From 75129025a2d504b630d1718fef0da002f5662f63 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 May 2013 09:19:10 +1000 Subject: - dtucker@cvs.openbsd.org 2013/04/06 06:00:22 [regress/rekey.sh regress/test-exec.sh regress/integrity.sh regress/multiplex.sh Makefile regress/cfgmatch.sh] Split the regress log into 3 parts: the debug output from ssh, the debug log from sshd and the output from the client command (ssh, scp or sftp). Somewhat functional now, will become more useful when ssh/sshd -E is added. --- regress/cfgmatch.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'regress/cfgmatch.sh') diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 0603fab64..02755d9d0 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cfgmatch.sh,v 1.6 2011/06/03 05:35:10 dtucker Exp $ +# $OpenBSD: cfgmatch.sh,v 1.7 2013/04/06 06:00:22 dtucker Exp $ # Placed in the Public Domain. tid="sshd_config match" @@ -15,7 +15,7 @@ start_client() rm -f $pidfile ${SSH} -q -$p $fwd "$@" somehost \ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ - >>$TEST_SSH_LOGFILE 2>&1 & + >>$TEST_REGRESS_LOGFILE 2>&1 & client_pid=$! # Wait for remote end n=0 -- cgit v1.2.3 From 56347efe796a0506e846621ae65562b978e45f1d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 May 2013 13:28:36 +1000 Subject: - dtucker@cvs.openbsd.org 2013/05/17 00:37:40 [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh regress/ssh-com.sh] replace 'echo -n' with 'printf' since it's more portable also remove "echon" hack. --- ChangeLog | 7 +++++++ regress/agent.sh | 4 ++-- regress/cert-hostkey.sh | 48 ++++++++++++++++++++++++------------------------ regress/cert-userkey.sh | 10 +++++----- regress/cfgmatch.sh | 6 +++--- regress/cipher-speed.sh | 2 +- regress/forcecommand.sh | 8 ++++---- regress/keytype.sh | 4 ++-- regress/proto-version.sh | 4 ++-- regress/ssh-com.sh | 4 ++-- regress/test-exec.sh | 18 +++--------------- 11 files changed, 55 insertions(+), 60 deletions(-) (limited to 'regress/cfgmatch.sh') diff --git a/ChangeLog b/ChangeLog index 2f6572779..da5495f59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,13 @@ - dtucker@cvs.openbsd.org 2013/05/16 05:48:31 [regress/rekey.sh] add tests for RekeyLimit parsing + - dtucker@cvs.openbsd.org 2013/05/17 00:37:40 + [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh + regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh + regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh + regress/ssh-com.sh] + replace 'echo -n' with 'printf' since it's more portable + also remove "echon" hack. - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it in portable and it's long gone in openbsd. - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange diff --git a/regress/agent.sh b/regress/agent.sh index 094cf694b..be7d91334 100644 --- a/regress/agent.sh +++ b/regress/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.7 2007/11/25 15:35:09 jmc Exp $ +# $OpenBSD: agent.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -19,7 +19,7 @@ else fail "ssh-add -l did not fail with exit code 1" fi trace "overwrite authorized keys" - echon > $OBJ/authorized_keys_$USER + printf '' > $OBJ/authorized_keys_$USER for t in rsa rsa1; do # generate user key for agent rm -f $OBJ/$t-agent diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 6216abd87..35cd39293 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.6 2011/05/20 02:43:36 djm Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.7 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -18,8 +18,8 @@ HOSTS='localhost-with-alias,127.0.0.1,::1' ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ fail "ssh-keygen of host_ca_key failed" ( - echon '@cert-authority ' - echon "$HOSTS " + printf '@cert-authority ' + printf "$HOSTS " cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert @@ -66,25 +66,25 @@ done # Revoked certificates with key present ( - echon '@cert-authority ' - echon "$HOSTS " + printf '@cert-authority ' + printf "$HOSTS " cat $OBJ/host_ca_key.pub - echon '@revoked ' - echon "* " + printf '@revoked ' + printf "* " cat $OBJ/cert_host_key_rsa.pub if test "x$TEST_SSH_ECC" = "xyes"; then - echon '@revoked ' - echon "* " + printf '@revoked ' + printf "* " cat $OBJ/cert_host_key_ecdsa.pub fi - echon '@revoked ' - echon "* " + printf '@revoked ' + printf "* " cat $OBJ/cert_host_key_dsa.pub - echon '@revoked ' - echon "* " + printf '@revoked ' + printf "* " cat $OBJ/cert_host_key_rsa_v00.pub - echon '@revoked ' - echon "* " + printf '@revoked ' + printf "* " cat $OBJ/cert_host_key_dsa_v00.pub ) > $OBJ/known_hosts-cert for privsep in yes no ; do @@ -108,11 +108,11 @@ done # Revoked CA ( - echon '@cert-authority ' - echon "$HOSTS " + printf '@cert-authority ' + printf "$HOSTS " cat $OBJ/host_ca_key.pub - echon '@revoked ' - echon "* " + printf '@revoked ' + printf "* " cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do @@ -132,8 +132,8 @@ done # Create a CA key and add it to known hosts ( - echon '@cert-authority ' - echon "$HOSTS " + printf '@cert-authority ' + printf "$HOSTS " cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert @@ -200,7 +200,7 @@ for v in v01 v00 ; do -n $HOSTS $OBJ/cert_host_key_${ktype} || fail "couldn't sign cert_host_key_${ktype}" ( - echon "$HOSTS " + printf "$HOSTS " cat $OBJ/cert_host_key_${ktype}.pub ) > $OBJ/known_hosts-cert ( @@ -220,8 +220,8 @@ done # Wrong certificate ( - echon '@cert-authority ' - echon "$HOSTS " + printf '@cert-authority ' + printf "$HOSTS " cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert for v in v01 v00 ; do diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 3bba9f8f2..6018b38f4 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.10 2013/01/18 00:45:29 djm Exp $ +# $OpenBSD: cert-userkey.sh,v 1.11 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -126,7 +126,7 @@ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do # Wrong principals list verbose "$tid: ${_prefix} wrong principals key option" ( - echon 'cert-authority,principals="gregorsamsa" ' + printf 'cert-authority,principals="gregorsamsa" ' cat $OBJ/user_ca_key.pub ) > $OBJ/authorized_keys_$USER ${SSH} -2i $OBJ/cert_user_key_${ktype} \ @@ -138,7 +138,7 @@ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do # Correct principals list verbose "$tid: ${_prefix} correct principals key option" ( - echon 'cert-authority,principals="mekmitasdigoat" ' + printf 'cert-authority,principals="mekmitasdigoat" ' cat $OBJ/user_ca_key.pub ) > $OBJ/authorized_keys_$USER ${SSH} -2i $OBJ/cert_user_key_${ktype} \ @@ -154,7 +154,7 @@ basic_tests() { if test "x$auth" = "xauthorized_keys" ; then # Add CA to authorized_keys ( - echon 'cert-authority ' + printf 'cert-authority ' cat $OBJ/user_ca_key.pub ) > $OBJ/authorized_keys_$USER else @@ -264,7 +264,7 @@ test_one() { if test "x$auth" = "xauthorized_keys" ; then # Add CA to authorized_keys ( - echon "cert-authority${auth_opt} " + printf "cert-authority${auth_opt} " cat $OBJ/user_ca_key.pub ) > $OBJ/authorized_keys_$USER else diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 02755d9d0..df4acfe0c 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cfgmatch.sh,v 1.7 2013/04/06 06:00:22 dtucker Exp $ +# $OpenBSD: cfgmatch.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. tid="sshd_config match" @@ -75,9 +75,9 @@ for p in 1 2; do done # Retry previous with key option, should also be denied. -echon 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER +printf 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER -echon 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER +printf 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER for p in 1 2; do trace "match permitopen proxy w/key opts proto $p" diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 65e5f35ec..07daebe62 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cipher-speed.sh,v 1.7 2013/01/12 11:23:53 djm Exp $ +# $OpenBSD: cipher-speed.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. tid="cipher speed" diff --git a/regress/forcecommand.sh b/regress/forcecommand.sh index 99e51a60f..ba21c0eb1 100644 --- a/regress/forcecommand.sh +++ b/regress/forcecommand.sh @@ -5,9 +5,9 @@ tid="forced command" cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak -echon 'command="true" ' >$OBJ/authorized_keys_$USER +printf 'command="true" ' >$OBJ/authorized_keys_$USER cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER -echon 'command="true" ' >>$OBJ/authorized_keys_$USER +printf 'command="true" ' >>$OBJ/authorized_keys_$USER cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER for p in 1 2; do @@ -16,9 +16,9 @@ for p in 1 2; do fail "forced command in key proto $p" done -echon 'command="false" ' >$OBJ/authorized_keys_$USER +printf 'command="false" ' >$OBJ/authorized_keys_$USER cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER -echon 'command="false" ' >>$OBJ/authorized_keys_$USER +printf 'command="false" ' >>$OBJ/authorized_keys_$USER cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy diff --git a/regress/keytype.sh b/regress/keytype.sh index cb40c6864..59586bf0d 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keytype.sh,v 1.1 2010/09/02 16:12:55 markus Exp $ +# $OpenBSD: keytype.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. tid="login with different key types" @@ -40,7 +40,7 @@ for ut in $ktypes; do echo IdentityFile $OBJ/key.$ut ) > $OBJ/ssh_proxy ( - echon 'localhost-with-alias,127.0.0.1,::1 ' + printf 'localhost-with-alias,127.0.0.1,::1 ' cat $OBJ/key.