regress/match-subsystem.sh - third_party/openssh-portable - Git at Google

 #	$OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
 #	Placed in the Public Domain.

 tid="sshd_config match subsystem"

 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak

 try_subsystem() {
 	_id=$1
 	_subsystem=$2
 	_expect=$3
 	${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config"
 	${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
 	_exit=$?
 	trace "$_id subsystem $_subsystem"
 	if [ $_exit -ne $_expect ] ; then
 		fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
 	fi
 	return $?
 }

 # Simple case: subsystem in main config.
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 cat >> $OBJ/sshd_proxy << _EOF
 Subsystem xxx /bin/sh -c "exit 23"
 _EOF
 try_subsystem "main config" xxx 23

 # No clobber in main config.
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 cat >> $OBJ/sshd_proxy << _EOF
 Subsystem xxx /bin/sh -c "exit 23"
 Subsystem xxx /bin/sh -c "exit 24"
 _EOF
 try_subsystem "main config no clobber" xxx 23

 # Subsystem in match all block
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 cat >> $OBJ/sshd_proxy << _EOF
 Match all
 Subsystem xxx /bin/sh -c "exit 21"
 _EOF
 try_subsystem "match all" xxx 21

 # No clobber in match all block
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 cat >> $OBJ/sshd_proxy << _EOF
 Match all
 Subsystem xxx /bin/sh -c "exit 21"
 Subsystem xxx /bin/sh -c "exit 24"
 _EOF
 try_subsystem "match all no clobber" xxx 21

 # Subsystem in match user block
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 cat >> $OBJ/sshd_proxy << _EOF
 Match user *
 Subsystem xxx /bin/sh -c "exit 20"
 _EOF
 try_subsystem "match user" xxx 20

 # No clobber in match user block
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 cat >> $OBJ/sshd_proxy << _EOF
 Match user *
 Subsystem xxx /bin/sh -c "exit 20"
 Subsystem xxx /bin/sh -c "exit 24"
 Match all
 Subsystem xxx /bin/sh -c "exit 24"
 _EOF
 try_subsystem "match user no clobber" xxx 20

 # Override main with match all
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 cat >> $OBJ/sshd_proxy << _EOF
 Subsystem xxx /bin/sh -c "exit 23"
 Match all
 Subsystem xxx /bin/sh -c "exit 19"
 _EOF
 try_subsystem "match all override" xxx 19

 # Override main with match user
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 cat >> $OBJ/sshd_proxy << _EOF
 Subsystem xxx /bin/sh -c "exit 23"
 Match user *
 Subsystem xxx /bin/sh -c "exit 18"
 _EOF
 try_subsystem "match user override" xxx 18
	# $OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
	# Placed in the Public Domain.

	tid="sshd_config match subsystem"

	cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak

	try_subsystem() {
	_id=$1
	_subsystem=$2
	_expect=$3
	${SSHD} -tf $OBJ/sshd_proxy \|\| fatal "$_id: bad config"
	${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
	_exit=$?
	trace "$_id subsystem $_subsystem"
	if [ $_exit -ne $_expect ] ; then
	fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
	fi
	return $?
	}

	# Simple case: subsystem in main config.
	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
	cat >> $OBJ/sshd_proxy << _EOF
	Subsystem xxx /bin/sh -c "exit 23"
	_EOF
	try_subsystem "main config" xxx 23

	# No clobber in main config.
	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
	cat >> $OBJ/sshd_proxy << _EOF
	Subsystem xxx /bin/sh -c "exit 23"
	Subsystem xxx /bin/sh -c "exit 24"
	_EOF
	try_subsystem "main config no clobber" xxx 23

	# Subsystem in match all block
	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
	cat >> $OBJ/sshd_proxy << _EOF
	Match all
	Subsystem xxx /bin/sh -c "exit 21"
	_EOF
	try_subsystem "match all" xxx 21

	# No clobber in match all block
	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
	cat >> $OBJ/sshd_proxy << _EOF
	Match all
	Subsystem xxx /bin/sh -c "exit 21"
	Subsystem xxx /bin/sh -c "exit 24"
	_EOF
	try_subsystem "match all no clobber" xxx 21

	# Subsystem in match user block
	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
	cat >> $OBJ/sshd_proxy << _EOF
	Match user *
	Subsystem xxx /bin/sh -c "exit 20"
	_EOF
	try_subsystem "match user" xxx 20

	# No clobber in match user block
	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
	cat >> $OBJ/sshd_proxy << _EOF
	Match user *
	Subsystem xxx /bin/sh -c "exit 20"
	Subsystem xxx /bin/sh -c "exit 24"
	Match all
	Subsystem xxx /bin/sh -c "exit 24"
	_EOF
	try_subsystem "match user no clobber" xxx 20

	# Override main with match all
	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
	cat >> $OBJ/sshd_proxy << _EOF
	Subsystem xxx /bin/sh -c "exit 23"
	Match all
	Subsystem xxx /bin/sh -c "exit 19"
	_EOF
	try_subsystem "match all override" xxx 19

	# Override main with match user
	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
	cat >> $OBJ/sshd_proxy << _EOF
	Subsystem xxx /bin/sh -c "exit 23"
	Match user *
	Subsystem xxx /bin/sh -c "exit 18"
	_EOF
	try_subsystem "match user override" xxx 18