summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--regress/Makefile73
-rw-r--r--regress/agent.sh75
-rw-r--r--regress/authorized_keys_root2
-rw-r--r--regress/broken-pipe.sh15
-rw-r--r--regress/bsd.regress.mk79
-rw-r--r--regress/connect-privsep.sh13
-rw-r--r--regress/connect.sh13
-rwxr-xr-xregress/copy.1bin0 -> 45948 bytes
-rwxr-xr-xregress/copy.2bin0 -> 45948 bytes
-rw-r--r--regress/dsa_ssh2.prv14
-rw-r--r--regress/dsa_ssh2.pub13
-rw-r--r--regress/exit-status.sh24
-rw-r--r--regress/forwarding.sh33
-rw-r--r--regress/keyscan.sh19
-rw-r--r--regress/proto-mismatch.sh19
-rw-r--r--regress/proto-version.sh34
-rw-r--r--regress/proxy-connect.sh11
-rw-r--r--regress/rsa_openssh.prv15
-rw-r--r--regress/rsa_openssh.pub1
-rw-r--r--regress/rsa_ssh2.prv16
-rwxr-xr-xregress/runtests.sh13
-rw-r--r--regress/sftp.sh29
-rw-r--r--regress/ssh-com-client.sh127
-rw-r--r--regress/ssh-com-keygen.sh67
-rw-r--r--regress/ssh-com-sftp.sh54
-rw-r--r--regress/ssh-com.sh112
-rw-r--r--regress/stderr-after-eof.sh30
-rw-r--r--regress/stderr-data.sh33
-rw-r--r--regress/t4.ok1
-rw-r--r--regress/t5.ok1
-rw-r--r--regress/test-exec.sh224
-rw-r--r--regress/transfer.sh29
-rw-r--r--regress/try-ciphers.sh29
-rw-r--r--regress/yes-head.sh15
35 files changed, 1237 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 96b4c63b..b5dfa500 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+20020501
+ - (djm) Import OpenBSD regression tests. Requires BSD make to run
+
20020429
- (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in
sshd_config.
@@ -521,4 +524,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2089 2002/04/30 03:53:12 tim Exp $
+$Id: ChangeLog,v 1.2090 2002/05/01 03:17:33 djm Exp $
diff --git a/regress/Makefile b/regress/Makefile
new file mode 100644
index 00000000..26224cd7
--- /dev/null
+++ b/regress/Makefile
@@ -0,0 +1,73 @@
+# $OpenBSD: Makefile,v 1.13 2002/04/01 22:15:08 markus Exp $
+
+REGRESSTARGETS= t1 t2 t3 t4 t5 t6 t7
+
+CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub
+
+LTESTS= connect \
+ proxy-connect \
+ connect-privsep \
+ proto-version \
+ proto-mismatch \
+ exit-status \
+ transfer \
+ stderr-data \
+ stderr-after-eof \
+ broken-pipe \
+ try-ciphers \
+ yes-head \
+ agent \
+ keyscan \
+ sftp \
+ forwarding
+
+USER!= id -un
+CLEANFILES+= authorized_keys_${USER} known_hosts pidfile \
+ ssh_config ssh_proxy sshd_config sshd_proxy \
+ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
+ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
+ ls.copy
+
+#LTESTS+= ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
+
+t1:
+ ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
+
+t2:
+ cat ${.CURDIR}/rsa_openssh.prv > t2.out
+ chmod 600 t2.out
+ ssh-keygen -yf t2.out | diff - ${.CURDIR}/rsa_openssh.pub
+
+t3:
+ ssh-keygen -ef ${.CURDIR}/rsa_openssh.pub |\
+ ssh-keygen -if /dev/stdin |\
+ diff - ${.CURDIR}/rsa_openssh.pub
+
+t4:
+ ssh-keygen -lf ${.CURDIR}/rsa_openssh.pub |\
+ awk '{print $$2}' | diff - ${.CURDIR}/t4.ok
+
+t5:
+ ssh-keygen -Bf ${.CURDIR}/rsa_openssh.pub |\
+ awk '{print $$2}' | diff - ${.CURDIR}/t5.ok
+
+t6:
+ ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > t6.out1
+ ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > t6.out2
+ chmod 600 t6.out1
+ ssh-keygen -yf t6.out1 | diff - t6.out2
+
+t7.out:
+ ssh-keygen -q -t rsa -N '' -f $@
+
+t7: t7.out
+ ssh-keygen -lf t7.out > /dev/null
+ ssh-keygen -Bf t7.out > /dev/null
+
+.for t in ${LTESTS}
+REGRESSTARGETS+=t-${t}
+t-${t}:
+ sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh
+.endfor
+
+.include "bsd.regress.mk"
diff --git a/regress/agent.sh b/regress/agent.sh
new file mode 100644
index 00000000..7e9b4cb1
--- /dev/null
+++ b/regress/agent.sh
@@ -0,0 +1,75 @@
+# $OpenBSD: agent.sh,v 1.6 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="simple agent test"
+
+SSH_AUTH_SOCK=/nonexistant ${SSHADD} -l > /dev/null 2>&1
+if [ $? -ne 2 ]; then
+ fail "ssh-add -l did not fail with exit code 2"
+fi
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ ${SSHADD} -l > /dev/null 2>&1
+ if [ $? -ne 1 ]; then
+ fail "ssh-add -l did not fail with exit code 1"
+ fi
+ trace "overwrite authorized keys"
+ echo -n > $OBJ/authorized_keys_$USER
+ for t in rsa rsa1; do
+ # generate user key for agent
+ rm -f $OBJ/$t-agent
+ ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
+ fail "ssh-keygen for $t-agent failed"
+ # add to authorized keys
+ cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
+ # add privat key to agent
+ ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add did succeed exit code 0"
+ fi
+ done
+ ${SSHADD} -l > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -l failed: exit code $?"
+ fi
+ # the same for full pubkey output
+ ${SSHADD} -L > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -L failed: exit code $?"
+ fi
+
+ trace "simple connect via agent"
+ for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p
+ if [ $? -ne 5$p ]; then
+ fail "ssh connect with protocol $p failed (exit code $?)"
+ fi
+ done
+
+ trace "agent forwarding"
+ for p in 1 2; do
+ ${SSH} -A -$p -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -l via agent fwd proto $p failed (exit code $?)"
+ fi
+ ${SSH} -A -$p -F $OBJ/ssh_proxy somehost \
+ "${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p"
+ if [ $? -ne 5$p ]; then
+ fail "agent fwd proto $p failed (exit code $?)"
