diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2008-06-10 05:23:33 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2008-06-10 05:23:33 +0000 |
| commit | 23c912a4c9991d4a1d80f4c992905c445386e966 (patch) | |
| tree | 6cc76b01e6ab25aae71e9ceec7f9a4c889770579 /regress/usr.bin | |
| parent | 42bf7dbf41b88c5cd9880fd14edb6711b83c5547 (diff) | |
Regress test for Match CIDR rules. ok djm@
Diffstat (limited to 'regress/usr.bin')
| -rw-r--r-- | regress/usr.bin/ssh/Makefile | 3 | ||||
| -rw-r--r-- | regress/usr.bin/ssh/addrmatch.sh | 41 |
2 files changed, 43 insertions, 1 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index a848b46ba3d..c86f41f5577 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.44 2007/12/21 04:13:53 djm Exp $ +# $OpenBSD: Makefile,v 1.45 2008/06/10 05:23:32 dtucker Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 @@ -39,6 +39,7 @@ LTESTS= connect \ reexec \ brokenkeys \ cfgmatch \ + addrmatch \ localcommand \ forcecommand diff --git a/regress/usr.bin/ssh/addrmatch.sh b/regress/usr.bin/ssh/addrmatch.sh new file mode 100644 index 00000000000..a05df1539a4 --- /dev/null +++ b/regress/usr.bin/ssh/addrmatch.sh @@ -0,0 +1,41 @@ +# $OpenBSD: addrmatch.sh,v 1.1 2008/06/10 05:23:32 dtucker Exp $ +# Placed in the Public Domain. + +tid="address match" + +mv $OBJ/sshd_proxy $OBJ/sshd_proxy_orig + +run_trial() +{ + user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5" + + verbose "test $descr for $user $addr $host" + result=`${SSHD} -f $OBJ/sshd_proxy -T \ + -C user=${user},addr=${addr},host=${host} | \ + awk '/passwordauthentication/ {print $2}'` + if [ "$result" != "$expected" ]; then + fail "failed for $user $addr $host: expected $expected, got $result" + fi +} + +cp $OBJ/sshd_proxy_orig $OBJ/sshd_proxy +cat >>$OBJ/sshd_proxy <<EOD +PasswordAuthentication no +Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com + PasswordAuthentication yes +Match Address 1.1.1.1,::1,!::3,2000::/16 + PasswordAuthentication yes +EOD + +run_trial user 192.168.0.1 somehost yes "permit, first entry" +run_trial user 192.168.30.1 somehost no "deny, negative match" +run_trial user 19.0.0.1 somehost no "deny, no match" +run_trial user 10.255.255.254 somehost yes "permit, list middle" +run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname" +run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address" +run_trial user ::1 somehost.example.com yes "permit, bare IP6 address" +run_trial user ::2 somehost.exaple.com no "deny IPv6" +run_trial user ::3 somehost no "deny IP6 negated" +run_trial user ::4 somehost no "deny, IP6 no match" +run_trial user 2000::1 somehost yes "permit, IP6 network" +run_trial user 2001::1 somehost no "deny, IP6 network" |