1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
From 845ceecea2ac311b0c267f9ecbd34862e1876fc6 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 2 Jan 2023 07:03:57 +0000
Subject: [PATCH] upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
Conflict:NA
Reference:https://anongit.mindrot.org/openssh.git/commit?id=845ceecea2ac311b0c267f9ecbd34862e1876fc6
---
regress/dynamic-forward.sh | 84 ++++++++++++++++++++++++++++++--------
1 file changed, 66 insertions(+), 18 deletions(-)
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh
index 84f8ee19..f6c2393d 100644
--- a/regress/dynamic-forward.sh
+++ b/regress/dynamic-forward.sh
@@ -1,10 +1,12 @@
-# $OpenBSD: dynamic-forward.sh,v 1.13 2017/09/21 19:18:12 markus Exp $
+# $OpenBSD: dynamic-forward.sh,v 1.14 2023/01/02 07:03:57 djm Exp $
# Placed in the Public Domain.
tid="dynamic forwarding"
FWDPORT=`expr $PORT + 1`
+cp $OBJ/ssh_config $OBJ/ssh_config.orig
+
if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then
proxycmd="nc -x 127.0.0.1:$FWDPORT -X"
elif have_prog connect; then
@@ -15,16 +17,16 @@ else
fi
trace "will use ProxyCommand $proxycmd"
-start_sshd
-
-for d in D R; do
+start_ssh() {
+ direction="$1"
+ arg="$2"
n=0
error="1"
- trace "start dynamic forwarding, fork to background"
-
+ trace "start dynamic -$direction forwarding, fork to background"
+ (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config
while [ "$error" -ne 0 -a "$n" -lt 3 ]; do
n=`expr $n + 1`
- ${SSH} -F $OBJ/ssh_config -f -$d $FWDPORT -q \
+ ${SSH} -F $OBJ/ssh_config -f -$direction $FWDPORT -q \
-oExitOnForwardFailure=yes somehost exec sh -c \
\'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\'
error=$?
@@ -36,18 +38,9 @@ for d in D R; do
if [ "$error" -ne 0 ]; then
fatal "failed to start dynamic forwarding"
fi
+}
- for s in 4 5; do
- for h in 127.0.0.1 localhost; do
- trace "testing ssh socks version $s host $h (-$d)"
- ${SSH} -F $OBJ/ssh_config \
- -o "ProxyCommand ${proxycmd}${s} $h $PORT" \
- somehost cat ${DATA} > ${COPY}
- test -f ${COPY} || fail "failed copy ${DATA}"
- cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
- done
- done
-
+stop_ssh() {
if [ -f $OBJ/remote_pid ]; then
remote=`cat $OBJ/remote_pid`
trace "terminate remote shell, pid $remote"
@@ -57,5 +50,60 @@ for d in D R; do
else
fail "no pid file: $OBJ/remote_pid"
fi
+}
+
+check_socks() {
+ direction=$1
+ expect_success=$2
+ for s in 4 5; do
+ for h in 127.0.0.1 localhost; do
+ trace "testing ssh socks version $s host $h (-$direction)"
+ ${SSH} -F $OBJ/ssh_config \
+ -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \
+ somehost cat ${DATA} > ${COPY}
+ r=$?
+ if [ "x$expect_success" = "xY" ] ; then
+ if [ $r -ne 0 ] ; then
+ fail "ssh failed with exit status $r"
+ fi
+ test -f ${COPY} || fail "failed copy ${DATA}"
+ cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
+ elif [ $r -eq 0 ] ; then
+ fail "ssh unexpectedly succeeded"
+ fi
+ done
+ done
+}
+
+start_sshd
+
+for d in D R; do
+ verbose "test -$d forwarding"
+ start_ssh $d
+ check_socks $d Y
+ stop_ssh
+ test "x$d" = "xR" || continue
+
+ # Test PermitRemoteOpen
+ verbose "PermitRemoteOpen=any"
+ start_ssh $d PermitRemoteOpen=any
+ check_socks $d Y
+ stop_ssh
+
+ verbose "PermitRemoteOpen=none"
+ start_ssh $d PermitRemoteOpen=none
+ check_socks $d N
+ stop_ssh
+
+ verbose "PermitRemoteOpen=explicit"
+ start_ssh $d \
+ PermitRemoteOpen="127.0.0.1:$PORT [::1]:$PORT localhost:$PORT"
+ check_socks $d Y
+ stop_ssh
+ verbose "PermitRemoteOpen=disallowed"
+ start_ssh $d \
+ PermitRemoteOpen="127.0.0.1:1 [::1]:1 localhost:1"
+ check_socks $d N
+ stop_ssh
done
--
2.27.0
|
