diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-06-19 03:02:17 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-06-19 13:03:03 +1000 |
| commit | 80e199d6175904152aafc5c297096c3e18297691 (patch) | |
| tree | 3502f91bf61798a4faf84835c361ae48215bf588 /regress | |
| parent | 87ddd676da0f3abd08b778b12b53b91b670dc93c (diff) | |
upstream: test PermitListen with bare port numbers
OpenBSD-Regress-ID: 4b50a02dfb0ccaca08247f3877c444126ba901b3
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/cfgmatchlisten.sh | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/regress/cfgmatchlisten.sh b/regress/cfgmatchlisten.sh index 8155c56bc..470e55c46 100644 --- a/regress/cfgmatchlisten.sh +++ b/regress/cfgmatchlisten.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: cfgmatchlisten.sh,v 1.1 2018/06/07 04:46:34 djm Exp $ | 1 | # $OpenBSD: cfgmatchlisten.sh,v 1.2 2018/06/19 03:02:17 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="sshd_config matchlisten" | 4 | tid="sshd_config matchlisten" |
| @@ -106,6 +106,21 @@ ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ | |||
| 106 | fail "match permitlisten permit" | 106 | fail "match permitlisten permit" |
| 107 | stop_client | 107 | stop_client |
| 108 | 108 | ||
| 109 | # Test that a bare port number is accepted in PermitListen | ||
| 110 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | ||
| 111 | echo "PermitListen 127.0.0.1:1 $fwdport 127.0.0.2:2" >>$OBJ/sshd_proxy | ||
| 112 | trace "match permitlisten bare" | ||
| 113 | expect_client_ok -F $OBJ/ssh_config | ||
| 114 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ | ||
| 115 | fail "match permitlisten bare" | ||
| 116 | stop_client | ||
| 117 | |||
| 118 | # Test that an incorrect bare port number is denied as expected | ||
| 119 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | ||
| 120 | echo "PermitListen 1 2 99" >>$OBJ/sshd_proxy | ||
| 121 | trace "match permitlisten bare" | ||
| 122 | expect_client_fail -F $OBJ/ssh_config | ||
| 123 | |||
| 109 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 124 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
| 110 | echo "PermitListen 127.0.0.1:1 $fwdspec 127.0.0.2:2" >>$OBJ/sshd_proxy | 125 | echo "PermitListen 127.0.0.1:1 $fwdspec 127.0.0.2:2" >>$OBJ/sshd_proxy |
| 111 | echo "Match User $USER" >>$OBJ/sshd_proxy | 126 | echo "Match User $USER" >>$OBJ/sshd_proxy |
| @@ -149,7 +164,7 @@ expect_client_fail "nomatch 127.0.0.1 server config and userkey" \ | |||
| 149 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 164 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
| 150 | echo "PermitListen 127.0.0.1:1 ${fwdspec2} 127.0.0.2:2" >>$OBJ/sshd_proxy | 165 | echo "PermitListen 127.0.0.1:1 ${fwdspec2} 127.0.0.2:2" >>$OBJ/sshd_proxy |
| 151 | trace "nomatch permitlisten 127.0.0.1 w/key opts" | 166 | trace "nomatch permitlisten 127.0.0.1 w/key opts" |
| 152 | expect_client_fail "nomatch 127.0.0.1 w/key otps" \ | 167 | expect_client_fail "nomatch 127.0.0.1 w/key opts" \ |
| 153 | -F $OBJ/ssh_config | 168 | -F $OBJ/ssh_config |
| 154 | 169 | ||
| 155 | # fix key opts | 170 | # fix key opts |
| @@ -163,3 +178,25 @@ expect_client_ok -F $OBJ/ssh_proxy | |||
| 163 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ | 178 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ |
| 164 | fail "match 127.0.0.1 server config w/key opts" | 179 | fail "match 127.0.0.1 server config w/key opts" |
| 165 | stop_client | 180 | stop_client |
| 181 | |||
| 182 | # key opts with bare port number | ||
| 183 | cp /dev/null $OBJ/authorized_keys_$USER | ||
| 184 | for t in ${SSH_KEYTYPES}; do | ||
| 185 | printf 'permitlisten="'$fwdport'" ' >> $OBJ/authorized_keys_$USER | ||
| 186 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | ||
| 187 | done | ||
| 188 | trace "match permitlisten 127.0.0.1 server config w/key opts (bare)" | ||
| 189 | expect_client_ok -F $OBJ/ssh_proxy | ||
| 190 | ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ | ||
| 191 | fail "match 127.0.0.1 server config w/key opts (bare)" | ||
| 192 | stop_client | ||
| 193 | |||
| 194 | # key opts with incorrect bare port number | ||
| 195 | cp /dev/null $OBJ/authorized_keys_$USER | ||
| 196 | for t in ${SSH_KEYTYPES}; do | ||
| 197 | printf 'permitlisten="99" ' >> $OBJ/authorized_keys_$USER | ||
| 198 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | ||
| 199 | done | ||
| 200 | trace "match permitlisten 127.0.0.1 server config w/key opts (wrong bare)" | ||
| 201 | expect_client_fail "nomatch 127.0.0.1 w/key opts (wrong bare)" \ | ||
| 202 | -F $OBJ/ssh_config | ||