tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 16:54:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: Add tests for sshd -T -C with Match.

Browse Source 
OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
This commit is contained in:
dtucker@openbsd.org 2019-04-18 18:57:16 +00:00 committed by Damien Miller
parent 73eb6cef41
commit 0bb7e38834
1 changed files with 46 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
regress/cfgmatch.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: cfgmatch.sh,v 1.11 2017/10/04 18:50:23 djm Exp $ # $OpenBSD: cfgmatch.sh,v 1.12 2019/04/18 18:57:16 dtucker Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
tid="sshd_config match" tid="sshd_config match"
@ -51,9 +51,10 @@ echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy
echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
start_sshd ${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
fail "config w/match fails config test"
#set -x start_sshd
# Test Match + PermitOpen in sshd_config. This should be permitted # Test Match + PermitOpen in sshd_config. This should be permitted
trace "match permitopen localhost" trace "match permitopen localhost"
@ -113,3 +114,45 @@ start_client -F $OBJ/ssh_proxy
${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \
fail "nomatch override permitopen" fail "nomatch override permitopen"
stop_client stop_client
# Test parsing of available Match criteria (with the exception of Group which
# requires knowledge of actual group memberships user running the test).
params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \
localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1"
cp $OBJ/sshd_proxy_bak $OBJ/sshd_config
echo 'Banner /nomatch' >>$OBJ/sshd_config
for i in $params; do
config=`echo $i | cut -f1 -d:`
criteria=`echo $i | cut -f2 -d:`
value=`echo $i | cut -f3 -d:`
cat >>$OBJ/sshd_config <<EOD
Match $config $value
Banner /$value
EOD
done
${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
fail "validate config for w/out spec"
# Test matching each criteria.
for i in $params; do
testcriteria=`echo $i | cut -f2 -d:`
expected=/`echo $i | cut -f3 -d:`
spec=""
for j in $params; do
config=`echo $j | cut -f1 -d:`
criteria=`echo $j | cut -f2 -d:`
value=`echo $j | cut -f3 -d:`
if [ "$criteria" = "$testcriteria" ]; then
spec="$criteria=$value,$spec"
else
spec="$criteria=1$value,$spec"
fi
done
trace "test spec $spec"
result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \
awk '$1=="banner"{print $2}'`
if [ "$result" != "$expected" ]; then
fail "match $config expected $expected got $result"
fi
done