- dtucker@cvs.openbsd.org 2006/12/13 08:36:36

[regress/cfgmatch.sh]
     Additional test for multiple PermitOpen entries.  ok djm@

ChangeLog

@@ -62,6 +62,9 @@
    - markus@cvs.openbsd.org 2006/11/06 09:27:43
      [regress/cfgmatch.sh]
      fix quoting for non-(c)sh login shells.
+   - dtucker@cvs.openbsd.org 2006/12/13 08:36:36
+     [regress/cfgmatch.sh]
+     Additional test for multiple PermitOpen entries.  ok djm@
 
 20070927
  - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
@@ -3333,4 +3336,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4773 2007/10/26 04:44:34 djm Exp $
+$Id: ChangeLog,v 1.4774 2007/10/26 04:45:13 djm Exp $

regress/cfgmatch.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: cfgmatch.sh,v 1.3 2006/11/06 09:27:43 markus Exp $
+#	$OpenBSD: cfgmatch.sh,v 1.4 2006/12/13 08:36:36 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="sshd_config match"
@@ -104,3 +104,22 @@ for p in 1 2; do
 	    fail "match override permitopen proto $p"
 	stop_client
 done
+
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy
+echo "Match User NoSuchUser" >>$OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy
+
+# Test that a rule that doesn't match doesn't override, plus test a
+# PermitOpen entry that's not at the start of the list
+for p in 1 2; do
+	rm -f $pidfile
+	trace "nomatch permitopen proxy w/key opts proto $p"
+	${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
+	    exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
+	    fail "nomatch override permitopen proto $p sshd failed"
+	sleep 1;
+	${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
+	    fail "nomatch override permitopen proto $p"
+	stop_client
+done