openssh/regress
Damien Miller ec9d22cc25 Fuzzer harnesses for sig verify and pubkey parsing
These are some basic clang libfuzzer harnesses for signature
verification and public key parsing. Some assembly (metaphorical)
required.
2017-09-08 12:44:13 +10:00
..
misc Fuzzer harnesses for sig verify and pubkey parsing 2017-09-08 12:44:13 +10:00
unittests upstream commit 2017-05-08 16:11:26 +10:00
Makefile upstream commit 2017-06-24 17:29:55 +10:00
README.regress
addrmatch.sh
agent-getpeereid.sh upstream commit 2017-01-30 11:08:36 +11:00
agent-pkcs11.sh upstream commit 2017-05-01 11:59:42 +10:00
agent-ptrace.sh
agent-timeout.sh
agent.sh upstream commit 2017-05-01 11:59:42 +10:00
allow-deny-users.sh upstream commit 2016-12-20 09:35:51 +11:00
authinfo.sh upstream commit 2017-06-24 17:29:55 +10:00
banner.sh upstream commit 2017-05-01 11:59:42 +10:00
broken-pipe.sh upstream commit 2017-05-01 11:59:42 +10:00
brokenkeys.sh upstream commit 2017-05-01 11:59:42 +10:00
cert-file.sh upstream commit 2017-05-01 11:59:42 +10:00
cert-hostkey.sh upstream commit 2017-05-01 11:59:42 +10:00
cert-userkey.sh upstream commit 2017-05-01 11:59:42 +10:00
cfginclude.sh
cfgmatch.sh upstream commit 2017-05-01 11:59:42 +10:00
cfgparse.sh
check-perm.c
cipher-speed.sh upstream commit 2017-05-01 11:59:42 +10:00
conch-ciphers.sh
connect-privsep.sh upstream commit 2017-05-01 11:59:42 +10:00
connect.sh upstream commit 2017-05-01 11:59:42 +10:00
dhgex.sh upstream commit 2017-05-08 11:54:17 +10:00
dsa_ssh2.prv
dsa_ssh2.pub
dynamic-forward.sh upstream commit 2017-05-01 11:59:42 +10:00
envpass.sh
exit-status.sh upstream commit 2017-05-01 11:59:42 +10:00
forcecommand.sh upstream commit 2017-05-01 11:59:42 +10:00
forward-control.sh upstream commit 2017-05-01 11:59:42 +10:00
forwarding.sh upstream commit 2017-05-01 11:59:42 +10:00
host-expand.sh upstream commit 2017-05-01 11:59:42 +10:00
hostkey-agent.sh upstream commit 2017-05-01 11:59:42 +10:00
hostkey-rotate.sh
integrity.sh upstream commit 2017-05-01 11:59:42 +10:00
kextype.sh
key-options.sh upstream commit 2017-05-01 11:59:42 +10:00
keygen-change.sh upstream commit 2017-05-01 11:59:42 +10:00
keygen-convert.sh
keygen-knownhosts.sh
keygen-moduli.sh upstream commit 2016-09-14 11:34:59 +10:00
keys-command.sh upstream commit 2016-10-01 06:44:00 +10:00
keyscan.sh upstream commit 2017-05-01 11:59:42 +10:00
keytype.sh upstream commit 2017-03-21 09:09:59 +11:00
krl.sh
limit-keytype.sh
localcommand.sh upstream commit 2017-05-01 11:59:42 +10:00
login-timeout.sh upstream commit 2016-12-16 13:16:34 +11:00
modpipe.c Conditionally include err.h. 2016-07-18 17:12:22 +10:00
moduli.in upstream commit 2016-09-14 10:57:21 +10:00
multiplex.sh upstream commit 2017-05-01 11:59:42 +10:00
multipubkey.sh
netcat.c
portnum.sh
principals-command.sh upstream commit 2017-05-01 11:59:42 +10:00
proto-mismatch.sh upstream commit 2017-05-01 11:59:42 +10:00
proto-version.sh upstream commit 2017-06-08 13:11:11 +10:00
proxy-connect.sh upstream commit 2017-05-01 11:59:42 +10:00
putty-ciphers.sh upstream commit 2017-05-08 11:54:17 +10:00
putty-kex.sh upstream commit 2016-11-29 17:19:57 +11:00
putty-transfer.sh upstream commit 2017-05-01 11:59:42 +10:00
reconfigure.sh upstream commit 2017-05-01 11:59:42 +10:00
reexec.sh upstream commit 2017-05-01 11:59:42 +10:00
rekey.sh
rsa_openssh.prv
rsa_openssh.pub
rsa_ssh2.prv
scp-ssh-wrapper.sh
scp.sh
setuid-allowed.c
sftp-badcmds.sh
sftp-batch.sh
sftp-chroot.sh upstream commit 2016-10-01 06:44:00 +10:00
sftp-cmds.sh
sftp-glob.sh
sftp-perm.sh
sftp.sh
ssh-com-client.sh
ssh-com-keygen.sh
ssh-com-sftp.sh
ssh-com.sh upstream commit 2017-05-08 11:54:17 +10:00
ssh2putty.sh
sshcfgparse.sh
sshd-log-wrapper.sh
stderr-after-eof.sh upstream commit 2017-05-01 11:59:42 +10:00
stderr-data.sh upstream commit 2017-05-01 11:59:42 +10:00
t4.ok
t5.ok
t11.ok
test-exec.sh upstream commit 2017-05-01 11:59:42 +10:00
transfer.sh upstream commit 2017-05-01 11:59:42 +10:00
try-ciphers.sh upstream commit 2017-05-01 11:59:42 +10:00
valgrind-unit.sh
yes-head.sh upstream commit 2017-05-01 11:59:42 +10:00

