openssh-portable/regress
Manoj Ampalam fdd54b6334
Implement Unix styled privilege separation in Windows (#258)
OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html 
Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation. 
Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
Changes to installation scripts and tests to accomodate new architectural changes
2018-01-15 13:57:31 -08:00
..
misc upstream commit 2017-10-20 13:15:40 +11:00
pesterTests Implement Unix styled privilege separation in Windows (#258) 2018-01-15 13:57:31 -08:00
unittests Implement Unix styled privilege separation in Windows (#258) 2018-01-15 13:57:31 -08:00
Makefile upstream commit 2017-10-31 09:08:51 +11:00
README.regress Fix misspellings of regress CONFOPTS env variables. 2015-04-07 09:10:00 +10:00
addrmatch.sh - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 2012-06-30 15:01:22 +10:00
agent-getpeereid.sh upstream commit 2017-09-18 14:13:02 +10:00
agent-pkcs11.sh upstream commit 2017-05-01 11:59:42 +10:00
agent-ptrace.sh Fix missed RCSID merges 2017-10-20 13:22:00 +11:00
agent-timeout.sh upstream commit 2015-03-05 05:59:47 +11:00
agent.sh upstream commit 2017-05-01 11:59:42 +10:00
allow-deny-users.sh upstream commit 2017-10-20 13:15:40 +11:00
authinfo.sh upstream commit 2017-10-31 09:08:51 +11:00
banner.sh upstream commit 2017-05-01 11:59:42 +10:00
broken-pipe.sh upstream commit 2017-05-01 11:59:42 +10:00
brokenkeys.sh upstream commit 2017-05-01 11:59:42 +10:00
cert-file.sh upstream commit 2017-05-01 11:59:42 +10:00
cert-hostkey.sh upstream commit 2017-05-01 11:59:42 +10:00
cert-userkey.sh upstream commit 2017-05-01 11:59:42 +10:00
cfginclude.sh upstream commit 2016-06-08 11:42:39 +10:00
cfgmatch.sh upstream commit 2017-10-05 05:51:46 +11:00
cfgparse.sh upstream commit 2016-06-08 11:45:39 +10:00
check-perm.c Disable tests where fs perms are incorrect 2016-02-23 17:40:16 +11:00
cipher-speed.sh upstream commit 2017-05-01 11:59:42 +10:00
conch-ciphers.sh - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 2013-05-17 15:32:29 +10:00
connect-privsep.sh upstream commit 2017-05-01 11:59:42 +10:00
connect-uri.sh upstream commit 2017-10-31 09:08:51 +11:00
connect.sh upstream commit 2017-05-01 11:59:42 +10:00
dhgex.sh upstream commit 2017-05-08 11:54:17 +10:00
dsa_ssh2.prv - (djm) Import OpenBSD regression tests. Requires BSD make to run 2002-05-01 13:17:33 +10:00
dsa_ssh2.pub - (djm) Import OpenBSD regression tests. Requires BSD make to run 2002-05-01 13:17:33 +10:00
dynamic-forward.sh upstream commit 2017-09-26 16:56:15 +10:00
envpass.sh - djm@cvs.openbsd.org 2005/03/04 08:48:46 2005-03-07 18:35:34 +11:00
exit-status.sh upstream commit 2017-05-01 11:59:42 +10:00
forcecommand.sh upstream commit 2017-05-01 11:59:42 +10:00
forward-control.sh upstream commit 2017-05-01 11:59:42 +10:00
forwarding.sh upstream commit 2017-05-01 11:59:42 +10:00
host-expand.sh upstream commit 2017-05-01 11:59:42 +10:00
hostkey-agent.sh upstream commit 2017-05-01 11:59:42 +10:00
hostkey-rotate.sh upstream commit 2015-09-04 16:56:23 +10:00
integrity.sh upstream commit 2017-05-01 11:59:42 +10:00
kextype.sh upstream commit 2015-04-01 10:02:56 +11:00
key-options.sh upstream commit 2017-05-01 11:59:42 +10:00
keygen-change.sh upstream commit 2017-05-01 11:59:42 +10:00
keygen-convert.sh - dtucker@cvs.openbsd.org 2009/11/09 04:20:04 2010-02-24 17:33:30 +11:00
keygen-knownhosts.sh upstream commit 2015-07-17 13:36:30 +10:00
keygen-moduli.sh upstream commit 2016-09-14 11:34:59 +10:00
keys-command.sh Fix missed RCSID merges 2017-10-20 13:22:00 +11:00
keyscan.sh upstream commit 2017-05-01 11:59:42 +10:00
keytype.sh upstream commit 2017-10-31 09:08:52 +11:00
