upstream: regression test for override of subsystem in match blocks

OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c
This commit is contained in:
djm@openbsd.org 2023-09-06 23:36:09 +00:00 committed by Damien Miller
parent 8a1450c620
commit 0e1f4401c4
No known key found for this signature in database
2 changed files with 93 additions and 2 deletions

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.125 2023/05/17 05:52:01 djm Exp $ # $OpenBSD: Makefile,v 1.126 2023/09/06 23:36:09 djm Exp $
tests: prep file-tests t-exec unit tests: prep file-tests t-exec unit
@ -103,7 +103,8 @@ LTESTS= connect \
agent-restrict \ agent-restrict \
hostbased \ hostbased \
channel-timeout \ channel-timeout \
connection-timeout connection-timeout \
match-subsystem
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp

View File

@ -0,0 +1,90 @@
# $OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
# Placed in the Public Domain.
tid="sshd_config match subsystem"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
try_subsystem() {
_id=$1
_subsystem=$2
_expect=$3
${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config"
${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
_exit=$?
trace "$_id subsystem $_subsystem"
if [ $_exit -ne $_expect ] ; then
fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
fi
return $?
}
# Simple case: subsystem in main config.
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >> $OBJ/sshd_proxy << _EOF
Subsystem xxx /bin/sh -c "exit 23"
_EOF
try_subsystem "main config" xxx 23
# No clobber in main config.
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >> $OBJ/sshd_proxy << _EOF
Subsystem xxx /bin/sh -c "exit 23"
Subsystem xxx /bin/sh -c "exit 24"
_EOF
try_subsystem "main config no clobber" xxx 23
# Subsystem in match all block
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >> $OBJ/sshd_proxy << _EOF
Match all
Subsystem xxx /bin/sh -c "exit 21"
_EOF
try_subsystem "match all" xxx 21
# No clobber in match all block
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >> $OBJ/sshd_proxy << _EOF
Match all
Subsystem xxx /bin/sh -c "exit 21"
Subsystem xxx /bin/sh -c "exit 24"
_EOF
try_subsystem "match all no clobber" xxx 21
# Subsystem in match user block
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >> $OBJ/sshd_proxy << _EOF
Match user *
Subsystem xxx /bin/sh -c "exit 20"
_EOF
try_subsystem "match user" xxx 20
# No clobber in match user block
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >> $OBJ/sshd_proxy << _EOF
Match user *
Subsystem xxx /bin/sh -c "exit 20"
Subsystem xxx /bin/sh -c "exit 24"
Match all
Subsystem xxx /bin/sh -c "exit 24"
_EOF
try_subsystem "match user no clobber" xxx 20
# Override main with match all
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >> $OBJ/sshd_proxy << _EOF
Subsystem xxx /bin/sh -c "exit 23"
Match all
Subsystem xxx /bin/sh -c "exit 19"
_EOF
try_subsystem "match all override" xxx 19
# Override main with match user
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >> $OBJ/sshd_proxy << _EOF
Subsystem xxx /bin/sh -c "exit 23"
Match user *
Subsystem xxx /bin/sh -c "exit 18"
_EOF
try_subsystem "match user override" xxx 18