From d0d3fff483379baf1f38c00415c7895b41b37df9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 27 Apr 2012 10:55:39 +1000 Subject: - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 platform rather than exiting early, so that we still clean up and return status to test-exec.sh --- regress/addrmatch.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'regress') diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh index 23ddd65ce..5102317df 100644 --- a/regress/addrmatch.sh +++ b/regress/addrmatch.sh @@ -33,13 +33,14 @@ run_trial user 19.0.0.1 somehost no "deny, no match" run_trial user 10.255.255.254 somehost yes "permit, list middle" run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname" run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address" -test "$TEST_SSH_IPV6" = "no" && exit +if test "$TEST_SSH_IPV6" != "no"; then run_trial user ::1 somehost.example.com yes "permit, bare IP6 address" run_trial user ::2 somehost.exaple.com no "deny IPv6" run_trial user ::3 somehost no "deny IP6 negated" run_trial user ::4 somehost no "deny, IP6 no match" run_trial user 2000::1 somehost yes "permit, IP6 network" run_trial user 2001::1 somehost no "deny, IP6 network" +fi cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy rm $OBJ/sshd_proxy_bak -- cgit v1.2.3 From 301390316cf73fc50d769691ed7f95c21ea6646a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 30 Jun 2012 15:01:22 +1000 Subject: - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 [regress/addrmatch.sh] Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@. --- ChangeLog | 4 ++++ regress/addrmatch.sh | 50 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 34 insertions(+), 20 deletions(-) (limited to 'regress') diff --git a/ChangeLog b/ChangeLog index 12083c1bb..970c35c95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,10 @@ - naddy@cvs.openbsd.org 2012/06/29 13:57:25 [ssh_config.5 sshd_config.5] match the documented MAC order of preference to the actual one; ok dtucker@ + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [regress/addrmatch.sh] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. 20120628 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh index 5102317df..1584bd405 100644 --- a/regress/addrmatch.sh +++ b/regress/addrmatch.sh @@ -1,4 +1,4 @@ -# $OpenBSD: addrmatch.sh,v 1.3 2010/02/09 04:57:36 djm Exp $ +# $OpenBSD: addrmatch.sh,v 1.4 2012/05/13 01:42:32 dtucker Exp $ # Placed in the Public Domain. tid="address match" @@ -7,39 +7,49 @@ mv $OBJ/sshd_proxy $OBJ/sshd_proxy_bak run_trial() { - user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5" + user="$1"; addr="$2"; host="$3"; laddr="$4"; lport="$5" + expected="$6"; descr="$7" verbose "test $descr for $user $addr $host" result=`${SSHD} -f $OBJ/sshd_proxy -T \ - -C user=${user},addr=${addr},host=${host} | \ - awk '/^passwordauthentication/ {print $2}'` + -C user=${user},addr=${addr},host=${host},laddr=${laddr},lport=${lport} | \ + awk '/^forcecommand/ {print $2}'` if [ "$result" != "$expected" ]; then - fail "failed for $user $addr $host: expected $expected, got $result" + fail "failed '$descr' expected $expected got $result" fi } cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy cat >>$OBJ/sshd_proxy < Date: Sat, 30 Jun 2012 15:03:28 +1000 Subject: - djm@cvs.openbsd.org 2012/06/01 00:47:35 [multiplex.sh forwarding.sh] append to rather than truncate test log; bz#2013 from openssh AT roumenpetrov. --- ChangeLog | 4 ++++ regress/forwarding.sh | 6 +++--- regress/multiplex.sh | 7 +++---- 3 files changed, 10 insertions(+), 7 deletions(-) (limited to 'regress') diff --git a/ChangeLog b/ChangeLog index 970c35c95..f6c39be20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,10 @@ [regress/addrmatch.sh] Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@. + - djm@cvs.openbsd.org 2012/06/01 00:47:35 + [multiplex.sh forwarding.sh] + append to rather than truncate test log; bz#2013 from openssh AT + roumenpetrov.info 20120628 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null diff --git a/regress/forwarding.sh