upstream: regress test for sshd_config Include directive; from Jakub
Jelen OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
d4f4cdd681
commit
677d0ece67
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.104 2019/09/03 08:37:45 djm Exp $
|
||||
# $OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $
|
||||
|
||||
tests: prep file-tests t-exec unit
|
||||
|
||||
|
|
@ -87,6 +87,7 @@ LTESTS= connect \
|
|||
principals-command \
|
||||
cert-file \
|
||||
cfginclude \
|
||||
servcfginclude \
|
||||
allow-deny-users \
|
||||
authinfo \
|
||||
sshsig
|
||||
|
|
@ -122,7 +123,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
|
|||
ssh-rsa_oldfmt \
|
||||
ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
|
||||
ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
|
||||
sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
|
||||
sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
|
||||
sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
|
||||
t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
|
||||
t8.out t8.out.pub t9.out t9.out.pub testdata \
|
||||
|
|
|
|||
|
|
@ -0,0 +1,154 @@
|
|||
# Placed in the Public Domain.
|
||||
|
||||
tid="server config include"
|
||||
|
||||
cat > $OBJ/sshd_config.i << _EOF
|
||||
HostKey $OBJ/host.ssh-ed25519
|
||||
Match host a
|
||||
Banner /aa
|
||||
|
||||
Match host b
|
||||
Banner /bb
|
||||
Include $OBJ/sshd_config.i.*
|
||||
|
||||
Match host c
|
||||
Include $OBJ/sshd_config.i.*
|
||||
Banner /cc
|
||||
|
||||
Match host m
|
||||
Include $OBJ/sshd_config.i.*
|
||||
|
||||
Match Host d
|
||||
Banner /dd
|
||||
|
||||
Match Host e
|
||||
Banner /ee
|
||||
Include $OBJ/sshd_config.i.*
|
||||
|
||||
Match Host f
|
||||
Include $OBJ/sshd_config.i.*
|
||||
Banner /ff
|
||||
|
||||
Match Host n
|
||||
Include $OBJ/sshd_config.i.*
|
||||
_EOF
|
||||
|
||||
cat > $OBJ/sshd_config.i.0 << _EOF
|
||||
Match host xxxxxx
|
||||
_EOF
|
||||
|
||||
cat > $OBJ/sshd_config.i.1 << _EOF
|
||||
Match host a
|
||||
Banner /aaa
|
||||
|
||||
Match host b
|
||||
Banner /bbb
|
||||
|
||||
Match host c
|
||||
Banner /ccc
|
||||
|
||||
Match Host d
|
||||
Banner /ddd
|
||||
|
||||
Match Host e
|
||||
Banner /eee
|
||||
|
||||
Match Host f
|
||||
Banner /fff
|
||||
_EOF
|
||||
|
||||
cat > $OBJ/sshd_config.i.2 << _EOF
|
||||
Match host a
|
||||
Banner /aaaa
|
||||
|
||||
Match host b
|
||||
Banner /bbbb
|
||||
|
||||
Match host c
|
||||
Banner /cccc
|
||||
|
||||
Match Host d
|
||||
Banner /dddd
|
||||
|
||||
Match Host e
|
||||
Banner /eeee
|
||||
|
||||
Match Host f
|
||||
Banner /ffff
|
||||
|
||||
Match all
|
||||
Banner /xxxx
|
||||
_EOF
|
||||
|
||||
trial() {
|
||||
_host="$1"
|
||||
_exp="$2"
|
||||
_desc="$3"
|
||||
test -z "$_desc" && _desc="test match"
|
||||
trace "$_desc host=$_host expect=$_exp"
|
||||
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
|
||||
-C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
|
||||
fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
|
||||
_got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
|
||||
if test "x$_exp" != "x$_got" ; then
|
||||
fail "$desc_ host $_host include fail: expected $_exp got $_got"
|
||||
fi
|
||||
}
|
||||
|
||||
trial a /aa
|
||||
trial b /bb
|
||||
trial c /ccc
|
||||
trial d /dd
|
||||
trial e /ee
|
||||
trial f /fff
|
||||
trial m /xxxx
|
||||
trial n /xxxx
|
||||
trial x none
|
||||
|
||||
# Prepare an included config with an error.
|
||||
|
||||
cat > $OBJ/sshd_config.i.3 << _EOF
|
||||
Banner xxxx
|
||||
Junk
|
||||
_EOF
|
||||
|
||||
trace "disallow invalid config host=a"
|
||||
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
|
||||
-C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
|
||||
fail "sshd include allowed invalid config"
|
||||
|
||||
trace "disallow invalid config host=x"
|
||||
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
|
||||
-C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
|
||||
fail "sshd include allowed invalid config"
|
||||
|
||||
rm -f $OBJ/sshd_config.i.*
|
||||
|
||||
# Ensure that a missing include is not fatal.
|
||||
cat > $OBJ/sshd_config.i << _EOF
|
||||
HostKey $OBJ/host.ssh-ed25519
|
||||
Include $OBJ/sshd_config.i.*
|
||||
Banner /aa
|
||||
_EOF
|
||||
|
||||
trial a /aa "missing include non-fatal"
|
||||
|
||||
# Ensure that Match/Host in an included config does not affect parent.
|
||||
cat > $OBJ/sshd_config.i.x << _EOF
|
||||
Match host x
|
||||
_EOF
|
||||
|
||||
trial a /aa "included file does not affect match state"
|
||||
|
||||
# Ensure the empty include directive is not accepted
|
||||
cat > $OBJ/sshd_config.i.x << _EOF
|
||||
Include
|
||||
_EOF
|
||||
|
||||
trace "disallow invalid with no argument"
|
||||
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
|
||||
-C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
|
||||
fail "sshd allowed Include with no argument"
|
||||
|
||||
# cleanup
|
||||
rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: test-exec.sh,v 1.74 2020/01/25 02:57:53 dtucker Exp $
|
||||
# $OpenBSD: test-exec.sh,v 1.75 2020/01/31 23:25:08 djm Exp $
|
||||
# Placed in the Public Domain.
|
||||
|
||||
#SUDO=sudo
|
||||
|
|
@ -239,6 +239,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
|
|||
|
||||
chmod a+rx $OBJ/ssh-log-wrapper.sh
|
||||
REAL_SSH="$SSH"
|
||||
REAL_SSHD="$SSHD"
|
||||
SSH="$SSHLOGWRAP"
|
||||
|
||||
# Some test data. We make a copy because some tests will overwrite it.
|
||||
|
|
|
|||
Loading…
Reference in New Issue