/Makefile index cf65b3630..9e98e5880 100644 --- a/regress/Makefile +++ b/regress/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.27 2004/02/17 08:23:20 dtucker Exp $	1	# $OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $
2		2
3	REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec	3	REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec
4	tests: $(REGRESS_TARGETS)	4	tests: $(REGRESS_TARGETS)
@@ -13,6 +13,7 @@ LTESTS= connect \
13	proto-version \	13	proto-version \
14	proto-mismatch \	14	proto-mismatch \
15	exit-status \	15	exit-status \
		16	envpass \
16	transfer \	17	transfer \
17	banner \	18	banner \
18	rekey \	19	rekey \
@@ -28,13 +29,16 @@ LTESTS= connect \
28	agent-ptrace \	29	agent-ptrace \
29	keyscan \	30	keyscan \
30	keygen-change \	31	keygen-change \
		32	scp \
31	sftp \	33	sftp \
32	sftp-cmds \	34	sftp-cmds \
33	sftp-badcmds \	35	sftp-badcmds \
34	sftp-batch \	36	sftp-batch \
35	reconfigure \	37	reconfigure \
36	dynamic-forward \	38	dynamic-forward \
37	forwarding	39	forwarding \
		40	multiplex \
		41	reexec
38		42
39	USER!= id -un	43	USER!= id -un
40	CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \	44	CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
@@ -42,7 +46,9 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
42	ssh_config ssh_proxy sshd_config sshd_proxy \	46	ssh_config ssh_proxy sshd_config sshd_proxy \
43	rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \	47	rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
44	rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \	48	rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
45	ls.copy banner.in banner.out empty.in remote_pid	49	ls.copy banner.in banner.out empty.in \
		50	scp-ssh-wrapper.exe \
		51	remote_pid
46		52
47	#LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp	53	#LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
48		54


diff --git a/regress/README.regress b/regress/README.regress index 6ff032b68..0c07c9cf1 100644 --- a/regress/README.regress +++ b/regress/README.regress
@@ -27,15 +27,26 @@ TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
27	TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD	27	TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
28	SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER	28	SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
29	OBJ: used by test scripts to access build dir.	29	OBJ: used by test scripts to access build dir.
		30	TEST_SHELL: shell used for running the test scripts.
		31	TEST_SSH_PORT: TCP port to be used for the listening tests.
		32	TEST_SSH_SSH_CONFOTPS: Configuration directives to be added to ssh_config
		33	before running each test.
		34	TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config
		35	before running each test.
30		36
31		37
32	Individual tests.	38	Individual tests.
33		39
34	You can invoke test-exec.sh directly if you set up the path to find the	40	You can run an individual test from the top-level Makefile, eg:
35	binaries under test and the test scripts themselves, for example:	41	$ make tests LTESTS=agent-timeout
		42
		43	If you need to manipulate the environment more you can invoke test-exec.sh
		44	directly if you set up the path to find the binaries under test and the
		45	test scripts themselves, for example:
36		46
37	$ cd regress	47	$ cd regress
38	$ PATH=`pwd`/..:$PATH:. sh test-exec.sh `pwd` agent-timeout.sh	48	$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
		49	agent-timeout.sh
39	ok agent timeout test	50	ok agent timeout test
40		51
41		52
@@ -82,16 +93,12 @@ Failed tests can be difficult to diagnose. Suggestions:
82		93
83	Known Issues.	94	Known Issues.
84		95
85	- If you build with tcpwrappers and try to run the regression tests,
86	your hosts.allow must permit connections from localhost and from
87	"unknown". This is because some tests are performed via the loopback
88	interface, while others are done with "sshd -i" as a ProxyCommand. In
89	the latter case, when sshd calls getpeername() on the socket it will
90	fail (because it's not a tcp socket) and will be identified as
91	"unknown", which is then checked against tcpwrappers.
