diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2016-04-15 00:31:11 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2016-04-15 00:31:11 +0000 |
commit | 1d7089832ee47e352e57929e3f2742ff18befb93 (patch) | |
tree | d3c34bfd35236809ba55fc4ded7c2b53008ea927 /regress/usr.bin | |
parent | c40b6e99cf15787b4eadc9889ed4dcc77a76edf0 (diff) |
regression test for ssh_config Include directive
Diffstat (limited to 'regress/usr.bin')
-rw-r--r-- | regress/usr.bin/ssh/Makefile | 7 | ||||
-rw-r--r-- | regress/usr.bin/ssh/cfginclude.sh | 290 |
2 files changed, 294 insertions, 3 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index 9fc903263a9..dc6a2518497 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.84 2016/03/04 02:30:36 djm Exp $ +# $OpenBSD: Makefile,v 1.85 2016/04/15 00:31:10 djm Exp $ .ifndef SKIP_UNIT SUBDIR= unittests @@ -72,7 +72,8 @@ LTESTS= connect \ keygen-knownhosts \ hostkey-rotate \ principals-command \ - cert-file + cert-file \ + cfginclude INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp @@ -95,7 +96,7 @@ CLEANFILES+= *.core authorized_keys_${USER} known_hosts pidfile \ sftp-server.sh sftp-server.log sftp.log kh.* hkr.* \ user_key* user_ca* host_* key.* agent-key.* ed25519-agent* \ known_hosts.* data modpipe ssh_proxy keys-command-args \ - scp-ssh-wrapper.scp ssh_proxy_bak + scp-ssh-wrapper.scp ssh_proxy_bak ssh_config.* SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} diff --git a/regress/usr.bin/ssh/cfginclude.sh b/regress/usr.bin/ssh/cfginclude.sh new file mode 100644 index 00000000000..3232fa9f002 --- /dev/null +++ b/regress/usr.bin/ssh/cfginclude.sh @@ -0,0 +1,290 @@ +# $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $ +# Placed in the Public Domain. + +tid="config include" + +cat > $OBJ/ssh_config.i << _EOF +Match host a + Hostname aa + +Match host b + Hostname bb + Include $OBJ/ssh_config.i.* + +Match host c + Include $OBJ/ssh_config.i.* + Hostname cc + +Match host m + Include $OBJ/ssh_config.i.* + +Host d + Hostname dd + +Host e + Hostname ee + Include $OBJ/ssh_config.i.* + +Host f + Include $OBJ/ssh_config.i.* + Hostname ff + +Host n + Include $OBJ/ssh_config.i.* +_EOF + +cat > $OBJ/ssh_config.i.0 << _EOF +Match host xxxxxx +_EOF + +cat > $OBJ/ssh_config.i.1 << _EOF +Match host a + Hostname aaa + +Match host b + Hostname bbb + +Match host c + Hostname ccc + +Host d + Hostname ddd + +Host e + Hostname eee + +Host f + Hostname fff +_EOF + +cat > $OBJ/ssh_config.i.2 << _EOF +Match host a + Hostname aaaa + +Match host b + Hostname bbbb + +Match host c + Hostname cccc + +Host d + Hostname dddd + +Host e + Hostname eeee + +Host f + Hostname ffff + +Match all + Hostname xxxx +_EOF + +trial() { + _host="$1" + _exp="$2" + ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out || + fatal "ssh config parse failed" + _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'` + if test "x$_exp" != "x$_got" ; then + fail "host $_host include fail: expected $_exp got $_got" + fi +} + +trial a aa +trial b bb +trial c ccc +trial d dd +trial e ee +trial f fff +trial m xxxx +trial n xxxx +trial x x + +# Prepare an included config with an error. + +cat > $OBJ/ssh_config.i.3 << _EOF +Hostname xxxx + Junk +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed invalid config" + +${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \ + fail "ssh include allowed invalid config" + +rm -f $OBJ/ssh_config.i.* + +# Ensure that a missing include is not fatal. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i.* +Hostname aa +_EOF + +trial a aa + +# Ensure that Match/Host in an included config does not affect parent. +cat > $OBJ/ssh_config.i.x << _EOF +Match host x +_EOF + +trial a aa + +cat > $OBJ/ssh_config.i.x << _EOF +Host x +_EOF + +trial a aa + +# cleanup +rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out +# $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $ +# Placed in the Public Domain. + +tid="config include" + +cat > $OBJ/ssh_config.i << _EOF +Match host a + Hostname aa + +Match host b + Hostname bb + Include $OBJ/ssh_config.i.* + +Match host c + Include $OBJ/ssh_config.i.* + Hostname cc + +Match host m + Include $OBJ/ssh_config.i.* + +Host d + Hostname dd + +Host e + Hostname ee + Include $OBJ/ssh_config.i.* + +Host f + Include $OBJ/ssh_config.i.* + Hostname ff + +Host n + Include $OBJ/ssh_config.i.* +_EOF + +cat > $OBJ/ssh_config.i.0 << _EOF +Match host xxxxxx +_EOF + +cat > $OBJ/ssh_config.i.1 << _EOF +Match host a + Hostname aaa + +Match host b + Hostname bbb + +Match host c + Hostname ccc + +Host d + Hostname ddd + +Host e + Hostname eee + +Host f + Hostname fff +_EOF + +cat > $OBJ/ssh_config.i.2 << _EOF +Match host a + Hostname aaaa + +Match host b + Hostname bbbb + +Match host c + Hostname cccc + +Host d + Hostname dddd + +Host e + Hostname eeee + +Host f + Hostname ffff + +Match all + Hostname xxxx +_EOF + +trial() { + _host="$1" + _exp="$2" + ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out || + fatal "ssh config parse failed" + _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'` + if test "x$_exp" != "x$_got" ; then + fail "host $_host include fail: expected $_exp got $_got" + fi +} + +trial a aa +trial b bb +trial c ccc +trial d dd +trial e ee +trial f fff +trial m xxxx +trial n xxxx +trial x x + +# Prepare an included config with an error. + +cat > $OBJ/ssh_config.i.3 << _EOF +Hostname xxxx + Junk +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed invalid config" + +${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \ + fail "ssh include allowed invalid config" + +rm -f $OBJ/ssh_config.i.* + +# Ensure that a missing include is not fatal. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i.* +Hostname aa +_EOF + +trial a aa + +# Ensure that Match/Host in an included config does not affect parent. +cat > $OBJ/ssh_config.i.x << _EOF +Match host x +_EOF + +trial a aa + +cat > $OBJ/ssh_config.i.x << _EOF +Host x +_EOF + +trial a aa + +# Ensure that recursive includes are bounded. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed infinite recursion?" # or hang... + +# cleanup +rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out |