we don't need a listening sshd for most of our tests, just

connect client and server w/o TCP:
	ssh -o 'proxycommand sshd -i -f $OBJ/sshd_proxy'

12 files changed, 118 insertions, 38 deletions

diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile
index 74862fcee63..ed9b8b4c76a 100644
--- a/regress/usr.bin/ssh/Makefile
+++ b/regress/usr.bin/ssh/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.2 2002/02/14 23:18:00 markus Exp $
+#	$OpenBSD: Makefile,v 1.3 2002/02/15 14:41:38 markus Exp $
 
 REGRESSTARGETS=	t1 t2 t3 t4 t5 t6 t7
 
@@ -6,6 +6,8 @@ CLEANFILES+=	t2.out t6.out1 t6.out2 t7.out t7.out.pub
 
 LTESTS= 	connect \
 		proxy-connect \
+		proto-version \
+		proto-mismatch \
 		exit-status \
 		broken-pipe \
 		try-ciphers \
@@ -15,7 +17,7 @@ LTESTS= 	connect \
 
 USER!=		id -un
 CLEANFILES+=	authorized_keys_${USER} known_hosts pidfile \
-		ssh_config sshd_config sshd_config_proxy \
+		ssh_config ssh_proxy sshd_config sshd_proxy \
 		rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
 		rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
 		ls.copy
diff --git a/regress/usr.bin/ssh/agent.sh b/regress/usr.bin/ssh/agent.sh
index 900eaa2c89c..d823bf1b693 100644
--- a/regress/usr.bin/ssh/agent.sh
+++ b/regress/usr.bin/ssh/agent.sh
@@ -40,15 +40,15 @@ else
 		fail "ssh-add -L failed: exit code $?"
 	fi
 
-	trace  "simple connect via agent"
+	trace "simple connect via agent"
 	for p in 1 2; do
-		ssh -o "Protocol=$p" -F $OBJ/ssh_config somehost exit 5$p
+		ssh -$p -F $OBJ/ssh_proxy somehost exit 5$p
 		if [ $? -ne 5$p ]; then
 			fail "ssh connect with protocol $p failed (exit code $?)"
 		fi
 	done
 
-	trace  "delete all agent keys"
+	trace "delete all agent keys"
 	ssh-add -D > /dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		fail "ssh-add -D failed: exit code $?"
diff --git a/regress/usr.bin/ssh/broken-pipe.sh b/regress/usr.bin/ssh/broken-pipe.sh
index ccbfee259a4..89ea8a91497 100644
--- a/regress/usr.bin/ssh/broken-pipe.sh
+++ b/regress/usr.bin/ssh/broken-pipe.sh
@@ -1,9 +1,12 @@
 tid="broken pipe test"
 
-for i in 1 2 3 4; do
-        ssh -2 -F $OBJ/ssh_config nexthost echo $i | true
-	r=$?
-	if [ $r -ne 0 ]; then
-		fail "broken pipe returns $r"
-	fi
+for p in 1 2; do
+	trace "protocol $p"
+	for i in 1 2 3 4; do
+		ssh -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true
+		r=$?
+		if [ $r -ne 0 ]; then
+			fail "broken pipe returns $r for protocol $p"
+		fi
+	done
 done
diff --git a/regress/usr.bin/ssh/connect.sh b/regress/usr.bin/ssh/connect.sh
index b95ecdaa215..eb4decf28df 100644
--- a/regress/usr.bin/ssh/connect.sh
+++ b/regress/usr.bin/ssh/connect.sh
@@ -1,5 +1,7 @@
 tid="simple connect"
 
+start_sshd
+
 for p in 1 2; do
 	ssh -o "Protocol=$p" -F $OBJ/ssh_config somehost true
 	if [ $? -ne 0 ]; then
diff --git a/regress/usr.bin/ssh/exit-status.sh b/regress/usr.bin/ssh/exit-status.sh
index 67020f1d4ac..a90be592639 100644
--- a/regress/usr.bin/ssh/exit-status.sh
+++ b/regress/usr.bin/ssh/exit-status.sh
@@ -2,14 +2,15 @@ tid="remote exit status"
 
 for p in 1 2; do
 	for s in 0 1 4 5 44; do
-		ssh -$p -F $OBJ/ssh_config otherhost exit $s
+		trace "proto $p status $s"
+		ssh -$p -F $OBJ/ssh_proxy otherhost exit $s
 		r=$?
 		if [ $r -ne $s ]; then
 			fail "exit code mismatch for protocol $p: $r != $s"
 		fi
 