92
93	- If your build requires ssh-rand-helper regress tests will fail	96	- If your build requires ssh-rand-helper regress tests will fail
94	unless ssh-rand-helper is in pre-installed (the path to	97	unless ssh-rand-helper is in pre-installed (the path to
95	ssh-rand-helper is hard coded).	98	ssh-rand-helper is hard coded).
96		99
97	$Id: README.regress,v 1.4 2004/03/08 20:12:18 tim Exp $	100	- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
		101	test to fail. The old behaviour can be restored by setting (and
		102	exporting) _POSIX2_VERSION=199209 before running the tests.
		103
		104	$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $


diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index 3a6e5c1ef..392fc1978 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh
@@ -3,8 +3,8 @@
3		3
4	tid="dynamic forwarding"	4	tid="dynamic forwarding"
5		5
6	PORT=4242	6	FWDPORT=`expr $PORT + 1`
7	FWDPORT=4243	7
8	DATA=/bin/ls${EXEEXT}	8	DATA=/bin/ls${EXEEXT}
9		9
10	if have_prog nc && nc -h 2>&1 \| grep "proxy address" >/dev/null; then	10	if have_prog nc && nc -h 2>&1 \| grep "proxy address" >/dev/null; then


diff --git a/regress/envpass.sh b/regress/envpass.sh new file mode 100644 index 000000000..5a7e178d8 --- /dev/null +++ b/regress/envpass.sh
@@ -0,0 +1,51 @@
		1	# $OpenBSD: envpass.sh,v 1.3 2004/06/22 22:42:02 dtucker Exp $
		2	# Placed in the Public Domain.
		3
		4	tid="environment passing"
		5
		6	# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
		7
		8	trace "pass env, don't accept"
		9	verbose "test $tid: pass env, don't accept"
		10	_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
		11	sh << 'EOF'
		12	test -z "$_TEST_ENV"
		13	EOF
		14	r=$?
		15	if [ $r -ne 0 ]; then
		16	fail "environment found"
		17	fi
		18
		19	trace "don't pass env, accept"
		20	verbose "test $tid: don't pass env, accept"
		21	${SSH} -F $OBJ/ssh_proxy otherhost \
		22	sh << 'EOF'
		23	test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B"
		24	EOF
		25	r=$?
		26	if [ $r -ne 0 ]; then
		27	fail "environment found"
		28	fi
		29
		30	trace "pass single env, accept single env"
		31	verbose "test $tid: pass single env, accept single env"
		32	_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
		33	sh << 'EOF'
		34	test X"$_XXX_TEST" = X"blah"
		35	EOF
		36	r=$?
		37	if [ $r -ne 0 ]; then
		38	fail "environment not found"
		39	fi
		40
		41	trace "pass multiple env, accept multiple env"
		42	verbose "test $tid: pass multiple env, accept multiple env"
		43	_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
		44	-F $OBJ/ssh_proxy otherhost \
		45	sh << 'EOF'
		46	test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2"
		47	EOF
		48	r=$?
		49	if [ $r -ne 0 ]; then
		50	fail "environment not found"
		51	fi


diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh index dfc6e6b44..ce6edade5 100644 --- a/regress/login-timeout.sh +++ b/regress/login-timeout.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: login-timeout.sh,v 1.1 2004/02/17 08:23:20 dtucker Exp $	1	# $OpenBSD: login-timeout.sh,v 1.3 2004/03/08 10:17:12 dtucker Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="connect after login grace timeout"	4	tid="connect after login grace timeout"
@@ -15,7 +15,7 @@ if [ $? -ne 0 ]; then
15	fail "ssh connect after login grace timeout failed with privsep"	15	fail "ssh connect after login grace timeout failed with privsep"
16	fi	16	fi
17		17
18	kill `cat $PIDFILE`	18	$SUDO kill `cat $PIDFILE`
19		19
20	trace "test login grace without privsep"	20	trace "test login grace without privsep"
21	echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config	21	echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config


diff --git a/regress/multiplex.sh b/regress/multiplex.sh new file mode 100644 index 000000000..dbf2025be --- /dev/null +++ b/regress/multiplex.sh
@@ -0,0 +1,74 @@
		1	# $OpenBSD: multiplex.sh,v 1.8 2004/06/22 03:12:13 markus Exp $
		2	# Placed in the Public Domain.