+ fi
+ done
+
+ trace "delete all agent keys"
+ ${SSHADD} -D > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -D failed: exit code $?"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
diff --git a/regress/authorized_keys_root b/regress/authorized_keys_root
new file mode 100644
index 00000000..32853712
--- /dev/null
+++ b/regress/authorized_keys_root
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt6ttBacbgvLPsF1VWWfT51t55/5Mj62Xp8EaoH5SNSaLiGIgrrja077lKEept75U4uKFUYU5JJX9GPE9A7Y43LXv+/A6Jm4rEj/U0s4H8tf0UmzVC3t6xh0sRK0hYVNILyoHnIAgdY8CmOiybw7p6DxJY8MRAehD3n9+kFcachU= root@xenon
+1024 35 132789427207755621599908461558918671787816692978751485815532032934821830960131244604702969298486352138126114080367609979552547448841583955126231410604842765726397407176910594168641969541792069550006878863592030567875913190224374005367884774859544943329148178663694126456638431428703289837638970464685771819219 root@xenon
diff --git a/regress/broken-pipe.sh b/regress/broken-pipe.sh
new file mode 100644
index 00000000..c08c849a
--- /dev/null
+++ b/regress/broken-pipe.sh
@@ -0,0 +1,15 @@
+# $OpenBSD: broken-pipe.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="broken pipe test"
+
+for p in 1 2; do
+ trace "protocol $p"
+ for i in 1 2 3 4; do
+ ${SSH} -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "broken pipe returns $r for protocol $p"
+ fi
+ done
+done
diff --git a/regress/bsd.regress.mk b/regress/bsd.regress.mk
new file mode 100644
index 00000000..9b8011a0
--- /dev/null
+++ b/regress/bsd.regress.mk
@@ -0,0 +1,79 @@
+# $OpenBSD: bsd.regress.mk,v 1.9 2002/02/17 01:10:15 marc Exp $
+# No man pages for regression tests.
+NOMAN=
+
+# No installation.
+install:
+
+# If REGRESSTARGETS is defined and PROG is not defined, set NOPROG
+.if defined(REGRESSTARGETS) && !defined(PROG)
+NOPROG=
+.endif
+
+.include <bsd.prog.mk>
+
+.MAIN: all
+all: regress
+
+# XXX - Need full path to REGRESSLOG, otherwise there will be much pain.
+
+REGRESSLOG?=/dev/null
+REGRESSNAME=${.CURDIR:S/${BSDSRCDIR}\/regress\///}
+
+.if defined(PROG) && !empty(PROG)
+run-regress-${PROG}: ${PROG}
+ ./${PROG}
+.endif
+
+.if !defined(REGRESSTARGETS)
+REGRESSTARGETS=run-regress-${PROG}
+. if defined(REGRESSSKIP)
+REGRESSSKIPTARGETS=run-regress-${PROG}
+. endif
+.endif
+
+REGRESSSKIPSLOW?=no
+
+#.if (${REGRESSSKIPSLOW:L} == "yes") && defined(REGRESSSLOWTARGETS)
+
+.if (${REGRESSSKIPSLOW} == "yes") && defined(REGRESSSLOWTARGETS)
+REGRESSSKIPTARGETS+=${REGRESSSLOWTARGETS}
+.endif
+
+.if defined(REGRESSROOTTARGETS)
+ROOTUSER!=id -g
+SUDO?=
+. if (${ROOTUSER} != 0) && empty(SUDO)
+REGRESSSKIPTARGETS+=${REGRESSROOTTARGETS}
+. endif
+.endif
+
+REGRESSSKIPTARGETS?=
+
+regress:
+.for RT in ${REGRESSTARGETS}
+. if ${REGRESSSKIPTARGETS:M${RT}}
+ @echo -n "SKIP " >> ${REGRESSLOG}
+. else
+# XXX - we need a better method to see if a test fails due to timeout or just
+# normal failure.
+. if !defined(REGRESSMAXTIME)
+ @if cd ${.CURDIR} && ${MAKE} ${RT}; then \
+ echo -n "SUCCESS " >> ${REGRESSLOG} ; \
+ else \
+ echo -n "FAIL " >> ${REGRESSLOG} ; \
+ echo FAILED ; \
+ fi
+. else
+ @if cd ${.CURDIR} && (ulimit -t ${REGRESSMAXTIME} ; ${MAKE} ${RT}); then \
+ echo -n "SUCCESS " >> ${REGRESSLOG} ; \
+ else \
+ echo -n "FAIL (possible timeout) " >> ${REGRESSLOG} ; \
+ echo FAILED ; \
+ fi
+. endif
+. endif
+ @echo ${REGRESSNAME}/${RT:S/^run-regress-//} >> ${REGRESSLOG}
+.endfor
+
+.PHONY: regress
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh
new file mode 100644
index 00000000..d23cadba
--- /dev/null
+++ b/regress/connect-privsep.sh
@@ -0,0 +1,13 @@
+# $OpenBSD: connect-privsep.sh,v 1.1 2002/03/21 21:45:07 markus Exp $
+# Placed in the Public Domain.
