- (djm) Sync regress with OpenBSD -current
diff --git a/ChangeLog b/ChangeLog
index f4c7704..96bc77e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
      The default can still be overriden by using -t in ssh-add.
      OK markus@
  - (djm) Reorganise PAM & SIA password handling to eliminate some common code
+ - (djm) Sync regress with OpenBSD -current
 
 20030120
  - (djm) Fix compilation for NetBSD from dtucker@zip.com.au
@@ -1049,4 +1050,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2580 2003/01/22 04:42:26 djm Exp $
+$Id: ChangeLog,v 1.2581 2003/01/22 06:53:16 djm Exp $
diff --git a/regress/Makefile b/regress/Makefile
index 26224cd..6e20293 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,8 +1,8 @@
-#	$OpenBSD: Makefile,v 1.13 2002/04/01 22:15:08 markus Exp $
+#	$OpenBSD: Makefile,v 1.20 2003/01/08 23:54:22 djm Exp $
 
-REGRESSTARGETS=	t1 t2 t3 t4 t5 t6 t7
+REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7
 
-CLEANFILES+=	t2.out t6.out1 t6.out2 t7.out t7.out.pub 
+CLEANFILES+=	t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2
 
 LTESTS= 	connect \
 		proxy-connect \
@@ -17,8 +17,14 @@
 		try-ciphers \
 		yes-head \
 		agent \
+		agent-getpeereid \
+		agent-timeout \
+		agent-ptrace \
 		keyscan \
+		keygen-change \
 		sftp \
+		sftp-cmds \
+		sftp-batch \
 		forwarding
 
 USER!=		id -un
@@ -65,7 +71,7 @@
 	ssh-keygen -Bf t7.out > /dev/null
 
 .for t in ${LTESTS}
-REGRESSTARGETS+=t-${t}
+REGRESS_TARGETS+=t-${t}
 t-${t}:
 	sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh
 .endfor
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
new file mode 100644
index 0000000..0889fe8
--- /dev/null
+++ b/regress/agent-getpeereid.sh
@@ -0,0 +1,34 @@
+#	$OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $
+#	Placed in the Public Domain.
+
+tid="disallow agent attach from other uid"
+
+UNPRIV=nobody
+ASOCK=${OBJ}/agent
+SSH_AUTH_SOCK=/nonexistant
+
+trace "start agent"
+eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+	fail "could not start ssh-agent: exit code $r"
+else
+	chmod 644 ${SSH_AUTH_SOCK}
+
+	ssh-add -l > /dev/null 2>&1
+	r=$?
+	if [ $r -ne 1 ]; then
+		fail "ssh-add failed with $r != 1"
+	fi
+
+	< /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
+	r=$?
+	if [ $r -lt 2 ]; then
+		fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
+	fi
+
+	trace "kill agent"
+	${SSHAGENT} -k > /dev/null
+fi
+
+rm -f ${OBJ}/agent
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh
new file mode 100644
index 0000000..9f9c999
--- /dev/null
+++ b/regress/agent-ptrace.sh
@@ -0,0 +1,28 @@
+#	$OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $
+#	Placed in the Public Domain.
+
+tid="disallow agent ptrace attach"
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+	fail "could not start ssh-agent: exit code $r"
+else
+	# ls -l ${SSH_AUTH_SOCK}
+	gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF
+		quit
+EOF
+	if [ $? -ne 0 ]; then
+		fail "gdb failed: exit code $?"
+	fi
+	grep -q 'ptrace: Operation not permitted.' ${OBJ}/gdb.out
+	r=$?
+	rm -f ${OBJ}/gdb.out
+	if [ $r -ne 0 ]; then
+		fail "ptrace succeeded?: exit code $r"
+	fi
+
+	trace "kill agent"
+	${SSHAGENT} -k > /dev/null
+fi
diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh
new file mode 100644
index 0000000..28b1be0
--- /dev/null
+++ b/regress/agent-timeout.sh
@@ -0,0 +1,36 @@
+#	$OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $
+#	Placed in the Public Domain.
+
+tid="agent timeout test"
+
+TIMEOUT=5
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+	fail "could not start ssh-agent: exit code $r"
+else
+	trace "add keys with timeout"
+	for t in rsa rsa1; do
+		${SSHADD} -t ${TIMEOUT} $OBJ/$t > /dev/null 2>&1
+		if [ $? -ne 0 ]; then
+			fail "ssh-add did succeed exit code 0"
+		fi
+	done
+	n=`${SSHADD} -l 2> /dev/null | wc -l`
+	trace "agent has $n keys"
+	if [ $n -ne 2 ]; then
+		fail "ssh-add -l did not return 2 keys: $n"
+	fi
+	trace "sleeping 2*${TIMEOUT} seconds"
+	sleep ${TIMEOUT}
+	sleep ${TIMEOUT}
+	${SSHADD} -l 2> /dev/null | grep -q 'The agent has no identities.'
+	if [ $? -ne 0 ]; then
+		fail "ssh-add -l still returns keys after timeout"
+	fi
+
+	trace "kill agent"
+	${SSHAGENT} -k > /dev/null
+fi
diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh
new file mode 100644
index 0000000..08d3590
--- /dev/null
+++ b/regress/keygen-change.sh
@@ -0,0 +1,23 @@
+#	$OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $
+#	Placed in the Public Domain.
+
+tid="change passphrase for key"
+
+S1="secret1"
+S2="2secret"
+
+for t in rsa dsa rsa1; do
+	# generate user key for agent
+	trace "generating $t key"
+	rm -f $OBJ/$t-key
+	${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
+	if [ $? -eq 0 ]; then
+		${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
+		if [ $? -ne 0 ]; then
+			fail "ssh-keygen -p failed for $t-key"
+		fi
+	else
+		fail "ssh-keygen for $t-key failed"
+	fi
+	rm -f $OBJ/$t-key $OBJ/$t-key.pub
+done
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh
index bf1940f..6a36b25 100644
--- a/regress/proxy-connect.sh
+++ b/regress/proxy-connect.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: proxy-connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+#	$OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $
 #	Placed in the Public Domain.
 
