summaryrefslogtreecommitdiff
path: root/regress/cfgmatch.sh
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2019-10-09 22:59:48 +0100
committerColin Watson <cjwatson@debian.org>2019-10-09 22:59:48 +0100
commit4213eec74e74de6310c27a40c3e9759a08a73996 (patch)
treee97a6dcafc6763aea7c804e4e113c2750cb1400d /regress/cfgmatch.sh
parent102062f825fb26a74295a1c089c00c4c4c76b68a (diff)
parentcdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff)
Import openssh_8.1p1.orig.tar.gz
Diffstat (limited to 'regress/cfgmatch.sh')
-rw-r--r--regress/cfgmatch.sh49
1 files changed, 46 insertions, 3 deletions
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh
index dd11e404d..6620c84ed 100644
--- a/regress/cfgmatch.sh
+++ b/regress/cfgmatch.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cfgmatch.sh,v 1.11 2017/10/04 18:50:23 djm Exp $ 1# $OpenBSD: cfgmatch.sh,v 1.12 2019/04/18 18:57:16 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="sshd_config match" 4tid="sshd_config match"
@@ -51,9 +51,10 @@ echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy
51echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy 51echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
52echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy 52echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
53 53
54start_sshd 54${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
55 fail "config w/match fails config test"
55 56
56#set -x 57start_sshd
57 58
58# Test Match + PermitOpen in sshd_config. This should be permitted 59# Test Match + PermitOpen in sshd_config. This should be permitted
59trace "match permitopen localhost" 60trace "match permitopen localhost"
@@ -113,3 +114,45 @@ start_client -F $OBJ/ssh_proxy
113${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ 114${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \
114 fail "nomatch override permitopen" 115 fail "nomatch override permitopen"
115stop_client 116stop_client
117
118# Test parsing of available Match criteria (with the exception of Group which
119# requires knowledge of actual group memberships user running the test).
120params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \
121 localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1"
122cp $OBJ/sshd_proxy_bak $OBJ/sshd_config
123echo 'Banner /nomatch' >>$OBJ/sshd_config
124for i in $params; do
125 config=`echo $i | cut -f1 -d:`
126 criteria=`echo $i | cut -f2 -d:`
127 value=`echo $i | cut -f3 -d:`
128 cat >>$OBJ/sshd_config <<EOD
129 Match $config $value
130 Banner /$value
131EOD
132done
133
134${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
135 fail "validate config for w/out spec"
136
137# Test matching each criteria.
138for i in $params; do
139 testcriteria=`echo $i | cut -f2 -d:`
140 expected=/`echo $i | cut -f3 -d:`
141 spec=""
142 for j in $params; do
143 config=`echo $j | cut -f1 -d:`
144 criteria=`echo $j | cut -f2 -d:`
145 value=`echo $j | cut -f3 -d:`
146 if [ "$criteria" = "$testcriteria" ]; then
147 spec="$criteria=$value,$spec"
148 else
149 spec="$criteria=1$value,$spec"
150 fi
151 done
152 trace "test spec $spec"
153 result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \
154 awk '$1=="banner"{print $2}'`
155 if [ "$result" != "$expected" ]; then
156 fail "match $config expected $expected got $result"
157 fi
158done