diff options
author | des <des@FreeBSD.org> | 2017-09-02 21:58:42 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2017-09-02 21:58:42 +0000 |
commit | ca26403304720e30901aa6f7bde4883af9662d2d (patch) | |
tree | 24e8f197b92c6ecd99617ac7584b6ba544a46aec /crypto/openssh/regress | |
parent | ce0d6faba2a9fd27ff0fc0942a4e51f5203bb88f (diff) | |
download | FreeBSD-src-ca26403304720e30901aa6f7bde4883af9662d2d.zip FreeBSD-src-ca26403304720e30901aa6f7bde4883af9662d2d.tar.gz |
MFH (r314306,r314720): Upgrade OpenSSH to 7.4p1.
Diffstat (limited to 'crypto/openssh/regress')
31 files changed, 426 insertions, 151 deletions
diff --git a/crypto/openssh/regress/Makefile b/crypto/openssh/regress/Makefile index 08fd82d..c2dba4f 100644 --- a/crypto/openssh/regress/Makefile +++ b/crypto/openssh/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.88 2016/06/03 04:10:41 dtucker Exp $ +# $OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -39,6 +39,7 @@ LTESTS= connect \ keyscan \ keygen-change \ keygen-convert \ + keygen-moduli \ key-options \ scp \ sftp \ @@ -77,7 +78,8 @@ LTESTS= connect \ hostkey-rotate \ principals-command \ cert-file \ - cfginclude + cfginclude \ + allow-deny-users # dhgex \ @@ -87,9 +89,10 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #LTESTS= cipher-speed -USER!= id -un -CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \ - authorized_keys_${USER}.* authorized_principals_${USER} \ +USERNAME!= id -un +CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ + authorized_keys_${USERNAME}.* \ + authorized_principals_${USERNAME} \ banner.in banner.out cert_host_key* cert_user_key* \ copy.1 copy.2 data ed25519-agent ed25519-agent* \ ed25519-agent.pub empty.in expect failed-regress.log \ @@ -111,10 +114,10 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \ t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ t9.out t9.out.pub testdata user_*key* user_ca* user_key* -SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} +SUDO_CLEAN+= /var/run/testdata_${USERNAME} /var/run/keycommand_${USERNAME} # Enable all malloc(3) randomisations and checks -TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" +TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX" TEST_SSH_SSHKEYGEN?=ssh-keygen @@ -222,4 +225,8 @@ unit: $$V ${.OBJDIR}/unittests/kex/test_kex ; \ $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ -d ${.CURDIR}/unittests/hostkeys/testdata ; \ + $$V ${.OBJDIR}/unittests/match/test_match ; \ + if test "x${TEST_SSH_UTF8}" = "xyes" ; then \ + $$V ${.OBJDIR}/unittests/utf8/test_utf8 ; \ + fi \ fi diff --git a/crypto/openssh/regress/agent-getpeereid.sh b/crypto/openssh/regress/agent-getpeereid.sh index 24b71f4..91621a5 100644 --- a/crypto/openssh/regress/agent-getpeereid.sh +++ b/crypto/openssh/regress/agent-getpeereid.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.6 2016/05/03 14:41:04 djm Exp $ +# $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $ # Placed in the Public Domain. tid="disallow agent attach from other uid" diff --git a/crypto/openssh/regress/allow-deny-users.sh b/crypto/openssh/regress/allow-deny-users.sh new file mode 100644 index 0000000..32a269a --- /dev/null +++ b/crypto/openssh/regress/allow-deny-users.sh @@ -0,0 +1,40 @@ +# Public Domain +# Zev Weiss, 2016 + +tid="AllowUsers/DenyUsers" + +me="$LOGNAME" +if [ "x$me" == "x" ]; then + me=`whoami` +fi +other="nobody" + +test_auth() +{ + deny="$1" + allow="$2" + should_succeed="$3" + failmsg="$4" + + start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow" + + ${SSH} -F $OBJ/ssh_config "$me@somehost" true + status=$? + + if (test $status -eq 0 && ! $should_succeed) \ + || (test $status -ne 0 && $should_succeed); then + fail "$failmsg" + fi + + stop_sshd +} + +# DenyUsers AllowUsers should_succeed failure_message +test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied" +test_auth "$other $me" "" false "user in DenyUsers allowed" +test_auth "$me $other" "" false "user in DenyUsers allowed" +test_auth "" "$other" false "user not in AllowUsers allowed" +test_auth "" "$other $me" true "user in AllowUsers denied" +test_auth "" "$me $other" true "user in AllowUsers denied" +test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed" +test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed" diff --git a/crypto/openssh/regress/cert-file.sh b/crypto/openssh/regress/cert-file.sh index bad923a..b184e7f 100755 --- a/crypto/openssh/regress/cert-file.sh +++ b/crypto/openssh/regress/cert-file.