Attachment #3351 for bug #2468

Lines 78-83 LTESTS= connect \ Link Here

(-)a/Makefile (-1 / +2 lines)
78	principals-command \	78	principals-command \
79	cert-file \	79	cert-file \
80	cfginclude \	80	cfginclude \
		81	servcfginclude \
81	allow-deny-users \	82	allow-deny-users \
82	authinfo \	83	authinfo \
83	sshsig	84	sshsig
Lines 108-114 CLEANFILES+= .core actual agent-key. authorized_keys_${USERNAME} \ Link Here
108	sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \	109	sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
109	ssh-rsa_oldfmt \	110	ssh-rsa_oldfmt \
110	ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \	111	ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
111	ssh_proxy_envpass sshd.log sshd_config sshd_config.orig \	112	ssh_proxy_envpass sshd.log sshd_config sshd_config.* \
112	sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \	113	sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \
113	t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \	114	t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \
114	t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \	115	t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \




#	Placed in the Public Domain.

tid="server config include"

cat > $OBJ/sshd_config.i << _EOF
HostKey $OBJ/host.ssh-ed25519
Match host a
	Banner /aa

Match host b
	Banner /bb
	Include $OBJ/sshd_config.i.*

Match host c
	Include $OBJ/sshd_config.i.*
	Banner /cc

Match host m
	Include $OBJ/sshd_config.i.*

Match Host d
	Banner /dd

Match Host e
	Banner /ee
	Include $OBJ/sshd_config.i.*

Match Host f
	Include $OBJ/sshd_config.i.*
	Banner /ff

Match Host n
	Include $OBJ/sshd_config.i.*
_EOF

cat > $OBJ/sshd_config.i.0 << _EOF
Match host xxxxxx
_EOF

cat > $OBJ/sshd_config.i.1 << _EOF
Match host a
	Banner /aaa

Match host b
	Banner /bbb

Match host c
	Banner /ccc

Match Host d
	Banner /ddd

Match Host e
	Banner /eee

Match Host f
	Banner /fff
_EOF

cat > $OBJ/sshd_config.i.2 << _EOF
Match host a
	Banner /aaaa

Match host b
	Banner /bbbb

Match host c
	Banner /cccc

Match Host d
	Banner /dddd

Match Host e
	Banner /eeee

Match Host f
	Banner /ffff

Match all
	Banner /xxxx
_EOF

trial() {
	_host="$1"
	_exp="$2"
	_desc="$3"
	test -z "$_desc" && _desc="test match"
	trace "$_desc host=$_host expect=$_exp"
	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
	    -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
		fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
	_got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
	if test "x$_exp" != "x$_got" ; then
		fail "$desc_ host $_host include fail: expected $_exp got $_got"
	fi
}

trial a /aa
trial b /bb
trial c /ccc
trial d /dd
trial e /ee
trial f /fff
trial m /xxxx
trial n /xxxx
trial x none

# Prepare an included config with an error.

cat > $OBJ/sshd_config.i.3 << _EOF
Banner xxxx
	Junk
_EOF

trace "disallow invalid config host=a"
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
    -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
	fail "sshd include allowed invalid config"

trace "disallow invalid config host=x"
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
	fail "sshd include allowed invalid config"

rm -f $OBJ/sshd_config.i.*

# Ensure that a missing include is not fatal.
cat > $OBJ/sshd_config.i << _EOF
HostKey $OBJ/host.ssh-ed25519
Include $OBJ/sshd_config.i.*
Banner /aa
_EOF

trial a /aa "missing include non-fatal"

# Ensure that Match/Host in an included config does not affect parent.
cat > $OBJ/sshd_config.i.x << _EOF
Match host x
_EOF

trial a /aa "included file does not affect match state"

# Ensure the empty include directive is not accepted
cat > $OBJ/sshd_config.i.x << _EOF
Include
_EOF

trace "disallow invalid with no argument"
${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
	fail "sshd allowed Include with no argument"

# cleanup
rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out

Lines 135-140 echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP Link Here

(-)a/test-exec.sh (+1 lines)
135		135
136	chmod a+rx $OBJ/ssh-log-wrapper.sh	136	chmod a+rx $OBJ/ssh-log-wrapper.sh
137	REAL_SSH="$SSH"	137	REAL_SSH="$SSH"
		138	REAL_SSHD="$SSHD"
138	SSH="$SSHLOGWRAP"	139	SSH="$SSHLOGWRAP"
139		140
140	# Some test data. We make a copy because some tests will overwrite it.	141	# Some test data. We make a copy because some tests will overwrite it.

