openssh/regress
djm@openbsd.org 1fe4d70df9 upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
but me.

OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9
2021-02-26 15:23:42 +11:00
..
misc upstream: remove this KEX fuzzer; it's awkward to use and doesn't play 2021-02-26 15:23:42 +11:00
unittests upstream: Fix long->int for convtime tests here too. Spotted by 2021-01-22 16:07:02 +11:00
addrmatch.sh upstream: Ensure that address/mask mismatches are flagged at 2020-09-09 13:12:29 +10:00
agent-getpeereid.sh upstream: test FIDO2/U2F key types; ok markus@ 2019-11-27 11:02:49 +11:00
agent-pkcs11.sh upstream: test FIDO2/U2F key types; ok markus@ 2019-11-27 11:02:49 +11:00
agent-ptrace.sh upstream: test FIDO2/U2F key types; ok markus@ 2019-11-27 11:02:49 +11:00
agent-subprocess.sh upstream: Test that ssh-agent exits when running as as subprocess 2020-06-19 16:06:53 +10:00
agent-timeout.sh upstream: test FIDO2/U2F key types; ok markus@ 2019-11-27 11:02:49 +11:00
agent.sh upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 2021-02-25 15:15:46 +11:00
allow-deny-users.sh
authinfo.sh
banner.sh
broken-pipe.sh
brokenkeys.sh
cert-file.sh upstream: test FIDO2/U2F key types; ok markus@ 2019-11-27 11:02:49 +11:00
cert-hostkey.sh upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 2021-02-25 15:15:46 +11:00
cert-userkey.sh upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 2021-02-25 15:15:46 +11:00
cfginclude.sh
cfgmatch.sh
cfgmatchlisten.sh
cfgparse.sh
check-perm.c
cipher-speed.sh
conch-ciphers.sh
connect-privsep.sh fix TEST_MALLOC_OPTIONS var 2020-10-08 21:15:17 +11:00
connect-uri.sh
connect.sh upstream: Move setting $NC into test-exec since it's now used by 2020-01-25 14:33:53 +11:00
dhgex.sh upstream: Remove explicit rijndael-cbc@lysator.liu.se test since the 2020-12-22 10:30:23 +11:00
dsa_ssh2.prv
dsa_ssh2.pub
dynamic-forward.sh
envpass.sh
exit-status.sh
forcecommand.sh
forward-control.sh
forwarding.sh
host-expand.sh
hostkey-agent.sh upstream: test security key host keys in addition to user keys 2019-12-21 13:35:42 +11:00
hostkey-rotate.sh upstream: remove GlobalKnownHostsFile for this test after 2020-10-07 17:39:17 +11:00
integrity.sh upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it getting 2020-01-21 19:08:37 +11:00
kextype.sh
key-options.sh Use "=" not "==" in string test. 2020-11-25 17:38:46 +11:00
keygen-change.sh upstream: test security key host keys in addition to user keys 2019-12-21 13:35:42 +11:00
keygen-comment.sh upstream: Backslash '$' at then end of string. Prevents warning on 2020-04-22 11:35:49 +10:00
keygen-convert.sh
keygen-knownhosts.sh
keygen-moduli.sh upstream: Update keygen moduli screen test to match recent command 2020-01-03 13:47:32 +11:00
keys-command.sh
keyscan.sh upstream: Increase keyscan timeout from default. On slow hosts 3 2020-01-22 18:34:01 +11:00
keytype.sh upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 2021-02-25 15:15:46 +11:00
knownhosts-command.sh upstream: more detail for failing tests 2020-12-22 17:48:31 +11:00
krl.sh upstream: test security key host keys in addition to user keys 2019-12-21 13:35:42 +11:00
limit-keytype.sh upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 2021-02-25 15:15:46 +11:00
localcommand.sh
login-timeout.sh
Makefile upstream: regress test for KnownHostsCommand 2020-12-22 17:07:38 +11:00
mkdtemp.c
modpipe.c
moduli.in
multiplex.sh upstream: add test for mux w/-Oproxy; ok djm 2020-06-26 15:25:57 +10:00
multipubkey.sh upstream: it's no longer possible to disable privilege separation 2019-12-16 14:20:35 +11:00
netcat.c fix netcat build problem 2020-10-17 11:33:13 +11:00
percent.sh upstream: Roll back the hostname->uname change in rev 1.10. It turns 2021-02-06 09:35:14 +11:00
portnum.sh
principals-command.sh upstream: test security key host keys in addition to user keys 2019-12-21 13:35:42 +11:00
proto-mismatch.sh
proto-version.sh
proxy-connect.sh upstream: Handle zlib compression being disabled now that it's 2020-01-23 22:34:37 +11:00
putty-ciphers.sh upstream: Also test PuTTY chacha20. 2020-01-23 15:48:24 +11:00
putty-kex.sh upstream: Also test PuTTY ecdh kex methods. 2020-01-23 15:04:08 +11:00
putty-transfer.sh upstream: Handle zlib compression being disabled now that it's 2020-01-23 22:34:37 +11:00
README.regress
reconfigure.sh
reexec.sh prefer ln to cp for temporary copy of sshd 2020-05-14 12:24:24 +10:00
rekey.sh
rsa_openssh.prv
rsa_openssh.pub
rsa_ssh2.prv
scp-ssh-wrapper.sh
scp-uri.sh
scp.sh
servcfginclude.sh upstream: two new tests for Include in sshd_config, checking whether 2020-05-28 08:42:01 +10:00
setuid-allowed.c
sftp-badcmds.sh upstream: some more speeling mistakes from 2020-03-14 19:40:16 +11:00
sftp-batch.sh
sftp-chroot.sh
sftp-cmds.sh
sftp-glob.sh
sftp-perm.sh
sftp-uri.sh
sftp.sh
ssh2putty.sh upstream: Remove workaround for broken 'openssl rsa -text' output 2019-11-25 21:34:20 +11:00
ssh-com-client.sh
ssh-com-keygen.sh
ssh-com-sftp.sh
ssh-com.sh
sshcfgparse.sh upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in 2021-02-25 10:31:47 +11:00
sshd-log-wrapper.sh
sshsig.sh upstream: some more speeling mistakes from 2020-03-14 19:40:16 +11:00
stderr-after-eof.sh
stderr-data.sh
t4.ok
t5.ok
t11.ok
test-exec.sh upstream: Make sure puttygen is new enough to successfully run the 2021-02-17 15:08:29 +11:00
transfer.sh
try-ciphers.sh
valgrind-unit.sh
yes-head.sh