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-file.sh,v 1.2 2015/09/24 07:15:39 djm Exp $ +# $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $ # Placed in the Public Domain. tid="ssh with certificates" diff --git a/crypto/openssh/regress/cert-userkey.sh b/crypto/openssh/regress/cert-userkey.sh index 3197463..7005fd5 100755 --- a/crypto/openssh/regress/cert-userkey.sh +++ b/crypto/openssh/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $ +# $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -354,6 +354,20 @@ test_one "principals key option principals" success "-n mekmitasdigoat" \ test_one "principals key option no principals" failure "" \ authorized_keys ',principals="mekmitasdigoat"' +# command= options vs. force-command in key +test_one "force-command match true" success \ + "-n ${USER} -Oforce-command=true" \ + authorized_keys ',command="true"' +test_one "force-command match true" failure \ + "-n ${USER} -Oforce-command=false" \ + authorized_keys ',command="false"' +test_one "force-command mismatch 1" failure \ + "-n ${USER} -Oforce-command=false" \ + authorized_keys ',command="true"' +test_one "force-command mismatch 2" failure \ + "-n ${USER} -Oforce-command=true" \ + authorized_keys ',command="false"' + # Wrong certificate cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy for ktype in $PLAIN_TYPES ; do diff --git a/crypto/openssh/regress/connect-privsep.sh b/crypto/openssh/regress/connect-privsep.sh index ea739f6..81cedc7 100644 --- a/crypto/openssh/regress/connect-privsep.sh +++ b/crypto/openssh/regress/connect-privsep.sh @@ -1,4 +1,4 @@ -# $OpenBSD: connect-privsep.sh,v 1.6 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: connect-privsep.sh,v 1.8 2016/11/01 13:43:27 tb Exp $ # Placed in the Public Domain. tid="proxy connect with privsep" @@ -27,7 +27,7 @@ done # Because sandbox is sensitive to changes in libc, especially malloc, retest # with every malloc.conf option (and none). if [ -z "TEST_MALLOC_OPTIONS" ]; then - mopts="A F G H J P R S X < >" + mopts="C F G J R S U X < >" else mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` fi diff --git a/crypto/openssh/regress/integrity.sh b/crypto/openssh/regress/integrity.sh index bfadc6b..39d310d 100755 --- a/crypto/openssh/regress/integrity.sh +++ b/crypto/openssh/regress/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.18 2016/03/04 02:48:06 dtucker Exp $ +# $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $ # Placed in the Public Domain. tid="integrity" diff --git a/crypto/openssh/regress/keygen-moduli.sh b/crypto/openssh/regress/keygen-moduli.sh new file mode 100644 index 0000000..d4e7713 --- /dev/null +++ b/crypto/openssh/regress/keygen-moduli.sh @@ -0,0 +1,18 @@ +# $OpenBSD: keygen-moduli.sh,v 1.2 2016/09/14 00:45:31 dtucker Exp $ +# Placed in the Public Domain. + +tid="keygen moduli" + +# Try "start at the beginning and stop after 1", "skip 1 then stop after 1" +# and "skip 2 and run to the end with checkpointing". Since our test data +# file has 3 lines, these should always result in 1 line of output. +for i in "-J1" "-j1 -J1" "-j2 -K $OBJ/moduli.ckpt"; do + trace "keygen $i" + rm -f $OBJ/moduli.out $OBJ/moduli.ckpt + ${SSHKEYGEN} -T $OBJ/moduli.out -f ${SRC}/moduli.in $i 2>/dev/null || \ + fail "keygen screen failed $i" + lines=`wc -l <$OBJ/moduli.out` + test "$lines" -eq "1" || fail "expected 1 line, got $lines" +done + +rm -f $OBJ/moduli.out $OBJ/moduli.ckpt diff --git a/crypto/openssh/regress/keys-command.sh b/crypto/openssh/regress/keys-command.sh index af68cf1..9c9ada7 100755 --- a/crypto/openssh/regress/keys-command.sh +++ b/crypto/openssh/regress/keys-command.sh @@ -3,7 +3,7 @@ tid="authorized keys from command" -if test -z "$SUDO" ; then +if [ -z "$SUDO" -a ! -w /var/run ]; then echo "skipped (SUDO not set)" echo "need SUDO to create file in /var/run, test won't work without" exit 0 diff --git a/crypto/openssh/regress/login-timeout.sh b/crypto/openssh/regress/login-timeout.sh index eb76f55..12207fd 100644 --- a/crypto/openssh/regress/login-timeout.sh +++ b/crypto/openssh/regress/login-timeout.sh @@ -1,4 +1,4 @@ -# $OpenBSD: login-timeout.sh,v 1.7 2014/03/13 20:44:49 djm Exp $ +# $OpenBSD: login-timeout.sh,v 1.8 2016/12/16 01:06:27 dtucker Exp $ # Placed in the Public Domain. tid="connect after login grace timeout" @@ -17,7 +17,7 @@ if [ $? -ne 0 ]; then fail "ssh connect after login grace timeout failed with privsep" fi -$SUDO kill `$SUDO cat $PIDFILE` +stop_sshd trace "test login grace without privsep" echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config diff --git a/crypto/openssh/regress/misc/kexfuzz/README b/crypto/openssh/regress/misc/kexfuzz/README index 8b215b5..abd7b50 100644 --- a/crypto/openssh/regress/misc/kexfuzz/README +++ b/crypto/openssh/regress/misc/kexfuzz/README @@ -26,3 +26,7 @@ A comprehensive KEX fuzz run would fuzz every packet in both directions for each key exchange type and every hostkey type. This will take some time. +Limitations: kexfuzz can't change the ordering of packets at +present. It is limited to replacing individual packets with +fuzzed variants with the same type. It really should allow +insertion, deletion on replacement of packets too. diff --git a/crypto/openssh/regress/misc/kexfuzz/kexfuzz.c b/crypto/openssh/regress/misc/kexfuzz/kexfuzz.c index 2894d3a..6705802 100644 --- a/crypto/openssh/regress/misc/kexfuzz/kexfuzz.c +++ b/crypto/openssh/regress/misc/kexfuzz/kexfuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexfuzz.c,v 1.1 2016/03/04 02:30:37 djm Exp $ */ +/* $OpenBSD: kexfuzz.c,v 1.3 2016/10/11 21:49:54 djm Exp $ */ /* * Fuzz harness for KEX code * @@ -27,6 +27,7 @@ #include "packet.h" #include "myproposal.h" #include "authfile.h" +#include "log.h" struct ssh *active_state = NULL; /* XXX - needed for linking */ @@ -35,61 +36,93 @@ static int do_debug = 0; enum direction { S2C, C2S }; +struct hook_ctx { + struct ssh *client, *server, *server2; + int *c2s, *s2c; + int trigger_direction, packet_index; + const char *dump_path; + struct sshbuf *replace_data; +}; + static int -do_send_and_receive(struct ssh *from, struct ssh *to, int mydirection, - int *packet_count, int trigger_direction, int packet_index, - const char *dump_path, struct sshbuf *replace_data) +packet_hook(struct ssh *ssh, struct sshbuf *packet, u_char *typep, void *_ctx) +{ + struct hook_ctx *ctx = (struct hook_ctx *)_ctx; + int mydirection = ssh == ctx->client ? S2C : C2S; + int *packet_count = mydirection == S2C ? ctx->s2c : ctx->c2s; + FILE *dumpfile; + int r; + + if (do_debug) { + printf("%s packet %d type %u:\n", + mydirection == S2C ? "s2c" : "c2s", + *packet_count, *typep); + sshbuf_dump(packet, stdout); + } + if (mydirection == ctx->trigger_direction && + ctx->packet_index == *packet_count) { + if (ctx->replace_data != NULL) { + sshbuf_reset(packet); + /* Type is first byte of packet */ + if ((r = sshbuf_get_u8(ctx->replace_data, + typep)) != 0 || + (r = sshbuf_putb(packet, ctx->replace_data)) != 0) + return r; + if (do_debug) { + printf("***** replaced packet type %u\n", + *typep); + sshbuf_dump(packet, stdout); + } + } else if (ctx->dump_path != NULL) { + if ((dumpfile = fopen(ctx->dump_path, "w+")) == NULL) + err(1, "fopen %s", ctx->dump_path); + /* Write { type, packet } */ + if (fwrite(typep, 1, 1, dumpfile) != 1) + err(1, "fwrite type %s", ctx->dump_path); + if (sshbuf_len(packet) != 0 && + fwrite(sshbuf_ptr(packet), sshbuf_len(packet), + 1, dumpfile) != 1) + err(1, "fwrite body %s", ctx->dump_path); + if (do_debug) { + printf("***** dumped packet type %u len %zu\n", + *typep, sshbuf_len(packet)); + } + fclose(dumpfile); + /* No point in continuing */ + exit(0); + } + } + (*packet_count)++; + return 0; +} + +static int +do_send_and_receive(struct ssh *from, struct ssh *to) { u_char type; - size_t len, olen; + size_t len; const u_char *buf; int r; - FILE *dumpfile; for (;;) { if ((r = ssh_packet_next(from, &type)) != 0) { fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r)); return r; } + if (type != 0) return 0; buf = ssh_output_ptr(from, &len); - olen = len; - if (do_debug) { - printf("%s packet %d type %u len %zu:\n", - mydirection == S2C ? "s2c" : "c2s", - *packet_count, type, len); - sshbuf_dump_data(buf, len, stdout); - } - if (mydirection == trigger_direction && - packet_index == *packet_count) { - if (replace_data != NULL) { - buf = sshbuf_ptr(replace_data); - len = sshbuf_len(replace_data); - if (do_debug) { - printf("***** replaced packet " - "len %zu\n", len); - sshbuf_dump_data(buf, len, stdout); - } - } else if (dump_path != NULL) { - if ((dumpfile = fopen(dump_path, "w+")) == NULL) - err(1, "fopen %s", dump_path); - if (len != 0 && - fwrite(buf, len, 1, dumpfile) != 1) - err(1, "fwrite %s", dump_path); - if (do_debug) - printf("***** dumped packet " - "len %zu\n", len); - fclose(dumpfile); - exit(0); - } - } - (*packet_count)++; if (len == 0) return 0; - if ((r = ssh_input_append(to, buf, len)) != 0 || - (r = ssh_output_consume(from, olen)) != 0) + if ((r = ssh_input_append(to, buf, len)) != 0) { + debug("ssh_input_append: %s", ssh_err(r)); + return r; + } + if ((r = ssh_output_consume(from, len)) != 0) { + debug("ssh_output_consume: %s", ssh_err(r)); return r; + } } } @@ -141,19 +174,19 @@ const char *in_test = NULL; static void -run_kex(struct ssh *client, struct ssh *server, int *s2c, int *c2s, - int direction, int packet_index, - const char *dump_path, struct sshbuf *replace_data) +run_kex(struct ssh *client, struct ssh *server) { int r = 0; while (!server->kex->done || !client->kex->done) { - if ((r = do_send_and_receive(server, client, S2C, s2c, - direction, packet_index, dump_path, replace_data))) + if ((r = do_send_and_receive(server, client)) != 0) { + debug("do_send_and_receive S2C: %s", ssh_err(r)); break; - if ((r = do_send_and_receive(client, server, C2S, c2s, - direction, packet_index, dump_path, replace_data))) + } + if ((r = do_send_and_receive(client, server)) != 0) { + debug("do_send_and_receive C2S: %s", ssh_err(r)); break; + } } if (do_debug) printf("done: %s\n", ssh_err(r)); @@ -173,6 +206,7 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, struct kex_params kex_params; char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; char *keyname = NULL; + struct