tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: regress test for sshd_config Include directive; from Jakub 

Jelen

OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
This commit is contained in:
djm@openbsd.org 2020-01-31 23:25:08 +00:00 committed by Damien Miller
parent d4f4cdd681
commit 677d0ece67
3 changed files with 159 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
regress/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.104 2019/09/03 08:37:45 djm Exp $ # $OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $
tests: prep file-tests t-exec unit tests: prep file-tests t-exec unit
@ -87,6 +87,7 @@ LTESTS= connect \
principals-command \ principals-command \
cert-file \ cert-file \
cfginclude \ cfginclude \
servcfginclude \
allow-deny-users \ allow-deny-users \
authinfo \ authinfo \
sshsig sshsig
@ -122,7 +123,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
ssh-rsa_oldfmt \ ssh-rsa_oldfmt \
ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \ ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \ sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \ sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \ t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
t8.out t8.out.pub t9.out t9.out.pub testdata \ t8.out t8.out.pub t9.out t9.out.pub testdata \

154
regress/servcfginclude.sh Normal file
View File

@ -0,0 +1,154 @@
# Placed in the Public Domain.
tid="server config include"
cat > $OBJ/sshd_config.i << _EOF
HostKey $OBJ/host.ssh-ed25519
Match host a
Banner /aa
Match host b
Banner /bb
Include $OBJ/sshd_config.i.*
Match host c
Include $OBJ/sshd_config.i.*
Banner /cc
Match host m
Include $OBJ/sshd_config.i.*
Match Host d
Banner /dd
Match Host e
Banner /ee
Include $OBJ/sshd_config.i.*
Match Host f
Include $OBJ/sshd_config.i.*
Banner /ff
Match Host n
Include $OBJ/sshd_config.i.*
_EOF
cat > $OBJ/sshd_config.i.0 << _EOF
Match host xxxxxx
_EOF
cat > $OBJ/sshd_config.i.1 << _EOF
Match host a
Banner /aaa
Match host b
Banner /bbb
Match host c
Banner /ccc
Match Host d
Banner /ddd
Match Host e
Banner /eee
Match Host f
Banner /fff
_EOF
cat > $OBJ/sshd_config.i.2 << _EOF
Match host a
Banner /aaaa
Match host b
Banner /bbbb
Match host c
Banner /cccc
Match Host d
Banner /dddd
Match Host e
Banner /eeee
Match Host f
Banner /ffff
Match all
Banner /xxxx
_EOF
trial() {
_host="$1"
_exp="$2"
_desc="$3"
test -z "$_desc" && _desc="test match"
trace "$_desc host=$_host expect=$_exp"
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
-C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
_got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
if test "x$_exp" != "x$_got" ; then
fail "$desc_ host $_host include fail: expected $_exp got $_got"
fi
}
trial a /aa
trial b /bb
trial c /ccc
trial d /dd
trial e /ee
trial f /fff
trial m /xxxx
trial n /xxxx
trial x none
# Prepare an included config with an error.
cat > $OBJ/sshd_config.i.3 << _EOF
Banner xxxx
Junk
_EOF
trace "disallow invalid config host=a"
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
-C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
fail "sshd include allowed invalid config"
trace "disallow invalid config host=x"
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
-C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
fail "sshd include allowed invalid config"
rm -f $OBJ/sshd_config.i.*
# Ensure that a missing include is not fatal.
cat > $OBJ/sshd_config.i << _EOF
HostKey $OBJ/host.ssh-ed25519
Include $OBJ/sshd_config.i.*
Banner /aa
_EOF
trial a /aa "missing include non-fatal"
# Ensure that Match/Host in an included config does not affect parent.
cat > $OBJ/sshd_config.i.x << _EOF
Match host x
_EOF
trial a /aa "included file does not affect match state"
# Ensure the empty include directive is not accepted
cat > $OBJ/sshd_config.i.x << _EOF
Include
_EOF
trace "disallow invalid with no argument"
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
-C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
fail "sshd allowed Include with no argument"
# cleanup
rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out

3
regress/test-exec.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: test-exec.sh,v 1.74 2020/01/25 02:57:53 dtucker Exp $ # $OpenBSD: test-exec.sh,v 1.75 2020/01/31 23:25:08 djm Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
#SUDO=sudo #SUDO=sudo
@ -239,6 +239,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
chmod a+rx $OBJ/ssh-log-wrapper.sh chmod a+rx $OBJ/ssh-log-wrapper.sh
REAL_SSH="$SSH" REAL_SSH="$SSH"
REAL_SSHD="$SSHD"
SSH="$SSHLOGWRAP" SSH="$SSHLOGWRAP"
# Some test data. We make a copy because some tests will overwrite it. # Some test data. We make a copy because some tests will overwrite it.