upstream commit

eliminate explicit specification of protocol in tests and loops over protocol. We only support SSHv2 now. Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd
author: djm@openbsd.org <djm@openbsd.org> 2017-04-30 23:34:55 +0000
committer: Damien Miller <djm@mindrot.org> 2017-05-01 11:59:42 +1000
commit: dd369320d2435b630a5974ab270d686dcd92d024 (patch)
tree: 97ae4bb34d835fbafad12180862195a9e9192d28 /regress/forward-control.sh
parent: 557f921aad004be15805e09fd9572969eb3d9321 (diff)
1 files changed, 51 insertions, 58 deletions
diff --git a/regress/forward-control.sh b/regress/forward-control.sh
index 91957098f..2e9dbb53a 100644
--- a/regress/forward-control.sh
+++ b/regress/forward-control.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: forward-control.sh,v 1.3 2015/03/03 22:35:19 markus Exp $
+#       $OpenBSD: forward-control.sh,v 1.4 2017/04/30 23:34:55 djm Exp $
 #       Placed in the Public Domain.
 tid="sshd control of local and remote forwarding"
@@ -32,13 +32,12 @@ wait_for_process_to_exit() {
        return 0
 }
-# usage: check_lfwd protocol Y|N message
+# usage: check_lfwd Y|N message
 check_lfwd() {
-        _proto=$1
+        _expected=$1
-        _expected=$2
+        _message=$2
-        _message=$3
        rm -f $READY
-        ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \
+        ${SSH} -F $OBJ/ssh_proxy \
            -L$LFWD_PORT:127.0.0.1:$PORT \
            -o ExitOnForwardFailure=yes \
            -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
@@ -62,13 +61,12 @@ check_lfwd() {
        fi
 }
-# usage: check_rfwd protocol Y|N message
+# usage: check_rfwd Y|N message
 check_rfwd() {
-        _proto=$1
+        _expected=$1
-        _expected=$2
+        _message=$2
-        _message=$3
        rm -f $READY
-        ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \
+        ${SSH} -F $OBJ/ssh_proxy \
            -R$RFWD_PORT:127.0.0.1:$PORT \
            -o ExitOnForwardFailure=yes \
            -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
@@ -99,10 +97,8 @@ cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak
 cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak
 # Sanity check: ensure the default config allows forwarding
-for p in ${SSH_PROTOCOLS} ; do
+check_lfwd Y "default configuration"
-        check_lfwd $p Y "proto $p, default configuration"
+check_rfwd Y "default configuration"
-        check_rfwd $p Y "proto $p, default configuration"
-done
 # Usage: all_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N
 all_tests() {
@@ -115,49 +111,46 @@ all_tests() {
        _permit_rfwd=$7
        _badfwd=127.0.0.1:22
        _goodfwd=127.0.0.1:${PORT}
-        for _proto in ${SSH_PROTOCOLS} ; do
+        cp ${OBJ}/authorized_keys_${USER}.bak  ${OBJ}/authorized_keys_${USER}
-                cp ${OBJ}/authorized_keys_${USER}.bak \
+        _prefix="AllowTcpForwarding=$_tcpfwd"
-                    ${OBJ}/authorized_keys_${USER}
+        # No PermitOpen
-                _prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd"
+        ( cat ${OBJ}/sshd_proxy.bak ;
-                # No PermitOpen
+          echo "AllowTcpForwarding $_tcpfwd" ) \
-                ( cat ${OBJ}/sshd_proxy.bak ;
+            > ${OBJ}/sshd_proxy
-                  echo "AllowTcpForwarding $_tcpfwd" ) \
+        check_lfwd $_plain_lfwd "$_prefix"
-                    > ${OBJ}/sshd_proxy
+        check_rfwd $_plain_rfwd "$_prefix"
-                check_lfwd $_proto $_plain_lfwd "$_prefix"