hook_ctx hook_ctx; TEST_START("sshkey_from_private"); ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0); @@ -187,30 +221,42 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname; ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0); ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0); + ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0); ASSERT_PTR_NE(client, NULL); ASSERT_PTR_NE(server, NULL); + ASSERT_PTR_NE(server2, NULL); TEST_DONE(); + hook_ctx.c2s = c2s; + hook_ctx.s2c = s2c; + hook_ctx.trigger_direction = direction; + hook_ctx.packet_index = packet_index; + hook_ctx.dump_path = dump_path; + hook_ctx.replace_data = replace_data; + hook_ctx.client = client; + hook_ctx.server = server; + hook_ctx.server2 = server2; + ssh_packet_set_input_hook(client, packet_hook, &hook_ctx); + ssh_packet_set_input_hook(server, packet_hook, &hook_ctx); + ssh_packet_set_input_hook(server2, packet_hook, &hook_ctx); + TEST_START("ssh_add_hostkey"); ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0); ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0); TEST_DONE(); TEST_START("kex"); - run_kex(client, server, s2c, c2s, direction, packet_index, - dump_path, replace_data); + run_kex(client, server); TEST_DONE(); TEST_START("rekeying client"); ASSERT_INT_EQ(kex_send_kexinit(client), 0); - run_kex(client, server, s2c, c2s, direction, packet_index, - dump_path, replace_data); + run_kex(client, server); TEST_DONE(); TEST_START("rekeying server"); ASSERT_INT_EQ(kex_send_kexinit(server), 0); - run_kex(client, server, s2c, c2s, direction, packet_index, - dump_path, replace_data); + run_kex(client, server); TEST_DONE(); TEST_START("ssh_packet_get_state"); @@ -221,9 +267,6 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, TEST_DONE(); TEST_START("ssh_packet_set_state"); - server2 = NULL; - ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0); - ASSERT_PTR_NE(server2, NULL); ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0); kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */ ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0); @@ -231,12 +274,17 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ +#ifdef WITH_OPENSSL server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + server2->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + server2->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + server2->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; -#ifdef OPENSSL_HAS_ECC +# ifdef OPENSSL_HAS_ECC server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +# endif #endif server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; server2->kex->load_host_public_key = server->kex->load_host_public_key; @@ -246,11 +294,9 @@ do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, TEST_START("rekeying server2"); ASSERT_INT_EQ(kex_send_kexinit(server2), 0); - run_kex(client, server2, s2c, c2s, direction, packet_index, - dump_path, replace_data); + run_kex(client, server2); ASSERT_INT_EQ(kex_send_kexinit(client), 0); - run_kex(client, server2, s2c, c2s, direction, packet_index, - dump_path, replace_data); + run_kex(client, server2); TEST_DONE(); TEST_START("cleanup"); @@ -352,6 +398,9 @@ main(int argc, char **argv) argc -= optind; argv += optind; + log_init(argv[0], do_debug ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO, + SYSLOG_FACILITY_USER, 1); + /* Must select a single mode */ if ((count_flag + dump_flag + replace_flag) != 1) badusage("Must select one mode: -c, -d or -r"); diff --git a/crypto/openssh/regress/moduli.in b/crypto/openssh/regress/moduli.in new file mode 100644 index 0000000..e69c902 --- /dev/null +++ b/crypto/openssh/regress/moduli.in @@ -0,0 +1,3 @@ +20160301052556 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D19F4647 +20160301052601 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1A5C13B +20160301052612 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1B7A3EF diff --git a/crypto/openssh/regress/principals-command.sh b/crypto/openssh/regress/principals-command.sh index c0be7e7..9b38eb1 100755 --- a/crypto/openssh/regress/principals-command.sh +++ b/crypto/openssh/regress/principals-command.sh @@ -1,4 +1,4 @@ -# $OpenBSD: principals-command.sh,v 1.1 2015/05/21 06:44:25 djm Exp $ +# $OpenBSD: principals-command.sh,v 1.3 2016/09/26 21:34:38 bluhm Exp $ # Placed in the Public Domain. tid="authorized principals command" @@ -6,41 +6,56 @@ tid="authorized principals command" rm -f $OBJ/user_ca_key* $OBJ/cert_user_key* cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak -if test -z "$SUDO" ; then +if [ -z "$SUDO" -a ! -w /var/run ]; then echo "skipped (SUDO not set)" echo "need SUDO to create file in /var/run, test won't work without" exit 0 fi +SERIAL=$$ + +# Create a CA key and a user certificate. +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ + fatal "ssh-keygen of user_ca_key failed" +${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/cert_user_key || \ + fatal "ssh-keygen of cert_user_key failed" +${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "Joanne User" \ + -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \ + fatal "couldn't sign cert_user_key" + +CERT_BODY=`cat $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'` +CA_BODY=`cat $OBJ/user_ca_key.pub | awk '{ print $2 }'` +CERT_FP=`${SSHKEYGEN} -lf $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'` +CA_FP=`${SSHKEYGEN} -lf $OBJ/user_ca_key.pub | awk '{ print $2 }'` + # Establish a AuthorizedPrincipalsCommand in /var/run where it will have # acceptable directory permissions. -PRINCIPALS_CMD="/var/run/principals_command_${LOGNAME}" -cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_CMD'" +PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}" +cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'" #!/bin/sh test "x\$1" != "x${LOGNAME}" && exit 1 +test "x\$2" != "xssh-rsa-cert-v01@openssh.com" && exit 1 +test "x\$3" != "xssh-ed25519" && exit 1 +test "x\$4" != "xJoanne User" && exit 1 +test "x\$5" != "x${SERIAL}" && exit 1 +test "x\$6" != "x${CA_FP}" && exit 1 +test "x\$7" != "x${CERT_FP}" && exit 1 +test "x\$8" != "x${CERT_BODY}" && exit 1 +test "x\$9" != "x${CA_BODY}" && exit 1 test -f "$OBJ/authorized_principals_${LOGNAME}" && exec cat "$OBJ/authorized_principals_${LOGNAME}" _EOF test $? -eq 0 || fatal "couldn't prepare principals command" -$SUDO chmod 0755 "$PRINCIPALS_CMD" +$SUDO chmod 0755 "$PRINCIPALS_COMMAND" -if ! $OBJ/check-perm -m keys-command $PRINCIPALS_CMD ; then - echo "skipping: $PRINCIPALS_CMD is unsuitable as " \ +if ! $OBJ/check-perm -m keys-command $PRINCIPALS_COMMAND ; then + echo "skipping: $PRINCIPALS_COMMAND is unsuitable as " \ "AuthorizedPrincipalsCommand" - $SUDO rm -f $PRINCIPALS_CMD + $SUDO rm -f $PRINCIPALS_COMMAND exit 0 fi -# Create a CA key and a user certificate. -${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ - fatal "ssh-keygen of user_ca_key failed" -${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/cert_user_key || \ - fatal "ssh-keygen of cert_user_key failed" -${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ - -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \ - fatal "couldn't sign cert_user_key" - -if [ -x $PRINCIPALS_CMD ]; then +if [ -x $PRINCIPALS_COMMAND ]; then # Test explicitly-specified principals for privsep in yes no ; do _prefix="privsep $privsep" @@ -51,7 +66,8 @@ if [ -x $PRINCIPALS_CMD ]; then cat $OBJ/sshd_proxy_bak echo "UsePrivilegeSeparation $privsep" echo "AuthorizedKeysFile none" - echo "AuthorizedPrincipalsCommand $PRINCIPALS_CMD %u" + echo "AuthorizedPrincipalsCommand $PRINCIPALS_COMMAND" \ + "%u %t %T %i %s %F %f %k %K" echo "AuthorizedPrincipalsCommandUser ${LOGNAME}" echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" ) > $OBJ/sshd_proxy diff --git a/crypto/openssh/regress/putty-ciphers.sh b/crypto/openssh/regress/putty-ciphers.sh index 724a98c..9adba67 100755 --- a/crypto/openssh/regress/putty-ciphers.sh +++ b/crypto/openssh/regress/putty-ciphers.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $ +# $OpenBSD: putty-ciphers.sh,v 1.5 2016/11/25 03:02:01 dtucker Exp $ # Placed in the Public Domain. tid="putty ciphers" @@ -16,7 +16,7 @@ for c in aes blowfish 3des arcfour aes128-ctr aes192-ctr aes256-ctr ; do rm -f ${COPY} env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ - 127.0.0.1 cat ${DATA} > ${COPY} + cat ${DATA} > ${COPY} if [ $? -ne 0 ]; then fail "ssh cat $DATA failed" fi diff --git a/crypto/openssh/regress/putty-kex.sh b/crypto/openssh/regress/putty-kex.sh index 1844d65..9d3c6a9 100755 --- a/crypto/openssh/regress/putty-kex.sh +++ b/crypto/openssh/regress/putty-kex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ +# $OpenBSD: putty-kex.sh,v 1.4 2016/11/25 03:02:01 dtucker Exp $ # Placed in the Public Domain. tid="putty KEX" @@ -14,8 +14,7 @@ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do ${OBJ}/.putty/sessions/kex_$k echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k - env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \ - 127.0.0.1 true + env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 true if [ $? -ne 0 ]; then fail "KEX $k failed" fi diff --git a/crypto/openssh/regress/putty-transfer.sh b/crypto/openssh/regress/putty-transfer.sh index aec0e04..8eb6ae0 100755 --- a/crypto/openssh/regress/putty-transfer.sh +++ b/crypto/openssh/regress/putty-transfer.