2 files changed, 295 insertions, 3 deletions
diff --git a/regress/Makefile b/regress/Makefile
index 839fb8eca..4e32eab8a 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.84 2016/03/04 02:30:36 djm Exp $
+#       $OpenBSD: Makefile,v 1.85 2016/04/15 00:31:10 djm Exp $
 REGRESS_TARGETS=        unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec
 tests:          prep $(REGRESS_TARGETS)
@@ -75,7 +75,8 @@ LTESTS= 	connect \
                keygen-knownhosts \
                hostkey-rotate \
                principals-command \
-                cert-file
+                cert-file \
+                cfginclude
 #               dhgex \
@@ -106,7 +107,8 @@ CLEANFILES=	t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
                sftp-server.sh sftp-server.log sftp.log setuid-allowed \
                data ed25519-agent ed25519-agent.pub key.ed25519-512 \
                key.ed25519-512.pub netcat host_krl_* host_revoked_* \
-                kh.* user_*key* agent-key.* known_hosts.* hkr.*
+                kh.* user_*key* agent-key.* known_hosts.* hkr.* \
+                scp-ssh-wrapper.scp ssh_proxy_bak ssh_config.*
 SUDO_CLEAN+=    /var/run/testdata_${USER} /var/run/keycommand_${USER}
diff --git a/regress/cfginclude.sh b/regress/cfginclude.sh
new file mode 100644
index 000000000..3232fa9f0
--- /dev/null
+++ b/regress/cfginclude.sh
@@ -0,0 +1,290 @@
+#       $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $
+#       Placed in the Public Domain.
+tid="config include"
+cat > $OBJ/ssh_config.i << _EOF
+Match host a
+        Hostname aa
+Match host b
+        Hostname bb
+        Include $OBJ/ssh_config.i.*
+Match host c
+        Include $OBJ/ssh_config.i.*
+        Hostname cc
+Match host m
+        Include $OBJ/ssh_config.i.*
+Host d
+        Hostname dd
+Host e
+        Hostname ee
+        Include $OBJ/ssh_config.i.*
+Host f
+        Include $OBJ/ssh_config.i.*
+        Hostname ff
+Host n
+        Include $OBJ/ssh_config.i.*
+_EOF
+cat > $OBJ/ssh_config.i.0 << _EOF
+Match host xxxxxx
+_EOF
+cat > $OBJ/ssh_config.i.1 << _EOF
+Match host a
+        Hostname aaa
+Match host b
+        Hostname bbb
+Match host c
+        Hostname ccc
+Host d
+        Hostname ddd
+Host e
+        Hostname eee
+Host f
+        Hostname fff
+_EOF
+cat > $OBJ/ssh_config.i.2 << _EOF
+Match host a
+        Hostname aaaa
+Match host b
+        Hostname bbbb
+Match host c
+        Hostname cccc
+Host d
+        Hostname dddd
+Host e
+        Hostname eeee
+Host f
+        Hostname ffff
+Match all
+        Hostname xxxx
+_EOF
+trial() {
+        _host="$1"
+        _exp="$2"
+        ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out ||
+                fatal "ssh config parse failed"
+        _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'`
+        if test "x$_exp" != "x$_got" ; then
+                fail "host $_host include fail: expected $_exp got $_got"
+        fi
+}
+trial a aa
+trial b bb
+trial c ccc
+trial d dd
+trial e ee
+trial f fff
+trial m xxxx
+trial n xxxx
+trial x x
+# Prepare an included config with an error.
+cat > $OBJ/ssh_config.i.3 << _EOF
+Hostname xxxx
+        Junk
+_EOF
+${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
+        fail "ssh include allowed invalid config"
+${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \
+        fail "ssh include allowed invalid config"
+rm -f $OBJ/ssh_config.i.*
+# Ensure that a missing include is not fatal.
+cat > $OBJ/ssh_config.i << _EOF
+Include $OBJ/ssh_config.i.*
+Hostname aa
+_EOF
+trial a aa
+# Ensure that Match/Host in an included config does not affect parent.
