upstream: regression test for override of subsystem in match blocks
OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c
This commit is contained in:
parent
8a1450c620
commit
0e1f4401c4
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: Makefile,v 1.125 2023/05/17 05:52:01 djm Exp $
|
# $OpenBSD: Makefile,v 1.126 2023/09/06 23:36:09 djm Exp $
|
||||||
|
|
||||||
tests: prep file-tests t-exec unit
|
tests: prep file-tests t-exec unit
|
||||||
|
|
||||||
|
@ -103,7 +103,8 @@ LTESTS= connect \
|
||||||
agent-restrict \
|
agent-restrict \
|
||||||
hostbased \
|
hostbased \
|
||||||
channel-timeout \
|
channel-timeout \
|
||||||
connection-timeout
|
connection-timeout \
|
||||||
|
match-subsystem
|
||||||
|
|
||||||
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
|
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
|
||||||
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
|
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
|
||||||
|
|
|
@ -0,0 +1,90 @@
|
||||||
|
# $OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
|
||||||
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
|
tid="sshd_config match subsystem"
|
||||||
|
|
||||||
|
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
|
||||||
|
|
||||||
|
try_subsystem() {
|
||||||
|
_id=$1
|
||||||
|
_subsystem=$2
|
||||||
|
_expect=$3
|
||||||
|
${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config"
|
||||||
|
${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
|
||||||
|
_exit=$?
|
||||||
|
trace "$_id subsystem $_subsystem"
|
||||||
|
if [ $_exit -ne $_expect ] ; then
|
||||||
|
fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
|
||||||
|
fi
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
|
# Simple case: subsystem in main config.
|
||||||
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
||||||
|
cat >> $OBJ/sshd_proxy << _EOF
|
||||||
|
Subsystem xxx /bin/sh -c "exit 23"
|
||||||
|
_EOF
|
||||||
|
try_subsystem "main config" xxx 23
|
||||||
|
|
||||||
|
# No clobber in main config.
|
||||||
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
||||||
|
cat >> $OBJ/sshd_proxy << _EOF
|
||||||
|
Subsystem xxx /bin/sh -c "exit 23"
|
||||||
|
Subsystem xxx /bin/sh -c "exit 24"
|
||||||
|
_EOF
|
||||||
|
try_subsystem "main config no clobber" xxx 23
|
||||||
|
|
||||||
|
# Subsystem in match all block
|
||||||
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
||||||
|
cat >> $OBJ/sshd_proxy << _EOF
|
||||||
|
Match all
|
||||||
|
Subsystem xxx /bin/sh -c "exit 21"
|
||||||
|
_EOF
|
||||||
|
try_subsystem "match all" xxx 21
|
||||||
|
|
||||||
|
# No clobber in match all block
|
||||||
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
||||||
|
cat >> $OBJ/sshd_proxy << _EOF
|
||||||
|
Match all
|
||||||
|
Subsystem xxx /bin/sh -c "exit 21"
|
||||||
|
Subsystem xxx /bin/sh -c "exit 24"
|
||||||
|
_EOF
|
||||||
|
try_subsystem "match all no clobber" xxx 21
|
||||||
|
|
||||||
|
# Subsystem in match user block
|
||||||
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
||||||
|
cat >> $OBJ/sshd_proxy << _EOF
|
||||||
|
Match user *
|
||||||
|
Subsystem xxx /bin/sh -c "exit 20"
|
||||||
|
_EOF
|
||||||
|
try_subsystem "match user" xxx 20
|
||||||
|
|
||||||
|
# No clobber in match user block
|
||||||
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
||||||
|
cat >> $OBJ/sshd_proxy << _EOF
|
||||||
|
Match user *
|
||||||
|
Subsystem xxx /bin/sh -c "exit 20"
|
||||||
|
Subsystem xxx /bin/sh -c "exit 24"
|
||||||
|
Match all
|
||||||
|
Subsystem xxx /bin/sh -c "exit 24"
|
||||||
|
_EOF
|
||||||
|
try_subsystem "match user no clobber" xxx 20
|
||||||
|
|
||||||
|
# Override main with match all
|
||||||
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
||||||
|
cat >> $OBJ/sshd_proxy << _EOF
|
||||||
|
Subsystem xxx /bin/sh -c "exit 23"
|
||||||
|
Match all
|
||||||
|
Subsystem xxx /bin/sh -c "exit 19"
|
||||||
|
_EOF
|
||||||
|
try_subsystem "match all override" xxx 19
|
||||||
|
|
||||||
|
# Override main with match user
|
||||||
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
||||||
|
cat >> $OBJ/sshd_proxy << _EOF
|
||||||
|
Subsystem xxx /bin/sh -c "exit 23"
|
||||||
|
Match user *
|
||||||
|
Subsystem xxx /bin/sh -c "exit 18"
|
||||||
|
_EOF
|
||||||
|
try_subsystem "match user override" xxx 18
|
||||||
|
|
Loading…
Reference in New Issue