upstream: regress test for sshd_config Include directive; from Jakub

Jelen OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
author: djm@openbsd.org <djm@openbsd.org> 2020-01-31 23:25:08 +0000
committer: Damien Miller <djm@mindrot.org> 2020-02-01 10:28:33 +1100
commit: 677d0ece67634262b3b96c3cd6410b19f3a603b7 (patch)
tree: d7d84543dc02bdf9fb47f1657a96b2bbb685ee54 /regress/servcfginclude.sh
parent: d4f4cdd681ab6408a98419f398b75a55497ed324 (diff)
1 files changed, 154 insertions, 0 deletions
diff --git a/regress/servcfginclude.sh b/regress/servcfginclude.sh
new file mode 100644
index 000000000..b25c8faa8
--- /dev/null
+++ b/regress/servcfginclude.sh
@@ -0,0 +1,154 @@
+#       Placed in the Public Domain.
+tid="server config include"
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Match host a
+        Banner /aa
+Match host b
+        Banner /bb
+        Include $OBJ/sshd_config.i.*
+Match host c
+        Include $OBJ/sshd_config.i.*
+        Banner /cc
+Match host m
+        Include $OBJ/sshd_config.i.*
+Match Host d
+        Banner /dd
+Match Host e
+        Banner /ee
+        Include $OBJ/sshd_config.i.*
+Match Host f
+        Include $OBJ/sshd_config.i.*
+        Banner /ff
+Match Host n
+        Include $OBJ/sshd_config.i.*
+_EOF
+cat > $OBJ/sshd_config.i.0 << _EOF
+Match host xxxxxx
+_EOF
+cat > $OBJ/sshd_config.i.1 << _EOF
+Match host a
+        Banner /aaa
+Match host b
+        Banner /bbb
+Match host c
+        Banner /ccc
+Match Host d
+        Banner /ddd
+Match Host e
+        Banner /eee
+Match Host f
+        Banner /fff
+_EOF
+cat > $OBJ/sshd_config.i.2 << _EOF
+Match host a
+        Banner /aaaa
+Match host b
+        Banner /bbbb
+Match host c
+        Banner /cccc
+Match Host d
+        Banner /dddd
+Match Host e
+        Banner /eeee
+Match Host f
+        Banner /ffff
+Match all
+        Banner /xxxx
+_EOF
+trial() {
+        _host="$1"
+        _exp="$2"
+        _desc="$3"
+        test -z "$_desc" && _desc="test match"
+        trace "$_desc host=$_host expect=$_exp"
+        ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
+            -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
+                fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
+        _got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
+        if test "x$_exp" != "x$_got" ; then
+                fail "$desc_ host $_host include fail: expected $_exp got $_got"
+        fi
+}
+trial a /aa
+trial b /bb
+trial c /ccc
+trial d /dd
+trial e /ee
+trial f /fff
+trial m /xxxx
+trial n /xxxx
+trial x none
+# Prepare an included config with an error.
+cat > $OBJ/sshd_config.i.3 << _EOF
+Banner xxxx
+        Junk
+_EOF
+trace "disallow invalid config host=a"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+    -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
+        fail "sshd include allowed invalid config"
+trace "disallow invalid config host=x"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+        fail "sshd include allowed invalid config"
+rm -f $OBJ/sshd_config.i.*
+# Ensure that a missing include is not fatal.
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Include $OBJ/sshd_config.i.*
+Banner /aa
+_EOF
+trial a /aa "missing include non-fatal"
+# Ensure that Match/Host in an included config does not affect parent.
+cat > $OBJ/sshd_config.i.x << _EOF
+Match host x
+_EOF
+trial a /aa "included file does not affect match state"
+# Ensure the empty include directive is not accepted
+cat > $OBJ/sshd_config.i.x << _EOF
+Include
+_EOF
+trace "disallow invalid with no argument"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
+    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+        fail "sshd allowed Include with no argument"
+# cleanup
+rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out
author	djm@openbsd.org <djm@openbsd.org>	2020-01-31 23:25:08 +0000
committer	Damien Miller <djm@mindrot.org>	2020-02-01 10:28:33 +1100
commit	677d0ece67634262b3b96c3cd6410b19f3a603b7 (patch)
tree	d7d84543dc02bdf9fb47f1657a96b2bbb685ee54 /regress/servcfginclude.sh
parent	d4f4cdd681ab6408a98419f398b75a55497ed324 (diff)

diff --git a/regress/servcfginclude.sh b/regress/servcfginclude.sh new file mode 100644 index 000000000..b25c8faa8 --- /dev/null +++ b/regress/servcfginclude.sh
@@ -0,0 +1,154 @@
	1	# Placed in the Public Domain.