+cat > $OBJ/ssh_config.i.x << _EOF
+Match host x
+_EOF
+trial a aa
+cat > $OBJ/ssh_config.i.x << _EOF
+Host x
+_EOF
+trial a aa
+# cleanup
+rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out
+#       $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $
+#       Placed in the Public Domain.
+tid="config include"
+cat > $OBJ/ssh_config.i << _EOF
+Match host a
+        Hostname aa
+Match host b
+        Hostname bb
+        Include $OBJ/ssh_config.i.*
+Match host c
+        Include $OBJ/ssh_config.i.*
+        Hostname cc
+Match host m
+        Include $OBJ/ssh_config.i.*
+Host d
+        Hostname dd
+Host e
+        Hostname ee
+        Include $OBJ/ssh_config.i.*
+Host f
+        Include $OBJ/ssh_config.i.*
+        Hostname ff
+Host n
+        Include $OBJ/ssh_config.i.*
+_EOF
+cat > $OBJ/ssh_config.i.0 << _EOF
+Match host xxxxxx
+_EOF
+cat > $OBJ/ssh_config.i.1 << _EOF
+Match host a
+        Hostname aaa
+Match host b
+        Hostname bbb
+Match host c
+        Hostname ccc
+Host d
+        Hostname ddd
+Host e
+        Hostname eee
+Host f
+        Hostname fff
+_EOF
+cat > $OBJ/ssh_config.i.2 << _EOF
+Match host a
+        Hostname aaaa
+Match host b
+        Hostname bbbb
+Match host c
+        Hostname cccc
+Host d
+        Hostname dddd
+Host e
+        Hostname eeee
+Host f
+        Hostname ffff
+Match all
+        Hostname xxxx
+_EOF
+trial() {
+        _host="$1"
+        _exp="$2"
+        ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out ||
+                fatal "ssh config parse failed"
+        _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'`
+        if test "x$_exp" != "x$_got" ; then
+                fail "host $_host include fail: expected $_exp got $_got"
+        fi
+}
+trial a aa
+trial b bb
+trial c ccc
+trial d dd
+trial e ee
+trial f fff
+trial m xxxx
+trial n xxxx
+trial x x
+# Prepare an included config with an error.
+cat > $OBJ/ssh_config.i.3 << _EOF
+Hostname xxxx
+        Junk
+_EOF
+${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
+        fail "ssh include allowed invalid config"
+${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \
+        fail "ssh include allowed invalid config"
+rm -f $OBJ/ssh_config.i.*
+# Ensure that a missing include is not fatal.
+cat > $OBJ/ssh_config.i << _EOF
+Include $OBJ/ssh_config.i.*
+Hostname aa
+_EOF
+trial a aa
+# Ensure that Match/Host in an included config does not affect parent.
+cat > $OBJ/ssh_config.i.x << _EOF
+Match host x
+_EOF
+trial a aa
+cat > $OBJ/ssh_config.i.x << _EOF
+Host x
+_EOF
+trial a aa
+# Ensure that recursive includes are bounded.
+cat > $OBJ/ssh_config.i << _EOF
+Include $OBJ/ssh_config.i
+_EOF
+${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
+        fail "ssh include allowed infinite recursion?" # or hang...
+# cleanup
+rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out

diff --git a/regress/Makefile b/regress/Makefile index 839fb8eca..4e32eab8a 100644 --- a/regress/Makefile +++ b/regress/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.84 2016/03/04 02:30:36 djm Exp $	1	# $OpenBSD: Makefile,v 1.85 2016/04/15 00:31:10 djm Exp $
2		2
3	REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec	3	REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec
4	tests: prep $(REGRESS_TARGETS)	4	tests: prep $(REGRESS_TARGETS)
@@ -75,7 +75,8 @@ LTESTS= connect \
75	keygen-knownhosts \	75	keygen-knownhosts \
76	hostkey-rotate \	76	hostkey-rotate \
77	principals-command \	77	principals-command \
78	cert-file	78	cert-file \
		79	cfginclude
79		80
80		81
81	# dhgex \	82	# dhgex \
@@ -106,7 +107,8 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
106	sftp-server.sh sftp-server.log sftp.log setuid-allowed \	107	sftp-server.sh sftp-server.log sftp.log setuid-allowed \
107	data ed25519-agent ed25519-agent.pub key.ed25519-512 \	108	data ed25519-agent ed25519-agent.pub key.ed25519-512 \
108	key.ed25519-512.pub netcat host_krl_* host_revoked_* \	109	key.ed25519-512.pub netcat host_krl_* host_revoked_* \
109	kh.* user_key agent-key.* known_hosts.* hkr.*	110	kh.* user_key agent-key.* known_hosts.* hkr.* \
		111	scp-ssh-wrapper.scp ssh_proxy_bak ssh_config.*
110		112
111	SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER}	113	SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER}
112		114


diff --git a/regress/cfginclude.sh b/regress/cfginclude.sh new file mode 100644 index 000000000..3232fa9f0 --- /dev/null +++ b/regress/cfginclude.sh
@@ -0,0 +1,290 @@
		1	# $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $
		2	# Placed in the Public Domain.
