Vendor import of OpenSSH 4.3p1.

10 files changed, 93 insertions, 18 deletions

diff --git a/crypto/openssh/regress/README.regress b/crypto/openssh/regress/README.regress
index 0c07c9c..5aaf734 100644
--- a/crypto/openssh/regress/README.regress
+++ b/crypto/openssh/regress/README.regress
@@ -97,8 +97,12 @@ Known Issues.
   unless ssh-rand-helper is in pre-installed (the path to
   ssh-rand-helper is hard coded).
 
+- Similarly, if you do not have "scp" in your system's $PATH then the
+  multiplex scp tests will fail (since the system's shell startup scripts
+  will determine where the shell started by sshd will look for scp).
+
 - Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
   test to fail.  The old behaviour can be restored by setting (and
   exporting) _POSIX2_VERSION=199209 before running the tests.
 
-$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $
+$Id: README.regress,v 1.10 2005/10/03 10:14:18 dtucker Exp $
diff --git a/crypto/openssh/regress/agent-getpeereid.sh b/crypto/openssh/regress/agent-getpeereid.sh
index 46d20dc..6186a8d 100644
--- a/crypto/openssh/regress/agent-getpeereid.sh
+++ b/crypto/openssh/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $
+#	$OpenBSD: agent-getpeereid.sh,v 1.2 2005/11/14 21:25:56 grunk Exp $
 #	Placed in the Public Domain.
 
 tid="disallow agent attach from other uid"
@@ -27,7 +27,7 @@ else
 		fail "ssh-add failed with $r != 1"
 	fi
 
-	< /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
+	< /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
 	r=$?
 	if [ $r -lt 2 ]; then
 		fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
diff --git a/crypto/openssh/regress/forwarding.sh b/crypto/openssh/regress/forwarding.sh
index dfe065d..3b17114 100644
--- a/crypto/openssh/regress/forwarding.sh
+++ b/crypto/openssh/regress/forwarding.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: forwarding.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+#	$OpenBSD: forwarding.sh,v 1.5 2005/03/10 10:20:39 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="local and remote forwarding"
@@ -32,3 +32,34 @@ for p in 1 2; do
 
 	sleep 10
 done
+
+for p in 1 2; do
+	trace "simple clear forwarding proto $p"
+	${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
+
+	trace "clear local forward proto $p"
+	${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
+	    -oClearAllForwardings=yes somehost sleep 10
+	if [ $? != 0 ]; then
+		fail "connection failed with cleared local forwarding"
+	else
+		# this one should fail
+		${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
+		     2>${TEST_SSH_LOGFILE} && \
+			fail "local forwarding not cleared"
+	fi
+	sleep 10
+	
+	trace "clear remote forward proto $p"
+	${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
+	    -oClearAllForwardings=yes somehost sleep 10
+	if [ $? != 0 ]; then
+		fail "connection failed with cleared remote forwarding"
+	else
+		# this one should fail
+		${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
+		     2>${TEST_SSH_LOGFILE} && \
+			fail "remote forwarding not cleared"
+	fi
+	sleep 10
+done
diff --git a/crypto/openssh/regress/multiplex.sh b/crypto/openssh/regress/multiplex.sh
index a172e57..4fba7b5 100644
--- a/crypto/openssh/regress/multiplex.sh
+++ b/crypto/openssh/regress/multiplex.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $
+#	$OpenBSD: multiplex.sh,v 1.11 2005/04/25 09:54:09 dtucker Exp $
 #	Placed in the Public Domain.
 
 CTL=/tmp/openssh.regress.ctl-sock.$$
diff --git a/crypto/openssh/regress/reconfigure.sh b/crypto/openssh/regress/reconfigure.sh
index ba6dbc6..1daf29f 100644
--- a/crypto/openssh/regress/reconfigure.sh
+++ b/crypto/openssh/regress/reconfigure.sh
@@ -15,8 +15,9 @@ esac
 
 start_sshd
 
-$SUDO kill -HUP `cat $PIDFILE`
-sleep 1
+PID=`cat $PIDFILE`
+rm -f $PIDFILE
+$SUDO kill -HUP $PID
 
 trace "wait for sshd to restart"
 i=0;
diff --git a/crypto/openssh/regress/scp-ssh-wrapper.sh b/crypto/openssh/regress/scp-ssh-wrapper.sh
index 8e43147..d1005a9 100644
--- a/crypto/openssh/regress/scp-ssh-wrapper.sh
+++ b/crypto/openssh/regress/scp-ssh-wrapper.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-#       $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $
+#       $OpenBSD: scp-ssh-wrapper.sh,v 1.2 2005/12/14 04:36:39 dtucker Exp $
 #       Placed in the Public Domain.
 
 printname () {
@@ -16,8 +16,11 @@ printname () {
 	done
 }
 
-# discard first 5 args
-shift; shift; shift; shift; shift
+# Discard all but last argument.  We use arg later.
+while test "$1" != ""; do
+	arg="$1"
+	shift
+done
 
 BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
 
@@ -49,6 +52,6 @@ badserver_4)
 	echo "X"
 	;;
 *)
-	exec $1
+	exec $arg
 	;;
 esac
diff --git a/crypto/openssh/regress/scp.sh b/crypto/openssh/regress/scp.sh
index c3034b6..c5d412d 100644
--- a/crypto/openssh/regress/scp.sh
+++ b/crypto/openssh/regress/scp.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: scp.sh,v 1.3 2004/07/08 12:59:35 dtucker Exp $
+#	$OpenBSD: scp.sh,v 1.7 2006/01/31 10:36:33 djm Exp $
 #	Placed in the Public Domain.
 
 tid="scp"
@@ -28,6 +28,11 @@ scpclean() {
 	mkdir ${DIR} ${DIR2}
 }
 
+verbose "$tid: simple copy local file to local file"
+scpclean
+$SCP $scpopts ${DATA} ${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+
 verbose "$tid: simple copy local file to remote file"
 scpclean
 $SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
@@ -44,6 +49,12 @@ cp ${DATA} ${COPY}
 $SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
 cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
 
+verbose "$tid: simple copy local file to local dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts ${COPY} ${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
 verbose "$tid: simple copy remote file to local dir"
 scpclean
 cp ${DATA} ${COPY}
@@ -57,6 +68,13 @@ cp ${DATA} ${DIR}/copy
 $SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
 diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
 
+verbose "$tid: recursive local dir to local dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
 verbose "$tid: recursive remote dir to local dir"
 scpclean
 rm -rf ${DIR2}
@@ -64,6 +82,13 @@ cp ${DATA} ${DIR}/copy
 $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
 diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
 
+verbose "$tid: shell metacharacters"
+scpclean
+(cd ${DIR} && \
+touch '`touch metachartest`' && \
+$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \
+[ ! -f metachartest ] ) || fail "shell metacharacters"
+
 if [ ! -z "$SUDO" ]; then
 	verbose "$tid: skipped file after scp -p with failed chown+utimes"
 	scpclean
@@ -73,7 +98,7 @@ if [ ! -z "$SUDO" ]; then
 	chmod 660 ${DIR2}/copy
 	$SUDO chown root ${DIR2}/copy
 	$SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1
-	diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+	$SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
 	$SUDO rm ${DIR2}/copy
 fi
 
@@ -91,5 +116,12 @@ for i in 0 1 2 3 4; do
 	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
 done
 
+verbose "$tid: detect non-directory target"
+scpclean
+echo a > ${COPY}
+echo b > ${COPY2}
+$SCP $scpopts ${DATA} ${COPY} ${COPY2}
+cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target"
+
 scpclean
 rm -f ${OBJ}/scp-ssh-wrapper.scp
diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh
index 4b3a70e..59ae33c 100644
--- a/crypto/openssh/regress/test-exec.sh
+++ b/crypto/openssh/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.27 2005/02/27 11:33:30 dtucker Exp $
+#	$OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -24,6 +24,8 @@ if [ -x /usr/ucb/whoami ]; then
 	USER=`/usr/ucb/whoami`
 elif whoami >/dev/null 2>&1; then
 	USER=`whoami`
+elif logname >/dev/null 2>&1; then
+	USER=`logname`
 else
 	USER=`id -un`
 fi
@@ -194,6 +196,7 @@ trap fatal 3 2
 cat << EOF > $OBJ/sshd_config
 	StrictModes		no
 	Port			$PORT
+	AddressFamily		inet
 	ListenAddress		127.0.0.1
 	#ListenAddress		::1
 	PidFile			$PIDFILE
@@ -244,7 +247,7 @@ trace "generate keys"
 for t in rsa rsa1; do
 	# generate user key
 	rm -f $OBJ/$t
-	${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
+	${SSHKEYGEN} -b 1024 -q -N '' -t $t  -f $OBJ/$t ||\
 		fail "ssh-keygen for $t failed"
 
 	# known hosts file for client
diff --git a/crypto/openssh/regress/try-ciphers.sh b/crypto/openssh/regress/try-ciphers.sh
index c6e1b91..379fe35 100644
--- a/crypto/openssh/regress/try-ciphers.sh
+++ b/crypto/openssh/regress/try-ciphers.sh
@@ -1,9 +1,10 @@
-#	$OpenBSD: try-ciphers.sh,v 1.9 2004/02/28 13:44:45 dtucker Exp $
+#	$OpenBSD: try-ciphers.sh,v 1.10 2005/05/24 04:10:54 djm Exp $
 #	Placed in the Public Domain.
 
 tid="try ciphers"
 
-ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour 
+ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc 
+	arcfour128 arcfour256 arcfour 
 	aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
 	aes128-ctr aes192-ctr aes256-ctr"
 macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96"
diff --git a/crypto/openssh/regress/yes-head.sh b/crypto/openssh/regress/yes-head.sh
index 17a4d0d..a8e6bc8 100644
--- a/crypto/openssh/regress/yes-head.sh
+++ b/crypto/openssh/regress/yes-head.sh
@@ -4,7 +4,7 @@
 tid="yes pipe head"
 
 for p in 1 2; do
-	lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | head -2000"' | (sleep 3 ; wc -l)`
+	lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
 	if [ $? -ne 0 ]; then
 		fail "yes|head test failed"
 		lines = 0;