+
+tid="proxy connect with privsep"
+
+echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy
+
+for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ fail "ssh privsep+proxyconnect protocol $p failed"
+ fi
+done
diff --git a/regress/connect.sh b/regress/connect.sh
new file mode 100644
index 00000000..2186fa6e
--- /dev/null
+++ b/regress/connect.sh
@@ -0,0 +1,13 @@
+# $OpenBSD: connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="simple connect"
+
+start_sshd
+
+for p in 1 2; do
+ ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh connect with protocol $p failed"
+ fi
+done
diff --git a/regress/copy.1 b/regress/copy.1
new file mode 100755
index 00000000..92d4d20f
--- /dev/null
+++ b/regress/copy.1
Binary files differ
diff --git a/regress/copy.2 b/regress/copy.2
new file mode 100755
index 00000000..92d4d20f
--- /dev/null
+++ b/regress/copy.2
Binary files differ
diff --git a/regress/dsa_ssh2.prv b/regress/dsa_ssh2.prv
new file mode 100644
index 00000000..c93b4037
--- /dev/null
+++ b/regress/dsa_ssh2.prv
@@ -0,0 +1,14 @@
+---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
+Subject: ssh-keygen test
+Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100"
+P2/56wAAAgIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA
+AEbm9uZQAAAcQAAAHAAAAAAAAABACwUfm3AxZTut3icBmwCcD48nY64HzuELlQ+vEqjIcR
+Lo49es/DQTeLNQ+kdKRCfouosGNv0WqxRtF0tUsWdXxS37oHGa4QPugBdHRd7YlZGZv8kg
+x7FsoepY7v7E683/97dv2zxL3AGagTEzWr7fl0yPexAaZoDvtQrrjX44BLmwAABACWQkvv
+MxnD8eFkS1konFfMJ1CkuRfTN34CBZ6dY7VTSGemy4QwtFdMKmoufD0eKgy3p5WOeWCYKt
+F4FhjHKZk/aaxFjjIbtkrnlvXg64QI11dSZyBN6/ViQkHPSkUDF+A6AAEhrNbQbAFSvao1
+kTvNtPCtL0AkUIduEMzGQfLCTAAAAKDeC043YVo9Zo0zAEeIA4uZh4LBCQAAA/9aj7Y5ik
+ehygJ4qTDSlVypsPuV+n59tMS0e2pfrSG87yf5r94AKBmJeho5OO6wYaXCxsVB7AFbSUD6
+75AK8mHF4v1/+7SWKk5f8xlMCMSPZ9K0+j/W1d/q2qkhnnDZolOHDomLA+U00i5ya/jnTV
+zyDPWLFpWK8u3xGBPAYX324gAAAKDHFvooRnaXdZbeWGTTqmgHB1GU9A==
+---- END SSH2 ENCRYPTED PRIVATE KEY ----
diff --git a/regress/dsa_ssh2.pub b/regress/dsa_ssh2.pub
new file mode 100644
index 00000000..215d73ba
--- /dev/null
+++ b/regress/dsa_ssh2.pub
@@ -0,0 +1,13 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+Subject: ssh-keygen test
+Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100"
+AAAAB3NzaC1kc3MAAACBALBR+bcDFlO63eJwGbAJwPjydjrgfO4QuVD68SqMhxEujj16z8
+NBN4s1D6R0pEJ+i6iwY2/RarFG0XS1SxZ1fFLfugcZrhA+6AF0dF3tiVkZm/ySDHsWyh6l
+ju/sTrzf/3t2/bPEvcAZqBMTNavt+XTI97EBpmgO+1CuuNfjgEubAAAAFQDeC043YVo9Zo
+0zAEeIA4uZh4LBCQAAAIEAlkJL7zMZw/HhZEtZKJxXzCdQpLkX0zd+AgWenWO1U0hnpsuE
+MLRXTCpqLnw9HioMt6eVjnlgmCrReBYYxymZP2msRY4yG7ZK55b14OuECNdXUmcgTev1Yk
+JBz0pFAxfgOgABIazW0GwBUr2qNZE7zbTwrS9AJFCHbhDMxkHywkwAAACAWo+2OYpHocoC
+eKkw0pVcqbD7lfp+fbTEtHtqX60hvO8n+a/eACgZiXoaOTjusGGlwsbFQewBW0lA+u+QCv
+JhxeL9f/u0lipOX/MZTAjEj2fStPo/1tXf6tqpIZ5w2aJThw6JiwPlNNIucmv4501c8gz1
+ixaVivLt8RgTwGF99uI=
+---- END SSH2 PUBLIC KEY ----
diff --git a/regress/exit-status.sh b/regress/exit-status.sh
new file mode 100644
index 00000000..56b78a62
--- /dev/null
+++ b/regress/exit-status.sh
@@ -0,0 +1,24 @@
+# $OpenBSD: exit-status.sh,v 1.6 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="remote exit status"
+
+for p in 1 2; do
+ for s in 0 1 4 5 44; do
+ trace "proto $p status $s"
+ verbose "test $tid: proto $p status $s"
+ ${SSH} -$p -F $OBJ/ssh_proxy otherhost exit $s
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code mismatch for protocol $p: $r != $s"
+ fi
+
+ # same with early close of stdout/err
+ ${SSH} -$p -F $OBJ/ssh_proxy -n otherhost \
+ exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
+ fi
+ done
+done
diff --git a/regress/forwarding.sh b/regress/forwarding.sh
new file mode 100644
index 00000000..7b281c01
--- /dev/null
+++ b/regress/forwarding.sh
@@ -0,0 +1,33 @@
+# $OpenBSD: forwarding.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="local and remote forwarding"
+
+start_sshd
+
+base=33
+last=$PORT
+fwd=""
+for j in 0 1 2; do
+ for i in 0 1 2; do
+ a=$base$j$i
+ b=`expr $a + 50`
+ c=$last
+ # fwd chain: $a -> $b -> $c
+ fwd="$fwd -L$a:127.0.0.1:$b -R$b:127.0.0.1:$c"
+ last=$a
+ done
+done
+for p in 1 2; do
+ q=`expr 3 - $p`
+ trace "start forwarding, fork to background"
+ ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
+
+ trace "transfer over forwarded channels and check result"
+ ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
+ somehost cat /bin/ls > $OBJ/ls.copy
+ test -f $OBJ/ls.copy || fail "failed copy /bin/ls"
+ cmp /bin/ls $OBJ/ls.copy || fail "corrupted copy of /bin/ls"
+
+ sleep 10
+done
diff --git a/regress/keyscan.sh b/regress/keyscan.sh
new file mode 100644
index 00000000..33f14f0f
--- /dev/null
+++ b/regress/keyscan.sh
@@ -0,0 +1,19 @@
+# $OpenBSD: keyscan.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="keyscan"
+
+# remove DSA hostkey
+rm -f ${OBJ}/host.dsa
+
+start_sshd
+
+for t in rsa1 rsa dsa; do
+ trace "keyscan type $t"
+ ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \
+ > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-keyscan -t $t failed with: $r"
+ fi
+done
diff --git a/regress/proto-mismatch.sh b/regress/proto-mismatch.sh
new file mode 100644
index 00000000..fb521f21
--- /dev/null
+++ b/regress/proto-mismatch.sh
@@ -0,0 +1,19 @@
+# $OpenBSD: proto-mismatch.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="protocol version mismatch"
+
+mismatch ()
+{
+ server=$1
+ client=$2
+ banner=`echo ${client} | ${SSHD} -o "Protocol=${server}" -i -f ${OBJ}/sshd_proxy`
+ r=$?
