summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2002-02-14 23:18:01 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2002-02-14 23:18:01 +0000
commit05f7489de58e24cbc2469b7978cbc51138f80120 (patch)
treecbae7c2f6e42d90b3fb9372d71fc0d413d362227 /regress
parent5fc1733621065fd7a8e06dd422d539406f3a4b9d (diff)
serveral tests for ssh-keygen/ssh/sshd/ssh-add/ssh-agent
note that these tests will start sshd on 127.0.0.1:4242 and will fail if the realpath of /usr/src/usr.sbin/ssh/obj/ contains a group or world writeable directory.
Diffstat (limited to 'regress')
-rw-r--r--regress/usr.bin/ssh/Makefile29
-rw-r--r--regress/usr.bin/ssh/agent.sh48
-rw-r--r--regress/usr.bin/ssh/broken-pipe.sh9
-rw-r--r--regress/usr.bin/ssh/connect.sh8
-rw-r--r--regress/usr.bin/ssh/exit-status.sh19
-rw-r--r--regress/usr.bin/ssh/forwarding.sh28
-rw-r--r--regress/usr.bin/ssh/proxy-connect.sh10
-rw-r--r--regress/usr.bin/ssh/test-exec.sh146
-rw-r--r--regress/usr.bin/ssh/try-ciphers.sh21
-rw-r--r--regress/usr.bin/ssh/yes-head.sh12
10 files changed, 327 insertions, 3 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile
index 30a4996f0ab..74862fcee63 100644
--- a/regress/usr.bin/ssh/Makefile
+++ b/regress/usr.bin/ssh/Makefile
@@ -1,8 +1,24 @@
-# $OpenBSD: Makefile,v 1.1 2002/01/17 13:21:28 markus Exp $
+# $OpenBSD: Makefile,v 1.2 2002/02/14 23:18:00 markus Exp $
-REGRESSTARGETS=t1 t2 t3 t4 t5 t6 t7
+REGRESSTARGETS= t1 t2 t3 t4 t5 t6 t7
-CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub
+CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub
+
+LTESTS= connect \
+ proxy-connect \
+ exit-status \
+ broken-pipe \
+ try-ciphers \
+ yes-head \
+ agent \
+ forwarding
+
+USER!= id -un
+CLEANFILES+= authorized_keys_${USER} known_hosts pidfile \
+ ssh_config sshd_config sshd_config_proxy \
+ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
+ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
+ ls.copy
t1:
ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
@@ -38,4 +54,11 @@ t7: t7.out
ssh-keygen -lf t7.out > /dev/null
ssh-keygen -Bf t7.out > /dev/null
+.for t in ${LTESTS}
+REGRESSTARGETS+=t-${t}
+REGRESSSLOWTARGETS+=t-${t}
+t-${t}:
+ sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh
+.endfor
+
.include <bsd.regress.mk>
diff --git a/regress/usr.bin/ssh/agent.sh b/regress/usr.bin/ssh/agent.sh
new file mode 100644
index 00000000000..dc127885f1d
--- /dev/null
+++ b/regress/usr.bin/ssh/agent.sh
@@ -0,0 +1,48 @@
+tid="simple agent test"
+
+SSH_AUTH_SOCK=/nonexistant ssh-add -l > /dev/null 2>&1
+if [ $? -ne 2 ]; then
+ fail "ssh-add -l did not fail with exit code 2"
+fi
+
+trace "start agent"
+eval `ssh-agent -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ ssh-add -l > /dev/null 2>&1
+ if [ $? -ne 1 ]; then
+ fail "ssh-add -l did not fail with exit code 1"
+ fi
+ trace "overwrite authorized keys"
+ echo -n > $OBJ/authorized_keys_$USER
+ for t in rsa rsa1; do
+ # generate user key for agent
+ rm -f $OBJ/$t-agent
+ ssh-keygen -q -N '' -t $t -f $OBJ/$t-agent ||\
+ fail "ssh-keygen for $t-agent failed"
+ # add to authorized keys
+ cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
+ # add privat key to agent
+ ssh-add $OBJ/$t-agent > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add did succeed exit code 0"
+ fi
+ done
+ ssh-add -l > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -l did succeed exit code 0"
+ fi
+
+ trace "simple connect via agent"
+ for p in 1 2; do
+ ssh -o "Protocol=$p" -F $OBJ/ssh_config somehost exit 5$p