README.regress

Overview.

$ ./configure && make tests

You'll see some progress info. A failure will cause either the make to
abort or the driver script to report a "FATAL" failure.

The test consists of 2 parts. The first is the file-based tests which is
driven by the Makefile, and the second is a set of network or proxycommand
based tests, which are driven by a driver script (test-exec.sh) which is
called multiple times by the Makefile.

Failures in the first part will cause the Makefile to return an error.
Failures in the second part will print a "FATAL" message for the failed
test and continue.

OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
suite is based on OpenBSD's with modifications.


Environment variables.

SUDO: path to sudo command, if desired. Note that some systems (notably
	systems using PAM) require sudo to execute some tests.
TEST_SSH_TRACE: set to "yes" for verbose output from tests 
TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
	SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
OBJ: used by test scripts to access build dir.
TEST_SHELL: shell used for running the test scripts.
TEST_SSH_PORT: TCP port to be used for the listening tests.
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to ssh_config
	before running each test.
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
	before running each test.


Individual tests.

You can run an individual test from the top-level Makefile, eg:
$ make tests LTESTS=agent-timeout

If you need to manipulate the environment more you can invoke test-exec.sh
directly if you set up the path to find the binaries under test and the
test scripts themselves, for example:

$ cd regress
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
    agent-timeout.sh
ok agent timeout test


Files.

test-exec.sh: the main test driver. Sets environment, creates config files
and keys and runs the specified test.

At the time of writing, the individual tests are:
agent-timeout.sh:	agent timeout test
agent.sh:		simple agent test
broken-pipe.sh:		broken pipe test
connect-privsep.sh:	proxy connect with privsep
connect.sh:		simple connect
exit-status.sh:		remote exit status
forwarding.sh:		local and remote forwarding
keygen-change.sh:	change passphrase for key
keyscan.sh:		keyscan
proto-mismatch.sh:	protocol version mismatch
proto-version.sh:	sshd version with different protocol combinations
proxy-connect.sh:	proxy connect
sftp.sh:		basic sftp put/get
ssh-com-client.sh:	connect with ssh.com client
ssh-com-keygen.sh:	ssh.com key import
ssh-com-sftp.sh:	basic sftp put/get with ssh.com server
ssh-com.sh:		connect to ssh.com server
stderr-after-eof.sh:	stderr data after eof
stderr-data.sh:		stderr data transfer
transfer.sh:		transfer data
try-ciphers.sh:		try ciphers
yes-head.sh:		yes pipe head


Problems?

Run the failing test with shell tracing (-x) turned on:
$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh

Failed tests can be difficult to diagnose. Suggestions:
- run the individual test via ./test-exec.sh `pwd` [testname]
- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
  auth.debug (eg to /var/log/authlog).


Known Issues.

- Similarly, if you do not have "scp" in your system's $PATH then the
  multiplex scp tests will fail (since the system's shell startup scripts
  will determine where the shell started by sshd will look for scp).

- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
  test to fail.  The old behaviour can be restored by setting (and
  exporting) _POSIX2_VERSION=199209 before running the tests.

$Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $