regression test for override of subsystem in match blocks
authordjm <djm@openbsd.org>
Wed, 6 Sep 2023 23:36:09 +0000 (23:36 +0000)
committerdjm <djm@openbsd.org>
Wed, 6 Sep 2023 23:36:09 +0000 (23:36 +0000)
regress/usr.bin/ssh/Makefile
regress/usr.bin/ssh/match-subsystem.sh [new file with mode: 0644]

index 006f79d..7821931 100644 (file)
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.125 2023/05/17 05:52:01 djm Exp $
+#      $OpenBSD: Makefile,v 1.126 2023/09/06 23:36:09 djm Exp $
 
 OPENSSL?=      yes
 
@@ -101,7 +101,8 @@ LTESTS=     connect \
                agent-restrict \
                hostbased \
                channel-timeout \
-               connection-timeout
+               connection-timeout \
+               match-subsystem
 
 INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
 #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
diff --git a/regress/usr.bin/ssh/match-subsystem.sh b/regress/usr.bin/ssh/match-subsystem.sh
new file mode 100644 (file)
index 0000000..0b691d8
--- /dev/null
@@ -0,0 +1,90 @@
+#      $OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
+#      Placed in the Public Domain.
+
+tid="sshd_config match subsystem"
+
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
+try_subsystem() {
+       _id=$1
+       _subsystem=$2
+       _expect=$3
+       ${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config"
+       ${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
+       _exit=$?
+       trace "$_id subsystem $_subsystem"
+       if [ $_exit -ne $_expect ] ; then
+               fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
+       fi
+       return $?
+}
+
+# Simple case: subsystem in main config.
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Subsystem xxx /bin/sh -c "exit 23"
+_EOF
+try_subsystem "main config" xxx 23
+
+# No clobber in main config.
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Subsystem xxx /bin/sh -c "exit 23"
+Subsystem xxx /bin/sh -c "exit 24"
+_EOF
+try_subsystem "main config no clobber" xxx 23
+
+# Subsystem in match all block
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match all
+Subsystem xxx /bin/sh -c "exit 21"
+_EOF
+try_subsystem "match all" xxx 21
+
+# No clobber in match all block
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match all
+Subsystem xxx /bin/sh -c "exit 21"
+Subsystem xxx /bin/sh -c "exit 24"
+_EOF
+try_subsystem "match all no clobber" xxx 21
+
+# Subsystem in match user block
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match user *
+Subsystem xxx /bin/sh -c "exit 20"
+_EOF
+try_subsystem "match user" xxx 20
+
+# No clobber in match user block
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match user *
+Subsystem xxx /bin/sh -c "exit 20"
+Subsystem xxx /bin/sh -c "exit 24"
+Match all
+Subsystem xxx /bin/sh -c "exit 24"
+_EOF
+try_subsystem "match user no clobber" xxx 20
+
+# Override main with match all
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Subsystem xxx /bin/sh -c "exit 23"
+Match all
+Subsystem xxx /bin/sh -c "exit 19"
+_EOF
+try_subsystem "match all override" xxx 19
+
+# Override main with match user
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Subsystem xxx /bin/sh -c "exit 23"
+Match user *
+Subsystem xxx /bin/sh -c "exit 18"
+_EOF
+try_subsystem "match user override" xxx 18
+