[openssh-commits] [openssh] 07/10: upstream: regression test for override of subsystem in match blocks
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Sep 8 15:59:37 AEST 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 0e1f4401c466fa4fdaea81b6dadc8dd1fc4cf0af
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 6 23:36:09 2023 +0000
upstream: regression test for override of subsystem in match blocks
OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c
---
regress/Makefile | 5 +--
regress/match-subsystem.sh | 90 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 93 insertions(+), 2 deletions(-)
diff --git a/regress/Makefile b/regress/Makefile
index 5caf9b8e..c21b0215 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.125 2023/05/17 05:52:01 djm Exp $
+# $OpenBSD: Makefile,v 1.126 2023/09/06 23:36:09 djm Exp $
tests: prep file-tests t-exec unit
@@ -103,7 +103,8 @@ LTESTS= connect \
agent-restrict \
hostbased \
channel-timeout \
- connection-timeout
+ connection-timeout \
+ match-subsystem
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
diff --git a/regress/match-subsystem.sh b/regress/match-subsystem.sh
new file mode 100644
index 00000000..0b691d8e
--- /dev/null
+++ b/regress/match-subsystem.sh
@@ -0,0 +1,90 @@
+# $OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
+# Placed in the Public Domain.
+
+tid="sshd_config match subsystem"
+
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
+try_subsystem() {
+ _id=$1
+ _subsystem=$2
+ _expect=$3
+ ${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config"
+ ${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
+ _exit=$?
+ trace "$_id subsystem $_subsystem"
+ if [ $_exit -ne $_expect ] ; then
+ fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
+ fi
+ return $?
+}
+
+# Simple case: subsystem in main config.
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Subsystem xxx /bin/sh -c "exit 23"
+_EOF
+try_subsystem "main config" xxx 23
+
+# No clobber in main config.
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Subsystem xxx /bin/sh -c "exit 23"
+Subsystem xxx /bin/sh -c "exit 24"
+_EOF
+try_subsystem "main config no clobber" xxx 23
+
+# Subsystem in match all block
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match all
+Subsystem xxx /bin/sh -c "exit 21"
+_EOF
+try_subsystem "match all" xxx 21
+
+# No clobber in match all block
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match all
+Subsystem xxx /bin/sh -c "exit 21"
+Subsystem xxx /bin/sh -c "exit 24"
+_EOF
+try_subsystem "match all no clobber" xxx 21
+
+# Subsystem in match user block
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match user *
+Subsystem xxx /bin/sh -c "exit 20"
+_EOF
+try_subsystem "match user" xxx 20
+
+# No clobber in match user block
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match user *
+Subsystem xxx /bin/sh -c "exit 20"
+Subsystem xxx /bin/sh -c "exit 24"
+Match all
+Subsystem xxx /bin/sh -c "exit 24"
+_EOF
+try_subsystem "match user no clobber" xxx 20
+
+# Override main with match all
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Subsystem xxx /bin/sh -c "exit 23"
+Match all
+Subsystem xxx /bin/sh -c "exit 19"
+_EOF
+try_subsystem "match all override" xxx 19
+
+# Override main with match user
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Subsystem xxx /bin/sh -c "exit 23"
+Match user *
+Subsystem xxx /bin/sh -c "exit 18"
+_EOF
+try_subsystem "match user override" xxx 18
+
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list