[openssh-commits] [openssh] 01/03: upstream: Add tests for sshd -T -C with Match.

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jun 19 12:21:49 AEST 2019


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 0bb7e38834e3f9886302bbaea630a6b0f8cfb520
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Thu Apr 18 18:57:16 2019 +0000

    upstream: Add tests for sshd -T -C with Match.
    
    OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
---
 regress/cfgmatch.sh | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 3 deletions(-)

diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh
index dd11e404..6620c84e 100644
--- a/regress/cfgmatch.sh
+++ b/regress/cfgmatch.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cfgmatch.sh,v 1.11 2017/10/04 18:50:23 djm Exp $
+#	$OpenBSD: cfgmatch.sh,v 1.12 2019/04/18 18:57:16 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="sshd_config match"
@@ -51,10 +51,11 @@ echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy
 echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
 echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
 
+${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
+    fail "config w/match fails config test"
+
 start_sshd
 
-#set -x
-
 # Test Match + PermitOpen in sshd_config.  This should be permitted
 trace "match permitopen localhost"
 start_client -F $OBJ/ssh_config
@@ -113,3 +114,45 @@ start_client -F $OBJ/ssh_proxy
 ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \
     fail "nomatch override permitopen"
 stop_client
+
+# Test parsing of available Match criteria (with the exception of Group which
+# requires knowledge of actual group memberships user running the test).
+params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \
+    localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1"
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_config
+echo 'Banner /nomatch' >>$OBJ/sshd_config
+for i in $params; do
+	config=`echo $i | cut -f1 -d:`
+	criteria=`echo $i | cut -f2 -d:`
+	value=`echo $i | cut -f3 -d:`
+	cat >>$OBJ/sshd_config <<EOD
+	    Match $config $value
+	      Banner /$value
+EOD
+done
+
+${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
+    fail "validate config for w/out spec"
+
+# Test matching each criteria.
+for i in $params; do
+	testcriteria=`echo $i | cut -f2 -d:`
+	expected=/`echo $i | cut -f3 -d:`
+	spec=""
+	for j in $params; do
+		config=`echo $j | cut -f1 -d:`
+		criteria=`echo $j | cut -f2 -d:`
+		value=`echo $j | cut -f3 -d:`
+		if [ "$criteria" = "$testcriteria" ]; then
+			spec="$criteria=$value,$spec"
+		else
+			spec="$criteria=1$value,$spec"
+		fi
+	done
+	trace "test spec $spec"
+	result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \
+	    awk '$1=="banner"{print $2}'`
+	if [ "$result" != "$expected" ]; then
+		fail "match $config expected $expected got $result"
+	fi
+done

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list