summaryrefslogtreecommitdiff
path: root/regress/addrmatch.sh
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2008-06-10 23:16:46 +1000
committerDarren Tucker <dtucker@zip.com.au>2008-06-10 23:16:46 +1000
commit10f9242b86bc570638b5c0e985e4f4b98c1dd073 (patch)
tree1e3d5604e39c1680b258c477ecb76fad41294ed6 /regress/addrmatch.sh
parentd788b7cb35ed9964f8a15201e3b28e992228eadb (diff)
- dtucker@cvs.openbsd.org 2008/06/10 05:23:32
[addrmatch.sh Makefile] Regress test for Match CIDR rules. ok djm@
Diffstat (limited to 'regress/addrmatch.sh')
-rw-r--r--regress/addrmatch.sh41
1 files changed, 41 insertions, 0 deletions
diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh
new file mode 100644
index 000000000..f89e9f053
--- /dev/null
+++ b/regress/addrmatch.sh
@@ -0,0 +1,41 @@
1# $OpenBSD: addrmatch.sh,v 1.0 2008/06/10 05:23:32 dtucker Exp $
2# Placed in the Public Domain.
3
4tid="address match"
5
6mv $OBJ/sshd_proxy $OBJ/sshd_proxy_orig
7
8run_trial()
9{
10 user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5"
11
12 verbose "test $descr for $user $addr $host"
13 result=`${SSHD} -f $OBJ/sshd_proxy -T \
14 -C user=${user},addr=${addr},host=${host} | \
15 awk '/passwordauthentication/ {print $2}'`
16 if [ "$result" != "$expected" ]; then
17 fail "failed for $user $addr $host: expected $expected, got $result"
18 fi
19}
20
21cp $OBJ/sshd_proxy_orig $OBJ/sshd_proxy
22cat >>$OBJ/sshd_proxy <<EOD
23PasswordAuthentication no
24Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com
25 PasswordAuthentication yes
26Match Address 1.1.1.1,::1,!::3,2000::/16
27 PasswordAuthentication yes
28EOD
29
30run_trial user 192.168.0.1 somehost yes "permit, first entry"
31run_trial user 192.168.30.1 somehost no "deny, negative match"
32run_trial user 19.0.0.1 somehost no "deny, no match"
33run_trial user 10.255.255.254 somehost yes "permit, list middle"
34run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname"
35run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address"
36run_trial user ::1 somehost.example.com yes "permit, bare IP6 address"
37run_trial user ::2 somehost.exaple.com no "deny IPv6"
38run_trial user ::3 somehost no "deny IP6 negated"
39run_trial user ::4 somehost no "deny, IP6 no match"
40run_trial user 2000::1 somehost yes "permit, IP6 network"
41run_trial user 2001::1 somehost no "deny, IP6 network"