+        # PermitOpen via sshd_config that doesn't match
-                check_rfwd $_proto $_plain_rfwd "$_prefix"
+        ( cat ${OBJ}/sshd_proxy.bak ;
-                # PermitOpen via sshd_config that doesn't match
+          echo "AllowTcpForwarding $_tcpfwd" ;
-                ( cat ${OBJ}/sshd_proxy.bak ;
+          echo "PermitOpen $_badfwd" ) \
-                  echo "AllowTcpForwarding $_tcpfwd" ;
+            > ${OBJ}/sshd_proxy
-                  echo "PermitOpen $_badfwd" ) \
+        check_lfwd $_nopermit_lfwd "$_prefix, !PermitOpen"
-                    > ${OBJ}/sshd_proxy
+        check_rfwd $_nopermit_rfwd "$_prefix, !PermitOpen"
-                check_lfwd $_proto $_nopermit_lfwd "$_prefix, !PermitOpen"
+        # PermitOpen via sshd_config that does match
-                check_rfwd $_proto $_nopermit_rfwd "$_prefix, !PermitOpen"
+        ( cat ${OBJ}/sshd_proxy.bak ;
-                # PermitOpen via sshd_config that does match
+          echo "AllowTcpForwarding $_tcpfwd" ;
-                ( cat ${OBJ}/sshd_proxy.bak ;
+          echo "PermitOpen $_badfwd $_goodfwd" ) \
-                  echo "AllowTcpForwarding $_tcpfwd" ;
+            > ${OBJ}/sshd_proxy
-                  echo "PermitOpen $_badfwd $_goodfwd" ) \
+        # NB. permitopen via authorized_keys should have same
-                    > ${OBJ}/sshd_proxy
+        # success/fail as via sshd_config
-                # NB. permitopen via authorized_keys should have same
+        # permitopen via authorized_keys that doesn't match
-                # success/fail as via sshd_config
+        sed "s/^/permitopen=\"$_badfwd\" /" \
-                # permitopen via authorized_keys that doesn't match
+            < ${OBJ}/authorized_keys_${USER}.bak \
-                sed "s/^/permitopen=\"$_badfwd\" /" \
+            > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail"
-                    < ${OBJ}/authorized_keys_${USER}.bak \
+        ( cat ${OBJ}/sshd_proxy.bak ;
-                    > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail"
+          echo "AllowTcpForwarding $_tcpfwd" ) \
-                ( cat ${OBJ}/sshd_proxy.bak ;
+            > ${OBJ}/sshd_proxy
-                  echo "AllowTcpForwarding $_tcpfwd" ) \
+        check_lfwd $_nopermit_lfwd "$_prefix, !permitopen"
-                    > ${OBJ}/sshd_proxy
+        check_rfwd $_nopermit_rfwd "$_prefix, !permitopen"
-                check_lfwd $_proto $_nopermit_lfwd "$_prefix, !permitopen"
+        # permitopen via authorized_keys that does match
-                check_rfwd $_proto $_nopermit_rfwd "$_prefix, !permitopen"
+        sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \
-                # permitopen via authorized_keys that does match
+            < ${OBJ}/authorized_keys_${USER}.bak \
-                sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \
+            > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail"
-                    < ${OBJ}/authorized_keys_${USER}.bak \
+        ( cat ${OBJ}/sshd_proxy.bak ;
-                    > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail"
+          echo "AllowTcpForwarding $_tcpfwd" ) \
-                ( cat ${OBJ}/sshd_proxy.bak ;
+            > ${OBJ}/sshd_proxy
-                  echo "AllowTcpForwarding $_tcpfwd" ) \
+        check_lfwd $_permit_lfwd "$_prefix, permitopen"
-                    > ${OBJ}/sshd_proxy
+        check_rfwd $_permit_rfwd "$_prefix, permitopen"