+ trace "sshd prints ${banner}"
+ if [ $r -ne 255 ]; then
+ fail "sshd prints ${banner} and accepts connect with version ${client}"
+ fi
+}
+
+mismatch 2 SSH-1.5-HALLO
+mismatch 1 SSH-2.0-HALLO
diff --git a/regress/proto-version.sh b/regress/proto-version.sh
new file mode 100644
index 00000000..7dc616f5
--- /dev/null
+++ b/regress/proto-version.sh
@@ -0,0 +1,34 @@
+# $OpenBSD: proto-version.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="sshd version with different protocol combinations"
+
+# we just start sshd in inetd mode and check the banner
+check_version ()
+{
+ version=$1
+ expect=$2
+ banner=`echo -n | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy`
+ case ${banner} in
+ SSH-1.99-*)
+ proto=199
+ ;;
+ SSH-2.0-*)
+ proto=20
+ ;;
+ SSH-1.5-*)
+ proto=15
+ ;;
+ *)
+ proto=0
+ ;;
+ esac
+ if [ ${expect} -ne ${proto} ]; then
+ fail "wrong protocol version ${banner} for ${version}"
+ fi
+}
+
+check_version 2,1 199
+check_version 1,2 199
+check_version 2 20
+check_version 1 15
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh
new file mode 100644
index 00000000..bf1940fc
--- /dev/null
+++ b/regress/proxy-connect.sh
@@ -0,0 +1,11 @@
+# $OpenBSD: proxy-connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="proxy connect"
+
+for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ fail "ssh proxyconnect protocol $p failed"
+ fi
+done
diff --git a/regress/rsa_openssh.prv b/regress/rsa_openssh.prv
new file mode 100644
index 00000000..26755557
--- /dev/null
+++ b/regress/rsa_openssh.prv
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko
++dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3
+xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQIDAQAB
+An8nH5VzvHkMbSqJ6eOYDsVwomRvYbH5IEaYl1x6VATITNvAu9kUdQ4NsSpuMc+7
+Jj9gKZvmO1y2YCKc0P/iO+i/eV0L+yQh1Rw18jQZll+12T+LZrKRav03YNvMx0gN
+wqWY48Kt6hv2/N/ebQzKRe79+D0t2cTh92hT7xENFLIBAkEBGnoGKFjAUkJCwO1V
+mzpUqMHpRZVOrqP9hUmPjzNJ5oBPFGe4+h1hoSRFOAzaNuZt8ssbqaLCkzB8bfzj
+qhZqAQJBANZekuUpp8iBLeLSagw5FkcPwPzq6zfExbhvsZXb8Bo/4SflNs4JHXwI
+7SD9Z8aJLvM4uQ/5M70lblDMQ40i3o0CQQDIJvBYBFL5tlOgakq/O7yi+wt0L5BZ
+9H79w5rCSAA0IHRoK/qI1urHiHC3f3vbbLk5UStfrqEaND/mm0shyNIBAkBLsYdC
+/ctt5Bc0wUGK4Vl5bBmj9LtrrMJ4FpBpLwj/69BwCuKoK9XKZ0h73p6XHveCEGRg
+PIlFX4MtaoLrwgU9AkBV2k4dgIws+X8YX65EsyyFjnlDqX4x0nSOjQB1msIKfHBr
+dh5XLDBTTCxnKhMJ0Yx/opgOvf09XHBFwaQntR5i
+-----END RSA PRIVATE KEY-----
diff --git a/regress/rsa_openssh.pub b/regress/rsa_openssh.pub
new file mode 100644
index 00000000..b504730f
--- /dev/null
+++ b/regress/rsa_openssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko+dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQ==
diff --git a/regress/rsa_ssh2.prv b/regress/rsa_ssh2.prv
new file mode 100644
index 00000000..1ece3d7d
--- /dev/null
+++ b/regress/rsa_ssh2.prv
@@ -0,0 +1,16 @@
+---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
+Subject: ssh-keygen test
+Comment: "1024-bit rsa, Sat Jun 23 2001 12:21:26 -0400"
+P2/56wAAAi4AAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS
+1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAB3wAAAdsAAAARAQABAAAD9icflXO8eQxtKonp
+45gOxXCiZG9hsfkgRpiXXHpUBMhM28C72RR1Dg2xKm4xz7smP2Apm+Y7XLZgIpzQ/+I76L
+95XQv7JCHVHDXyNBmWX7XZP4tmspFq/Tdg28zHSA3CpZjjwq3qG/b8395tDMpF7v34PS3Z
+xOH3aFPvEQ0UsgEAAAQA7IpcCnGijesEjDXdVoEPfh0akBJA9JAk1bba2sxrtDoQVN1JKP
+nRQ9SKdAsXV5jduSUFsTmBe4fznLvD948790U1/O8SkdGM5V0y1/ki7Rf8knm0t8Vj65X0
+VA4YdN4UeVfvMcb78vcInT2CsP6CLcBkrnjrBKtS03Mwg79nQI0AAAH/VdpOHYCMLPl/GF
++uRLMshY55Q6l+MdJ0jo0AdZrCCnxwa3YeVywwU0wsZyoTCdGMf6KYDr39PVxwRcGkJ7Ue
+YgAAAgDWXpLlKafIgS3i0moMORZHD8D86us3xMW4b7GV2/AaP+En5TbOCR18CO0g/WfGiS
+7zOLkP+TO9JW5QzEONIt6NAAACAQEaegYoWMBSQkLA7VWbOlSowelFlU6uo/2FSY+PM0nm
+gE8UZ7j6HWGhJEU4DNo25m3yyxuposKTMHxt/OOqFmoB
+---- END SSH2 ENCRYPTED PRIVATE KEY ----
+---
diff --git a/regress/runtests.sh b/regress/runtests.sh
new file mode 100755
index 00000000..9808eb8a
--- /dev/null
+++ b/regress/runtests.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+TEST_SSH_SSH=../ssh
+TEST_SSH_SSHD=../sshd
+TEST_SSH_SSHAGENT=../ssh-agent
+TEST_SSH_SSHADD=../ssh-add
+TEST_SSH_SSHKEYGEN=../ssh-keygen
+TEST_SSH_SSHKEYSCAN=../ssh-keyscan
+TEST_SSH_SFTP=../sftp
+TEST_SSH_SFTPSERVER=../sftp-server
+
+pmake
+
diff --git a/regress/sftp.sh b/regress/sftp.sh
new file mode 100644
index 00000000..e8d47312
--- /dev/null
+++ b/regress/sftp.sh
@@ -0,0 +1,29 @@
+# $OpenBSD: sftp.sh,v 1.2 2002/03/27 22:39:52 markus Exp $
+# Placed in the Public Domain.
