diff options
author | Colin Watson <cjwatson@debian.org> | 2018-04-03 08:20:28 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-04-03 08:20:28 +0100 |
commit | ed6ae9c1a014a08ff5db3d768f01f2e427eeb476 (patch) | |
tree | 601025e307745d351946c01ab13f419ddb6dae29 /regress/forward-control.sh | |
parent | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (diff) | |
parent | a0349a1cc4a18967ad1dbff5389bcdf9da098814 (diff) |
Import openssh_7.7p1.orig.tar.gz
Diffstat (limited to 'regress/forward-control.sh')
-rw-r--r-- | regress/forward-control.sh | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/regress/forward-control.sh b/regress/forward-control.sh index 2e9dbb53a..93d05cf63 100644 --- a/regress/forward-control.sh +++ b/regress/forward-control.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: forward-control.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ | 1 | # $OpenBSD: forward-control.sh,v 1.5 2018/03/02 02:51:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd control of local and remote forwarding" | 4 | tid="sshd control of local and remote forwarding" |
@@ -151,6 +151,33 @@ all_tests() { | |||
151 | > ${OBJ}/sshd_proxy | 151 | > ${OBJ}/sshd_proxy |
152 | check_lfwd $_permit_lfwd "$_prefix, permitopen" | 152 | check_lfwd $_permit_lfwd "$_prefix, permitopen" |
153 | check_rfwd $_permit_rfwd "$_prefix, permitopen" | 153 | check_rfwd $_permit_rfwd "$_prefix, permitopen" |
154 | # Check port-forwarding flags in authorized_keys. | ||
155 | # These two should refuse all. | ||
156 | sed "s/^/no-port-forwarding /" \ | ||
157 | < ${OBJ}/authorized_keys_${USER}.bak \ | ||
158 | > ${OBJ}/authorized_keys_${USER} || fatal "sed 3 fail" | ||
159 | ( cat ${OBJ}/sshd_proxy.bak ; | ||
160 | echo "AllowTcpForwarding $_tcpfwd" ) \ | ||
161 | > ${OBJ}/sshd_proxy | ||
162 | check_lfwd N "$_prefix, no-port-forwarding" | ||
163 | check_rfwd N "$_prefix, no-port-forwarding" | ||
164 | sed "s/^/restrict /" \ | ||
165 | < ${OBJ}/authorized_keys_${USER}.bak \ | ||
166 | > ${OBJ}/authorized_keys_${USER} || fatal "sed 4 fail" | ||
167 | ( cat ${OBJ}/sshd_proxy.bak ; | ||
168 | echo "AllowTcpForwarding $_tcpfwd" ) \ | ||
169 | > ${OBJ}/sshd_proxy | ||
170 | check_lfwd N "$_prefix, restrict" | ||
171 | check_rfwd N "$_prefix, restrict" | ||
172 | # This should pass the same cases as _nopermit* | ||
173 | sed "s/^/restrict,port-forwarding /" \ | ||
174 | < ${OBJ}/authorized_keys_${USER}.bak \ | ||
175 | > ${OBJ}/authorized_keys_${USER} || fatal "sed 5 fail" | ||
176 | ( cat ${OBJ}/sshd_proxy.bak ; | ||
177 | echo "AllowTcpForwarding $_tcpfwd" ) \ | ||
178 | > ${OBJ}/sshd_proxy | ||
179 | check_lfwd $_plain_lfwd "$_prefix, restrict,port-forwarding" | ||
180 | check_rfwd $_plain_rfwd "$_prefix, restrict,port-forwarding" | ||
154 | } | 181 | } |
155 | 182 | ||
156 | # no-permitopen mismatch-permitopen match-permitopen | 183 | # no-permitopen mismatch-permitopen match-permitopen |