diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2019-04-18 20:57:16 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-06-19 04:21:23 +0200 |
| commit | 0bb7e38834e3f9886302bbaea630a6b0f8cfb520 (patch) | |
| tree | 91a7a8bed1b4f0722459eea0acf6f02a6830183d /regress/cfgmatch.sh | |
| parent | Include stdio.h for vsnprintf. (diff) | |
| download | openssh-0bb7e38834e3f9886302bbaea630a6b0f8cfb520.tar.xz openssh-0bb7e38834e3f9886302bbaea630a6b0f8cfb520.zip | |
upstream: Add tests for sshd -T -C with Match.
OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
Diffstat (limited to '')
| -rw-r--r-- | regress/cfgmatch.sh | 49 |
1 files changed, 46 insertions, 3 deletions
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index dd11e404d..6620c84ed 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cfgmatch.sh,v 1.11 2017/10/04 18:50:23 djm Exp $ +# $OpenBSD: cfgmatch.sh,v 1.12 2019/04/18 18:57:16 dtucker Exp $ # Placed in the Public Domain. tid="sshd_config match" @@ -51,9 +51,10 @@ echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy -start_sshd +${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \ + fail "config w/match fails config test" -#set -x +start_sshd # Test Match + PermitOpen in sshd_config. This should be permitted trace "match permitopen localhost" @@ -113,3 +114,45 @@ start_client -F $OBJ/ssh_proxy ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ fail "nomatch override permitopen" stop_client + +# Test parsing of available Match criteria (with the exception of Group which +# requires knowledge of actual group memberships user running the test). +params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \ + localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1" +cp $OBJ/sshd_proxy_bak $OBJ/sshd_config +echo 'Banner /nomatch' >>$OBJ/sshd_config +for i in $params; do + config=`echo $i | cut -f1 -d:` + criteria=`echo $i | cut -f2 -d:` + value=`echo $i | cut -f3 -d:` + cat >>$OBJ/sshd_config <<EOD + Match $config $value + Banner /$value +EOD +done + +${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \ + fail "validate config for w/out spec" + +# Test matching each criteria. +for i in $params; do + testcriteria=`echo $i | cut -f2 -d:` + expected=/`echo $i | cut -f3 -d:` + spec="" + for j in $params; do + config=`echo $j | cut -f1 -d:` + criteria=`echo $j | cut -f2 -d:` + value=`echo $j | cut -f3 -d:` + if [ "$criteria" = "$testcriteria" ]; then + spec="$criteria=$value,$spec" + else + spec="$criteria=1$value,$spec" + fi + done + trace "test spec $spec" + result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \ + awk '$1=="banner"{print $2}'` + if [ "$result" != "$expected" ]; then + fail "match $config expected $expected got $result" + fi +done |