$ht.pub ) > $OBJ/known_hosts cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER diff --git a/regress/proto-version.sh b/regress/proto-version.sh index 1651a69e1..b876dd7ec 100644 --- a/regress/proto-version.sh +++ b/regress/proto-version.sh @@ -1,4 +1,4 @@ -# $OpenBSD: proto-version.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ +# $OpenBSD: proto-version.sh,v 1.4 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. tid="sshd version with different protocol combinations" @@ -8,7 +8,7 @@ check_version () { version=$1 expect=$2 - banner=`echon | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` + banner=`printf '' | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` case ${banner} in SSH-1.99-*) proto=199 diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh index 7bcd85b65..6c5cfe888 100644 --- a/regress/ssh-com.sh +++ b/regress/ssh-com.sh @@ -1,4 +1,4 @@ -# $OpenBSD: ssh-com.sh,v 1.7 2004/02/24 17:06:52 markus Exp $ +# $OpenBSD: ssh-com.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. tid="connect to ssh.com server" @@ -70,7 +70,7 @@ done # convert and append DSA hostkey ( - echon 'ssh2-localhost-with-alias,127.0.0.1,::1 ' + printf 'ssh2-localhost-with-alias,127.0.0.1,::1 ' ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub ) >> $OBJ/known_hosts diff --git a/regress/test-exec.sh b/regress/test-exec.sh index f797ab68d..0680eaa94 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.40 2013/04/07 02:16:03 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.41 2013/05/17 00:37:40 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -172,18 +172,6 @@ SSH="$SSHLOGWRAP" export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP -# helper -echon() -{ - if [ "x`echo -n`" = "x" ]; then - echo -n "$@" - elif [ "x`echo '\c'`" = "x" ]; then - echo "$@\c" - else - fatal "Don't know how to echo without newline." - fi -} - have_prog() { saved_IFS="$IFS" @@ -273,7 +261,7 @@ fail () fatal () { save_debug_log "FATAL: $@" - echo -n "FATAL: " + printf "FATAL: " fail "$@" cleanup exit $RESULT @@ -360,7 +348,7 @@ for t in rsa rsa1; do # known hosts file for client ( - echon 'localhost-with-alias,127.0.0.1,::1 ' + printf 'localhost-with-alias,127.0.0.1,::1 ' cat $OBJ/$t.pub ) >> $OBJ/known_hosts -- cgit v1.2.3 From 7f193236594e8328ad133ea05eded31f837b45b5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 May 2013 19:02:28 +1000 Subject: - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd. --- ChangeLog | 1 + regress/cfgmatch.sh | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'regress/cfgmatch.sh') diff --git a/ChangeLog b/ChangeLog index a64ea46a7..e3e3b6577 100644 --- a/ChangeLog +++ b/ChangeLog @@ -76,6 +76,7 @@ mean that the tests flip bits in the initial exchange rather than the MACed traffic and we get different errors to what the tests look for. - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits. + - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd. 20130516 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index df4acfe0c..e5907354b 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh @@ -40,15 +40,15 @@ stop_client() } cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak -grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy -echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config -echo "Match user $USER" >>$OBJ/sshd_proxy -echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy echo "Match Address 127.0.0.1" >>$OBJ/sshd_config echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config +grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy +echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy +echo "Match user $USER" >>$OBJ/sshd_proxy +echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy -- cgit v1.2.3 From 044f32f4c6fd342f9f5949bb0ca77624c0db4494 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 May 2013 20:12:57 +1000 Subject: - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by rev 1.6 which calls wait. --- ChangeLog | 2 ++ regress/cfgmatch.sh | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'regress/cfgmatch.sh') diff --git a/ChangeLog b/ChangeLog index 26a183cba..f4be9bc9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -85,6 +85,8 @@ - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5 helper function to the portable part of test-exec.sh. - (dtucker) [regress/runtests.sh] Remove obsolete test driver script. + - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by + rev 1.6 which calls wait. 20130516 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index e5907354b..80cf22930 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh @@ -34,7 +34,6 @@ stop_client() pid=`cat $pidfile` if [ ! -z "$pid" ]; then kill $pid - sleep 1 fi wait } -- cgit v1.2.3