diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2002-02-14 23:18:01 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2002-02-14 23:18:01 +0000 |
commit | 05f7489de58e24cbc2469b7978cbc51138f80120 (patch) | |
tree | cbae7c2f6e42d90b3fb9372d71fc0d413d362227 /regress | |
parent | 5fc1733621065fd7a8e06dd422d539406f3a4b9d (diff) |
serveral tests for ssh-keygen/ssh/sshd/ssh-add/ssh-agent
note that these tests will start sshd on 127.0.0.1:4242
and will fail if the realpath of /usr/src/usr.sbin/ssh/obj/ contains
a group or world writeable directory.
Diffstat (limited to 'regress')
-rw-r--r-- | regress/usr.bin/ssh/Makefile | 29 | ||||
-rw-r--r-- | regress/usr.bin/ssh/agent.sh | 48 | ||||
-rw-r--r-- | regress/usr.bin/ssh/broken-pipe.sh | 9 | ||||
-rw-r--r-- | regress/usr.bin/ssh/connect.sh | 8 | ||||
-rw-r--r-- | regress/usr.bin/ssh/exit-status.sh | 19 | ||||
-rw-r--r-- | regress/usr.bin/ssh/forwarding.sh | 28 | ||||
-rw-r--r-- | regress/usr.bin/ssh/proxy-connect.sh | 10 | ||||
-rw-r--r-- | regress/usr.bin/ssh/test-exec.sh | 146 | ||||
-rw-r--r-- | regress/usr.bin/ssh/try-ciphers.sh | 21 | ||||
-rw-r--r-- | regress/usr.bin/ssh/yes-head.sh | 12 |
10 files changed, 327 insertions, 3 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index 30a4996f0ab..74862fcee63 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,8 +1,24 @@ -# $OpenBSD: Makefile,v 1.1 2002/01/17 13:21:28 markus Exp $ +# $OpenBSD: Makefile,v 1.2 2002/02/14 23:18:00 markus Exp $ -REGRESSTARGETS=t1 t2 t3 t4 t5 t6 t7 +REGRESSTARGETS= t1 t2 t3 t4 t5 t6 t7 -CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub +CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub + +LTESTS= connect \ + proxy-connect \ + exit-status \ + broken-pipe \ + try-ciphers \ + yes-head \ + agent \ + forwarding + +USER!= id -un +CLEANFILES+= authorized_keys_${USER} known_hosts pidfile \ + ssh_config sshd_config sshd_config_proxy \ + rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ + rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ + ls.copy t1: ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv @@ -38,4 +54,11 @@ t7: t7.out ssh-keygen -lf t7.out > /dev/null ssh-keygen -Bf t7.out > /dev/null +.for t in ${LTESTS} +REGRESSTARGETS+=t-${t} +REGRESSSLOWTARGETS+=t-${t} +t-${t}: + sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh +.endfor + .include <bsd.regress.mk> diff --git a/regress/usr.bin/ssh/agent.sh b/regress/usr.bin/ssh/agent.sh new file mode 100644 index 00000000000..dc127885f1d --- /dev/null +++ b/regress/usr.bin/ssh/agent.sh @@ -0,0 +1,48 @@ +tid="simple agent test" + +SSH_AUTH_SOCK=/nonexistant ssh-add -l > /dev/null 2>&1 +if [ $? -ne 2 ]; then + fail "ssh-add -l did not fail with exit code 2" +fi + +trace "start agent" +eval `ssh-agent -s` > /dev/null +r=$? +if [ $r -ne 0 ]; then + fail "could not start ssh-agent: exit code $r" +else + ssh-add -l > /dev/null 2>&1 + if [ $? -ne 1 ]; then + fail "ssh-add -l did not fail with exit code 1" + fi + trace "overwrite authorized keys" + echo -n > $OBJ/authorized_keys_$USER + for t in rsa rsa1; do + # generate user key for agent + rm -f $OBJ/$t-agent + ssh-keygen -q -N '' -t $t -f $OBJ/$t-agent ||\ + fail "ssh-keygen for $t-agent failed" + # add to authorized keys + cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER + # add privat key to agent + ssh-add $OBJ/$t-agent > /dev/null 2>&1 + if [ $? -ne 0 ]; then + fail "ssh-add did succeed exit code 0" + fi + done + ssh-add -l > /dev/null 2>&1 + if [ $? -ne 0 ]; then + fail "ssh-add -l did succeed exit code 0" + fi + + trace "simple connect via agent" + for p in 1 2; do + ssh -o "Protocol=$p" -F $OBJ/ssh_config somehost exit 5$p + if [ $? -ne 5$p ]; then + fail "ssh connect with protocol $p failed" + fi + done + + trace "kill agent" + ssh-agent -k > /dev/null +fi diff --git a/regress/usr.bin/ssh/broken-pipe.sh b/regress/usr.bin/ssh/broken-pipe.sh new file mode 100644 index 00000000000..ccbfee259a4 --- /dev/null +++ b/regress/usr.bin/ssh/broken-pipe.sh @@ -0,0 +1,9 @@ +tid="broken pipe test" + +for i in 1 2 3 4; do + ssh -2 -F $OBJ/ssh_config nexthost echo $i | true + r=$? + if [ $r -ne 0 ]; then + fail "broken pipe returns $r" + fi +done diff --git a/regress/usr.bin/ssh/connect.sh b/regress/usr.bin/ssh/connect.sh new file mode 100644 index 00000000000..b95ecdaa215 --- /dev/null +++ b/regress/usr.bin/ssh/connect.sh @@ -0,0 +1,8 @@ +tid="simple connect" + +for p in 1 2; do + ssh -o "Protocol=$p" -F $OBJ/ssh_config somehost true + if [ $? -ne 0 ]; then + fail "ssh connect with protocol $p failed" + fi +done diff --git a/regress/usr.bin/ssh/exit-status.sh b/regress/usr.bin/ssh/exit-status.sh new file mode 100644 index 00000000000..67020f1d4ac --- /dev/null +++ b/regress/usr.bin/ssh/exit-status.sh @@ -0,0 +1,19 @@ +tid="remote exit status" + +for p in 1 2; do + for s in 0 1 4 5 44; do + ssh -$p -F $OBJ/ssh_config otherhost exit $s + r=$? + if [ $r -ne $s ]; then + fail "exit code mismatch for protocol $p: $r != $s" + fi + + # same with early close of stdout/err + ssh -$p -F $OBJ/ssh_config -n otherhost \ + exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' + r=$? + if [ $r -ne $s ]; then + fail "exit code (with sleep) mismatch for protocol $p: $r != $s" + fi + done +done diff --git a/regress/usr.bin/ssh/forwarding.sh b/regress/usr.bin/ssh/forwarding.sh new file mode 100644 index 00000000000..37b909546b9 --- /dev/null +++ b/regress/usr.bin/ssh/forwarding.sh @@ -0,0 +1,28 @@ +tid="local and remote forwarding" + +base=33 +last=$PORT +fwd="" +for j in 0 1 2; do + for i in 0 1 2; do + a=$base$j$i + b=`expr $a + 50` + c=$last + # fwd chain: $a -> $b -> $c + fwd="$fwd -L$a:127.0.0.1:$b -R$b:127.0.0.1:$c" + last=$a + done +done +for p in 1 2; do + q=`expr 3 - $p` + trace "start forwarding, fork to background" + ssh -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 + + trace "transfer over forwarded channels and check result" + ssh -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ + somehost cat /bin/ls > $OBJ/ls.copy + test -f $OBJ/ls.copy || fail "failed copy /bin/ls" + cmp /bin/ls $OBJ/ls.copy || fail "corrupted copy of /bin/ls" + + sleep 10 +done diff --git a/regress/usr.bin/ssh/proxy-connect.sh b/regress/usr.bin/ssh/proxy-connect.sh new file mode 100644 index 00000000000..9c53007a9be --- /dev/null +++ b/regress/usr.bin/ssh/proxy-connect.sh @@ -0,0 +1,10 @@ +tid="proxy connect" + +for p in 1 2; do + ssh -$p -F $OBJ/ssh_config \ + -o "proxycommand sshd -i -f $OBJ/sshd_config_proxy" \ + 999.999.999.999 true + if [ $? -ne 0 ]; then + fail "ssh proxyconnect protocol $p failed" + fi +done diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh new file mode 100644 index 00000000000..d5277c22c73 --- /dev/null +++ b/regress/usr.bin/ssh/test-exec.sh @@ -0,0 +1,146 @@ +# $OpenBSD: test-exec.sh,v 1.1 2002/02/14 23:18:00 markus Exp $ + +PORT=4242 +USER=`id -un` +SUDO= +#SUDO=sudo + +OBJ=$1 +if [ "x$OBJ" = "x" ]; then + echo '$OBJ not defined' + exit 2 +fi +if [ ! -d $OBJ ]; then + echo "not a directory: $OBJ" + exit 2 +fi +SCRIPT=$2 +if [ "x$SCRIPT" = "x" ]; then + echo '$SCRIPT not defined' + exit 2 +fi +if [ ! -f $SCRIPT ]; then + echo "not a file: $SCRIPT" + exit 2 +fi +if sh -n $SCRIPT; then + true +else + echo "syntax error in $SCRIPT" + exit 2 +fi +unset SSH_AUTH_SOCK + +# helper +cleanup () +{ + test -f $PIDFILE && $SUDO kill `cat $PIDFILE` +} + +trace () +{ + # echo "$@" +} + +fail () +{ + RESULT=1 + echo "$@" +} + +fatal () +{ + echo -n "FATAL: " + fail "$@" + cleanup + exit $RESULT +} + +RESULT=0 +PIDFILE=$OBJ/pidfile + +trap cleanup 3 2 + +# create server config +cat << EOF > $OBJ/sshd_config + Port $PORT + ListenAddress 127.0.0.1 + #ListenAddress ::1 + PidFile $PIDFILE + AuthorizedKeysFile $OBJ/authorized_keys_%u + LogLevel QUIET +EOF + +# server config for proxy connects +cp $OBJ/sshd_config $OBJ/sshd_config_proxy + +# create client config +cat << EOF > $OBJ/ssh_config +Host * + Hostname 127.0.0.1 + HostKeyAlias localhost-with-alias + Port $PORT + User $USER + GlobalKnownHostsFile $OBJ/known_hosts + UserKnownHostsFile $OBJ/known_hosts + RSAAuthentication yes + PubkeyAuthentication yes + ChallengeResponseAuthentication no + HostbasedAuthentication no + KerberosAuthentication no + PasswordAuthentication no + RhostsAuthentication no + RhostsRSAAuthentication no +EOF + +trace "generate keys" +for t in rsa rsa1; do + # generate user key + rm -f $OBJ/$t + ssh-keygen -q -N '' -t $t -f $OBJ/$t || fail "ssh-keygen for $t failed" + + # known hosts file for client + ( + echo -n 'localhost-with-alias,127.0.0.1,::1 ' + cat $OBJ/$t.pub + ) >> $OBJ/known_hosts + + # setup authorized keys + cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER + echo IdentityFile $OBJ/$t >> $OBJ/ssh_config + + # use key as host key, too + $SUDO cp $OBJ/$t $OBJ/host.$t + echo HostKey $OBJ/host.$t >> $OBJ/sshd_config + + # don't use SUDO for proxy connect + echo HostKey $OBJ/$t >> $OBJ/sshd_config_proxy +done + +# start sshd +$SUDO sshd -f $OBJ/sshd_config -t || fatal "sshd_config broken" +$SUDO sshd -f $OBJ/sshd_config + +trace "wait for sshd" +i=0; +while [ ! -f $PIDFILE -a $i -lt 5 ]; do + i=`expr $i + 1` + sleep $i +done + +test -f $PIDFILE || fatal "no sshd running on port $PORT" + +# check proxy config +sshd -t -f $OBJ/sshd_config_proxy || fail "sshd_config_proxy broken" + +# source test body +. $SCRIPT + +# kill sshd +cleanup +if [ $RESULT -eq 0 ]; then + trace ok $tid +else + echo failed $tid +fi +exit $RESULT diff --git a/regress/usr.bin/ssh/try-ciphers.sh b/regress/usr.bin/ssh/try-ciphers.sh new file mode 100644 index 00000000000..be125ac0ccc --- /dev/null +++ b/regress/usr.bin/ssh/try-ciphers.sh @@ -0,0 +1,21 @@ +tid="try ciphers" + +ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour aes192-cbc aes256-cbc" +macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96" + +for c in $ciphers; do + for m in $macs; do + ssh -F $OBJ/ssh_config -2 -m $m -c $c somehost true + if [ $? -ne 0 ]; then + fail "ssh -2 failed with mac $m cipher $c" + fi + done +done + +ciphers="3des blowfish" +for c in $ciphers; do + ssh -F $OBJ/ssh_config -1 -c $c somehost true + if [ $? -ne 0 ]; then + fail "ssh -1 failed with cipher $c" + fi +done diff --git a/regress/usr.bin/ssh/yes-head.sh b/regress/usr.bin/ssh/yes-head.sh new file mode 100644 index 00000000000..2139c7ca6fd --- /dev/null +++ b/regress/usr.bin/ssh/yes-head.sh @@ -0,0 +1,12 @@ +tid="yes|head" + +for p in 1 2; do + lines=`ssh -$p -F $OBJ/ssh_config thishost 'yes | head -2000' | (sleep 3 ; wc -l)` + if [ $? -ne 0 ]; then + fail "yes|head test failed" + lines = 0; + fi + if [ $lines -ne 2000 ]; then + fail "yes|head returns $lines lines instead of 2000" + fi +done |