		3
		4	CTL=$OBJ/ctl-sock
		5
		6	tid="connection multiplexing"
		7
		8	DATA=/bin/ls${EXEEXT}
		9	COPY=$OBJ/ls.copy
		10
		11	start_sshd
		12
		13	trace "start master, fork to background"
		14	${SSH} -2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -f somehost sleep 120
		15
		16	verbose "test $tid: envpass"
		17	trace "env passing over multiplexed connection"
		18	_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -S$CTL otherhost sh << 'EOF'
		19	test X"$_XXX_TEST" = X"blah"
		20	EOF
		21	if [ $? -ne 0 ]; then
		22	fail "environment not found"
		23	fi
		24
		25	verbose "test $tid: transfer"
		26	rm -f ${COPY}
		27	trace "ssh transfer over multiplexed connection and check result"
		28	${SSH} -S$CTL otherhost cat ${DATA} > ${COPY}
		29	test -f ${COPY} \|\| fail "ssh -Sctl: failed copy ${DATA}"
		30	cmp ${DATA} ${COPY} \|\| fail "ssh -Sctl: corrupted copy of ${DATA}"
		31
		32	rm -f ${COPY}
		33	trace "ssh transfer over multiplexed connection and check result"
		34	${SSH} -S $CTL otherhost cat ${DATA} > ${COPY}
		35	test -f ${COPY} \|\| fail "ssh -S ctl: failed copy ${DATA}"
		36	cmp ${DATA} ${COPY} \|\| fail "ssh -S ctl: corrupted copy of ${DATA}"
		37
		38	rm -f ${COPY}
		39	trace "sftp transfer over multiplexed connection and check result"
		40	echo "get ${DATA} ${COPY}" \| \
		41	${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >/dev/null 2>&1
		42	test -f ${COPY} \|\| fail "sftp: failed copy ${DATA}"
		43	cmp ${DATA} ${COPY} \|\| fail "sftp: corrupted copy of ${DATA}"
		44
		45	rm -f ${COPY}
		46	trace "scp transfer over multiplexed connection and check result"
		47	${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >/dev/null 2>&1
		48	test -f ${COPY} \|\| fail "scp: failed copy ${DATA}"
		49	cmp ${DATA} ${COPY} \|\| fail "scp: corrupted copy of ${DATA}"
		50
		51	rm -f ${COPY}
		52
		53	for s in 0 1 4 5 44; do
		54	trace "exit status $s over multiplexed connection"
		55	verbose "test $tid: status $s"
		56	${SSH} -S $CTL otherhost exit $s
		57	r=$?
		58	if [ $r -ne $s ]; then
		59	fail "exit code mismatch for protocol $p: $r != $s"
		60	fi
		61
		62	# same with early close of stdout/err
		63	trace "exit status $s with early close over multiplexed connection"
		64	${SSH} -S $CTL -n otherhost \
		65	exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
		66	r=$?
		67	if [ $r -ne $s ]; then
		68	fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
		69	fi
		70	done
		71
		72	# kill master, remove control socket. ssh -MS will exit when sleep exits
		73	$SUDO kill `cat $PIDFILE`
		74	rm -f $CTL


diff --git a/regress/reexec.sh b/regress/reexec.sh new file mode 100644 index 000000000..39fffefbc --- /dev/null +++ b/regress/reexec.sh
@@ -0,0 +1,87 @@
		1	# $OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $
		2	# Placed in the Public Domain.