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ +# $OpenBSD: putty-transfer.sh,v 1.4 2016/11/25 03:02:01 dtucker Exp $ # Placed in the Public Domain. tid="putty transfer data" @@ -17,7 +17,7 @@ for p in 2; do ${OBJ}/.putty/sessions/compression_$c echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k env HOME=$PWD ${PLINK} -load compression_$c -batch \ - -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY} + -i putty.rsa$p cat ${DATA} > ${COPY} if [ $? -ne 0 ]; then fail "ssh cat $DATA failed" fi @@ -28,7 +28,7 @@ for p in 2; do rm -f ${COPY} dd if=$DATA obs=${s} 2> /dev/null | \ env HOME=$PWD ${PLINK} -load compression_$c \ - -batch -i putty.rsa$p 127.0.0.1 \ + -batch -i putty.rsa$p \ "cat > ${COPY}" if [ $? -ne 0 ]; then fail "ssh cat $DATA failed" diff --git a/crypto/openssh/regress/reexec.sh b/crypto/openssh/regress/reexec.sh index 5c0a7b4..72957d4 100644 --- a/crypto/openssh/regress/reexec.sh +++ b/crypto/openssh/regress/reexec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: reexec.sh,v 1.8 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: reexec.sh,v 1.10 2016/12/16 01:06:27 dtucker Exp $ # Placed in the Public Domain. tid="reexec tests" @@ -39,8 +39,7 @@ echo "InvalidXXX=no" >> $OBJ/sshd_config copy_tests -$SUDO kill `$SUDO cat $PIDFILE` -rm -f $PIDFILE +stop_sshd cp $OBJ/sshd_config.orig $OBJ/sshd_config @@ -54,8 +53,7 @@ rm -f $SSHD_COPY copy_tests -$SUDO kill `$SUDO cat $PIDFILE` -rm -f $PIDFILE +stop_sshd verbose "test reexec fallback without privsep" @@ -67,7 +65,6 @@ rm -f $SSHD_COPY copy_tests -$SUDO kill `$SUDO cat $PIDFILE` -rm -f $PIDFILE +stop_sshd fi diff --git a/crypto/openssh/regress/sftp-chroot.sh b/crypto/openssh/regress/sftp-chroot.sh index 9c26eb6..4ea2fce 100755 --- a/crypto/openssh/regress/sftp-chroot.sh +++ b/crypto/openssh/regress/sftp-chroot.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sftp-chroot.sh,v 1.4 2014/01/20 00:00:30 dtucker Exp $ +# $OpenBSD: sftp-chroot.sh,v 1.5 2016/09/26 21:34:38 bluhm Exp $ # Placed in the Public Domain. tid="sftp in chroot" @@ -7,7 +7,7 @@ CHROOT=/var/run FILENAME=testdata_${USER} PRIVDATA=${CHROOT}/${FILENAME} -if [ -z "$SUDO" ]; then +if [ -z "$SUDO" -a ! -w /var/run ]; then echo "skipped: need SUDO to create file in /var/run, test won't work without" exit 0 fi diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh index 1b6526d..bfa4880 100644 --- a/crypto/openssh/regress/test-exec.sh +++ b/crypto/openssh/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.53 2016/04/15 02:57:10 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -130,7 +130,8 @@ if [ "x$TEST_SSH_CONCH" != "x" ]; then esac fi -SSH_PROTOCOLS=`$SSH -Q protocol-version` +SSH_PROTOCOLS=2 +#SSH_PROTOCOLS=`$SSH -Q protocol-version` if [ "x$TEST_SSH_PROTOCOLS" != "x" ]; then SSH_PROTOCOLS="${TEST_SSH_PROTOCOLS}" fi @@ -292,16 +293,8 @@ md5 () { } # End of portable specific functions -# helper -cleanup () +stop_sshd () { - if [ "x$SSH_PID" != "x" ]; then - if [ $SSH_PID -lt 2 ]; then - echo bad pid for ssh: $SSH_PID - else - kill $SSH_PID - fi - fi if [ -f $PIDFILE ]; then pid=`$SUDO cat $PIDFILE` if [ "X$pid" = "X" ]; then @@ -324,6 +317,19 @@ cleanup () fi } +# helper +cleanup () +{ + if [ "x$SSH_PID" != "x" ]; then + if [ $SSH_PID -lt 2 ]; then + echo bad pid for ssh: $SSH_PID + else + kill $SSH_PID + fi + fi + stop_sshd +} + start_debug_log () { echo "trace: $@" >$TEST_REGRESS_LOGFILE @@ -400,7 +406,6 @@ fi cat << EOF > $OBJ/sshd_config StrictModes no Port $PORT - Protocol $PROTO AddressFamily inet ListenAddress 127.0.0.1 #ListenAddress ::1 @@ -433,7 +438,6 @@ echo 'StrictModes no' >> $OBJ/sshd_proxy # create client config cat << EOF > $OBJ/ssh_config Host * - Protocol $PROTO Hostname 127.0.0.1 HostKeyAlias localhost-with-alias Port $PORT @@ -513,7 +517,11 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then # Add a PuTTY key to authorized_keys rm -f ${OBJ}/putty.rsa2 - puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null + if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \ + --new-passphrase /dev/null < /dev/null > /dev/null; then + echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2 + puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null + fi puttygen -O public-openssh ${OBJ}/putty.rsa2 \ >> $OBJ/authorized_keys_$USER @@ -526,10 +534,12 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then # Setup proxied session mkdir -p ${OBJ}/.putty/sessions rm -f ${OBJ}/.putty/sessions/localhost_proxy - echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy REGRESS_INTEROP_PUTTY=yes fi diff --git a/crypto/openssh/regress/unittests/Makefile b/crypto/openssh/regress/unittests/Makefile index 0a95d4b..e70b166 100644 --- a/crypto/openssh/regress/unittests/Makefile +++ b/crypto/openssh/regress/unittests/Makefile @@ -1,5 +1,5 @@ -# $OpenBSD: Makefile,v 1.6 2016/05/26 19:14:25 schwarze Exp $ +# $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $ REGRESS_FAIL_EARLY= yes -SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 +SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match .include <bsd.subdir.mk> diff --git a/crypto/openssh/regress/unittests/Makefile.inc b/crypto/openssh/regress/unittests/Makefile.inc index 7385e2b..3d9eaba 100644 --- a/crypto/openssh/regress/unittests/Makefile.inc +++ b/crypto/openssh/regress/unittests/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.6 2015/07/01 23:11:18 djm Exp $ +# $OpenBSD: Makefile.inc,v 1.9 2016/11/01 13:43:27 tb Exp $ .include <bsd.own.mk> .include <bsd.obj.mk> @@ -49,11 +49,15 @@ DPADD+=${.CURDIR}/../test_helper/libtest_helper.a .if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh -DPADD+=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a +LIBSSH=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a .else LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh -DPADD+=${.CURDIR}/${SSHREL}/lib/libssh.a +LIBSSH=${.CURDIR}/${SSHREL}/lib/libssh.a .endif +DPADD+=${LIBSSH} +${PROG}: ${LIBSSH} +${LIBSSH}: + cd ${.CURDIR}/${SSHREL} && ${MAKE} lib LDADD+= -lcrypto DPADD+= ${LIBCRYPTO} diff --git a/crypto/openssh/regress/unittests/bitmap/Makefile b/crypto/openssh/regress/unittests/bitmap/Makefile index b704d22..bd21949 100644 --- a/crypto/openssh/regress/unittests/bitmap/Makefile +++ b/crypto/openssh/regress/unittests/bitmap/Makefile @@ -1,6 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2015/01/15 07:36:28 djm Exp $ - -TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" +# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ PROG=test_bitmap SRCS=tests.c diff --git a/crypto/openssh/regress/unittests/hostkeys/Makefile b/crypto/openssh/regress/unittests/hostkeys/Makefile index f52a85f..ae3c342 100644 --- a/crypto/openssh/regress/unittests/hostkeys/Makefile +++ b/crypto/openssh/regress/unittests/hostkeys/Makefile @@ -1,6 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2015/02/16 22:18:34 djm Exp $ - -TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" +# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ PROG=test_hostkeys SRCS=tests.c test_iterate.c diff --git a/crypto/openssh/regress/unittests/kex/Makefile b/crypto/openssh/regress/unittests/kex/Makefile index 6532cb0..7ed3126 100644 --- a/crypto/openssh/regress/unittests/kex/Makefile +++ b/crypto/openssh/regress/unittests/kex/Makefile @@ -1,6 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2015/01/24 10:39:21 miod Exp $ - -TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" +# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ PROG=test_kex SRCS=tests.c test_kex.c diff --git a/crypto/openssh/regress/unittests/match/Makefile b/crypto/openssh/regress/unittests/match/Makefile new file mode 100644 index 0000000..bd4aed8 --- /dev/null +++ b/crypto/openssh/regress/unittests/match/Makefile @@ -0,0 +1,10 @@ +# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ + +PROG=test_match +SRCS=tests.c +REGRESS_TARGETS=run-regress-${PROG} + +run-regress-${PROG}: ${PROG} + env ${TEST_ENV} ./${PROG} + +.include <bsd.regress.mk> diff --git a/crypto/openssh/regress/unittests/match/tests.c b/crypto/openssh/regress/unittests/match/tests.c new file mode 100644 index 0000000..7ff319c --- /dev/null +++ b/crypto/openssh/regress/unittests/match/tests.c @@ -0,0 +1,113 @@ +/* $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */ +/* + * Regress test for matching functions + * + * Placed in the public domain + */ + +#include "includes.h" + +#include <sys/types.h> +#include <sys/param.h> +#include <stdio.h> +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif +#include <stdlib.h> +#include <string.h> + +#include "../test_helper/test_helper.h" + +#include "match.h" + +void +tests(void) +{ + TEST_START("match_pattern"); + ASSERT_INT_EQ(match_pattern("", ""), 1); + ASSERT_INT_EQ(match_pattern("", "aaa"), 0); + ASSERT_INT_EQ(match_pattern("aaa", ""), 0); + ASSERT_INT_EQ(match_pattern("aaa", "aaaa"), 0); + ASSERT_INT_EQ(match_pattern("aaaa", "aaa"), 0); + TEST_DONE(); + + TEST_START("match_pattern wildcard"); + ASSERT_INT_EQ(match_pattern("", "*"), 1); + ASSERT_INT_EQ(match_pattern("a", "?"), 1); + ASSERT_INT_EQ(match_pattern("aa", "a?"), 1); + ASSERT_INT_EQ(match_pattern("a", "*"), 1); + ASSERT_INT_EQ(match_pattern("aa", "a*"), 1); + ASSERT_INT_EQ(match_pattern("aa", "?*"), 1); + ASSERT_INT_EQ(match_pattern("aa", "**"), 1); + ASSERT_INT_EQ(match_pattern("aa", "?a"), 1); + ASSERT_INT_EQ(match_pattern("aa", "*a"), 1); + ASSERT_INT_EQ(match_pattern("ba", "a?"), 0); + ASSERT_INT_EQ(match_pattern("ba", "a*"), 0); + ASSERT_INT_EQ(match_pattern("ab", "?a"), 0); + ASSERT_INT_EQ(match_pattern("ab", "*a"), 0); + TEST_DONE(); + + TEST_START("match_pattern_list"); + ASSERT_INT_EQ(match_pattern_list("", "", 0), 0); /* no patterns */ + ASSERT_INT_EQ(match_pattern_list("", "*", 0), 1); + ASSERT_INT_EQ(match_pattern_list("", "!*", 0), -1); + ASSERT_INT_EQ(match_pattern_list("", "!a,*", 0), 1); + ASSERT_INT_EQ(match_pattern_list("", "*,!a", 0), 1); + ASSERT_INT_EQ(match_pattern_list("", "a,!*", 0), -1); + ASSERT_INT_EQ(match_pattern_list("", "!*,a", 0), -1); + ASSERT_INT_EQ(match_pattern_list("a", "", 0), 0); + ASSERT_INT_EQ(match_pattern_list("a", "*", 0), 1); + ASSERT_INT_EQ(match_pattern_list("a", "!