 		# same with early close of stdout/err
-		ssh -$p -F $OBJ/ssh_config -n otherhost \
+		ssh -$p -F $OBJ/ssh_proxy -n otherhost \
                 	exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
 		r=$?
 		if [ $r -ne $s ]; then
diff --git a/regress/usr.bin/ssh/forwarding.sh b/regress/usr.bin/ssh/forwarding.sh
index 37b909546b9..5b7b1b0753d 100644
--- a/regress/usr.bin/ssh/forwarding.sh
+++ b/regress/usr.bin/ssh/forwarding.sh
@@ -1,5 +1,7 @@
 tid="local and remote forwarding"
 
+start_sshd
+
 base=33
 last=$PORT
 fwd=""
diff --git a/regress/usr.bin/ssh/proto-mismatch.sh b/regress/usr.bin/ssh/proto-mismatch.sh
new file mode 100644
index 00000000000..3b1826fe3ea
--- /dev/null
+++ b/regress/usr.bin/ssh/proto-mismatch.sh
@@ -0,0 +1,16 @@
+tid="protocol version mismatch"
+
+mismatch ()
+{
+	server=$1
+	client=$2
+	banner=`echo ${client} | sshd -o "Protocol=${server}" -i -f ${OBJ}/sshd_proxy`
+	r=$?
+	trace "sshd prints ${banner}"
+	if [ $r -ne 255 ]; then
+		fail "sshd prints ${banner} and accepts connect with version ${client}"
+	fi
+}
+
+mismatch	2	SSH-1.5-HALLO
+mismatch	1	SSH-2.0-HALLO
diff --git a/regress/usr.bin/ssh/proto-version.sh b/regress/usr.bin/ssh/proto-version.sh
new file mode 100644
index 00000000000..6dec51f623e
--- /dev/null
+++ b/regress/usr.bin/ssh/proto-version.sh
@@ -0,0 +1,31 @@
+tid="sshd version with different protocol combinations"
+
+# we just start sshd in inetd mode and check the banner
+check_version ()
+{
+	version=$1
+	expect=$2
+	banner=`echo -n | sshd -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy`
+	case ${banner} in
+	SSH-1.99-*)
+		proto=199
+		;;
+	SSH-2.0-*)
+		proto=20
+		;;
+	SSH-1.5-*)
+		proto=15
+		;;
+	*)
+		proto=0
+		;;
+	esac
+	if [ ${expect} -ne ${proto} ]; then
+		fail "wrong protocol version ${banner} for ${version}"
+	fi
+}
+
+check_version	2,1	199
+check_version	1,2	199
+check_version	2	20
+check_version	1	15
diff --git a/regress/usr.bin/ssh/proxy-connect.sh b/regress/usr.bin/ssh/proxy-connect.sh
index 9c53007a9be..7d1cd37a4e4 100644
--- a/regress/usr.bin/ssh/proxy-connect.sh
+++ b/regress/usr.bin/ssh/proxy-connect.sh
@@ -1,9 +1,7 @@
 tid="proxy connect"
 
 for p in 1 2; do
-	ssh -$p -F $OBJ/ssh_config \
-		-o "proxycommand sshd -i -f $OBJ/sshd_config_proxy" \
-		999.999.999.999 true
+	ssh -$p -F $OBJ/ssh_proxy 999.999.999.999 true
 	if [ $? -ne 0 ]; then
 		fail "ssh proxyconnect protocol $p failed"
 	fi
diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh
index 4fbb59666c8..f9df6936003 100644
--- a/regress/usr.bin/ssh/test-exec.sh
+++ b/regress/usr.bin/ssh/test-exec.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.2 2002/02/15 00:35:13 markus Exp $
+#	$OpenBSD: test-exec.sh,v 1.3 2002/02/15 14:41:38 markus Exp $
 