+ if [ $? -ne 5$p ]; then
+ fail "ssh connect with protocol $p failed"
+ fi
+ done
+
+ trace "kill agent"
+ ssh-agent -k > /dev/null
+fi
diff --git a/regress/usr.bin/ssh/broken-pipe.sh b/regress/usr.bin/ssh/broken-pipe.sh
new file mode 100644
index 00000000000..ccbfee259a4
--- /dev/null
+++ b/regress/usr.bin/ssh/broken-pipe.sh
@@ -0,0 +1,9 @@
+tid="broken pipe test"
+
+for i in 1 2 3 4; do
+ ssh -2 -F $OBJ/ssh_config nexthost echo $i | true
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "broken pipe returns $r"
+ fi
+done
diff --git a/regress/usr.bin/ssh/connect.sh b/regress/usr.bin/ssh/connect.sh
new file mode 100644
index 00000000000..b95ecdaa215
--- /dev/null
+++ b/regress/usr.bin/ssh/connect.sh
@@ -0,0 +1,8 @@
+tid="simple connect"
+
+for p in 1 2; do
+ ssh -o "Protocol=$p" -F $OBJ/ssh_config somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh connect with protocol $p failed"
+ fi
+done
diff --git a/regress/usr.bin/ssh/exit-status.sh b/regress/usr.bin/ssh/exit-status.sh
new file mode 100644
index 00000000000..67020f1d4ac
--- /dev/null
+++ b/regress/usr.bin/ssh/exit-status.sh
@@ -0,0 +1,19 @@
+tid="remote exit status"
+
+for p in 1 2; do
+ for s in 0 1 4 5 44; do
+ ssh -$p -F $OBJ/ssh_config otherhost exit $s
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code mismatch for protocol $p: $r != $s"
+ fi
+
+ # same with early close of stdout/err
+ ssh -$p -F $OBJ/ssh_config -n otherhost \
+ exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
+ fi
+ done
+done
diff --git a/regress/usr.bin/ssh/forwarding.sh b/regress/usr.bin/ssh/forwarding.sh
new file mode 100644
index 00000000000..37b909546b9
--- /dev/null
+++ b/regress/usr.bin/ssh/forwarding.sh
@@ -0,0 +1,28 @@
+tid="local and remote forwarding"
+
+base=33
+last=$PORT
+fwd=""
+for j in 0 1 2; do
+ for i in 0 1 2; do
+ a=$base$j$i
+ b=`expr $a + 50`
+ c=$last
+ # fwd chain: $a -> $b -> $c
+ fwd="$fwd -L$a:127.0.0.1:$b -R$b:127.0.0.1:$c"
+ last=$a
+ done
+done
+for p in 1 2; do
+ q=`expr 3 - $p`
+ trace "start forwarding, fork to background"
+ ssh -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
+
+ trace "transfer over forwarded channels and check result"
+ ssh -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
+ somehost cat /bin/ls > $OBJ/ls.copy
+ test -f $OBJ/ls.copy || fail "failed copy /bin/ls"
+ cmp /bin/ls $OBJ/ls.copy || fail "corrupted copy of /bin/ls"
+
+ sleep 10
+done
diff --git a/regress/usr.bin/ssh/proxy-connect.sh b/regress/usr.bin/ssh/proxy-connect.sh
new file mode 100644
index 00000000000..9c53007a9be
--- /dev/null
+++ b/regress/usr.bin/ssh/proxy-connect.sh
@@ -0,0 +1,10 @@
+tid="proxy connect"
+
+for p in 1 2; do
+ ssh -$p -F $OBJ/ssh_config \
+ -o "proxycommand sshd -i -f $OBJ/sshd_config_proxy" \
+ 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ fail "ssh proxyconnect protocol $p failed"
+ fi
+done
diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh
new file mode 100644
index 00000000000..d5277c22c73
--- /dev/null
+++ b/regress/usr.bin/ssh/test-exec.sh
@@ -0,0 +1,146 @@
+# $OpenBSD: test-exec.sh,v 1.1 2002/02/14 23:18:00 markus Exp $
+
+PORT=4242
+USER=`id -un`
+SUDO=
+#SUDO=sudo
+
+OBJ=$1
+if [ "x$OBJ" = "x" ]; then
+ echo '$OBJ not defined'
+ exit 2
+fi
+if [ ! -d $OBJ ]; then
+ echo "not a directory: $OBJ"
+ exit 2
+fi
+SCRIPT=$2
+if [ "x$SCRIPT" = "x" ]; then
+ echo '$SCRIPT not defined'
+ exit 2
+fi
+if [ ! -f $SCRIPT ]; then
+ echo "not a file: $SCRIPT"
+ exit 2
+fi
+if sh -n $SCRIPT; then
+ true
+else
