diff options
Diffstat (limited to 'regress/usr.bin')
-rw-r--r-- | regress/usr.bin/ssh/Makefile | 5 | ||||
-rw-r--r-- | regress/usr.bin/ssh/servcfginclude.sh | 154 | ||||
-rw-r--r-- | regress/usr.bin/ssh/test-exec.sh | 3 |
3 files changed, 159 insertions, 3 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index 20da6664f94..24efdcef852 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.105 2019/11/26 23:41:23 djm Exp $ +# $OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $ .ifndef SKIP_UNIT SUBDIR= unittests @@ -78,6 +78,7 @@ LTESTS= connect \ principals-command \ cert-file \ cfginclude \ + servcfginclude \ allow-deny-users \ authinfo \ sshsig @@ -108,7 +109,7 @@ CLEANFILES+= *.core actual agent-key.* authorized_keys_${USERNAME} \ sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ ssh-rsa_oldfmt \ ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ - ssh_proxy_envpass sshd.log sshd_config sshd_config.orig \ + ssh_proxy_envpass sshd.log sshd_config sshd_config.* \ sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \ t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \ t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ diff --git a/regress/usr.bin/ssh/servcfginclude.sh b/regress/usr.bin/ssh/servcfginclude.sh new file mode 100644 index 00000000000..b25c8faa850 --- /dev/null +++ b/regress/usr.bin/ssh/servcfginclude.sh @@ -0,0 +1,154 @@ +# Placed in the Public Domain. + +tid="server config include" + +cat > $OBJ/sshd_config.i << _EOF +HostKey $OBJ/host.ssh-ed25519 +Match host a + Banner /aa + +Match host b + Banner /bb + Include $OBJ/sshd_config.i.* + +Match host c + Include $OBJ/sshd_config.i.* + Banner /cc + +Match host m + Include $OBJ/sshd_config.i.* + +Match Host d + Banner /dd + +Match Host e + Banner /ee + Include $OBJ/sshd_config.i.* + +Match Host f + Include $OBJ/sshd_config.i.* + Banner /ff + +Match Host n + Include $OBJ/sshd_config.i.* +_EOF + +cat > $OBJ/sshd_config.i.0 << _EOF +Match host xxxxxx +_EOF + +cat > $OBJ/sshd_config.i.1 << _EOF +Match host a + Banner /aaa + +Match host b + Banner /bbb + +Match host c + Banner /ccc + +Match Host d + Banner /ddd + +Match Host e + Banner /eee + +Match Host f + Banner /fff +_EOF + +cat > $OBJ/sshd_config.i.2 << _EOF +Match host a + Banner /aaaa + +Match host b + Banner /bbbb + +Match host c + Banner /cccc + +Match Host d + Banner /dddd + +Match Host e + Banner /eeee + +Match Host f + Banner /ffff + +Match all + Banner /xxxx +_EOF + +trial() { + _host="$1" + _exp="$2" + _desc="$3" + test -z "$_desc" && _desc="test match" + trace "$_desc host=$_host expect=$_exp" + ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \ + -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out || + fatal "ssh config parse failed: $_desc host=$_host expect=$_exp" + _got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'` + if test "x$_exp" != "x$_got" ; then + fail "$desc_ host $_host include fail: expected $_exp got $_got" + fi +} + +trial a /aa +trial b /bb +trial c /ccc +trial d /dd +trial e /ee +trial f /fff +trial m /xxxx +trial n /xxxx +trial x none + +# Prepare an included config with an error. + +cat > $OBJ/sshd_config.i.3 << _EOF +Banner xxxx + Junk +_EOF + +trace "disallow invalid config host=a" +${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \ + -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \ + fail "sshd include allowed invalid config" + +trace "disallow invalid config host=x" +${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \ + -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \ + fail "sshd include allowed invalid config" + +rm -f $OBJ/sshd_config.i.* + +# Ensure that a missing include is not fatal. +cat > $OBJ/sshd_config.i << _EOF +HostKey $OBJ/host.ssh-ed25519 +Include $OBJ/sshd_config.i.* +Banner /aa +_EOF + +trial a /aa "missing include non-fatal" + +# Ensure that Match/Host in an included config does not affect parent. +cat > $OBJ/sshd_config.i.x << _EOF +Match host x +_EOF + +trial a /aa "included file does not affect match state" + +# Ensure the empty include directive is not accepted +cat > $OBJ/sshd_config.i.x << _EOF +Include +_EOF + +trace "disallow invalid with no argument" +${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \ + -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \ + fail "sshd allowed Include with no argument" + +# cleanup +rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh index 3bc64363196..e1980ffe5a3 100644 --- a/regress/usr.bin/ssh/test-exec.sh +++ b/regress/usr.bin/ssh/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.74 2020/01/25 02:57:53 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.75 2020/01/31 23:25:08 djm Exp $ # Placed in the Public Domain. USER=`id -un` @@ -138,6 +138,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP chmod a+rx $OBJ/ssh-log-wrapper.sh REAL_SSH="$SSH" +REAL_SSHD="$SSHD" SSH="$SSHLOGWRAP" # Some test data. We make a copy because some tests will overwrite it. |