b/regress/forwarding.sh index 6dec991a6..f9c367beb 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forwarding.sh,v 1.7 2010/01/11 02:53:44 dtucker Exp $ +# $OpenBSD: forwarding.sh,v 1.8 2012/06/01 00:47:35 djm Exp $ # Placed in the Public Domain. tid="local and remote forwarding" @@ -75,7 +75,7 @@ for p in 1 2; do else # this one should fail ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ - 2>${TEST_SSH_LOGFILE} && \ + 2>>$TEST_SSH_LOGFILE && \ fail "local forwarding not cleared" fi sleep 10 @@ -88,7 +88,7 @@ for p in 1 2; do else # this one should fail ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ - 2>${TEST_SSH_LOGFILE} && \ + 2>>$TEST_SSH_LOGFILE && \ fail "remote forwarding not cleared" fi sleep 10 diff --git a/regress/multiplex.sh b/regress/multiplex.sh index b94cdf02f..93e15088f 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: multiplex.sh,v 1.12 2009/05/05 07:51:36 dtucker Exp $ +# $OpenBSD: multiplex.sh,v 1.13 2012/06/01 00:47:36 djm Exp $ # Placed in the Public Domain. CTL=/tmp/openssh.regress.ctl-sock.$$ @@ -12,7 +12,6 @@ fi DATA=/bin/ls${EXEEXT} COPY=$OBJ/ls.copy -LOG=$TEST_SSH_LOGFILE start_sshd @@ -48,13 +47,13 @@ cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}" rm -f ${COPY} trace "sftp transfer over multiplexed connection and check result" echo "get ${DATA} ${COPY}" | \ - ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >$LOG 2>&1 + ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >>$TEST_SSH_LOGFILE 2>&1 test -f ${COPY} || fail "sftp: failed copy ${DATA}" cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}" rm -f ${COPY} trace "scp transfer over multiplexed connection and check result" -${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >$LOG 2>&1 +${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_SSH_LOGFILE 2>&1 test -f ${COPY} || fail "scp: failed copy ${DATA}" cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" -- cgit v1.2.3 From ff32d7c9d20d42db364525d92c27a7c7491caf0d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 30 Jun 2012 15:04:13 +1000 Subject: - djm@cvs.openbsd.org 2012/06/01 00:52:52 [regress/sftp-cmds.sh] don't delete .* on cleanup due to unintended env expansion; pointed out in bz#2014 by openssh AT roumenpetrov.info --- ChangeLog | 4 ++++ regress/sftp-cmds.sh | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'regress') diff --git a/ChangeLog b/ChangeLog index f6c39be20..5cb04951e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,10 @@ [multiplex.sh forwarding.sh] append to rather than truncate test log; bz#2013 from openssh AT roumenpetrov.info + - djm@cvs.openbsd.org 2012/06/01 00:52:52 + [sftp-cmds.sh] + don't delete .* on cleanup due to unintended env expansion; pointed out in + bz#2014 by openssh AT roumenpetrov.info 20120628 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh index 1c67b6476..d10d01a31 100644 --- a/regress/sftp-cmds.sh +++ b/regress/sftp-cmds.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sftp-cmds.sh,v 1.11 2010/12/04 00:21:19 djm Exp $ +# $OpenBSD: sftp-cmds.sh,v 1.12 2012/06/01 00:52:52 djm Exp $ # Placed in the Public Domain. # XXX - TODO: @@ -40,7 +40,7 @@ SPACECOPY_ARG="${COPY}\ this\ has\ spaces.txt" # File with glob metacharacters GLOBMETACOPY="${COPY} [metachar].txt" -rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 ${BATCH}.* +rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 mkdir ${COPY}.dd verbose "$tid: lls" @@ -242,7 +242,7 @@ verbose "$tid: lchdir" echo "lchdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ || fail "lchdir failed" -rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 ${BATCH}.