Don't call fatal from stop_sshd since it calls cleanup
which calls stop_sshd which will probably fail in the same way. Instead,
just bail. Differentiate between sshd dying without cleanup and not shutting
down.
Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
eliminate explicit specification of protocol in tests and
loops over protocol. We only support SSHv2 now.
Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd
Change COMPILER_VERSION tests which limited additional
warnings to gcc4 to instead skip them on gcc3 as clang can handle
-Wpointer-sign and -Wold-style-definition.
Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f
remove /usr/bin/time calls around tests, makes diffing test
runs harder. Based on patch from Mike Frysinger
Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c
Creating the socket in $OBJ could blow past the (quite limited)
path limit for Unix domain sockets. As a bandaid for bz#2660,
reported by Colin Watson; ok dtucker@
regress tests for loading certificates without public keys;
bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
Remove deprecated SSH1 options RSAAuthentication and
RhostsRSAAuthentication from regression test sshd_config.
Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
fully unbreak: some $SSH invocations did not have -F
specified and could pick up the ~/.ssh/config of the user running the tests
Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
Account for timeouts in the integrity tests as failures.
If the first test in a series for a given MAC happens to modify the low
bytes of a packet length, then ssh will time out and this will be
interpreted as a test failure. Patch from cjwatson at debian.org via
bz#2658.
Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
Make forwarding test less racy by using unix domain
sockets instead of TCP ports where possible. Patch from cjwatson at
debian.org via bz#2659.
Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
Use LOGNAME to get current user and fall back to whoami if
not set. Mainly to benefit -portable since some platforms don't have whoami.
Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa
Add regression test for AllowUsers and DenyUsers. Patch from
Zev Weiss <zev at bewilderbeest.net>
Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
revert to rev1.2; the new bits in this test depend on changes
to ssh that aren't yet committed
Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123
Move the "stop sshd" code into its own helper function.
Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@
Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329
regression test for certificates along with private key
with no public half. bz#2617, mostly from Adam Eijdenberg
Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115
Reverse args to sshd-log-wrapper. Matches change in
portable, where it allows sshd do be optionally run under Valgrind.
Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906
Clean up MALLOC_OPTIONS. For the unittests, move
MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc.
ok otto
Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12
fix the KEX fuzzer - the previous method of obtaining the
packet contents was broken. This now uses the new per-packet input hook, so
it sees exact post-decrypt packets and doesn't have to pass packet integrity
checks. ok markus@
Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd
Add a makefile rule to create the ssh library when
regress needs it. This allows to run the ssh regression tests without doing
a "make build" before. Discussed with dtucker@ and djm@; OK djm@
Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025
Allow to run ssh regression tests as root. If the user
is already root, the test should not expect that SUDO is set. If ssh needs
another user, use sudo or doas to switch from root if necessary. OK dtucker@
Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2
Add testcase for ssh-keygen -j, -J and -K options for
moduli screening. Does not currently test generation as that is extremely
slow.
Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062
remove Protocol directive from client/server configs that
causes spammy deprecation warnings
hardcode SSH_PROTOCOLS=2, since that's all we support on the server
now (the client still may support both, so it could get confused)
Upstream-Regress-ID: c16662c631af51633f9fd06aca552a70535de181
DEBUGLIBS has been broken since the gcc4 switch, so delete
it. CFLAGS contains -g by default anyway
problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
ok millert@ kettenis@ deraadt@
Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
Fix two rare edge cases: 1. If vasprintf() returns < 0,
do not access a NULL pointer in snmprintf(), and do not free() the pointer
returned from vasprintf() because on some systems other than OpenBSD, it
might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
rather than -1 and NULL.
Besides, free(dst) is pointless after failure (not a bug).
One half OK martijn@, the other half OK deraadt@;
committing quickly before people get hurt.
Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
Use a subshell for constructing key types to work around
different sed behaviours for -portable.
Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
Filter debug messages out of log before picking the last
two lines. Should prevent problems if any more debug output is added late in
the connection.
Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363
Look back 3 lines for possible error messages. Changes
to the code mean that "Bad packet length" errors are 3 lines back instead of
the previous two, which meant we didn't skip some offsets that we intended
to.
Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684
Some tests have strict requirements on the filesystem permissions
for certain files and directories. This adds a regress/check-perm
tool that copies the relevant logic from sshd to exactly test
the paths in question. This lets us skip tests when the local
filesystem doesn't conform to our expectations rather than
continuing and failing the test run.
ok dtucker@
Fix typo certopt->certopts in shell variable. This would
cause the test to hang at a host key prompt if you have an A or CNAME for
"proxy" in your local domain.
Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a
skip if running as root; many systems (inc OpenBSD) allow
root to ptrace arbitrary processes
Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038
dtucker@openbsd.org
Damien Miller
djm@openbsd.org
Darren Tucker
jsg@openbsd.org
tb@openbsd.org
natano@openbsd.org
bluhm@openbsd.org
guenther@openbsd.org
schwarze@openbsd.org