 tid="proxy connect"
@@ -8,4 +8,11 @@
 	if [ $? -ne 0 ]; then
 		fail "ssh proxyconnect protocol $p failed"
 	fi
+	SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'`
+	if [ $? -ne 0 ]; then
+		fail "ssh proxyconnect protocol $p failed"
+	fi
+	if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+		fail "bad SSH_CONNECTION"
+	fi
 done
diff --git a/regress/sftp-batch.sh b/regress/sftp-batch.sh
new file mode 100644
index 0000000..cffacb6
--- /dev/null
+++ b/regress/sftp-batch.sh
@@ -0,0 +1,57 @@
+#	$OpenBSD: sftp-batch.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
+#	Placed in the Public Domain.
+
+tid="sftp batchfile"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+BATCH=${OBJ}/sftp-batch
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+cat << EOF > ${BATCH}.pass.1
+	get $DATA $COPY
+	put ${COPY} ${COPY}.1
+	rm ${COPY}
+	-put ${COPY} ${COPY}.2
+EOF
+
+cat << EOF > ${BATCH}.pass.2
+	# This is a comment
+
+	# That was a blank line
+	ls
+EOF
+
+cat << EOF > ${BATCH}.fail.1
+	get $DATA $COPY
+	put ${COPY} ${COPY}.3
+	rm ${COPY}.*
+	# The next command should fail
+	put ${COPY}.3 ${COPY}.4
+EOF
+
+cat << EOF > ${BATCH}.fail.2
+	# The next command should fail
+	jajajajaja
+EOF
+
+verbose "$tid: good commands"
+${SFTP} -b ${BATCH}.pass.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "good commands failed"
+
+verbose "$tid: bad commands"
+${SFTP} -b ${BATCH}.fail.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
+	&& fail "bad commands succeeded"
+
+verbose "$tid: comments and blanks"
+${SFTP} -b ${BATCH}.pass.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "comments & blanks failed"
+
+verbose "$tid: junk command"
+${SFTP} -b ${BATCH}.fail.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
+	&& fail "junk command succeeded"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+
diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh
new file mode 100644
index 0000000..462c680
--- /dev/null
+++ b/regress/sftp-cmds.sh
@@ -0,0 +1,100 @@
+#	$OpenBSD: sftp-cmds.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
+#	Placed in the Public Domain.
+
+# XXX - TODO: 
+# - globbed operations
+# - chmod / chown / chgrp
+# - -p flag for get & put
+
+tid="sftp commands"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+verbose "$tid: lls"
+echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "lls failed"
+# XXX always successful
+
+verbose "$tid: ls"
+echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "ls failed"
+# XXX always successful
+
+verbose "$tid: shell"
+echo "!echo hi there" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "shell failed"
+# XXX always successful
+
+verbose "$tid: pwd"
+echo "pwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "pwd failed"
+# XXX always successful
+
+verbose "$tid: lpwd"
+echo "lpwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "lpwd failed"
+# XXX always successful
+
+verbose "$tid: quit"
+echo "quit" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "quit failed"
+# XXX always successful
+
+verbose "$tid: help"
+echo "help" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "help failed"
+# XXX always successful
+
+rm -f ${COPY}
+verbose "$tid: get"
+echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "get failed"
+cmp $DATA ${COPY} || fail "corrupted copy after get"
+
+rm -f ${COPY}
+verbose "$tid: put"
+echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "put failed"
+cmp $DATA ${COPY} || fail "corrupted copy after put"
+
+verbose "$tid: rename"
+echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "rename failed"
+test -f ${COPY}.1 || fail "missing file after rename"
+cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename"
+
+verbose "$tid: ln"
+echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed"
+test -L ${COPY}.2 || fail "missing file after ln"
+
+verbose "$tid: mkdir"
+echo "mkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "mkdir failed"
+test -d ${COPY}.dd || fail "missing directory after mkdir"
+
+# XXX do more here
+verbose "$tid: chdir"
+echo "chdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "chdir failed"
+
+verbose "$tid: rmdir"
+echo "rmdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "rmdir failed"
+test -d ${COPY}.1 && fail "present directory after rmdir"
+
+verbose "$tid: lmkdir"
+echo "lmkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "lmkdir failed"
+test -d ${COPY}.dd || fail "missing directory after lmkdir"
+
+# XXX do more here
+verbose "$tid: lchdir"
+echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+	|| fail "lchdir failed"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+
diff --git a/regress/ssh-com-client.sh b/regress/ssh-com-client.sh
index 84b0b47..015ebbb 100644
--- a/regress/ssh-com-client.sh
+++ b/regress/ssh-com-client.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh-com-client.sh,v 1.3 2002/04/10 08:45:30 markus Exp $
+#	$OpenBSD: ssh-com-client.sh,v 1.4 2002/07/16 08:58:16 markus Exp $
 #	Placed in the Public Domain.
 
