diff --git a/ChangeLog b/ChangeLog index 2e5b94c41..ce4c6b3fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ only perform tcp wrappers checks when the incoming connection is on a socket. silences useless warnings from regress tests that use proxycommand="sshd -i". prompted by david@ ok markus@ + - djm@cvs.openbsd.org 2004/06/24 19:32:00 + [regress/Makefile regress/test-exec.sh, added regress/reexec.sh] + regress test for re-exec corner cases 20040623 - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 @@ -1410,4 +1413,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3445 2004/06/25 03:34:31 dtucker Exp $ +$Id: ChangeLog,v 1.3446 2004/06/25 03:45:18 dtucker Exp $ diff --git a/regress/Makefile b/regress/Makefile index 64674521b..9e98e5880 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.30 2004/06/13 15:04:08 djm Exp $ +# $OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -37,7 +37,8 @@ LTESTS= connect \ reconfigure \ dynamic-forward \ forwarding \ - multiplex + multiplex \ + reexec USER!= id -un CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ diff --git a/regress/reexec.sh b/regress/reexec.sh new file mode 100644 index 000000000..39fffefbc --- /dev/null +++ b/regress/reexec.sh @@ -0,0 +1,87 @@ +# $OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $ +# Placed in the Public Domain. + +tid="reexec tests" + +DATA=/bin/ls +COPY=${OBJ}/copy +SSHD_ORIG=$SSHD +SSHD_COPY=$OBJ/sshd.copy + +# Start a sshd and then delete it +start_sshd_copy_zap () +{ + cp $SSHD_ORIG $SSHD_COPY + SSHD=$SSHD_COPY + start_sshd + rm -f $SSHD_COPY + SSHD=$SSHD_ORIG +} + +verbose "test config passing" +cp $OBJ/sshd_config $OBJ/sshd_config.orig + +start_sshd + +echo "InvalidXXX=no" >> $OBJ/sshd_config + +rm -f ${COPY} +for p in 1 2; do + verbose "$tid: proto $p" + ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ + cat ${DATA} > ${COPY} + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi + cmp ${DATA} ${COPY} || fail "corrupted copy" + rm -f ${COPY} +done + +$SUDO kill `cat $PIDFILE` +rm -f $PIDFILE + +cp $OBJ/sshd_config.orig $OBJ/sshd_config + +verbose "test reexec fallback" + +start_sshd_copy_zap + +rm -f ${COPY} +for p in 1 2; do + verbose "$tid: proto $p" + ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ + cat ${DATA} > ${COPY} + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi + cmp ${DATA} ${COPY} || fail "corrupted copy" + rm -f ${COPY} +done + +$SUDO kill `cat $PIDFILE` +rm -f $PIDFILE + +verbose "test reexec fallback without privsep" + +cp $OBJ/sshd_config.orig $OBJ/sshd_config +echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config + +start_sshd_copy_zap + +rm -f ${COPY} +for p in 1 2; do + verbose "$tid: proto $p" + ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ + cat ${DATA} > ${COPY} + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi + cmp ${DATA} ${COPY} || fail "corrupted copy" + rm -f ${COPY} +done + +$SUDO kill `cat $PIDFILE` +rm -f $PIDFILE + +cp $OBJ/sshd_config.orig $OBJ/sshd_config + diff --git a/regress/test-exec.sh b/regress/test-exec.sh index b0ac64e9e..e626dd78a 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.20 2004/06/22 22:45:52 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.22 2004/06/24 19:32:00 djm Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -82,6 +82,9 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then SCP="${TEST_SSH_SCP}" fi +# Path to sshd must be absolute for rexec +SSHD=`which sshd` + # these should be used in tests export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP @@ -265,6 +268,27 @@ start_sshd () test -f $PIDFILE || fatal "no sshd running on port $PORT" } +# Start a sshd and then delete it +start_sshd_copy_zap () +{ + cp ${SSHD} $OBJ/sshd.copy + SSHD_CPY=`which $OBJ/sshd.copy` + + # start sshd + $SUDO $SSHD_CPY -f $OBJ/sshd_config -t || fatal "sshd_config broken" + $SUDO $SSHD_CPY -f $OBJ/sshd_config + + trace "wait for sshd" + i=0; + while [ ! -f $PIDFILE -a $i -lt 5 ]; do + i=`expr $i + 1` + sleep $i + done + + test -f $PIDFILE || fatal "no sshd running on port $PORT" + rm -f $OBJ/sshd.copy +} + # source test body . $SCRIPT