-                check_lfwd $_proto $_permit_lfwd "$_prefix, permitopen"
-                check_rfwd $_proto $_permit_rfwd "$_prefix, permitopen"
-        done
 }
 #                      no-permitopen mismatch-permitopen match-permitopen
author	djm@openbsd.org <djm@openbsd.org>	2017-04-30 23:34:55 +0000
committer	Damien Miller <djm@mindrot.org>	2017-05-01 11:59:42 +1000
commit	dd369320d2435b630a5974ab270d686dcd92d024 (patch)
tree	97ae4bb34d835fbafad12180862195a9e9192d28 /regress/forward-control.sh
parent	557f921aad004be15805e09fd9572969eb3d9321 (diff)

diff --git a/regress/forward-control.sh b/regress/forward-control.sh index 91957098f..2e9dbb53a 100644 --- a/regress/forward-control.sh +++ b/regress/forward-control.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: forward-control.sh,v 1.3 2015/03/03 22:35:19 markus Exp $	1	# $OpenBSD: forward-control.sh,v 1.4 2017/04/30 23:34:55 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="sshd control of local and remote forwarding"	4	tid="sshd control of local and remote forwarding"
@@ -32,13 +32,12 @@ wait_for_process_to_exit() {
32	return 0	32	return 0
33	}	33	}
34		34
35	# usage: check_lfwd protocol Y\|N message	35	# usage: check_lfwd Y\|N message
36	check_lfwd() {	36	check_lfwd() {
37	_proto=$1	37	_expected=$1
38	_expected=$2	38	_message=$2
39	_message=$3
40	rm -f $READY	39	rm -f $READY
41	${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \	40	${SSH} -F $OBJ/ssh_proxy \
42	-L$LFWD_PORT:127.0.0.1:$PORT \	41	-L$LFWD_PORT:127.0.0.1:$PORT \
43	-o ExitOnForwardFailure=yes \	42	-o ExitOnForwardFailure=yes \
44	-n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \	43	-n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
@@ -62,13 +61,12 @@ check_lfwd() {
62	fi	61	fi
63	}	62	}
64		63
65	# usage: check_rfwd protocol Y\|N message	64	# usage: check_rfwd Y\|N message
66	check_rfwd() {	65	check_rfwd() {
67	_proto=$1	66	_expected=$1
68	_expected=$2	67	_message=$2
69	_message=$3
70	rm -f $READY	68	rm -f $READY
71	${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \	69	${SSH} -F $OBJ/ssh_proxy \
72	-R$RFWD_PORT:127.0.0.1:$PORT \	70	-R$RFWD_PORT:127.0.0.1:$PORT \
73	-o ExitOnForwardFailure=yes \	71	-o ExitOnForwardFailure=yes \
74	-n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \	72	-n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
@@ -99,10 +97,8 @@ cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak
99	cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak	97	cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak
100		98
101	# Sanity check: ensure the default config allows forwarding	99	# Sanity check: ensure the default config allows forwarding
102	for p in ${SSH_PROTOCOLS} ; do	100	check_lfwd Y "default configuration"
103	check_lfwd $p Y "proto $p, default configuration"	101	check_rfwd Y "default configuration"
104	check_rfwd $p Y "proto $p, default configuration"
105	done
106		102
107	# Usage: all_tests yes\|local\|remote\|no Y\|N Y\|N Y\|N Y\|N Y\|N Y\|N	103	# Usage: all_tests yes\|local\|remote\|no Y\|N Y\|N Y\|N Y\|N Y\|N Y\|N
108	all_tests() {	104	all_tests() {
@@ -115,49 +111,46 @@ all_tests() {
115	_permit_rfwd=$7	111	_permit_rfwd=$7
116	_badfwd=127.0.0.1:22	112	_badfwd=127.0.0.1:22
117	_goodfwd=127.0.0.1:${PORT}	113	_goodfwd=127.0.0.1:${PORT}
118	for _proto in ${SSH_PROTOCOLS} ; do	114	cp ${OBJ}/authorized_keys_${USER}.bak ${OBJ}/authorized_keys_${USER}
119	cp ${OBJ}/authorized_keys_${USER}.bak \	115	_prefix="AllowTcpForwarding=$_tcpfwd"
120	${OBJ}/authorized_keys_${USER}	116	# No PermitOpen