+ echo "syntax error in $SCRIPT"
+ exit 2
+fi
+unset SSH_AUTH_SOCK
+
+# helper
+cleanup ()
+{
+ test -f $PIDFILE && $SUDO kill `cat $PIDFILE`
+}
+
+trace ()
+{
+ # echo "$@"
+}
+
+fail ()
+{
+ RESULT=1
+ echo "$@"
+}
+
+fatal ()
+{
+ echo -n "FATAL: "
+ fail "$@"
+ cleanup
+ exit $RESULT
+}
+
+RESULT=0
+PIDFILE=$OBJ/pidfile
+
+trap cleanup 3 2
+
+# create server config
+cat << EOF > $OBJ/sshd_config
+ Port $PORT
+ ListenAddress 127.0.0.1
+ #ListenAddress ::1
+ PidFile $PIDFILE
+ AuthorizedKeysFile $OBJ/authorized_keys_%u
+ LogLevel QUIET
+EOF
+
+# server config for proxy connects
+cp $OBJ/sshd_config $OBJ/sshd_config_proxy
+
+# create client config
+cat << EOF > $OBJ/ssh_config
+Host *
+ Hostname 127.0.0.1
+ HostKeyAlias localhost-with-alias
+ Port $PORT
+ User $USER
+ GlobalKnownHostsFile $OBJ/known_hosts
+ UserKnownHostsFile $OBJ/known_hosts
+ RSAAuthentication yes
+ PubkeyAuthentication yes
+ ChallengeResponseAuthentication no
+ HostbasedAuthentication no
+ KerberosAuthentication no
+ PasswordAuthentication no
+ RhostsAuthentication no
+ RhostsRSAAuthentication no
+EOF
+
+trace "generate keys"
+for t in rsa rsa1; do
+ # generate user key
+ rm -f $OBJ/$t
+ ssh-keygen -q -N '' -t $t -f $OBJ/$t || fail "ssh-keygen for $t failed"
+
+ # known hosts file for client
+ (
+ echo -n 'localhost-with-alias,127.0.0.1,::1 '
+ cat $OBJ/$t.pub
+ ) >> $OBJ/known_hosts
+
+ # setup authorized keys
+ cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
+ echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
+
+ # use key as host key, too
+ $SUDO cp $OBJ/$t $OBJ/host.$t
+ echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
+
+ # don't use SUDO for proxy connect
+ echo HostKey $OBJ/$t >> $OBJ/sshd_config_proxy
+done
+
+# start sshd
+$SUDO sshd -f $OBJ/sshd_config -t || fatal "sshd_config broken"
+$SUDO sshd -f $OBJ/sshd_config
+
+trace "wait for sshd"
+i=0;
+while [ ! -f $PIDFILE -a $i -lt 5 ]; do
+ i=`expr $i + 1`
+ sleep $i
+done
+
+test -f $PIDFILE || fatal "no sshd running on port $PORT"
+
+# check proxy config
+sshd -t -f $OBJ/sshd_config_proxy || fail "sshd_config_proxy broken"
+
+# source test body
+. $SCRIPT
+
+# kill sshd
+cleanup
+if [ $RESULT -eq 0 ]; then
+ trace ok $tid
+else
+ echo failed $tid
+fi
+exit $RESULT
diff --git a/regress/usr.bin/ssh/try-ciphers.sh b/regress/usr.bin/ssh/try-ciphers.sh
new file mode 100644
index 00000000000..be125ac0ccc
--- /dev/null
+++ b/regress/usr.bin/ssh/try-ciphers.sh
@@ -0,0 +1,21 @@
+tid="try ciphers"
+
+ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour aes192-cbc aes256-cbc"
+macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96"
+
+for c in $ciphers; do
+ for m in $macs; do
+ ssh -F $OBJ/ssh_config -2 -m $m -c $c somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh -2 failed with mac $m cipher $c"
+ fi
+ done
+done
+
+ciphers="3des blowfish"
+for c in $ciphers; do
+ ssh -F $OBJ/ssh_config -1 -c $c somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh -1 failed with cipher $c"
+ fi
+done
diff --git a/regress/usr.bin/ssh/yes-head.sh b/regress/usr.bin/ssh/yes-head.sh
new file mode 100644
index 00000000000..2139c7ca6fd
--- /dev/null
+++ b/regress/usr.bin/ssh/yes-head.sh
@@ -0,0 +1,12 @@
+tid="yes|head"
+
+for p in 1 2; do
+ lines=`ssh -$p -F $OBJ/ssh_config thishost 'yes | head -2000' | (sleep 3 ; wc -l)`
+ if [ $? -ne 0 ]; then
+ fail "yes|head test failed"
+ lines = 0;
+ fi
+ if [ $lines -ne 2000 ]; then
+ fail "yes|head returns $lines lines instead of 2000"
+ fi
+done