+
+tid="basic sftp put/get"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+BUFFERSIZE="5 1000 32000 64000"
+REQUESTS="1 2 10"
+
+for B in ${BUFFERSIZE}; do
+ for R in ${REQUESTS}; do
+ verbose "test $tid: buffer_size $B num_requests $R"
+ rm -f ${COPY}.1 ${COPY}.2
+ ${SFTP} -P ${SFTPSERVER} -B $B -R $R -b /dev/stdin \
+ > /dev/null 2>&1 << EOF
+ version
+ get $DATA ${COPY}.1
+ put $DATA ${COPY}.2
+EOF
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "sftp failed with $r"
+ fi
+ cmp $DATA ${COPY}.1 || fail "corrupted copy after get"
+ cmp $DATA ${COPY}.2 || fail "corrupted copy after put"
+ done
+done
diff --git a/regress/ssh-com-client.sh b/regress/ssh-com-client.sh
new file mode 100644
index 00000000..84b0b471
--- /dev/null
+++ b/regress/ssh-com-client.sh
@@ -0,0 +1,127 @@
+# $OpenBSD: ssh-com-client.sh,v 1.3 2002/04/10 08:45:30 markus Exp $
+# Placed in the Public Domain.
+
+tid="connect with ssh.com client"
+
+#TEST_COMBASE=/path/to/ssh/com/binaries
+if [ "X${TEST_COMBASE}" = "X" ]; then
+ fatal '$TEST_COMBASE is not set'
+fi
+
+VERSIONS="
+ 2.1.0
+ 2.2.0
+ 2.3.0
+ 2.3.1
+ 2.4.0
+ 3.0.0
+ 3.1.0"
+
+# 2.0.10 2.0.12 2.0.13 don't like the test setup
+
+# setup authorized keys
+SRC=`dirname ${SCRIPT}`
+cp ${SRC}/dsa_ssh2.prv ${OBJ}/id.com
+chmod 600 ${OBJ}/id.com
+${SSHKEYGEN} -i -f ${OBJ}/id.com > $OBJ/id.openssh
+chmod 600 ${OBJ}/id.openssh
+${SSHKEYGEN} -y -f ${OBJ}/id.openssh > $OBJ/authorized_keys_$USER
+${SSHKEYGEN} -e -f ${OBJ}/id.openssh > $OBJ/id.com.pub
+echo IdKey ${OBJ}/id.com > ${OBJ}/id.list
+
+# we need a DSA host key
+t=dsa
+rm -f ${OBJ}/$t ${OBJ}/$t.pub
+${SSHKEYGEN} -q -N '' -t $t -f ${OBJ}/$t
+$SUDO cp $OBJ/$t $OBJ/host.$t
+echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
+
+# add hostkeys to known hosts
+mkdir -p ${OBJ}/${USER}/hostkeys
+HK=${OBJ}/${USER}/hostkeys/key_${PORT}_127.0.0.1
+${SSHKEYGEN} -e -f ${OBJ}/rsa.pub > ${HK}.ssh-rsa.pub
+${SSHKEYGEN} -e -f ${OBJ}/dsa.pub > ${HK}.ssh-dss.pub
+
+cat > ${OBJ}/ssh2_config << EOF
+*:
+ QuietMode yes
+ StrictHostKeyChecking yes
+ Port ${PORT}
+ User ${USER}
+ Host 127.0.0.1
+ IdentityFile ${OBJ}/id.list
+ RandomSeedFile ${OBJ}/random_seed
+ UserConfigDirectory ${OBJ}/%U
+ AuthenticationSuccessMsg no
+ BatchMode yes
+ ForwardX11 no
+EOF
+
+# we need a real server (no ProxyConnect option)
+start_sshd
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+rm -f ${COPY}
+
+# go for it
+for v in ${VERSIONS}; do
+ ssh2=${TEST_COMBASE}/${v}/ssh2
+ if [ ! -x ${ssh2} ]; then
+ continue
+ fi
+ verbose "ssh2 ${v}"
+ key=ssh-dss
+ skipcat=0
+ case $v in
+ 2.1.*|2.3.0)
+ skipcat=1
+ ;;
+ 3.0.*)
+ key=ssh-rsa
+ ;;
+ esac
+ cp ${HK}.$key.pub ${HK}.pub
+
+ # check exit status
+ ${ssh2} -q -F ${OBJ}/ssh2_config somehost exit 42
+ r=$?
+ if [ $r -ne 42 ]; then
+ fail "ssh2 ${v} exit code test failed (got $r, expected 42)"
+ fi
+
+ # data transfer
+ rm -f ${COPY}
+ ${ssh2} -F ${OBJ}/ssh2_config somehost cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh2 ${v} cat test (receive) failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "ssh2 ${v} cat test (receive) data mismatch"
+
+ # data transfer, again
+ if [ $skipcat -eq 0 ]; then
+ rm -f ${COPY}
+ cat ${DATA} | \
+ ${ssh2} -F ${OBJ}/ssh2_config host "cat > ${COPY}"
+ if [ $? -ne 0 ]; then
+ fail "ssh2 ${v} cat test (send) failed"
+ fi
+ cmp ${DATA} ${COPY} || \
+ fail "ssh2 ${v} cat test (send) data mismatch"
+ fi
+
+ # no stderr after eof
+ rm -f ${COPY}
+ ${ssh2} -F ${OBJ}/ssh2_config somehost \
+ exec sh -c \'"exec > /dev/null; sleep 1; echo bla 1>&2; exit 0"\' \
+ 2> /dev/null
+ if [ $? -ne 0 ]; then
+ fail "ssh2 ${v} stderr test failed"
+ fi
+done
+
+rm -rf ${OBJ}/${USER}
+for i in ssh2_config random_seed dsa.pub dsa host.dsa \
+ id.list id.com id.com.pub id.openssh; do
+ rm -f ${OBJ}/$i
+done
diff --git a/regress/ssh-com-keygen.sh b/regress/ssh-com-keygen.sh
new file mode 100644
index 00000000..90ba2fcd
--- /dev/null
+++ b/regress/ssh-com-keygen.sh
@@ -0,0 +1,67 @@
+# $OpenBSD: ssh-com-keygen.sh,v 1.1 2002/03/27 22:40:27 markus Exp $
+# Placed in the Public Domain.