* +rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 rm -rf ${QUOTECOPY} "$SPACECOPY" "$GLOBMETACOPY" -- cgit v1.2.3 From 2920bc145c9d8435e885ac6ad0a0ae613598d599 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 30 Jun 2012 15:06:28 +1000 Subject: - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 [regress/connect-privsep.sh] test sandbox with every malloc option --- ChangeLog | 7 +++++-- regress/connect-privsep.sh | 15 ++++++++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) (limited to 'regress') diff --git a/ChangeLog b/ChangeLog index 5cb04951e..f32a61902 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,13 +28,16 @@ Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@. - djm@cvs.openbsd.org 2012/06/01 00:47:35 - [multiplex.sh forwarding.sh] + [regress/multiplex.sh regress/forwarding.sh] append to rather than truncate test log; bz#2013 from openssh AT roumenpetrov.info - djm@cvs.openbsd.org 2012/06/01 00:52:52 - [sftp-cmds.sh] + [regress/sftp-cmds.sh] don't delete .* on cleanup due to unintended env expansion; pointed out in bz#2014 by openssh AT roumenpetrov.info + - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 + [regress/connect-privsep.sh] + test sandbox with every malloc option 20120628 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh index 11fb9aef9..f24010355 100644 --- a/regress/connect-privsep.sh +++ b/regress/connect-privsep.sh @@ -1,4 +1,4 @@ -# $OpenBSD: connect-privsep.sh,v 1.2 2011/06/30 22:44:43 markus Exp $ +# $OpenBSD: connect-privsep.sh,v 1.3 2012/06/26 12:06:59 dtucker Exp $ # Placed in the Public Domain. tid="proxy connect with privsep" @@ -23,3 +23,16 @@ for p in 1 2; do warn "ssh privsep/sandbox+proxyconnect protocol $p failed" fi done + +# Because sandbox is sensitive to changes in libc, especially malloc, retest +# with every malloc.conf option (and none). +for m in '' A F G H J P R S X Z '<' '>'; do + for p in 1 2; do + env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true + if [ $? -ne 0 ]; then + fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed" + fi + done +done + +exit -- cgit v1.2.3 From a08c20763a0b4810cb3c837a434568cdff677cf7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 30 Jun 2012 15:08:53 +1000 Subject: - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 [regress/try-ciphers.sh regress/cipher-speed.sh] Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus --- ChangeLog | 5 +++++ regress/cipher-speed.sh | 4 ++-- regress/try-ciphers.sh | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'regress') diff --git a/ChangeLog b/ChangeLog index f32a61902..d40227e27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,11 @@ - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 [regress/connect-privsep.sh] test sandbox with every malloc option + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [regress/try-ciphers.sh regress/cipher-speed.sh] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. 20120628 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 257afd179..5800f4b09 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cipher-speed.sh,v 1.4 2011/08/02 01:23:41 djm Exp $ +# $OpenBSD: cipher-speed.sh,v 1.5 2012/06/28 05:07:45 dtucker Exp $ # Placed in the Public Domain. tid="cipher speed" @@ -18,7 +18,7 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes128-ctr aes192-ctr aes256-ctr" macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" config_defined HAVE_EVP_SHA256 && - macs="$macs hmac-sha2-256 hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96" + macs="$macs hmac-sha2-256 hmac-sha2-512" for c in $ciphers; do for m in $macs; do trace "proto 2 cipher $c mac $m" diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 0918d2245..925863504 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh @@ -1,4 +1,4 @@ -# $OpenBSD: try-ciphers.sh,v 1.12 2011/08/02 01:23:41 djm Exp $ +# $OpenBSD: try-ciphers.sh,v 1.13 2012/06/28 05:07:45 dtucker Exp $ # Placed in the Public Domain. tid="try ciphers" @@ -9,7 +9,7 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes128-ctr aes192-ctr aes256-ctr" macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" config_defined HAVE_EVP_SHA256 && - macs="$macs hmac-sha2-256 hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96" + macs="$macs hmac-sha2-256 hmac-sha2-512" for c in $ciphers; do for m in $macs; do -- cgit v1.2.3 From 369ceedce24474f50a7934e4ff8515cdc312b268 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 3 Jul 2012 00:53:18 +1000 Subject: - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 [regress/connect-privsep.sh] remove exit from end of test since it prevents reporting failure --- ChangeLog | 3 +++ regress/connect-privsep.sh | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'regress') diff --git a/ChangeLog b/ChangeLog index 42b1888cb..b55f6ba9e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 [ssh-pkcs11-helper.c sftp-client.c] fix a couple of "assigned but not used" warnings. ok markus@ + - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 + [regress/connect-privsep.sh] + remove exit from end of test since it prevents reporting failure 20120629 - OpenBSD CVS Sync diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh index f24010355..94cc64acf 100644 --- a/regress/connect-privsep.sh +++ b/regress/connect-privsep.sh @@ -1,4 +1,4 @@ -# $OpenBSD: connect-privsep.sh,v 1.3 2012/06/26 12:06:59 dtucker Exp $ +# $OpenBSD: connect-privsep.sh,v 1.4 2012/07/02 14:37:06 dtucker Exp $ # Placed in the Public Domain. tid="proxy connect with privsep" @@ -34,5 +34,3 @@ for m in '' A F G H J P R S X Z '<' '>'; do fi done done - -exit -- cgit v1.2.3 From ec1e15d51a202c95a6414375ae71c461a16ff870 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 3 Jul 2012 01:06:49 +1000 Subject: - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] Move cygwin detection to test-exec and use to skip reexec test on cygwin. --- ChangeLog | 2 ++ regress/reexec.sh | 5 ++++- regress/sftp-cmds.sh | 14 -------------- regress/test-exec.sh | 7 +++++++ 4 files changed, 13 insertions(+), 15 deletions(-) (limited to 'regress') diff --git a/ChangeLog b/ChangeLog index b55f6ba9e..1b69cd3cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,8 @@ - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 [regress/connect-privsep.sh] remove exit from end of test since it prevents reporting failure + - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] + Move cygwin detection to test-exec and use to skip reexec test on cygwin. 20120629 - OpenBSD CVS Sync diff --git a/regress/reexec.sh b/regress/reexec.sh index 6edfc318e..9464eb699 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh @@ -46,6 +46,9 @@ rm -f $PIDFILE cp $OBJ/sshd_config.orig $OBJ/sshd_config +# cygwin can't fork a deleted binary +if [ "$os" != "cygwin" ]; then + verbose "test reexec fallback" start_sshd_copy @@ -69,4 +72,4 @@ copy_tests $SUDO kill `$SUDO cat $PIDFILE` rm -f $PIDFILE - +fi diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh index d10d01a31..2e0300e16 100644 --- a/regress/sftp-cmds.sh +++ b/regress/sftp-cmds.sh @@ -17,20 +17,6 @@ do fi done -if have_prog uname -then - case `uname` in - CYGWIN*) - os=cygwin - ;; - *) - os=`uname` - ;; - esac -else - os="unknown" -fi - # Path with embedded quote QUOTECOPY=${COPY}".\"blah\"" QUOTECOPY_ARG=${COPY}'.\"blah\"' diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 092cfed5b..514fffb16 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -12,6 +12,13 @@ OSF1*) BIN_SH=xpg4 export BIN_SH ;; +CYGWIN_5.0) + os=cygwin + TEST_SSH_IPV6=no + ;; +CYGWIN*) + os=cygwin + ;; esac if [ ! -z "$TEST_SSH_PORT" ]; then -- cgit v1.2.3 From 6ea5dc6bb861fc9b6387e222b081c4d25231904e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 3 Jul 2012 01:11:28 +1000 Subject: - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. --- ChangeLog | 1 + regress/test-exec.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'regress') diff --git a/ChangeLog b/ChangeLog index 1b69cd3cb..483741555 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ remove exit from end of test since it prevents reporting failure - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] Move cygwin detection to test-exec and use to skip reexec test on cygwin. + - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. 20120629 - OpenBSD CVS Sync diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 514fffb16..bdc2c1a49 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -12,7 +12,7 @@ OSF1*) BIN_SH=xpg4 export BIN_SH ;; -CYGWIN_5.0) +CYGWIN_NT-5.0) os=cygwin TEST_SSH_IPV6=no ;; -- cgit v1.2.3