		3
		4	tid="reexec tests"
		5
		6	DATA=/bin/ls
		7	COPY=${OBJ}/copy
		8	SSHD_ORIG=$SSHD
		9	SSHD_COPY=$OBJ/sshd.copy
		10
		11	# Start a sshd and then delete it
		12	start_sshd_copy_zap ()
		13	{
		14	cp $SSHD_ORIG $SSHD_COPY
		15	SSHD=$SSHD_COPY
		16	start_sshd
		17	rm -f $SSHD_COPY
		18	SSHD=$SSHD_ORIG
		19	}
		20
		21	verbose "test config passing"
		22	cp $OBJ/sshd_config $OBJ/sshd_config.orig
		23
		24	start_sshd
		25
		26	echo "InvalidXXX=no" >> $OBJ/sshd_config
		27
		28	rm -f ${COPY}
		29	for p in 1 2; do
		30	verbose "$tid: proto $p"
		31	${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
		32	cat ${DATA} > ${COPY}
		33	if [ $? -ne 0 ]; then
		34	fail "ssh cat $DATA failed"
		35	fi
		36	cmp ${DATA} ${COPY} \|\| fail "corrupted copy"
		37	rm -f ${COPY}
		38	done
		39
		40	$SUDO kill `cat $PIDFILE`
		41	rm -f $PIDFILE
		42
		43	cp $OBJ/sshd_config.orig $OBJ/sshd_config
		44
		45	verbose "test reexec fallback"
		46
		47	start_sshd_copy_zap
		48
		49	rm -f ${COPY}
		50	for p in 1 2; do
		51	verbose "$tid: proto $p"
		52	${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
		53	cat ${DATA} > ${COPY}
		54	if [ $? -ne 0 ]; then
		55	fail "ssh cat $DATA failed"
		56	fi
		57	cmp ${DATA} ${COPY} \|\| fail "corrupted copy"
		58	rm -f ${COPY}
		59	done
		60
		61	$SUDO kill `cat $PIDFILE`
		62	rm -f $PIDFILE
		63
		64	verbose "test reexec fallback without privsep"
		65
		66	cp $OBJ/sshd_config.orig $OBJ/sshd_config
		67	echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config
		68
		69	start_sshd_copy_zap
		70
		71	rm -f ${COPY}
		72	for p in 1 2; do
		73	verbose "$tid: proto $p"
		74	${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
		75	cat ${DATA} > ${COPY}
		76	if [ $? -ne 0 ]; then
		77	fail "ssh cat $DATA failed"
		78	fi
		79	cmp ${DATA} ${COPY} \|\| fail "corrupted copy"
		80	rm -f ${COPY}
		81	done
		82
		83	$SUDO kill `cat $PIDFILE`
		84	rm -f $PIDFILE
		85
		86	cp $OBJ/sshd_config.orig $OBJ/sshd_config
		87


diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh new file mode 100644 index 000000000..8e4314773 --- /dev/null +++ b/regress/scp-ssh-wrapper.sh
@@ -0,0 +1,54 @@
		1	#!/bin/sh
		2	# $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $
		3	# Placed in the Public Domain.
		4
		5	printname () {
		6	NAME=$1
		7	save_IFS=$IFS
		8	IFS=/
		9	set -- `echo "$NAME"`
		10	IFS="$save_IFS"
		11	while [ $# -ge 1 ] ; do
		12	if [ "x$1" != "x" ]; then
		13	echo "D0755 0 $1"
		14	fi
		15	shift;
		16	done
		17	}
		18
		19	# discard first 5 args
		20	shift; shift; shift; shift; shift
		21
		22	BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
		23
		24	case "$SCPTESTMODE" in
		25	badserver_0)
		26	echo "D0755 0 /${DIR}/rootpathdir"
		27	echo "C755 2 rootpathfile"
		28	echo "X"
		29	;;
		30	badserver_1)
		31	echo "D0755 0 $BAD"
		32	echo "C755 2 file"
		33	echo "X"
		34	;;
		35	badserver_2)
		36	echo "D0755 0 $BAD"
		37	echo "C755 2 file"
		38	echo "X"
		39	;;
		40	badserver_3)
		41	printname $BAD
		42	echo "C755 2 file"
		43	echo "X"
		44	;;
		45	badserver_4)
		46	printname $BAD
		47	echo "D0755 0 .."