 PORT=4242
 USER=`id -un`
@@ -34,12 +34,25 @@ unset SSH_AUTH_SOCK
 # helper
 cleanup ()
 {
-	test -f $PIDFILE && $SUDO kill `cat $PIDFILE`
+	if [ -f $PIDFILE ]; then
+		pid=`cat $PIDFILE`
+		if [ "X$pid" = "X" ]; then
+			echo no sshd running
+		else
+			if [ $pid -lt 2 ]; then
+				echo bad pid for ssd: $pid
+			else
+				$SUDO kill $pid
+			fi
+		fi
+	fi
 }
 
 trace ()
 {
-	# echo "$@"
+	if [ "X$DEBUG_SSH_TEST" = "Xyes" ]; then
+		echo "$@"
+	fi
 }
 
 fail ()
@@ -72,7 +85,7 @@ cat << EOF > $OBJ/sshd_config
 EOF
 
 # server config for proxy connects
-cp $OBJ/sshd_config $OBJ/sshd_config_proxy
+cp $OBJ/sshd_config $OBJ/sshd_proxy
 
 # create client config
 cat << EOF > $OBJ/ssh_config
@@ -91,6 +104,7 @@ Host *
 	PasswordAuthentication	no
 	RhostsAuthentication	no
 	RhostsRSAAuthentication	no
+	BatchMode		yes
 EOF
 
 trace "generate keys"
@@ -114,25 +128,34 @@ for t in rsa rsa1; do
 	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
 
 	# don't use SUDO for proxy connect
-	echo HostKey $OBJ/$t >> $OBJ/sshd_config_proxy
+	echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
 done
 chmod 644 $OBJ/authorized_keys_$USER
 
-# start sshd
-$SUDO sshd -f $OBJ/sshd_config -t	|| fatal "sshd_config broken"
-$SUDO sshd -f $OBJ/sshd_config
-
-trace "wait for sshd"
-i=0;
-while [ ! -f $PIDFILE -a $i -lt 5 ]; do
-	i=`expr $i + 1`
-	sleep $i
-done
-
-test -f $PIDFILE			|| fatal "no sshd running on port $PORT"
+# create a proxy version of the client config
+(
+	cat $OBJ/ssh_config
+	echo proxycommand sshd -i -f $OBJ/sshd_proxy
+) > $OBJ/ssh_proxy
 
 # check proxy config
-sshd -t -f $OBJ/sshd_config_proxy	|| fail "sshd_config_proxy broken"
+sshd -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
+
+start_sshd ()
+{
+	# start sshd
+	$SUDO sshd -f $OBJ/sshd_config -t	|| fatal "sshd_config broken"
+	$SUDO sshd -f $OBJ/sshd_config
+
+	trace "wait for sshd"
+	i=0;
+	while [ ! -f $PIDFILE -a $i -lt 5 ]; do
+		i=`expr $i + 1`
+		sleep $i
+	done
+
+	test -f $PIDFILE || fatal "no sshd running on port $PORT"
+}
 
 # source test body
 . $SCRIPT
diff --git a/regress/usr.bin/ssh/try-ciphers.sh b/regress/usr.bin/ssh/try-ciphers.sh
index be125ac0ccc..89798b4f0ae 100644
--- a/regress/usr.bin/ssh/try-ciphers.sh
+++ b/regress/usr.bin/ssh/try-ciphers.sh
@@ -5,7 +5,8 @@ macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96"
 
 for c in $ciphers; do
 	for m in $macs; do
-		ssh -F $OBJ/ssh_config -2 -m $m -c $c somehost true
+		trace "proto 2 mac $m cipher $c"
+		ssh -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
 		if [ $? -ne 0 ]; then
 			fail "ssh -2 failed with mac $m cipher $c"
 		fi
@@ -14,7 +15,8 @@ done
 
 ciphers="3des blowfish"
 for c in $ciphers; do
-	ssh -F $OBJ/ssh_config -1 -c $c somehost true
+	trace "proto 1 cipher $c"
+	ssh -F $OBJ/ssh_proxy -1 -c $c somehost true
 	if [ $? -ne 0 ]; then
 		fail "ssh -1 failed with cipher $c"
 	fi
diff --git a/regress/usr.bin/ssh/yes-head.sh b/regress/usr.bin/ssh/yes-head.sh
index 2139c7ca6fd..67c35082c48 100644
--- a/regress/usr.bin/ssh/yes-head.sh
+++ b/regress/usr.bin/ssh/yes-head.sh
@@ -1,7 +1,7 @@
-tid="yes|head"
+tid="yes pipe head"
 
 for p in 1 2; do
-	lines=`ssh -$p -F $OBJ/ssh_config thishost 'yes | head -2000' | (sleep 3 ; wc -l)`
+	lines=`ssh -$p -F $OBJ/ssh_proxy thishost 'yes | head -2000' | (sleep 3 ; wc -l)`
 	if [ $? -ne 0 ]; then
 		fail "yes|head test failed"
 		lines = 0;