[openssh-commits] [openssh] 01/01: upstream: regress test for sshd_config Include directive; from Jakub

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Feb 1 10:28:39 AEDT 2020


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 677d0ece67634262b3b96c3cd6410b19f3a603b7
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Jan 31 23:25:08 2020 +0000

    upstream: regress test for sshd_config Include directive; from Jakub
    
    Jelen
    
    OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
---
 regress/Makefile          |   5 +-
 regress/servcfginclude.sh | 154 ++++++++++++++++++++++++++++++++++++++++++++++
 regress/test-exec.sh      |   3 +-
 3 files changed, 159 insertions(+), 3 deletions(-)

diff --git a/regress/Makefile b/regress/Makefile
index 34c47e8c..774c10d4 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.104 2019/09/03 08:37:45 djm Exp $
+#	$OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $
 
 tests:		prep file-tests t-exec unit
 
@@ -87,6 +87,7 @@ LTESTS= 	connect \
 		principals-command \
 		cert-file \
 		cfginclude \
+		servcfginclude \
 		allow-deny-users \
 		authinfo \
 		sshsig
@@ -122,7 +123,7 @@ CLEANFILES=	*.core actual agent-key.* authorized_keys_${USERNAME} \
 		ssh-rsa_oldfmt \
 		ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
 		ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
-		sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
+		sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
 		sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
 		t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
 		t8.out t8.out.pub t9.out t9.out.pub testdata \
diff --git a/regress/servcfginclude.sh b/regress/servcfginclude.sh
new file mode 100644
index 00000000..b25c8faa
--- /dev/null
+++ b/regress/servcfginclude.sh
@@ -0,0 +1,154 @@
+#	Placed in the Public Domain.
+
+tid="server config include"
+
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Match host a
+	Banner /aa
+
+Match host b
+	Banner /bb
+	Include $OBJ/sshd_config.i.*
+
+Match host c
+	Include $OBJ/sshd_config.i.*
+	Banner /cc
+
+Match host m
+	Include $OBJ/sshd_config.i.*
+
+Match Host d
+	Banner /dd
+
+Match Host e
+	Banner /ee
+	Include $OBJ/sshd_config.i.*
+
+Match Host f
+	Include $OBJ/sshd_config.i.*
+	Banner /ff
+
+Match Host n
+	Include $OBJ/sshd_config.i.*
+_EOF
+
+cat > $OBJ/sshd_config.i.0 << _EOF
+Match host xxxxxx
+_EOF
+
+cat > $OBJ/sshd_config.i.1 << _EOF
+Match host a
+	Banner /aaa
+
+Match host b
+	Banner /bbb
+
+Match host c
+	Banner /ccc
+
+Match Host d
+	Banner /ddd
+
+Match Host e
+	Banner /eee
+
+Match Host f
+	Banner /fff
+_EOF
+
+cat > $OBJ/sshd_config.i.2 << _EOF
+Match host a
+	Banner /aaaa
+
+Match host b
+	Banner /bbbb
+
+Match host c
+	Banner /cccc
+
+Match Host d
+	Banner /dddd
+
+Match Host e
+	Banner /eeee
+
+Match Host f
+	Banner /ffff
+
+Match all
+	Banner /xxxx
+_EOF
+
+trial() {
+	_host="$1"
+	_exp="$2"
+	_desc="$3"
+	test -z "$_desc" && _desc="test match"
+	trace "$_desc host=$_host expect=$_exp"
+	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
+	    -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
+		fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
+	_got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
+	if test "x$_exp" != "x$_got" ; then
+		fail "$desc_ host $_host include fail: expected $_exp got $_got"
+	fi
+}
+
+trial a /aa
+trial b /bb
+trial c /ccc
+trial d /dd
+trial e /ee
+trial f /fff
+trial m /xxxx
+trial n /xxxx
+trial x none
+
+# Prepare an included config with an error.
+
+cat > $OBJ/sshd_config.i.3 << _EOF
+Banner xxxx
+	Junk
+_EOF
+
+trace "disallow invalid config host=a"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+    -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
+	fail "sshd include allowed invalid config"
+
+trace "disallow invalid config host=x"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+	fail "sshd include allowed invalid config"
+
+rm -f $OBJ/sshd_config.i.*
+
+# Ensure that a missing include is not fatal.
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Include $OBJ/sshd_config.i.*
+Banner /aa
+_EOF
+
+trial a /aa "missing include non-fatal"
+
+# Ensure that Match/Host in an included config does not affect parent.
+cat > $OBJ/sshd_config.i.x << _EOF
+Match host x
+_EOF
+
+trial a /aa "included file does not affect match state"
+
+# Ensure the empty include directive is not accepted
+cat > $OBJ/sshd_config.i.x << _EOF
+Include
+_EOF
+
+trace "disallow invalid with no argument"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
+    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+	fail "sshd allowed Include with no argument"
+
+# cleanup
+rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 2c9c3f49..f5e3ee6f 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.74 2020/01/25 02:57:53 dtucker Exp $
+#	$OpenBSD: test-exec.sh,v 1.75 2020/01/31 23:25:08 djm Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -239,6 +239,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
 
 chmod a+rx $OBJ/ssh-log-wrapper.sh
 REAL_SSH="$SSH"
+REAL_SSHD="$SSHD"
 SSH="$SSHLOGWRAP"
 
 # Some test data.  We make a copy because some tests will overwrite it.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list