121	_prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd"	117	( cat ${OBJ}/sshd_proxy.bak ;
122	# No PermitOpen	118	echo "AllowTcpForwarding $_tcpfwd" ) \
123	( cat ${OBJ}/sshd_proxy.bak ;	119	> ${OBJ}/sshd_proxy
124	echo "AllowTcpForwarding $_tcpfwd" ) \	120	check_lfwd $_plain_lfwd "$_prefix"
125	> ${OBJ}/sshd_proxy	121	check_rfwd $_plain_rfwd "$_prefix"
126	check_lfwd $_proto $_plain_lfwd "$_prefix"	122	# PermitOpen via sshd_config that doesn't match
127	check_rfwd $_proto $_plain_rfwd "$_prefix"	123	( cat ${OBJ}/sshd_proxy.bak ;
128	# PermitOpen via sshd_config that doesn't match	124	echo "AllowTcpForwarding $_tcpfwd" ;
129	( cat ${OBJ}/sshd_proxy.bak ;	125	echo "PermitOpen $_badfwd" ) \
130	echo "AllowTcpForwarding $_tcpfwd" ;	126	> ${OBJ}/sshd_proxy
131	echo "PermitOpen $_badfwd" ) \	127	check_lfwd $_nopermit_lfwd "$_prefix, !PermitOpen"
132	> ${OBJ}/sshd_proxy	128	check_rfwd $_nopermit_rfwd "$_prefix, !PermitOpen"
133	check_lfwd $_proto $_nopermit_lfwd "$_prefix, !PermitOpen"	129	# PermitOpen via sshd_config that does match
134	check_rfwd $_proto $_nopermit_rfwd "$_prefix, !PermitOpen"	130	( cat ${OBJ}/sshd_proxy.bak ;
135	# PermitOpen via sshd_config that does match	131	echo "AllowTcpForwarding $_tcpfwd" ;
136	( cat ${OBJ}/sshd_proxy.bak ;	132	echo "PermitOpen $_badfwd $_goodfwd" ) \
137	echo "AllowTcpForwarding $_tcpfwd" ;	133	> ${OBJ}/sshd_proxy
138	echo "PermitOpen $_badfwd $_goodfwd" ) \	134	# NB. permitopen via authorized_keys should have same
139	> ${OBJ}/sshd_proxy	135	# success/fail as via sshd_config
140	# NB. permitopen via authorized_keys should have same	136	# permitopen via authorized_keys that doesn't match
141	# success/fail as via sshd_config	137	sed "s/^/permitopen=\"$_badfwd\" /" \
142	# permitopen via authorized_keys that doesn't match	138	< ${OBJ}/authorized_keys_${USER}.bak \
143	sed "s/^/permitopen=\"$_badfwd\" /" \	139	> ${OBJ}/authorized_keys_${USER} \|\| fatal "sed 1 fail"
144	< ${OBJ}/authorized_keys_${USER}.bak \	140	( cat ${OBJ}/sshd_proxy.bak ;
145	> ${OBJ}/authorized_keys_${USER} \|\| fatal "sed 1 fail"	141	echo "AllowTcpForwarding $_tcpfwd" ) \
146	( cat ${OBJ}/sshd_proxy.bak ;	142	> ${OBJ}/sshd_proxy
147	echo "AllowTcpForwarding $_tcpfwd" ) \	143	check_lfwd $_nopermit_lfwd "$_prefix, !permitopen"
148	> ${OBJ}/sshd_proxy	144	check_rfwd $_nopermit_rfwd "$_prefix, !permitopen"
149	check_lfwd $_proto $_nopermit_lfwd "$_prefix, !permitopen"	145	# permitopen via authorized_keys that does match
150	check_rfwd $_proto $_nopermit_rfwd "$_prefix, !permitopen"	146	sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \
151	# permitopen via authorized_keys that does match	147	< ${OBJ}/authorized_keys_${USER}.bak \
152	sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \	148	> ${OBJ}/authorized_keys_${USER} \|\| fatal "sed 2 fail"
153	< ${OBJ}/authorized_keys_${USER}.bak \	149	( cat ${OBJ}/sshd_proxy.bak ;
154	> ${OBJ}/authorized_keys_${USER} \|\| fatal "sed 2 fail"	150	echo "AllowTcpForwarding $_tcpfwd" ) \
155	( cat ${OBJ}/sshd_proxy.bak ;	151	> ${OBJ}/sshd_proxy
156	echo "AllowTcpForwarding $_tcpfwd" ) \	152	check_lfwd $_permit_lfwd "$_prefix, permitopen"
157	> ${OBJ}/sshd_proxy	153	check_rfwd $_permit_rfwd "$_prefix, permitopen"
158	check_lfwd $_proto $_permit_lfwd "$_prefix, permitopen"
159	check_rfwd $_proto $_permit_rfwd "$_prefix, permitopen"
160	done
161	}	154	}
162		155
163	# no-permitopen mismatch-permitopen match-permitopen	156	# no-permitopen mismatch-permitopen match-permitopen