[openssh-commits] [openssh] 08/08: upstream: regression test for PermitRemoteOpen

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Jan 3 17:53:47 AEDT 2023


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 845ceecea2ac311b0c267f9ecbd34862e1876fc6
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jan 2 07:03:57 2023 +0000

    upstream: regression test for PermitRemoteOpen
    
    OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
---
 regress/dynamic-forward.sh | 84 ++++++++++++++++++++++++++++++++++++----------
 1 file changed, 66 insertions(+), 18 deletions(-)

diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh
index 84f8ee19..f6c2393d 100644
--- a/regress/dynamic-forward.sh
+++ b/regress/dynamic-forward.sh
@@ -1,10 +1,12 @@
-#	$OpenBSD: dynamic-forward.sh,v 1.13 2017/09/21 19:18:12 markus Exp $
+#	$OpenBSD: dynamic-forward.sh,v 1.14 2023/01/02 07:03:57 djm Exp $
 #	Placed in the Public Domain.
 
 tid="dynamic forwarding"
 
 FWDPORT=`expr $PORT + 1`
 
+cp $OBJ/ssh_config $OBJ/ssh_config.orig
+
 if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then
 	proxycmd="nc -x 127.0.0.1:$FWDPORT -X"
 elif have_prog connect; then
@@ -15,16 +17,16 @@ else
 fi
 trace "will use ProxyCommand $proxycmd"
 
-start_sshd
-
-for d in D R; do
+start_ssh() {
+	direction="$1"
+	arg="$2"
 	n=0
 	error="1"
-	trace "start dynamic forwarding, fork to background"
-
+	trace "start dynamic -$direction forwarding, fork to background"
+	(cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config
 	while [ "$error" -ne 0 -a "$n" -lt 3 ]; do
 		n=`expr $n + 1`
-		${SSH} -F $OBJ/ssh_config -f -$d $FWDPORT -q \
+		${SSH} -F $OBJ/ssh_config -f -$direction $FWDPORT -q \
 		    -oExitOnForwardFailure=yes somehost exec sh -c \
 			\'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\'
 		error=$?
@@ -36,18 +38,9 @@ for d in D R; do
 	if [ "$error" -ne 0 ]; then
 		fatal "failed to start dynamic forwarding"
 	fi
+}
 
-	for s in 4 5; do
-	    for h in 127.0.0.1 localhost; do
-		trace "testing ssh socks version $s host $h (-$d)"
-		${SSH} -F $OBJ/ssh_config \
-			-o "ProxyCommand ${proxycmd}${s} $h $PORT" \
-			somehost cat ${DATA} > ${COPY}
-		test -f ${COPY}	 || fail "failed copy ${DATA}"
-		cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
-	    done
-	done
-
+stop_ssh() {
 	if [ -f $OBJ/remote_pid ]; then
 		remote=`cat $OBJ/remote_pid`
 		trace "terminate remote shell, pid $remote"
@@ -57,5 +50,60 @@ for d in D R; do
 	else
 		fail "no pid file: $OBJ/remote_pid"
 	fi
+}
+
+check_socks() {
+	direction=$1
+	expect_success=$2
+	for s in 4 5; do
+	    for h in 127.0.0.1 localhost; do
+		trace "testing ssh socks version $s host $h (-$direction)"
+		${SSH} -F $OBJ/ssh_config \
+			-o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \
+			somehost cat ${DATA} > ${COPY}
+		r=$?
+		if [ "x$expect_success" = "xY" ] ; then
+			if [ $r -ne 0 ] ; then
+				fail "ssh failed with exit status $r"
+			fi
+			test -f ${COPY}	 || fail "failed copy ${DATA}"
+			cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
+		elif [ $r -eq 0 ] ; then
+			fail "ssh unexpectedly succeeded"
+		fi
+	    done
+	done
+}
+
+start_sshd
+
+for d in D R; do
+	verbose "test -$d forwarding"
+	start_ssh $d
+	check_socks $d Y
+	stop_ssh
+	test "x$d" = "xR" || continue
+	
+	# Test PermitRemoteOpen
+	verbose "PermitRemoteOpen=any"
+	start_ssh $d PermitRemoteOpen=any
+	check_socks $d Y
+	stop_ssh
+
+	verbose "PermitRemoteOpen=none"
+	start_ssh $d PermitRemoteOpen=none
+	check_socks $d N
+	stop_ssh
+
+	verbose "PermitRemoteOpen=explicit"
+	start_ssh $d \
+	    PermitRemoteOpen="127.0.0.1:$PORT [::1]:$PORT localhost:$PORT"
+	check_socks $d Y
+	stop_ssh
 
+	verbose "PermitRemoteOpen=disallowed"
+	start_ssh $d \
+	    PermitRemoteOpen="127.0.0.1:1 [::1]:1 localhost:1"
+	check_socks $d N
+	stop_ssh
 done

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list