+
+tid="ssh.com key import"
+
+#TEST_COMBASE=/path/to/ssh/com/binaries
+if [ "X${TEST_COMBASE}" = "X" ]; then
+ fatal '$TEST_COMBASE is not set'
+fi
+
+VERSIONS="
+ 2.0.10
+ 2.0.12
+ 2.0.13
+ 2.1.0
+ 2.2.0
+ 2.3.0
+ 2.3.1
+ 2.4.0
+ 3.0.0
+ 3.1.0"
+
+COMPRV=${OBJ}/comkey
+COMPUB=${COMPRV}.pub
+OPENSSHPRV=${OBJ}/opensshkey
+OPENSSHPUB=${OPENSSHPRV}.pub
+
+# go for it
+for v in ${VERSIONS}; do
+ keygen=${TEST_COMBASE}/${v}/ssh-keygen2
+ if [ ! -x ${keygen} ]; then
+ continue
+ fi
+ types="dss"
+ case $v in
+ 2.3.1|3.*)
+ types="$types rsa"
+ ;;
+ esac
+ for t in $types; do
+ verbose "ssh-keygen $v/$t"
+ rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB
+ ${keygen} -q -P -t $t ${COMPRV} > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "${keygen} -t $t failed"
+ continue
+ fi
+ ${SSHKEYGEN} -if ${COMPUB} > ${OPENSSHPUB}
+ if [ $? -ne 0 ]; then
+ fail "import public key ($v/$t) failed"
+ continue
+ fi
+ ${SSHKEYGEN} -if ${COMPRV} > ${OPENSSHPRV}
+ if [ $? -ne 0 ]; then
+ fail "import private key ($v/$t) failed"
+ continue
+ fi
+ chmod 600 ${OPENSSHPRV}
+ ${SSHKEYGEN} -yf ${OPENSSHPRV} |\
+ diff - ${OPENSSHPUB}
+ if [ $? -ne 0 ]; then
+ fail "public keys ($v/$t) differ"
+ fi
+ done
+done
+
+rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB
diff --git a/regress/ssh-com-sftp.sh b/regress/ssh-com-sftp.sh
new file mode 100644
index 00000000..231efa13
--- /dev/null
+++ b/regress/ssh-com-sftp.sh
@@ -0,0 +1,54 @@
+# $OpenBSD: ssh-com-sftp.sh,v 1.2 2002/04/10 08:45:30 markus Exp $
+# Placed in the Public Domain.
+
+tid="basic sftp put/get with ssh.com server"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+BUFFERSIZE="5 1000 32000 64000"
+REQUESTS="1 2 10"
+
+#TEST_COMBASE=/path/to/ssh/com/binaries
+if [ "X${TEST_COMBASE}" = "X" ]; then
+ fatal '$TEST_COMBASE is not set'
+fi
+
+VERSIONS="
+ 2.0.10
+ 2.0.12
+ 2.0.13
+ 2.1.0
+ 2.2.0
+ 2.3.0
+ 2.3.1
+ 2.4.0
+ 3.0.0
+ 3.1.0"
+
+# go for it
+for v in ${VERSIONS}; do
+ server=${TEST_COMBASE}/${v}/sftp-server2
+ if [ ! -x ${server} ]; then
+ continue
+ fi
+ verbose "sftp-server $v"
+ for B in ${BUFFERSIZE}; do
+ for R in ${REQUESTS}; do
+ verbose "test $tid: buffer_size $B num_requests $R"
+ rm -f ${COPY}.1 ${COPY}.2
+ ${SFTP} -P ${server} -B $B -R $R -b /dev/stdin \
+ > /dev/null 2>&1 << EOF
+ version
+ get $DATA ${COPY}.1
+ put $DATA ${COPY}.2
+EOF
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "sftp failed with $r"
+ fi
+ cmp $DATA ${COPY}.1 || fail "corrupted copy after get"
+ cmp $DATA ${COPY}.2 || fail "corrupted copy after put"
+ done
+ done
+done
diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh
new file mode 100644
index 00000000..6a199fa6
--- /dev/null
+++ b/regress/ssh-com.sh
@@ -0,0 +1,112 @@
+# $OpenBSD: ssh-com.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="connect to ssh.com server"
+
+#TEST_COMBASE=/path/to/ssh/com/binaries
+if [ "X${TEST_COMBASE}" = "X" ]; then
+ fatal '$TEST_COMBASE is not set'
+fi
+
+VERSIONS="
+ 2.0.12
+ 2.0.13
+ 2.1.0
+ 2.2.0
+ 2.3.0
+ 2.3.1
+ 2.4.0
+ 3.0.0
+ 3.1.0"
+# 2.0.10 does not support UserConfigDirectory
+
+SRC=`dirname ${SCRIPT}`
+
+# ssh.com
+cat << EOF > $OBJ/sshd2_config
+*:
+ # Port and ListenAdress are not used.
+ QuietMode yes
+ Port 4343
+ ListenAddress 127.0.0.1
+ UserConfigDirectory ${OBJ}/%U
+ Ciphers AnyCipher
+ PubKeyAuthentication yes
+ #AllowedAuthentications publickey
+ AuthorizationFile authorization
+ HostKeyFile ${SRC}/dsa_ssh2.prv
+ PublicHostKeyFile ${SRC}/dsa_ssh2.pub
+ RandomSeedFile ${OBJ}/random_seed
+ MaxConnections 0
+ PermitRootLogin yes
+ VerboseMode no
+ CheckMail no
+ Ssh1Compatibility no
+EOF
+
+# create client config
+sed "s/HostKeyAlias.*/HostKeyAlias ssh2-localhost-with-alias/" \
+ < $OBJ/ssh_config > $OBJ/ssh_config_com
+
+# we need a DSA key for
+rm -f ${OBJ}/dsa ${OBJ}/dsa.pub
+${SSHKEYGEN} -q -N '' -t dsa -f ${OBJ}/dsa
+
+# setup userdir, try rsa first
+mkdir -p ${OBJ}/${USER}
+cp /dev/null ${OBJ}/${USER}/authorization
+for t in rsa dsa; do
+ ${SSHKEYGEN} -e -f ${OBJ}/$t.pub > ${OBJ}/${USER}/$t.com
+ echo Key $t.com >> ${OBJ}/${USER}/authorization
+ echo IdentityFile ${OBJ}/$t >> ${OBJ}/ssh_config_com
+done
+
+# convert and append DSA hostkey
+(
+ echo -n 'ssh2-localhost-with-alias,127.0.0.1,::1 '
+ ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub
+) >> $OBJ/known_hosts
+
+# go for it
+for v in ${VERSIONS}; do
+ sshd2=${TEST_COMBASE}/${v}/sshd2
+ if [ ! -x ${sshd2} ]; then
+ continue
+ fi
+ trace "sshd2 ${v}"
+ PROXY="proxycommand ${sshd2} -qif ${OBJ}/sshd2_config 2> /dev/null"
+ ${SSH} -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0
+ if [ $? -ne 0 ]; then
+ fail "ssh connect to sshd2 ${v} failed"
+ fi
+
+ ciphers="3des-cbc blowfish-cbc arcfour"
+ macs="hmac-md5"
+ case $v in
+ 2.4.*)
+ ciphers="$ciphers cast128-cbc"
+ macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96"
+ ;;
+ 3.*)
+ ciphers="$ciphers aes128-cbc cast128-cbc"
+ macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96"
+ ;;
+ esac
+ #ciphers="3des-cbc"
+ for m in $macs; do
+ for c in $ciphers; do
+ trace "sshd2 ${v} cipher $c mac $m"
+ verbose "test ${tid}: sshd2 ${v} cipher $c mac $m"
+ ${SSH} -c $c -m $m -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0
+ if [ $? -ne 0 ]; then
+ fail "ssh connect to sshd2 ${v} with $c/$m failed"
+ fi
+ done
+ done
+done
+
+rm -rf ${OBJ}/${USER}
+for i in sshd_config_proxy ssh_config_proxy random_seed \
+ sshd2_config dsa.pub dsa ssh_config_com; do
+ rm -f ${OBJ}/$i
+done
diff --git a/regress/stderr-after-eof.sh b/regress/stderr-after-eof.sh
new file mode 100644
index 00000000..bebd700b
--- /dev/null
+++ b/regress/stderr-after-eof.sh
@@ -0,0 +1,30 @@
+# $OpenBSD: stderr-after-eof.sh,v 1.1 2002/03/23 16:38:09 markus Exp $
+# Placed in the Public Domain.