krl.sh upstream commit 2015-01-30 12:19:29 +11:00
limit-keytype.sh upstream commit 2015-10-29 19:07:20 +11:00
localcommand.sh upstream commit 2017-05-01 11:59:42 +10:00
login-timeout.sh upstream commit 2017-09-18 14:11:22 +10:00
modpipe.c Conditionally include err.h. 2016-07-18 17:12:22 +10:00
moduli.in upstream commit 2016-09-14 10:57:21 +10:00
multiplex.sh upstream commit 2017-05-01 11:59:42 +10:00
multipubkey.sh upstream commit 2014-12-22 19:13:38 +11:00
netcat.c Undo unwanted changes to unittest files 2017-02-05 17:08:04 -08:00
portnum.sh - dtucker@cvs.openbsd.org 2013/05/17 10:34:30 2013-05-17 20:47:29 +10:00
principals-command.sh upstream commit 2017-05-01 11:59:42 +10:00
proto-mismatch.sh upstream commit 2017-05-01 11:59:42 +10:00
proto-version.sh upstream commit 2017-06-08 13:11:11 +10:00
proxy-connect.sh upstream commit 2017-10-05 05:51:46 +11:00
putty-ciphers.sh upstream commit 2017-05-08 11:54:17 +10:00
putty-kex.sh upstream commit 2016-11-29 17:19:57 +11:00
putty-transfer.sh upstream commit 2017-05-01 11:59:42 +10:00
reconfigure.sh upstream commit 2017-05-01 11:59:42 +10:00
reexec.sh upstream commit 2017-09-18 14:11:42 +10:00
rekey.sh upstream commit 2016-02-04 16:13:37 +11:00
rsa_openssh.prv - (djm) Import OpenBSD regression tests. Requires BSD make to run 2002-05-01 13:17:33 +10:00
rsa_openssh.pub - (djm) Import OpenBSD regression tests. Requires BSD make to run 2002-05-01 13:17:33 +10:00
rsa_ssh2.prv - (djm) Import OpenBSD regression tests. Requires BSD make to run 2002-05-01 13:17:33 +10:00
scp-ssh-wrapper.sh - djm@cvs.openbsd.org 2014/01/26 10:49:17 2014-02-28 10:23:26 +11:00
scp-uri.sh upstream commit 2017-10-31 09:08:51 +11:00
scp.sh - djm@cvs.openbsd.org 2014/01/26 10:49:17 2014-02-28 10:23:26 +11:00
setuid-allowed.c Undo unwanted changes to unittest files 2017-02-05 17:08:04 -08:00
sftp-badcmds.sh - dtucker@cvs.openbsd.org 2013/05/17 10:26:26 2013-05-17 20:43:13 +10:00
sftp-batch.sh - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 2013-05-17 15:32:29 +10:00
sftp-chroot.sh upstream commit 2016-10-01 06:44:00 +10:00
sftp-cmds.sh - djm@cvs.openbsd.org 2013/06/21 02:26:26 2013-07-25 12:11:18 +10:00
sftp-glob.sh - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] 2011-01-17 16:17:09 +11:00
sftp-perm.sh - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd" 2013-10-24 12:22:49 -07:00
sftp-uri.sh upstream commit 2017-10-31 09:08:51 +11:00
sftp.sh upstream commit 2017-10-31 09:08:51 +11:00
ssh-com-client.sh - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 2013-05-17 15:32:29 +10:00
ssh-com-keygen.sh - markus@cvs.openbsd.org 2004/02/24 17:06:52 2004-02-29 20:33:51 +11:00
ssh-com-sftp.sh - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 2013-05-17 15:32:29 +10:00
ssh-com.sh upstream commit 2017-05-08 11:54:17 +10:00
ssh2putty.sh upstream commit 2015-05-08 17:28:28 +10:00
sshcfgparse.sh upstream commit 2016-07-14 11:39:34 +10:00
sshd-log-wrapper.sh Fix missed RCSID merges 2017-10-20 13:22:00 +11:00
stderr-after-eof.sh upstream commit 2017-05-01 11:59:42 +10:00
stderr-data.sh upstream commit 2017-05-01 11:59:42 +10:00
t4.ok upstream commit 2014-12-22 13:21:07 +11:00
t5.ok - (djm) Import OpenBSD regression tests. Requires BSD make to run 2002-05-01 13:17:33 +10:00
t11.ok add missing regress output file 2014-12-22 13:47:07 +11:00
test-exec.sh upstream commit 2017-09-18 14:11:22 +10:00
transfer.sh upstream commit 2017-05-01 11:59:42 +10:00
try-ciphers.sh upstream commit 2017-05-01 11:59:42 +10:00
valgrind-unit.sh valgrind support 2015-02-26 14:55:55 -08:00
yes-head.sh Fix missed RCSID merges 2017-10-20 13:22:00 +11:00

