| # Placed in the Public Domain. |
| |
| tid="server config include" |
| |
| cat > $OBJ/sshd_config.i << _EOF |
| HostKey $OBJ/host.ssh-ed25519 |
| Match host a |
| Banner /aa |
| |
| Match host b |
| Banner /bb |
| Include $OBJ/sshd_config.i.* |
| |
| Match host c |
| Include $OBJ/sshd_config.i.* |
| Banner /cc |
| |
| Match host m |
| Include $OBJ/sshd_config.i.* |
| |
| Match Host d |
| Banner /dd |
| |
| Match Host e |
| Banner /ee |
| Include $OBJ/sshd_config.i.* |
| |
| Match Host f |
| Include $OBJ/sshd_config.i.* |
| Banner /ff |
| |
| Match Host n |
| Include $OBJ/sshd_config.i.* |
| _EOF |
| |
| cat > $OBJ/sshd_config.i.0 << _EOF |
| Match host xxxxxx |
| _EOF |
| |
| cat > $OBJ/sshd_config.i.1 << _EOF |
| Match host a |
| Banner /aaa |
| |
| Match host b |
| Banner /bbb |
| |
| Match host c |
| Banner /ccc |
| |
| Match Host d |
| Banner /ddd |
| |
| Match Host e |
| Banner /eee |
| |
| Match Host f |
| Banner /fff |
| _EOF |
| |
| cat > $OBJ/sshd_config.i.2 << _EOF |
| Match host a |
| Banner /aaaa |
| |
| Match host b |
| Banner /bbbb |
| |
| Match host c |
| Banner /cccc |
| |
| Match Host d |
| Banner /dddd |
| |
| Match Host e |
| Banner /eeee |
| |
| Match Host f |
| Banner /ffff |
| |
| Match all |
| Banner /xxxx |
| _EOF |
| |
| trial() { |
| _host="$1" |
| _exp="$2" |
| _desc="$3" |
| test -z "$_desc" && _desc="test match" |
| trace "$_desc host=$_host expect=$_exp" |
| ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \ |
| -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out || |
| fatal "ssh config parse failed: $_desc host=$_host expect=$_exp" |
| _got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'` |
| if test "x$_exp" != "x$_got" ; then |
| fail "$desc_ host $_host include fail: expected $_exp got $_got" |
| fi |
| } |
| |
| trial a /aa |
| trial b /bb |
| trial c /ccc |
| trial d /dd |
| trial e /ee |
| trial f /fff |
| trial m /xxxx |
| trial n /xxxx |
| trial x none |
| |
| # Prepare an included config with an error. |
| |
| cat > $OBJ/sshd_config.i.3 << _EOF |
| Banner xxxx |
| Junk |
| _EOF |
| |
| trace "disallow invalid config host=a" |
| ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \ |
| -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \ |
| fail "sshd include allowed invalid config" |
| |
| trace "disallow invalid config host=x" |
| ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \ |
| -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \ |
| fail "sshd include allowed invalid config" |
| |
| rm -f $OBJ/sshd_config.i.* |
| |
| # Ensure that a missing include is not fatal. |
| cat > $OBJ/sshd_config.i << _EOF |
| HostKey $OBJ/host.ssh-ed25519 |
| Include $OBJ/sshd_config.i.* |
| Banner /aa |
| _EOF |
| |
| trial a /aa "missing include non-fatal" |
| |
| # Ensure that Match/Host in an included config does not affect parent. |
| cat > $OBJ/sshd_config.i.x << _EOF |
| Match host x |
| _EOF |
| |
| trial a /aa "included file does not affect match state" |
| |
| # Ensure the empty include directive is not accepted |
| cat > $OBJ/sshd_config.i.x << _EOF |
| Include |
| _EOF |
| |
| trace "disallow invalid with no argument" |
| ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \ |
| -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \ |
| fail "sshd allowed Include with no argument" |
| |
| # cleanup |
| rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out |