		48	echo "C755 2 file"
		49	echo "X"
		50	;;
		51	*)
		52	exec $1
		53	;;
		54	esac


diff --git a/regress/scp.sh b/regress/scp.sh new file mode 100644 index 000000000..703cc0893 --- /dev/null +++ b/regress/scp.sh
@@ -0,0 +1,82 @@
		1	# $OpenBSD: scp.sh,v 1.2 2004/06/16 13:15:09 dtucker Exp $
		2	# Placed in the Public Domain.
		3
		4	tid="scp"
		5
		6	#set -x
		7
		8	# Figure out if diff understands "-N"
		9	if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then
		10	DIFFOPT="-rN"
		11	else
		12	DIFFOPT="-r"
		13	fi
		14
		15	DATA=/bin/ls
		16	COPY=${OBJ}/copy
		17	COPY2=${OBJ}/copy2
		18	DIR=${COPY}.dd
		19	DIR2=${COPY}.dd2
		20
		21	SRC=`dirname ${SCRIPT}`
		22	cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.exe
		23	chmod 755 ${OBJ}/scp-ssh-wrapper.exe
		24	scpopts="-q -S ${OBJ}/scp-ssh-wrapper.exe"
		25
		26	scpclean() {
		27	rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
		28	mkdir ${DIR} ${DIR2}
		29	}
		30
		31	verbose "$tid: simple copy local file to remote file"
		32	scpclean
		33	$SCP $scpopts ${DATA} somehost:${COPY} \|\| fail "copy failed"
		34	cmp ${DATA} ${COPY} \|\| fail "corrupted copy"
		35
		36	verbose "$tid: simple copy remote file to local file"
		37	scpclean
		38	$SCP $scpopts somehost:${DATA} ${COPY} \|\| fail "copy failed"
		39	cmp ${DATA} ${COPY} \|\| fail "corrupted copy"
		40
		41	verbose "$tid: simple copy local file to remote dir"
		42	scpclean
		43	cp ${DATA} ${COPY}
		44	$SCP $scpopts ${COPY} somehost:${DIR} \|\| fail "copy failed"
		45	cmp ${COPY} ${DIR}/copy \|\| fail "corrupted copy"
		46
		47	verbose "$tid: simple copy remote file to local dir"
		48	scpclean
		49	cp ${DATA} ${COPY}
		50	$SCP $scpopts somehost:${COPY} ${DIR} \|\| fail "copy failed"
		51	cmp ${COPY} ${DIR}/copy \|\| fail "corrupted copy"
		52
		53	verbose "$tid: recursive local dir to remote dir"
		54	scpclean
		55	rm -rf ${DIR2}
		56	cp ${DATA} ${DIR}/copy
		57	$SCP $scpopts -r ${DIR} somehost:${DIR2} \|\| fail "copy failed"
		58	diff ${DIFFOPT} ${DIR} ${DIR2} \|\| fail "corrupted copy"
		59
		60	verbose "$tid: recursive remote dir to local dir"
		61	scpclean
		62	rm -rf ${DIR2}
		63	cp ${DATA} ${DIR}/copy
		64	$SCP $scpopts -r somehost:${DIR} ${DIR2} \|\| fail "copy failed"
		65	diff ${DIFFOPT} ${DIR} ${DIR2} \|\| fail "corrupted copy"
		66
		67	for i in 0 1 2 3 4; do
		68	verbose "$tid: disallow bad server #$i"
		69	SCPTESTMODE=badserver_$i
		70	export DIR SCPTESTMODE
		71	scpclean
		72	$SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null
		73	[ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir"
		74	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode"
		75
		76	scpclean
		77	$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
		78	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
		79	done
		80
		81	scpclean
		82	rm -f ${OBJ}/scp-ssh-wrapper.exe


diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 986d99287..70250acd7 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh
@@ -1,9 +1,14 @@
1	# $OpenBSD: test-exec.sh,v 1.15 2004/02/24 16:56:30 markus Exp $	1	# $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	PORT=4242
5	#SUDO=sudo	4	#SUDO=sudo
6		5
		6	if [ ! -z "$TEST_SSH_PORT" ]; then
		7	PORT="$TEST_SSH_PORT"
		8	else
		9	PORT=4242
		10	fi
		11
7	if [ -x /usr/ucb/whoami ]; then	12	if [ -x /usr/ucb/whoami ]; then