 tid="connect with ssh.com client"
@@ -15,7 +15,9 @@
 	2.3.1
 	2.4.0
 	3.0.0
-	3.1.0"
+	3.1.0
+	3.2.0
+	3.3.0"
 
 # 2.0.10 2.0.12 2.0.13 don't like the test setup
 
diff --git a/regress/ssh-com-keygen.sh b/regress/ssh-com-keygen.sh
index 90ba2fc..e93dc78 100644
--- a/regress/ssh-com-keygen.sh
+++ b/regress/ssh-com-keygen.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh-com-keygen.sh,v 1.1 2002/03/27 22:40:27 markus Exp $
+#	$OpenBSD: ssh-com-keygen.sh,v 1.2 2002/07/16 08:58:16 markus Exp $
 #	Placed in the Public Domain.
 
 tid="ssh.com key import"
@@ -18,7 +18,9 @@
 	2.3.1
 	2.4.0
 	3.0.0
-	3.1.0"
+	3.1.0
+	3.2.0
+	3.3.0"
 
 COMPRV=${OBJ}/comkey
 COMPUB=${COMPRV}.pub
diff --git a/regress/ssh-com-sftp.sh b/regress/ssh-com-sftp.sh
index 231efa1..f08018b 100644
--- a/regress/ssh-com-sftp.sh
+++ b/regress/ssh-com-sftp.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh-com-sftp.sh,v 1.2 2002/04/10 08:45:30 markus Exp $
+#	$OpenBSD: ssh-com-sftp.sh,v 1.3 2002/07/16 08:58:16 markus Exp $
 #	Placed in the Public Domain.
 
 tid="basic sftp put/get with ssh.com server"
@@ -24,7 +24,9 @@
 	2.3.1
 	2.4.0
 	3.0.0
-	3.1.0"
+	3.1.0
+	3.2.0
+	3.3.0"
 
 # go for it
 for v in ${VERSIONS}; do
diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh
index 6a199fa..c2bd153 100644
--- a/regress/ssh-com.sh
+++ b/regress/ssh-com.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh-com.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+#	$OpenBSD: ssh-com.sh,v 1.4 2002/07/16 08:58:16 markus Exp $
 #	Placed in the Public Domain.
 
 tid="connect to ssh.com server"
@@ -14,17 +14,19 @@
 	2.1.0
 	2.2.0
 	2.3.0
-	2.3.1
 	2.4.0
 	3.0.0
-	3.1.0"
+	3.1.0
+	3.2.0
+	3.3.0"
 # 2.0.10 does not support UserConfigDirectory
+# 2.3.1 requires a config in $HOME/.ssh2
 
 SRC=`dirname ${SCRIPT}`
 
 # ssh.com
 cat << EOF > $OBJ/sshd2_config
-*:
+#*:
 	# Port and ListenAdress are not used.
 	QuietMode			yes
 	Port				4343