	2
	3	tid="server config include"
	4
	5	cat > $OBJ/sshd_config.i << _EOF
	6	HostKey $OBJ/host.ssh-ed25519
	7	Match host a
	8	Banner /aa
	9
	10	Match host b
	11	Banner /bb
	12	Include $OBJ/sshd_config.i.*
	13
	14	Match host c
	15	Include $OBJ/sshd_config.i.*
	16	Banner /cc
	17
	18	Match host m
	19	Include $OBJ/sshd_config.i.*
	20
	21	Match Host d
	22	Banner /dd
	23
	24	Match Host e
	25	Banner /ee
	26	Include $OBJ/sshd_config.i.*
	27
	28	Match Host f
	29	Include $OBJ/sshd_config.i.*
	30	Banner /ff
	31
	32	Match Host n
	33	Include $OBJ/sshd_config.i.*
	34	_EOF
	35
	36	cat > $OBJ/sshd_config.i.0 << _EOF
	37	Match host xxxxxx
	38	_EOF
	39
	40	cat > $OBJ/sshd_config.i.1 << _EOF
	41	Match host a
	42	Banner /aaa
	43
	44	Match host b
	45	Banner /bbb
	46
	47	Match host c
	48	Banner /ccc
	49
	50	Match Host d
	51	Banner /ddd
	52
	53	Match Host e
	54	Banner /eee
	55
	56	Match Host f
	57	Banner /fff
	58	_EOF
	59
	60	cat > $OBJ/sshd_config.i.2 << _EOF
	61	Match host a
	62	Banner /aaaa
	63
	64	Match host b
	65	Banner /bbbb
	66
	67	Match host c
	68	Banner /cccc
	69
	70	Match Host d
	71	Banner /dddd
	72
	73	Match Host e
	74	Banner /eeee
	75
	76	Match Host f
	77	Banner /ffff
	78
	79	Match all
	80	Banner /xxxx
	81	_EOF
	82
	83	trial() {
	84	_host="$1"
	85	_exp="$2"
	86	_desc="$3"
	87	test -z "$_desc" && _desc="test match"
	88	trace "$_desc host=$_host expect=$_exp"
	89	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
	90	-C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out \|\|
	91	fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
	92	_got=`grep -i '^banner ' $OBJ/sshd_config.out \| awk '{print $2}'`
	93	if test "x$_exp" != "x$_got" ; then
	94	fail "$desc_ host $_host include fail: expected $_exp got $_got"
	95	fi
	96	}
	97
	98	trial a /aa
	99	trial b /bb
	100	trial c /ccc
	101	trial d /dd
	102	trial e /ee
	103	trial f /fff
	104	trial m /xxxx
	105	trial n /xxxx
	106	trial x none
	107
	108	# Prepare an included config with an error.
	109
	110	cat > $OBJ/sshd_config.i.3 << _EOF
	111	Banner xxxx
	112	Junk
	113	_EOF
	114
	115	trace "disallow invalid config host=a"
	116	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
	117	-C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
	118	fail "sshd include allowed invalid config"
	119
	120	trace "disallow invalid config host=x"
	121	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
	122	-C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
	123	fail "sshd include allowed invalid config"
	124
	125	rm -f $OBJ/sshd_config.i.*
	126
	127	# Ensure that a missing include is not fatal.
	128	cat > $OBJ/sshd_config.i << _EOF
	129	HostKey $OBJ/host.ssh-ed25519
	130	Include $OBJ/sshd_config.i.*
	131	Banner /aa
	132	_EOF
	133
	134	trial a /aa "missing include non-fatal"
	135
	136	# Ensure that Match/Host in an included config does not affect parent.
	137	cat > $OBJ/sshd_config.i.x << _EOF
	138	Match host x
	139	_EOF
	140
	141	trial a /aa "included file does not affect match state"
	142
	143	# Ensure the empty include directive is not accepted
	144	cat > $OBJ/sshd_config.i.x << _EOF
	145	Include
	146	_EOF
	147
	148	trace "disallow invalid with no argument"
	149	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
	150	-C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
	151	fail "sshd allowed Include with no argument"
	152
	153	# cleanup
	154	rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out