diff options
author | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
commit | 4213eec74e74de6310c27a40c3e9759a08a73996 (patch) | |
tree | e97a6dcafc6763aea7c804e4e113c2750cb1400d /regress/cfgmatch.sh | |
parent | 102062f825fb26a74295a1c089c00c4c4c76b68a (diff) | |
parent | cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff) |
Import openssh_8.1p1.orig.tar.gz
Diffstat (limited to 'regress/cfgmatch.sh')
-rw-r--r-- | regress/cfgmatch.sh | 49 |
1 files changed, 46 insertions, 3 deletions
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index dd11e404d..6620c84ed 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cfgmatch.sh,v 1.11 2017/10/04 18:50:23 djm Exp $ | 1 | # $OpenBSD: cfgmatch.sh,v 1.12 2019/04/18 18:57:16 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd_config match" | 4 | tid="sshd_config match" |
@@ -51,9 +51,10 @@ echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy | |||
51 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy | 51 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy |
52 | echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy | 52 | echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy |
53 | 53 | ||
54 | start_sshd | 54 | ${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \ |
55 | fail "config w/match fails config test" | ||
55 | 56 | ||
56 | #set -x | 57 | start_sshd |
57 | 58 | ||
58 | # Test Match + PermitOpen in sshd_config. This should be permitted | 59 | # Test Match + PermitOpen in sshd_config. This should be permitted |
59 | trace "match permitopen localhost" | 60 | trace "match permitopen localhost" |
@@ -113,3 +114,45 @@ start_client -F $OBJ/ssh_proxy | |||
113 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ | 114 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ |
114 | fail "nomatch override permitopen" | 115 | fail "nomatch override permitopen" |
115 | stop_client | 116 | stop_client |
117 | |||
118 | # Test parsing of available Match criteria (with the exception of Group which | ||
119 | # requires knowledge of actual group memberships user running the test). | ||
120 | params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \ | ||
121 | localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1" | ||
122 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_config | ||
123 | echo 'Banner /nomatch' >>$OBJ/sshd_config | ||
124 | for i in $params; do | ||
125 | config=`echo $i | cut -f1 -d:` | ||
126 | criteria=`echo $i | cut -f2 -d:` | ||
127 | value=`echo $i | cut -f3 -d:` | ||
128 | cat >>$OBJ/sshd_config <<EOD | ||
129 | Match $config $value | ||
130 | Banner /$value | ||
131 | EOD | ||
132 | done | ||
133 | |||
134 | ${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \ | ||
135 | fail "validate config for w/out spec" | ||
136 | |||
137 | # Test matching each criteria. | ||
138 | for i in $params; do | ||
139 | testcriteria=`echo $i | cut -f2 -d:` | ||
140 | expected=/`echo $i | cut -f3 -d:` | ||
141 | spec="" | ||
142 | for j in $params; do | ||
143 | config=`echo $j | cut -f1 -d:` | ||
144 | criteria=`echo $j | cut -f2 -d:` | ||
145 | value=`echo $j | cut -f3 -d:` | ||
146 | if [ "$criteria" = "$testcriteria" ]; then | ||
147 | spec="$criteria=$value,$spec" | ||
148 | else | ||
149 | spec="$criteria=1$value,$spec" | ||
150 | fi | ||
151 | done | ||
152 | trace "test spec $spec" | ||
153 | result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \ | ||
154 | awk '$1=="banner"{print $2}'` | ||
155 | if [ "$result" != "$expected" ]; then | ||
156 | fail "match $config expected $expected got $result" | ||
157 | fi | ||
158 | done | ||