		3
		4	tid="config include"
		5
		6	cat > $OBJ/ssh_config.i << _EOF
		7	Match host a
		8	Hostname aa
		9
		10	Match host b
		11	Hostname bb
		12	Include $OBJ/ssh_config.i.*
		13
		14	Match host c
		15	Include $OBJ/ssh_config.i.*
		16	Hostname cc
		17
		18	Match host m
		19	Include $OBJ/ssh_config.i.*
		20
		21	Host d
		22	Hostname dd
		23
		24	Host e
		25	Hostname ee
		26	Include $OBJ/ssh_config.i.*
		27
		28	Host f
		29	Include $OBJ/ssh_config.i.*
		30	Hostname ff
		31
		32	Host n
		33	Include $OBJ/ssh_config.i.*
		34	_EOF
		35
		36	cat > $OBJ/ssh_config.i.0 << _EOF
		37	Match host xxxxxx
		38	_EOF
		39
		40	cat > $OBJ/ssh_config.i.1 << _EOF
		41	Match host a
		42	Hostname aaa
		43
		44	Match host b
		45	Hostname bbb
		46
		47	Match host c
		48	Hostname ccc
		49
		50	Host d
		51	Hostname ddd
		52
		53	Host e
		54	Hostname eee
		55
		56	Host f
		57	Hostname fff
		58	_EOF
		59
		60	cat > $OBJ/ssh_config.i.2 << _EOF
		61	Match host a
		62	Hostname aaaa
		63
		64	Match host b
		65	Hostname bbbb
		66
		67	Match host c
		68	Hostname cccc
		69
		70	Host d
		71	Hostname dddd
		72
		73	Host e
		74	Hostname eeee
		75
		76	Host f
		77	Hostname ffff
		78
		79	Match all
		80	Hostname xxxx
		81	_EOF
		82
		83	trial() {
		84	_host="$1"
		85	_exp="$2"
		86	${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out \|\|
		87	fatal "ssh config parse failed"
		88	_got=`grep -i '^hostname ' $OBJ/ssh_config.out \| awk '{print $2}'`
		89	if test "x$_exp" != "x$_got" ; then
		90	fail "host $_host include fail: expected $_exp got $_got"
		91	fi
		92	}
		93
		94	trial a aa
		95	trial b bb
		96	trial c ccc
		97	trial d dd
		98	trial e ee
		99	trial f fff
		100	trial m xxxx
		101	trial n xxxx
		102	trial x x
		103
		104	# Prepare an included config with an error.
		105
		106	cat > $OBJ/ssh_config.i.3 << _EOF
		107	Hostname xxxx
		108	Junk
		109	_EOF
		110
		111	${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
		112	fail "ssh include allowed invalid config"
		113
		114	${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \
		115	fail "ssh include allowed invalid config"
		116
		117	rm -f $OBJ/ssh_config.i.*
		118
		119	# Ensure that a missing include is not fatal.
		120	cat > $OBJ/ssh_config.i << _EOF
		121	Include $OBJ/ssh_config.i.*
		122	Hostname aa
		123	_EOF
		124
		125	trial a aa
		126
		127	# Ensure that Match/Host in an included config does not affect parent.
