summaryrefslogtreecommitdiff
path: root/regress/usr.bin/ssh/forwarding.sh
blob: ae464a08017b74684841c3763d0e2c15353ffe20 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#	$OpenBSD: forwarding.sh,v 1.17 2017/01/06 02:09:25 dtucker Exp $
#	Placed in the Public Domain.

tid="local and remote forwarding"

start_sshd

base=33
last=$PORT
fwd=""
CTL=$OBJ/ctl-sock

for j in 0 1 2; do
	for i in 0 1 2; do
		a=$base$j$i
		b=`expr $a + 50`
		c=$last
		# fwd chain: $a -> $b -> $c
		fwd="$fwd -L$a:127.0.0.1:$b -R$b:127.0.0.1:$c"
		last=$a
	done
done
for p in ${SSH_PROTOCOLS}; do
	q=`expr 3 - $p`
	if ! ssh_version $q; then
		q=$p
	fi
	trace "start forwarding, fork to background"
	rm -f $CTL
	${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10

	trace "transfer over forwarded channels and check result"
	${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
		somehost cat ${DATA} > ${COPY}
	test -s ${COPY}		|| fail "failed copy of ${DATA}"
	cmp ${DATA} ${COPY}	|| fail "corrupted copy of ${DATA}"

	${SSH} -S $CTL -O exit somehost
done

for p in ${SSH_PROTOCOLS}; do
for d in L R; do
	trace "exit on -$d forward failure, proto $p"

	# this one should succeed
	${SSH} -$p -F $OBJ/ssh_config \
	    -$d ${base}01:127.0.0.1:$PORT \
	    -$d ${base}02:127.0.0.1:$PORT \
	    -$d ${base}03:127.0.0.1:$PORT \
	    -$d ${base}04:127.0.0.1:$PORT \
	    -oExitOnForwardFailure=yes somehost true
	if [ $? != 0 ]; then
		fail "connection failed, should not"
	else
		# this one should fail
		${SSH} -q -$p -F $OBJ/ssh_config \
		    -$d ${base}01:127.0.0.1:$PORT \
		    -$d ${base}02:127.0.0.1:$PORT \
		    -$d ${base}03:127.0.0.1:$PORT \
		    -$d ${base}01:localhost:$PORT \
		    -$d ${base}04:127.0.0.1:$PORT \
		    -oExitOnForwardFailure=yes somehost true
		r=$?
		if [ $r != 255 ]; then
			fail "connection not termintated, but should ($r)"
		fi
	fi
done
done

for p in ${SSH_PROTOCOLS}; do
	trace "simple clear forwarding proto $p"
	${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true

	trace "clear local forward proto $p"
	rm -f $CTL
	${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
	    -oClearAllForwardings=yes somehost sleep 10
	if [ $? != 0 ]; then
		fail "connection failed with cleared local forwarding"
	else
		# this one should fail
		${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
		     >>$TEST_REGRESS_LOGFILE 2>&1 && \
			fail "local forwarding not cleared"
	fi
	${SSH} -S $CTL -O exit somehost
	
	trace "clear remote forward proto $p"
	rm -f $CTL
	${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
	    -oClearAllForwardings=yes somehost sleep 10
	if [ $? != 0 ]; then
		fail "connection failed with cleared remote forwarding"
	else
		# this one should fail
		${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
		     >>$TEST_REGRESS_LOGFILE 2>&1 && \
			fail "remote forwarding not cleared"
	fi
	${SSH} -S $CTL -O exit somehost
done

for p in 2; do
	trace "stdio forwarding proto $p"
	cmd="${SSH} -$p -F $OBJ/ssh_config"
	$cmd -o "ProxyCommand $cmd -q -W localhost:$PORT somehost" \
		somehost true
	if [ $? != 0 ]; then
		fail "stdio forwarding proto $p"
	fi
done

echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
for p in ${SSH_PROTOCOLS}; do
	trace "config file: start forwarding, fork to background"
	rm -f $CTL
	${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10

	trace "config file: transfer over forwarded channels and check result"
	${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \
		somehost cat ${DATA} > ${COPY}
	test -s ${COPY}		|| fail "failed copy of ${DATA}"
	cmp ${DATA} ${COPY}	|| fail "corrupted copy of ${DATA}"

	${SSH} -S $CTL -O exit somehost
done

for p in 2; do
	trace "transfer over chained unix domain socket forwards and check result"
	rm -f $OBJ/unix-[123].fwd
	rm -f $CTL $CTL.[123]
	${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
	${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
	${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
	${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
	${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
		somehost cat ${DATA} > ${COPY}
	test -s ${COPY}			|| fail "failed copy ${DATA}"
	cmp ${DATA} ${COPY}		|| fail "corrupted copy of ${DATA}"

	${SSH} -S $CTL -O exit somehost
	${SSH} -S $CTL.1 -O exit somehost
	${SSH} -S $CTL.2 -O exit somehost
	${SSH} -S $CTL.3 -O exit somehost
done