diff options
Diffstat (limited to 'backport-upstream-regression-test-for-PermitRemoteOpen.patch')
| -rw-r--r-- | backport-upstream-regression-test-for-PermitRemoteOpen.patch | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/backport-upstream-regression-test-for-PermitRemoteOpen.patch b/backport-upstream-regression-test-for-PermitRemoteOpen.patch new file mode 100644 index 0000000..cfe6105 --- /dev/null +++ b/backport-upstream-regression-test-for-PermitRemoteOpen.patch @@ -0,0 +1,138 @@ +From 845ceecea2ac311b0c267f9ecbd34862e1876fc6 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Mon, 2 Jan 2023 07:03:57 +0000 +Subject: [PATCH] upstream: regression test for PermitRemoteOpen + +OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/commit?id=845ceecea2ac311b0c267f9ecbd34862e1876fc6 +--- + regress/dynamic-forward.sh | 84 ++++++++++++++++++++++++++++++-------- + 1 file changed, 66 insertions(+), 18 deletions(-) + +diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh +index 84f8ee19..f6c2393d 100644 +--- a/regress/dynamic-forward.sh ++++ b/regress/dynamic-forward.sh +@@ -1,10 +1,12 @@ +-# $OpenBSD: dynamic-forward.sh,v 1.13 2017/09/21 19:18:12 markus Exp $ ++# $OpenBSD: dynamic-forward.sh,v 1.14 2023/01/02 07:03:57 djm Exp $ + # Placed in the Public Domain. + + tid="dynamic forwarding" + + FWDPORT=`expr $PORT + 1` + ++cp $OBJ/ssh_config $OBJ/ssh_config.orig ++ + if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then + proxycmd="nc -x 127.0.0.1:$FWDPORT -X" + elif have_prog connect; then +@@ -15,16 +17,16 @@ else + fi + trace "will use ProxyCommand $proxycmd" + +-start_sshd +- +-for d in D R; do ++start_ssh() { ++ direction="$1" ++ arg="$2" + n=0 + error="1" +- trace "start dynamic forwarding, fork to background" +- ++ trace "start dynamic -$direction forwarding, fork to background" ++ (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config + while [ "$error" -ne 0 -a "$n" -lt 3 ]; do + n=`expr $n + 1` +- ${SSH} -F $OBJ/ssh_config -f -$d $FWDPORT -q \ ++ ${SSH} -F $OBJ/ssh_config -f -$direction $FWDPORT -q \ + -oExitOnForwardFailure=yes somehost exec sh -c \ + \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' + error=$? +@@ -36,18 +38,9 @@ for d in D R; do + if [ "$error" -ne 0 ]; then + fatal "failed to start dynamic forwarding" + fi ++} + +- for s in 4 5; do +- for h in 127.0.0.1 localhost; do +- trace "testing ssh socks version $s host $h (-$d)" +- ${SSH} -F $OBJ/ssh_config \ +- -o "ProxyCommand ${proxycmd}${s} $h $PORT" \ +- somehost cat ${DATA} > ${COPY} +- test -f ${COPY} || fail "failed copy ${DATA}" +- cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" +- done +- done +- ++stop_ssh() { + if [ -f $OBJ/remote_pid ]; then + remote=`cat $OBJ/remote_pid` + trace "terminate remote shell, pid $remote" +@@ -57,5 +50,60 @@ for d in D R; do + else + fail "no pid file: $OBJ/remote_pid" + fi ++} ++ ++check_socks() { ++ direction=$1 ++ expect_success=$2 ++ for s in 4 5; do ++ for h in 127.0.0.1 localhost; do ++ trace "testing ssh socks version $s host $h (-$direction)" ++ ${SSH} -F $OBJ/ssh_config \ ++ -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \ ++ somehost cat ${DATA} > ${COPY} ++ r=$? ++ if [ "x$expect_success" = "xY" ] ; then ++ if [ $r -ne 0 ] ; then ++ fail "ssh failed with exit status $r" ++ fi ++ test -f ${COPY} || fail "failed copy ${DATA}" ++ cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" ++ elif [ $r -eq 0 ] ; then ++ fail "ssh unexpectedly succeeded" ++ fi ++ done ++ done ++} ++ ++start_sshd ++ ++for d in D R; do ++ verbose "test -$d forwarding" ++ start_ssh $d ++ check_socks $d Y ++ stop_ssh ++ test "x$d" = "xR" || continue ++ ++ # Test PermitRemoteOpen ++ verbose "PermitRemoteOpen=any" ++ start_ssh $d PermitRemoteOpen=any ++ check_socks $d Y ++ stop_ssh ++ ++ verbose "PermitRemoteOpen=none" ++ start_ssh $d PermitRemoteOpen=none ++ check_socks $d N ++ stop_ssh ++ ++ verbose "PermitRemoteOpen=explicit" ++ start_ssh $d \ ++ PermitRemoteOpen="127.0.0.1:$PORT [::1]:$PORT localhost:$PORT" ++ check_socks $d Y ++ stop_ssh + ++ verbose "PermitRemoteOpen=disallowed" ++ start_ssh $d \ ++ PermitRemoteOpen="127.0.0.1:1 [::1]:1 localhost:1" ++ check_socks $d N ++ stop_ssh + done +-- +2.27.0 + |