		128	cat > $OBJ/ssh_config.i.x << _EOF
		129	Match host x
		130	_EOF
		131
		132	trial a aa
		133
		134	cat > $OBJ/ssh_config.i.x << _EOF
		135	Host x
		136	_EOF
		137
		138	trial a aa
		139
		140	# cleanup
		141	rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out
		142	# $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $
		143	# Placed in the Public Domain.
		144
		145	tid="config include"
		146
		147	cat > $OBJ/ssh_config.i << _EOF
		148	Match host a
		149	Hostname aa
		150
		151	Match host b
		152	Hostname bb
		153	Include $OBJ/ssh_config.i.*
		154
		155	Match host c
		156	Include $OBJ/ssh_config.i.*
		157	Hostname cc
		158
		159	Match host m
		160	Include $OBJ/ssh_config.i.*
		161
		162	Host d
		163	Hostname dd
		164
		165	Host e
		166	Hostname ee
		167	Include $OBJ/ssh_config.i.*
		168
		169	Host f
		170	Include $OBJ/ssh_config.i.*
		171	Hostname ff
		172
		173	Host n
		174	Include $OBJ/ssh_config.i.*
		175	_EOF
		176
		177	cat > $OBJ/ssh_config.i.0 << _EOF
		178	Match host xxxxxx
		179	_EOF
		180
		181	cat > $OBJ/ssh_config.i.1 << _EOF
		182	Match host a
		183	Hostname aaa
		184
		185	Match host b
		186	Hostname bbb
		187
		188	Match host c
		189	Hostname ccc
		190
		191	Host d
		192	Hostname ddd
		193
		194	Host e
		195	Hostname eee
		196
		197	Host f
		198	Hostname fff
		199	_EOF
		200
		201	cat > $OBJ/ssh_config.i.2 << _EOF
		202	Match host a
		203	Hostname aaaa
		204
		205	Match host b
		206	Hostname bbbb
		207
		208	Match host c
		209	Hostname cccc
		210
		211	Host d
		212	Hostname dddd
		213
		214	Host e
		215	Hostname eeee
		216
		217	Host f
		218	Hostname ffff
		219
		220	Match all
		221	Hostname xxxx
		222	_EOF
		223
		224	trial() {
		225	_host="$1"
		226	_exp="$2"
		227	${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out \|\|
		228	fatal "ssh config parse failed"
		229	_got=`grep -i '^hostname ' $OBJ/ssh_config.out \| awk '{print $2}'`
		230	if test "x$_exp" != "x$_got" ; then
		231	fail "host $_host include fail: expected $_exp got $_got"
		232	fi
		233	}
		234
		235	trial a aa
		236	trial b bb
		237	trial c ccc
		238	trial d dd
		239	trial e ee
		240	trial f fff
		241	trial m xxxx
		242	trial n xxxx
		243	trial x x
		244
		245	# Prepare an included config with an error.
		246
		247	cat > $OBJ/ssh_config.i.3 << _EOF
		248	Hostname xxxx
		249	Junk
		250	_EOF
		251
		252	${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
		253	fail "ssh include allowed invalid config"
		254
		255	${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \
		256	fail "ssh include allowed invalid config"
		257
		258	rm -f $OBJ/ssh_config.i.*
		259
		260	# Ensure that a missing include is not fatal.
		261	cat > $OBJ/ssh_config.i << _EOF
		262	Include $OBJ/ssh_config.i.*
		263	Hostname aa
		264	_EOF
		265
		266	trial a aa
		267
		268	# Ensure that Match/Host in an included config does not affect parent.
		269	cat > $OBJ/ssh_config.i.x << _EOF
		270	Match host x
		271	_EOF
		272
		273	trial a aa
		274
		275	cat > $OBJ/ssh_config.i.x << _EOF
		276	Host x
		277	_EOF
		278
		279	trial a aa
		280
		281	# Ensure that recursive includes are bounded.
		282	cat > $OBJ/ssh_config.i << _EOF
		283	Include $OBJ/ssh_config.i
		284	_EOF
		285
		286	${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
		287	fail "ssh include allowed infinite recursion?" # or hang...
		288
		289	# cleanup
		290	rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out