diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | regress/Makefile | 1 | ||||
| -rw-r--r-- | regress/addrmatch.sh | 41 |
3 files changed, 46 insertions, 1 deletions
| @@ -29,6 +29,9 @@ | |||
| 29 | - dtucker@cvs.openbsd.org 2008/06/09 18:06:32 | 29 | - dtucker@cvs.openbsd.org 2008/06/09 18:06:32 |
| 30 | [regress/test-exec.sh] | 30 | [regress/test-exec.sh] |
| 31 | Don't generate putty keys if we're not going to use them. ok djm | 31 | Don't generate putty keys if we're not going to use them. ok djm |
| 32 | - dtucker@cvs.openbsd.org 2008/06/10 05:23:32 | ||
| 33 | [regress/addrmatch.sh regress/Makefile] | ||
| 34 | Regress test for Match CIDR rules. ok djm@ | ||
| 32 | 35 | ||
| 33 | 20080609 | 36 | 20080609 |
| 34 | - (dtucker) OpenBSD CVS Sync | 37 | - (dtucker) OpenBSD CVS Sync |
| @@ -4115,4 +4118,4 @@ | |||
| 4115 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 4118 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 4116 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 4119 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 4117 | 4120 | ||
| 4118 | $Id: ChangeLog,v 1.4954 2008/06/10 13:15:54 dtucker Exp $ | 4121 | $Id: ChangeLog,v 1.4955 2008/06/10 13:16:46 dtucker Exp $ |
diff --git a/regress/Makefile b/regress/Makefile index b229fca48..bae34de4a 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
| @@ -47,6 +47,7 @@ LTESTS= connect \ | |||
| 47 | reexec \ | 47 | reexec \ |
| 48 | brokenkeys \ | 48 | brokenkeys \ |
| 49 | cfgmatch \ | 49 | cfgmatch \ |
| 50 | addrmatch \ | ||
| 50 | localcommand \ | 51 | localcommand \ |
| 51 | forcecommand | 52 | forcecommand |
| 52 | 53 | ||
diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh new file mode 100644 index 000000000..f89e9f053 --- /dev/null +++ b/regress/addrmatch.sh | |||
| @@ -0,0 +1,41 @@ | |||
| 1 | # $OpenBSD: addrmatch.sh,v 1.0 2008/06/10 05:23:32 dtucker Exp $ | ||
| 2 | # Placed in the Public Domain. | ||
| 3 | |||
| 4 | tid="address match" | ||
| 5 | |||
| 6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy_orig | ||
| 7 | |||
| 8 | run_trial() | ||
| 9 | { | ||
| 10 | user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5" | ||
| 11 | |||
| 12 | verbose "test $descr for $user $addr $host" | ||
| 13 | result=`${SSHD} -f $OBJ/sshd_proxy -T \ | ||
| 14 | -C user=${user},addr=${addr},host=${host} | \ | ||
| 15 | awk '/passwordauthentication/ {print $2}'` | ||
| 16 | if [ "$result" != "$expected" ]; then | ||
| 17 | fail "failed for $user $addr $host: expected $expected, got $result" | ||
| 18 | fi | ||
| 19 | } | ||
| 20 | |||
| 21 | cp $OBJ/sshd_proxy_orig $OBJ/sshd_proxy | ||
| 22 | cat >>$OBJ/sshd_proxy <<EOD | ||
| 23 | PasswordAuthentication no | ||
| 24 | Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com | ||
| 25 | PasswordAuthentication yes | ||
| 26 | Match Address 1.1.1.1,::1,!::3,2000::/16 | ||
| 27 | PasswordAuthentication yes | ||
| 28 | EOD | ||
| 29 | |||
| 30 | run_trial user 192.168.0.1 somehost yes "permit, first entry" | ||
| 31 | run_trial user 192.168.30.1 somehost no "deny, negative match" | ||
| 32 | run_trial user 19.0.0.1 somehost no "deny, no match" | ||
| 33 | run_trial user 10.255.255.254 somehost yes "permit, list middle" | ||
| 34 | run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname" | ||
| 35 | run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address" | ||
| 36 | run_trial user ::1 somehost.example.com yes "permit, bare IP6 address" | ||
| 37 | run_trial user ::2 somehost.exaple.com no "deny IPv6" | ||
| 38 | run_trial user ::3 somehost no "deny IP6 negated" | ||
| 39 | run_trial user ::4 somehost no "deny, IP6 no match" | ||
| 40 | run_trial user 2000::1 somehost yes "permit, IP6 network" | ||
| 41 | run_trial user 2001::1 somehost no "deny, IP6 network" | ||