[openssh-commits] [openssh] 01/01: upstream: regress test for sshd_config Include directive; from Jakub
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Feb 1 10:28:39 AEDT 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 677d0ece67634262b3b96c3cd6410b19f3a603b7
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Jan 31 23:25:08 2020 +0000
upstream: regress test for sshd_config Include directive; from Jakub
Jelen
OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
---
regress/Makefile | 5 +-
regress/servcfginclude.sh | 154 ++++++++++++++++++++++++++++++++++++++++++++++
regress/test-exec.sh | 3 +-
3 files changed, 159 insertions(+), 3 deletions(-)
diff --git a/regress/Makefile b/regress/Makefile
index 34c47e8c..774c10d4 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.104 2019/09/03 08:37:45 djm Exp $
+# $OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $
tests: prep file-tests t-exec unit
@@ -87,6 +87,7 @@ LTESTS= connect \
principals-command \
cert-file \
cfginclude \
+ servcfginclude \
allow-deny-users \
authinfo \
sshsig
@@ -122,7 +123,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
ssh-rsa_oldfmt \
ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
- sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
+ sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
t8.out t8.out.pub t9.out t9.out.pub testdata \
diff --git a/regress/servcfginclude.sh b/regress/servcfginclude.sh
new file mode 100644
index 00000000..b25c8faa
--- /dev/null
+++ b/regress/servcfginclude.sh
@@ -0,0 +1,154 @@
+# Placed in the Public Domain.
+
+tid="server config include"
+
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Match host a
+ Banner /aa
+
+Match host b
+ Banner /bb
+ Include $OBJ/sshd_config.i.*
+
+Match host c
+ Include $OBJ/sshd_config.i.*
+ Banner /cc
+
+Match host m
+ Include $OBJ/sshd_config.i.*
+
+Match Host d
+ Banner /dd
+
+Match Host e
+ Banner /ee
+ Include $OBJ/sshd_config.i.*
+
+Match Host f
+ Include $OBJ/sshd_config.i.*
+ Banner /ff
+
+Match Host n
+ Include $OBJ/sshd_config.i.*
+_EOF
+
+cat > $OBJ/sshd_config.i.0 << _EOF
+Match host xxxxxx
+_EOF
+
+cat > $OBJ/sshd_config.i.1 << _EOF
+Match host a
+ Banner /aaa
+
+Match host b
+ Banner /bbb
+
+Match host c
+ Banner /ccc
+
+Match Host d
+ Banner /ddd
+
+Match Host e
+ Banner /eee
+
+Match Host f
+ Banner /fff
+_EOF
+
+cat > $OBJ/sshd_config.i.2 << _EOF
+Match host a
+ Banner /aaaa
+
+Match host b
+ Banner /bbbb
+
+Match host c
+ Banner /cccc
+
+Match Host d
+ Banner /dddd
+
+Match Host e
+ Banner /eeee
+
+Match Host f
+ Banner /ffff
+
+Match all
+ Banner /xxxx
+_EOF
+
+trial() {
+ _host="$1"
+ _exp="$2"
+ _desc="$3"
+ test -z "$_desc" && _desc="test match"
+ trace "$_desc host=$_host expect=$_exp"
+ ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
+ -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
+ fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
+ _got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
+ if test "x$_exp" != "x$_got" ; then
+ fail "$desc_ host $_host include fail: expected $_exp got $_got"
+ fi
+}
+
+trial a /aa
+trial b /bb
+trial c /ccc
+trial d /dd
+trial e /ee
+trial f /fff
+trial m /xxxx
+trial n /xxxx
+trial x none
+
+# Prepare an included config with an error.
+
+cat > $OBJ/sshd_config.i.3 << _EOF
+Banner xxxx
+ Junk
+_EOF
+
+trace "disallow invalid config host=a"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+ -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
+ fail "sshd include allowed invalid config"
+
+trace "disallow invalid config host=x"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+ -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+ fail "sshd include allowed invalid config"
+
+rm -f $OBJ/sshd_config.i.*
+
+# Ensure that a missing include is not fatal.
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Include $OBJ/sshd_config.i.*
+Banner /aa
+_EOF
+
+trial a /aa "missing include non-fatal"
+
+# Ensure that Match/Host in an included config does not affect parent.
+cat > $OBJ/sshd_config.i.x << _EOF
+Match host x
+_EOF
+
+trial a /aa "included file does not affect match state"
+
+# Ensure the empty include directive is not accepted
+cat > $OBJ/sshd_config.i.x << _EOF
+Include
+_EOF
+
+trace "disallow invalid with no argument"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
+ -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+ fail "sshd allowed Include with no argument"
+
+# cleanup
+rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 2c9c3f49..f5e3ee6f 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.74 2020/01/25 02:57:53 dtucker Exp $
+# $OpenBSD: test-exec.sh,v 1.75 2020/01/31 23:25:08 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
@@ -239,6 +239,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
chmod a+rx $OBJ/ssh-log-wrapper.sh
REAL_SSH="$SSH"
+REAL_SSHD="$SSHD"
SSH="$SSHLOGWRAP"
# Some test data. We make a copy because some tests will overwrite it.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list