Overview.

$ ./configure && make tests

You'll see some progress info. A failure will cause either the make to
abort or the driver script to report a "FATAL" failure.

The test consists of 2 parts. The first is the file-based tests which is
driven by the Makefile, and the second is a set of network or proxycommand
based tests, which are driven by a driver script (test-exec.sh) which is
called multiple times by the Makefile.

Failures in the first part will cause the Makefile to return an error.
Failures in the second part will print a "FATAL" message for the failed
test and continue.

OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
suite is based on OpenBSD's with modifications.


Environment variables.

SKIP_UNIT: Skip unit tests.
SUDO: path to sudo/doas command, if desired. Note that some systems
	(notably systems using PAM) require sudo to execute some tests.
LTESTS: Whitespace separated list of tests (filenames without the .sh
	extension) to run.
SKIP_LTESTS: Whitespace separated list of tests to skip.
OBJ: used by test scripts to access build dir.
TEST_SHELL: shell used for running the test scripts.
TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test
	currently in progress.
TEST_SSH_PORT: TCP port to be used for the listening tests.
TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
	before running each test.
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to
	ssh_config before running each test.
TEST_SSH_TRACE: set to "yes" for verbose output from tests 
TEST_SSH_x: path to "ssh" command under test, where x is one of
	SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or
	SFTPSERVER
USE_VALGRIND: Run the tests under valgrind memory checker.


Individual tests.