+
+tid="stderr data after eof"
+
+DATA=/etc/motd
+DATA=${OBJ}/data
+COPY=${OBJ}/copy
+
+MD5=md5sum
+
+# setup data
+rm -f ${DATA} ${COPY}
+cp /dev/null ${DATA}
+for i in 1 2 3 4 5 6; do
+ (date;echo $i) | $MD5 >> ${DATA}
+done
+
+${SSH} -2 -F $OBJ/ssh_proxy otherhost \
+ exec sh -c \'"exec > /dev/null; sleep 2; cat ${DATA} 1>&2 $s"\' \
+ 2> ${COPY}
+r=$?
+if [ $r -ne 0 ]; then
+ fail "ssh failed with exit code $r"
+fi
+egrep 'Disconnecting: Received extended_data after EOF' ${COPY} &&
+ fail "ext data received after eof"
+cmp ${DATA} ${COPY} || fail "stderr corrupt"
+
+rm -f ${DATA} ${COPY}
diff --git a/regress/stderr-data.sh b/regress/stderr-data.sh
new file mode 100644
index 00000000..0157690b
--- /dev/null
+++ b/regress/stderr-data.sh
@@ -0,0 +1,33 @@
+# $OpenBSD: stderr-data.sh,v 1.2 2002/03/27 22:39:52 markus Exp $
+# Placed in the Public Domain.
+
+tid="stderr data transfer"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+rm -f ${COPY}
+
+for n in '' -n; do
+for p in 1 2; do
+ verbose "test $tid: proto $p ($n)"
+ ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \
+ exec sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \
+ 2> ${COPY}
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh failed with exit code $r"
+ fi
+ cmp ${DATA} ${COPY} || fail "stderr corrupt"
+ rm -f ${COPY}
+
+ ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \
+ exec sh -c \'"echo a; exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \
+ > /dev/null 2> ${COPY}
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh failed with exit code $r"
+ fi
+ cmp ${DATA} ${COPY} || fail "stderr corrupt"
+ rm -f ${COPY}
+done
+done
diff --git a/regress/t4.ok b/regress/t4.ok
new file mode 100644
index 00000000..8c4942bf
--- /dev/null
+++ b/regress/t4.ok
@@ -0,0 +1 @@
+3b:dd:44:e9:49:18:84:95:f1:e7:33:6b:9d:93:b1:36
diff --git a/regress/t5.ok b/regress/t5.ok
new file mode 100644
index 00000000..bd622f30
--- /dev/null
+++ b/regress/t5.ok
@@ -0,0 +1 @@
+xokes-lylis-byleh-zebib-kalus-bihas-tevah-haroz-suhar-foved-noxex
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
new file mode 100644
index 00000000..a7a8ddbe
--- /dev/null
+++ b/regress/test-exec.sh
@@ -0,0 +1,224 @@
+# $OpenBSD: test-exec.sh,v 1.14 2002/04/15 15:19:48 markus Exp $
+# Placed in the Public Domain.