8	USER=`/usr/ucb/whoami`	13	USER=`/usr/ucb/whoami`
9	elif whoami >/dev/null 2>&1; then	14	elif whoami >/dev/null 2>&1; then
@@ -47,6 +52,7 @@ SSHKEYGEN=ssh-keygen
47	SSHKEYSCAN=ssh-keyscan	52	SSHKEYSCAN=ssh-keyscan
48	SFTP=sftp	53	SFTP=sftp
49	SFTPSERVER=/usr/libexec/openssh/sftp-server	54	SFTPSERVER=/usr/libexec/openssh/sftp-server
		55	SCP=scp
50		56
51	if [ "x$TEST_SSH_SSH" != "x" ]; then	57	if [ "x$TEST_SSH_SSH" != "x" ]; then
52	SSH="${TEST_SSH_SSH}"	58	SSH="${TEST_SSH_SSH}"
@@ -72,10 +78,16 @@ fi
72	if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then	78	if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
73	SFTPSERVER="${TEST_SSH_SFTPSERVER}"	79	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
74	fi	80	fi
		81	if [ "x$TEST_SSH_SCP" != "x" ]; then
		82	SCP="${TEST_SSH_SCP}"
		83	fi
		84
		85	# Path to sshd must be absolute for rexec
		86	SSHD=`which sshd`
75		87
76	# these should be used in tests	88	# these should be used in tests
77	export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER	89	export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
78	#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER	90	#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
79		91
80	# helper	92	# helper
81	echon()	93	echon()
@@ -156,15 +168,23 @@ trap fatal 3 2
156		168
157	# create server config	169	# create server config
158	cat << EOF > $OBJ/sshd_config	170	cat << EOF > $OBJ/sshd_config
		171	StrictModes no
159	Port $PORT	172	Port $PORT
160	ListenAddress 127.0.0.1	173	ListenAddress 127.0.0.1
161	#ListenAddress ::1	174	#ListenAddress ::1
162	PidFile $PIDFILE	175	PidFile $PIDFILE
163	AuthorizedKeysFile $OBJ/authorized_keys_%u	176	AuthorizedKeysFile $OBJ/authorized_keys_%u
164	LogLevel QUIET	177	LogLevel QUIET
165	StrictModes no	178	AcceptEnv _XXX_TEST_*
		179	AcceptEnv _XXX_TEST
		180	Subsystem sftp $SFTPSERVER
166	EOF	181	EOF
167		182
		183	if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
		184	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
		185	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
		186	fi
		187
168	# server config for proxy connects	188	# server config for proxy connects
169	cp $OBJ/sshd_config $OBJ/sshd_proxy	189	cp $OBJ/sshd_config $OBJ/sshd_proxy
170		190
@@ -190,6 +210,11 @@ Host *
190	StrictHostKeyChecking yes	210	StrictHostKeyChecking yes
191	EOF	211	EOF
192		212
		213	if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
		214	trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
		215	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
		216	fi
		217
193	rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER	218	rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
194		219
195	trace "generate keys"	220	trace "generate keys"


diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 15827e250..c6e1b9152 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh
@@ -29,8 +29,10 @@ for c in $ciphers; do
29	fi	29	fi
30	done	30	done
31		31
32	if ! ${SSH} -oCiphers=acss@openssh.org 2>&1 \| grep "Bad SSH2 cipher" >/dev/null	32	if ${SSH} -oCiphers=acss@openssh.org 2>&1 \| grep "Bad SSH2 cipher" >/dev/null
33	then	33	then
		34	:
		35	else
34		36
35	echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy	37	echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy
36	c=acss@openssh.org	38	c=acss@openssh.org