You can run an individual test from the top-level Makefile, eg:
$ make tests LTESTS=agent-timeout

If you need to manipulate the environment more you can invoke test-exec.sh
directly if you set up the path to find the binaries under test and the
test scripts themselves, for example:

$ cd regress
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
    agent-timeout.sh
ok agent timeout test


Files.

test-exec.sh: the main test driver. Sets environment, creates config files
and keys and runs the specified test.

At the time of writing, the individual tests are:
connect.sh:		simple connect
proxy-connect.sh:	proxy connect
connect-privsep.sh:	proxy connect with privsep
connect-uri.sh:		uri connect
proto-version.sh:	sshd version with different protocol combinations
proto-mismatch.sh:	protocol version mismatch
exit-status.sh:		remote exit status
envpass.sh:		environment passing
transfer.sh:		transfer data
banner.sh:		banner
rekey.sh:		rekey
stderr-data.sh:		stderr data transfer
stderr-after-eof.sh:	stderr data after eof
broken-pipe.sh:		broken pipe test
try-ciphers.sh:		try ciphers
yes-head.sh:		yes pipe head
login-timeout.sh:	connect after login grace timeout
agent.sh:		simple connect via agent
agent-getpeereid.sh:	disallow agent attach from other uid
agent-timeout.sh:	agent timeout test
agent-ptrace.sh:	disallow agent ptrace attach
keyscan.sh:		keyscan
keygen-change.sh:	change passphrase for key
keygen-convert.sh:	convert keys
keygen-moduli.sh:	keygen moduli
key-options.sh:		key options
scp.sh:			scp
scp-uri.sh:		scp-uri
sftp.sh:		basic sftp put/get
sftp-chroot.sh:		sftp in chroot
sftp-cmds.sh:		sftp command
sftp-badcmds.sh:	sftp invalid commands
sftp-batch.sh:		sftp batchfile
sftp-glob.sh:		sftp glob
sftp-perm.sh:		sftp permissions
sftp-uri.sh:		sftp-uri
ssh-com-client.sh:	connect with ssh.com client
ssh-com-keygen.sh:	ssh.com key import
ssh-com-sftp.sh:	basic sftp put/get with ssh.com server
ssh-com.sh:		connect to ssh.com server
reconfigure.sh:		simple connect after reconfigure
dynamic-forward.sh:	dynamic forwarding
forwarding.sh:		local and remote forwarding
multiplex.sh:		connection multiplexing
reexec.sh:		reexec tests
brokenkeys.sh:		broken keys
sshcfgparse.sh:		ssh config parse
cfgparse.sh:		sshd config parse
cfgmatch.sh:		sshd_config match
cfgmatchlisten.sh:	sshd_config matchlisten
addrmatch.sh:		address match
localcommand.sh:	localcommand
forcecommand.sh:	forced command
portnum.sh:		port number parsing
keytype.sh:		login with different key types
kextype.sh:		login with different key exchange algorithms
cert-hostkey.sh		certified host keys
cert-userkey.sh:	certified user keys
host-expand.sh:		expand %h and %n
keys-command.sh:	authorized keys from command
forward-control.sh:	sshd control of local and remote forwarding
integrity.sh:		integrity
krl.sh:			key revocation lists
multipubkey.sh:		multiple pubkey
limit-keytype.sh:	restrict pubkey type
hostkey-agent.sh:	hostkey agent
keygen-knownhosts.sh:	ssh-keygen known_hosts
hostkey-rotate.sh:	hostkey rotate
principals-command.sh:	authorized principals command
cert-file.sh:		ssh with certificates
cfginclude.sh:		config include
allow-deny-users.sh:	AllowUsers/DenyUsers
authinfo.sh:		authinfo


Problems?

Run the failing test with shell tracing (-x) turned on:
$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh

Failed tests can be difficult to diagnose. Suggestions:
- run the individual test via ./test-exec.sh `pwd` [testname]
- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
  auth.debug (eg to /var/log/authlog).


Known Issues.

- Similarly, if you do not have "scp" in your system's $PATH then the
  multiplex scp tests will fail (since the system's shell startup scripts
  will determine where the shell started by sshd will look for scp).

- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
  test to fail.  The old behaviour can be restored by setting (and
  exporting) _POSIX2_VERSION=199209 before running the tests.