*", 0), -1); + ASSERT_INT_EQ(match_pattern_list("a", "!a", 0), -1); + /* XXX negated ASSERT_INT_EQ(match_pattern_list("a", "!b", 0), 1); */ + ASSERT_INT_EQ(match_pattern_list("a", "!a,*", 0), -1); + ASSERT_INT_EQ(match_pattern_list("b", "!a,*", 0), 1); + ASSERT_INT_EQ(match_pattern_list("a", "*,!a", 0), -1); + ASSERT_INT_EQ(match_pattern_list("b", "*,!a", 0), 1); + ASSERT_INT_EQ(match_pattern_list("a", "a,!*", 0), -1); + ASSERT_INT_EQ(match_pattern_list("b", "a,!*", 0), -1); + ASSERT_INT_EQ(match_pattern_list("a", "a,!a", 0), -1); + /* XXX negated ASSERT_INT_EQ(match_pattern_list("b", "a,!a", 0), 1); */ + ASSERT_INT_EQ(match_pattern_list("a", "!*,a", 0), -1); + ASSERT_INT_EQ(match_pattern_list("b", "!*,a", 0), -1); + TEST_DONE(); + + TEST_START("match_pattern_list lowercase"); + ASSERT_INT_EQ(match_pattern_list("abc", "ABC", 0), 0); + ASSERT_INT_EQ(match_pattern_list("ABC", "abc", 0), 0); + ASSERT_INT_EQ(match_pattern_list("abc", "ABC", 1), 1); + ASSERT_INT_EQ(match_pattern_list("ABC", "abc", 1), 0); + TEST_DONE(); + + TEST_START("addr_match_list"); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.1/44"), -2); + ASSERT_INT_EQ(addr_match_list(NULL, "127.0.0.1/44"), -2); + ASSERT_INT_EQ(addr_match_list("a", "*"), 0); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "*"), 1); + ASSERT_INT_EQ(addr_match_list(NULL, "*"), 0); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.1"), 1); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.2"), 0); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.1"), -1); + /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2"), 1); */ + ASSERT_INT_EQ(addr_match_list("127.0.0.255", "127.0.0.0/24"), 1); + ASSERT_INT_EQ(addr_match_list("127.0.1.1", "127.0.0.0/24"), 0); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.0/24"), 1); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.1.0/24"), 0); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.0/24"), -1); + /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.1.0/24"), 1); */ + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,!127.0.0.1"), -1); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.1,10.0.0.1"), -1); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,127.0.0.2"), 0); + ASSERT_INT_EQ(addr_match_list("127.0.0.1", "127.0.0.2,10.0.0.1"), 0); + /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "10.0.0.1,!127.0.0.2"), 1); */ + /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */ + TEST_DONE(); + +/* + * XXX TODO + * int match_host_and_ip(const char *, const char *, const char *); + * int match_user(const char *, const char *, const char *, const char *); + * char *match_list(const char *, const char *, u_int *); + * int addr_match_cidr_list(const char *, const char *); + */ +} diff --git a/crypto/openssh/regress/unittests/sshbuf/Makefile b/crypto/openssh/regress/unittests/sshbuf/Makefile index 85f99ac..69b2756 100644 --- a/crypto/openssh/regress/unittests/sshbuf/Makefile +++ b/crypto/openssh/regress/unittests/sshbuf/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2014/04/30 05:32:00 djm Exp $ +# $OpenBSD: Makefile,v 1.5 2016/11/01 13:43:27 tb Exp $ PROG=test_sshbuf SRCS=tests.c diff --git a/crypto/openssh/regress/unittests/sshkey/Makefile b/crypto/openssh/regress/unittests/sshkey/Makefile index 1bcd266..cfbfcf8 100644 --- a/crypto/openssh/regress/unittests/sshkey/Makefile +++ b/crypto/openssh/regress/unittests/sshkey/Makefile @@ -1,6 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2014/06/24 01:14:18 djm Exp $ - -TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" +# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ PROG=test_sshkey SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c diff --git a/crypto/openssh/regress/unittests/utf8/Makefile b/crypto/openssh/regress/unittests/utf8/Makefile index 150ea2f..a975264f 100644 --- a/crypto/openssh/regress/unittests/utf8/Makefile +++ b/crypto/openssh/regress/unittests/utf8/Makefile @@ -1,6 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2016/05/30 12:14:08 schwarze Exp $ - -TEST_ENV= "MALLOC_OPTIONS=CFGJPRSUX" +# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ PROG=test_utf8 SRCS=tests.c diff --git a/crypto/openssh/regress/unittests/utf8/tests.c b/crypto/openssh/regress/unittests/utf8/tests.c index fad2ec2..31f9fe9 100644 --- a/crypto/openssh/regress/unittests/utf8/tests.c +++ b/crypto/openssh/regress/unittests/utf8/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.2 2016/05/30 12:05:56 schwarze Exp $ */ +/* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */ /* * Regress test for the utf8.h *mprintf() API * @@ -6,10 +6,12 @@ * and placed in the public domain. */ +#include "includes.h" + #include <locale.h> #include <string.h> -#include "test_helper.h" +#include "../test_helper/test_helper.h" #include "utf8.h" @@ -63,7 +65,6 @@ tests(void) TEST_DONE(); badarg(); - one("null", NULL, 8, 6, 6, "(null)"); one("empty", "", 2, 0, 0, ""); one("ascii", "x", -2, -2, -2, "x"); one("newline", "a\nb", -2, -2, -2, "a\nb"); |