summaryrefslogtreecommitdiff
path: root/regress/usr.bin
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2020-01-31 23:25:09 +0000
committerDamien Miller <djm@cvs.openbsd.org>2020-01-31 23:25:09 +0000
commitc0ebf1ccd91b77c1cdea16523b8bf90256c174ce (patch)
tree2af750d03dbbd121d38c13d4b1a1d90deacfd8f8 /regress/usr.bin
parent5b5e3290f0f089357f432f0b9026cbb744f9991d (diff)
regress test for sshd_config Include directive; from Jakub Jelen
Diffstat (limited to 'regress/usr.bin')
-rw-r--r--regress/usr.bin/ssh/Makefile5
-rw-r--r--regress/usr.bin/ssh/servcfginclude.sh154
-rw-r--r--regress/usr.bin/ssh/test-exec.sh3
3 files changed, 159 insertions, 3 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile
index 20da6664f94..24efdcef852 100644
--- a/regress/usr.bin/ssh/Makefile
+++ b/regress/usr.bin/ssh/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.105 2019/11/26 23:41:23 djm Exp $
+# $OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $
.ifndef SKIP_UNIT
SUBDIR= unittests
@@ -78,6 +78,7 @@ LTESTS= connect \
principals-command \
cert-file \
cfginclude \
+ servcfginclude \
allow-deny-users \
authinfo \
sshsig
@@ -108,7 +109,7 @@ CLEANFILES+= *.core actual agent-key.* authorized_keys_${USERNAME} \
sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
ssh-rsa_oldfmt \
ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
- ssh_proxy_envpass sshd.log sshd_config sshd_config.orig \
+ ssh_proxy_envpass sshd.log sshd_config sshd_config.* \
sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \
t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \
t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \
diff --git a/regress/usr.bin/ssh/servcfginclude.sh b/regress/usr.bin/ssh/servcfginclude.sh
new file mode 100644
index 00000000000..b25c8faa850
--- /dev/null
+++ b/regress/usr.bin/ssh/servcfginclude.sh
@@ -0,0 +1,154 @@
+# Placed in the Public Domain.
+
+tid="server config include"
+
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Match host a
+ Banner /aa
+
+Match host b
+ Banner /bb
+ Include $OBJ/sshd_config.i.*
+
+Match host c
+ Include $OBJ/sshd_config.i.*
+ Banner /cc
+
+Match host m
+ Include $OBJ/sshd_config.i.*
+
+Match Host d
+ Banner /dd
+
+Match Host e
+ Banner /ee
+ Include $OBJ/sshd_config.i.*
+
+Match Host f
+ Include $OBJ/sshd_config.i.*
+ Banner /ff
+
+Match Host n
+ Include $OBJ/sshd_config.i.*
+_EOF
+
+cat > $OBJ/sshd_config.i.0 << _EOF
+Match host xxxxxx
+_EOF
+
+cat > $OBJ/sshd_config.i.1 << _EOF
+Match host a
+ Banner /aaa
+
+Match host b
+ Banner /bbb
+
+Match host c
+ Banner /ccc
+
+Match Host d
+ Banner /ddd
+
+Match Host e
+ Banner /eee
+
+Match Host f
+ Banner /fff
+_EOF
+
+cat > $OBJ/sshd_config.i.2 << _EOF
+Match host a
+ Banner /aaaa
+
+Match host b
+ Banner /bbbb
+
+Match host c
+ Banner /cccc
+
+Match Host d
+ Banner /dddd
+
+Match Host e
+ Banner /eeee
+
+Match Host f
+ Banner /ffff
+
+Match all
+ Banner /xxxx
+_EOF
+
+trial() {
+ _host="$1"
+ _exp="$2"
+ _desc="$3"
+ test -z "$_desc" && _desc="test match"
+ trace "$_desc host=$_host expect=$_exp"
+ ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
+ -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
+ fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
+ _got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
+ if test "x$_exp" != "x$_got" ; then
+ fail "$desc_ host $_host include fail: expected $_exp got $_got"
+ fi
+}
+
+trial a /aa
+trial b /bb
+trial c /ccc
+trial d /dd
+trial e /ee
+trial f /fff
+trial m /xxxx
+trial n /xxxx
+trial x none
+
+# Prepare an included config with an error.
+
+cat > $OBJ/sshd_config.i.3 << _EOF
+Banner xxxx
+ Junk
+_EOF
+
+trace "disallow invalid config host=a"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+ -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
+ fail "sshd include allowed invalid config"
+
+trace "disallow invalid config host=x"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+ -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+ fail "sshd include allowed invalid config"
+
+rm -f $OBJ/sshd_config.i.*
+
+# Ensure that a missing include is not fatal.
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Include $OBJ/sshd_config.i.*
+Banner /aa
+_EOF
+
+trial a /aa "missing include non-fatal"
+
+# Ensure that Match/Host in an included config does not affect parent.
+cat > $OBJ/sshd_config.i.x << _EOF
+Match host x
+_EOF
+
+trial a /aa "included file does not affect match state"
+
+# Ensure the empty include directive is not accepted
+cat > $OBJ/sshd_config.i.x << _EOF
+Include
+_EOF
+
+trace "disallow invalid with no argument"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
+ -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+ fail "sshd allowed Include with no argument"
+
+# cleanup
+rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out
diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh
index 3bc64363196..e1980ffe5a3 100644
--- a/regress/usr.bin/ssh/test-exec.sh
+++ b/regress/usr.bin/ssh/test-exec.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.74 2020/01/25 02:57:53 dtucker Exp $
+# $OpenBSD: test-exec.sh,v 1.75 2020/01/31 23:25:08 djm Exp $
# Placed in the Public Domain.
USER=`id -un`
@@ -138,6 +138,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
chmod a+rx $OBJ/ssh-log-wrapper.sh
REAL_SSH="$SSH"
+REAL_SSHD="$SSHD"
SSH="$SSHLOGWRAP"
# Some test data. We make a copy because some tests will overwrite it.