Return to bug 2468

Line 0 Link Here

(-)a/servcfginclude.sh (+154 lines)
		1	# Placed in the Public Domain.
		2
		3	tid="server config include"
		4
		5	cat > $OBJ/sshd_config.i << _EOF
		6	HostKey $OBJ/host.ssh-ed25519
		7	Match host a
		8	Banner /aa
		9
		10	Match host b
		11	Banner /bb
		12	Include $OBJ/sshd_config.i.*
		13
		14	Match host c
		15	Include $OBJ/sshd_config.i.*
		16	Banner /cc
		17
		18	Match host m
		19	Include $OBJ/sshd_config.i.*
		20
		21	Match Host d
		22	Banner /dd
		23
		24	Match Host e
		25	Banner /ee
		26	Include $OBJ/sshd_config.i.*
		27
		28	Match Host f
		29	Include $OBJ/sshd_config.i.*
		30	Banner /ff
		31
		32	Match Host n
		33	Include $OBJ/sshd_config.i.*
		34	_EOF
		35
		36	cat > $OBJ/sshd_config.i.0 << _EOF
		37	Match host xxxxxx
		38	_EOF
		39
		40	cat > $OBJ/sshd_config.i.1 << _EOF
		41	Match host a
		42	Banner /aaa
		43
		44	Match host b
		45	Banner /bbb
		46
		47	Match host c
		48	Banner /ccc
		49
		50	Match Host d
		51	Banner /ddd
		52
		53	Match Host e
		54	Banner /eee
		55
		56	Match Host f
		57	Banner /fff
		58	_EOF
		59
		60	cat > $OBJ/sshd_config.i.2 << _EOF
		61	Match host a
		62	Banner /aaaa
		63
		64	Match host b
65	Banner /bbbb
66
67	Match host c
68	Banner /cccc
69
70	Match Host d
71	Banner /dddd
72
73	Match Host e
74	Banner /eeee
75
76	Match Host f
77	Banner /ffff
78
79	Match all
80	Banner /xxxx
81	_EOF
82
83	trial() {
84	_host="$1"
85	_exp="$2"
86	_desc="$3"
87	test -z "$_desc" && _desc="test match"
88	trace "$_desc host=$_host expect=$_exp"
89	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
90	-C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out \|\|
91	fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
92	_got=`grep -i '^banner ' $OBJ/sshd_config.out \| awk '{print $2}'`
93	if test "x$_exp" != "x$_got" ; then
94	fail "$desc_ host $_host include fail: expected $_exp got $_got"
95	fi
96	}
97
98	trial a /aa
99	trial b /bb
100	trial c /ccc
101	trial d /dd
102	trial e /ee
103	trial f /fff
104	trial m /xxxx
105	trial n /xxxx
106	trial x none
107
108	# Prepare an included config with an error.
109
110	cat > $OBJ/sshd_config.i.3 << _EOF
111	Banner xxxx
112	Junk
113	_EOF
114
115	trace "disallow invalid config host=a"
116	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
117	-C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
118	fail "sshd include allowed invalid config"
119
120	trace "disallow invalid config host=x"
121	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
122	-C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
123	fail "sshd include allowed invalid config"
124
125	rm -f $OBJ/sshd_config.i.*
126
127	# Ensure that a missing include is not fatal.
128	cat > $OBJ/sshd_config.i << _EOF
129	HostKey $OBJ/host.ssh-ed25519
130	Include $OBJ/sshd_config.i.*
131	Banner /aa
132	_EOF
133
134	trial a /aa "missing include non-fatal"
135
136	# Ensure that Match/Host in an included config does not affect parent.
137	cat > $OBJ/sshd_config.i.x << _EOF
138	Match host x
139	_EOF
140
141	trial a /aa "included file does not affect match state"
142
143	# Ensure the empty include directive is not accepted
144	cat > $OBJ/sshd_config.i.x << _EOF
145	Include
146	_EOF
147
148	trace "disallow invalid with no argument"
149	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
150	-C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
151	fail "sshd allowed Include with no argument"
152
153	# cleanup
154	rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out