+
+PORT=4242
+USER=`id -un`
+SUDO=
+#SUDO=sudo
+
+OBJ=$1
+if [ "x$OBJ" = "x" ]; then
+ echo '$OBJ not defined'
+ exit 2
+fi
+if [ ! -d $OBJ ]; then
+ echo "not a directory: $OBJ"
+ exit 2
+fi
+SCRIPT=$2
+if [ "x$SCRIPT" = "x" ]; then
+ echo '$SCRIPT not defined'
+ exit 2
+fi
+if [ ! -f $SCRIPT ]; then
+ echo "not a file: $SCRIPT"
+ exit 2
+fi
+if sh -n $SCRIPT; then
+ true
+else
+ echo "syntax error in $SCRIPT"
+ exit 2
+fi
+unset SSH_AUTH_SOCK
+
+# defaults
+SSH=ssh
+SSHD=sshd
+SSHAGENT=ssh-agent
+SSHADD=ssh-add
+SSHKEYGEN=ssh-keygen
+SSHKEYSCAN=ssh-keyscan
+SFTP=sftp
+SFTPSERVER=/usr/libexec/openssh/sftp-server
+
+if [ "x$TEST_SSH_SSH" != "x" ]; then
+ SSH=${TEST_SSH_SSH}
+fi
+if [ "x$TEST_SSH_SSHD" != "x" ]; then
+ SSHD=${TEST_SSH_SSHD}
+fi
+if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
+ SSHAGENT=${TEST_SSH_SSHAGENT}
+fi
+if [ "x$TEST_SSH_SSHADD" != "x" ]; then
+ SSHADD=${TEST_SSH_SSHADD}
+fi
+if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
+ SSHKEYGEN=${TEST_SSH_SSHKEYGEN}
+fi
+if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
+ SSHKEYSCAN=${TEST_SSH_SSHKEYSCAN}
+fi
+if [ "x$TEST_SSH_SFTP" != "x" ]; then
+ SFTP=${TEST_SSH_SFTP}
+fi
+if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
+ SFTPSERVER=${TEST_SSH_SFTPSERVER}
+fi
+
+# these should be used in tests
+export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER
+#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER
+
+# helper
+cleanup ()
+{
+ if [ -f $PIDFILE ]; then
+ pid=`cat $PIDFILE`
+ if [ "X$pid" = "X" ]; then
+ echo no sshd running
+ else
+ if [ $pid -lt 2 ]; then
+ echo bad pid for ssd: $pid
+ else
+ $SUDO kill $pid
+ fi
+ fi
+ fi
+}
+
+trace ()
+{
+ if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
+ echo "$@"
+ fi
+}
+
+verbose ()
+{
+ if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
+ echo "$@"
+ fi
+}
+
+
+fail ()
+{
+ RESULT=1
+ echo "$@"
+}
+
+fatal ()
+{
+ echo -n "FATAL: "
+ fail "$@"
+ cleanup
+ exit $RESULT
+}
+
+RESULT=0
+PIDFILE=$OBJ/pidfile
+
+trap fatal 3 2
+
+# create server config
+cat << EOF > $OBJ/sshd_config
+ Port $PORT
+ ListenAddress 127.0.0.1
+ #ListenAddress ::1
+ PidFile $PIDFILE
+ AuthorizedKeysFile $OBJ/authorized_keys_%u
+ LogLevel QUIET
+EOF
+
+# server config for proxy connects
+cp $OBJ/sshd_config $OBJ/sshd_proxy
+
+# allow group-writable directories in proxy-mode
+echo 'StrictModes no' >> $OBJ/sshd_proxy
+
+# create client config
+cat << EOF > $OBJ/ssh_config
+Host *
+ Hostname 127.0.0.1
+ HostKeyAlias localhost-with-alias
+ Port $PORT
+ User $USER
+ GlobalKnownHostsFile $OBJ/known_hosts
+ UserKnownHostsFile $OBJ/known_hosts
+ RSAAuthentication yes
+ PubkeyAuthentication yes
+ ChallengeResponseAuthentication no
+ HostbasedAuthentication no
+ PasswordAuthentication no
+ RhostsAuthentication no
+ RhostsRSAAuthentication no
+ BatchMode yes
+ StrictHostKeyChecking yes
+EOF
+
+rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
+
+trace "generate keys"
+for t in rsa rsa1; do
+ # generate user key
+ rm -f $OBJ/$t
+ ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\
+ fail "ssh-keygen for $t failed"
+
+ # known hosts file for client
+ (
+ echo -n 'localhost-with-alias,127.0.0.1,::1 '
+ cat $OBJ/$t.pub
+ ) >> $OBJ/known_hosts
+
+ # setup authorized keys
+ cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
+ echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
+
+ # use key as host key, too
+ $SUDO cp $OBJ/$t $OBJ/host.$t
+ echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
+
+ # don't use SUDO for proxy connect
+ echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
+done
+chmod 644 $OBJ/authorized_keys_$USER
+
+# create a proxy version of the client config
+(
+ cat $OBJ/ssh_config
+ echo proxycommand ${SSHD} -i -f $OBJ/sshd_proxy
+) > $OBJ/ssh_proxy
+
+# check proxy config
+${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"
+
+start_sshd ()
+{
+ # start sshd
+ $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken"
+ $SUDO ${SSHD} -f $OBJ/sshd_config
+
+ trace "wait for sshd"
+ i=0;
+ while [ ! -f $PIDFILE -a $i -lt 5 ]; do
+ i=`expr $i + 1`
+ sleep $i
+ done
+
+ test -f $PIDFILE || fatal "no sshd running on port $PORT"
+}
+
+# source test body
+. $SCRIPT
+
+# kill sshd
+cleanup
+if [ $RESULT -eq 0 ]; then
+ verbose ok $tid
+else
+ echo failed $tid
+fi
+exit $RESULT
diff --git a/regress/transfer.sh b/regress/transfer.sh
new file mode 100644
index 00000000..31cdc0ce
--- /dev/null
+++ b/regress/transfer.sh
@@ -0,0 +1,29 @@
+# $OpenBSD: transfer.sh,v 1.1 2002/03/27 00:03:37 markus Exp $
+# Placed in the Public Domain.
+
+tid="transfer data"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+for p in 1 2; do
+ verbose "$tid: proto $p"
+ rm -f ${COPY}
+ ${SSH} -n -q -$p -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+ for s in 10 100 1k 32k 64k 128k 256k; do
+ trace "proto $p dd-size ${s}"
+ rm -f ${COPY}
+ dd if=$DATA obs=${s} 2> /dev/null | \
+ ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp $DATA ${COPY} || fail "corrupted copy"
+ done
+done
+rm -f ${COPY}
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh
new file mode 100644
index 00000000..161f039c
--- /dev/null
+++ b/regress/try-ciphers.sh
@@ -0,0 +1,29 @@
+# $OpenBSD: try-ciphers.sh,v 1.7 2002/04/03 09:30:01 markus Exp $
+# Placed in the Public Domain.
+
+tid="try ciphers"
+
+ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour
+ aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se"
+macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96"
+
+for c in $ciphers; do
+ for m in $macs; do
+ trace "proto 2 cipher $c mac $m"
+ verbose "test $tid: proto 2 cipher $c mac $m"
+ ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh -2 failed with mac $m cipher $c"
+ fi
+ done
+done
+
+ciphers="3des blowfish"
+for c in $ciphers; do
+ trace "proto 1 cipher $c"
+ verbose "test $tid: proto 1 cipher $c"
+ ${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh -1 failed with cipher $c"
+ fi
+done
diff --git a/regress/yes-head.sh b/regress/yes-head.sh
new file mode 100644
index 00000000..f213f686
--- /dev/null
+++ b/regress/yes-head.sh
@@ -0,0 +1,15 @@
+# $OpenBSD: yes-head.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="yes pipe head"
+
+for p in 1 2; do
+ lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'yes | head -2000' | (sleep 3 ; wc -l)`
+ if [ $? -ne 0 ]; then
+ fail "yes|head test failed"
+ lines = 0;
+ fi
+ if [ $lines -ne 2000 ]; then
+ fail "yes|head returns $lines lines instead of 2000"
+ fi
+done