README.regress

Overview.

$ ./configure && make tests

You'll see some progress info. A failure will cause either the make to
abort or the driver script to report a "FATAL" failure.

The test consists of 2 parts. The first is the file-based tests which is
driven by the Makefile, and the second is a set of network or proxycommand
based tests, which are driven by a driver script (test-exec.sh) which is
called multiple times by the Makefile.

Failures in the first part will cause the Makefile to return an error.
Failures in the second part will print a "FATAL" message for the failed
test and continue.

OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
suite is based on OpenBSD's with modifications.


Environment variables.

SUDO: path to sudo command, if desired. Note that some systems (notably
	systems using PAM) require sudo to execute some tests.
TEST_SSH_TRACE: set to "yes" for verbose output from tests 
TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
	SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
OBJ: used by test scripts to access build dir.
TEST_SHELL: shell used for running the test scripts.
TEST_SSH_PORT: TCP port to be used for the listening tests.
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to ssh_config
	before running each test.
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
	before running each test.


Individual tests.

You can run an individual test from the top-level Makefile, eg:
$ make tests LTESTS=agent-timeout

If you need to manipulate the environment more you can invoke test-exec.sh
directly if you set up the path to find the binaries under test and the
test scripts themselves, for example:

$ cd regress
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
    agent-timeout.sh
ok agent timeout test


Files.

test-exec.sh: the main test driver. Sets environment, creates config files
and keys and runs the specified test.

At the time of writing, the individual tests are:
agent-timeout.sh:	agent timeout test
agent.sh:		simple agent test
broken-pipe.sh:		broken pipe test
connect-privsep.sh:	proxy connect with privsep
connect.sh:		simple connect
exit-status.sh:		remote exit status
forwarding.sh:		local and remote forwarding
keygen-change.sh:	change passphrase for key
keyscan.sh:		keyscan
proto-mismatch.sh:	protocol version mismatch
proto-version.sh:	sshd version with different protocol combinations
proxy-connect.sh:	proxy connect
sftp.sh:		basic sftp put/get
ssh-com-client.sh:	connect with ssh.com client
ssh-com-keygen.sh:	ssh.com key import
ssh-com-sftp.sh:	basic sftp put/get with ssh.com server
ssh-com.sh:		connect to ssh.com server
stderr-after-eof.sh:	stderr data after eof
stderr-data.sh:		stderr data transfer
transfer.sh:		transfer data
try-ciphers.sh:		try ciphers
yes-head.sh:		yes pipe head


Problems?

Run the failing test with shell tracing (-x) turned on:
$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh

Failed tests can be difficult to diagnose. Suggestions:
- run the individual test via ./test-exec.sh `pwd` [testname]
- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
  auth.debug (eg to /var/log/authlog).


Known Issues.

- Similarly, if you do not have "scp" in your system's $PATH then the
  multiplex scp tests will fail (since the system's shell startup scripts
  will determine where the shell started by sshd will look for scp).

- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
  test to fail.  The old behaviour can be restored by setting (and
  exporting) _POSIX2_VERSION=199209 before running the tests.

$Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $