summaryrefslogtreecommitdiffstats
path: root/regress/dynamic-forward.sh
diff options
context:
space:
mode:
Diffstat (limited to 'regress/dynamic-forward.sh')
-rw-r--r--regress/dynamic-forward.sh110
1 files changed, 110 insertions, 0 deletions
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh
new file mode 100644
index 0000000..5a4aa6d
--- /dev/null
+++ b/regress/dynamic-forward.sh
@@ -0,0 +1,110 @@
+# $OpenBSD: dynamic-forward.sh,v 1.15 2023/01/06 08:50:33 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="dynamic forwarding"
+
+# This is a reasonable proxy for IPv6 support.
+if ! config_defined HAVE_STRUCT_IN6_ADDR ; then
+ SKIP_IPV6=yes
+fi
+
+FWDPORT=`expr $PORT + 1`
+make_tmpdir
+CTL=${SSH_REGRESS_TMP}/ctl-sock
+cp $OBJ/ssh_config $OBJ/ssh_config.orig
+proxycmd="$OBJ/netcat -x 127.0.0.1:$FWDPORT -X"
+trace "will use ProxyCommand $proxycmd"
+
+start_ssh() {
+ direction="$1"
+ arg="$2"
+ n=0
+ error="1"
+ trace "start dynamic -$direction forwarding, fork to background"
+ (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config
+ ${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \
+ -$direction $FWDPORT -oExitOnForwardFailure=yes \
+ -oControlMaster=yes -oControlPath=$CTL somehost
+ r=$?
+ test $r -eq 0 || fatal "failed to start dynamic forwarding $r"
+ if ! ${REAL_SSH} -qF$OBJ/ssh_config -O check \
+ -oControlPath=$CTL somehost >/dev/null 2>&1 ; then
+ fatal "forwarding ssh process unresponsive"
+ fi
+}
+
+stop_ssh() {
+ test -S $CTL || return
+ if ! ${REAL_SSH} -qF$OBJ/ssh_config -O exit \
+ -oControlPath=$CTL >/dev/null somehost >/dev/null ; then
+ fatal "forwarding ssh process did not respond to close"
+ fi
+ n=0
+ while [ "$n" -lt 20 ] ; do
+ test -S $CTL || break
+ sleep 1
+ n=`expr $n + 1`
+ done
+ if test -S $CTL ; then
+ fatal "forwarding ssh process did not exit"
+ fi
+}
+
+check_socks() {
+ direction=$1
+ expect_success=$2
+ for s in 4 5; do
+ for h in 127.0.0.1 localhost; do
+ trace "testing ssh socks version $s host $h (-$direction)"
+ ${REAL_SSH} -q -F $OBJ/ssh_config \
+ -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \
+ somehost cat ${DATA} > ${COPY}
+ r=$?
+ if [ "x$expect_success" = "xY" ] ; then
+ if [ $r -ne 0 ] ; then
+ fail "ssh failed with exit status $r"
+ fi
+ test -f ${COPY} || fail "failed copy ${DATA}"
+ cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
+ elif [ $r -eq 0 ] ; then
+ fail "ssh unexpectedly succeeded"
+ fi
+ done
+ done
+}
+
+start_sshd
+trap "stop_ssh" EXIT
+
+for d in D R; do
+ verbose "test -$d forwarding"
+ start_ssh $d
+ check_socks $d Y
+ stop_ssh
+ test "x$d" = "xR" || continue
+
+ # Test PermitRemoteOpen
+ verbose "PermitRemoteOpen=any"
+ start_ssh $d PermitRemoteOpen=any
+ check_socks $d Y
+ stop_ssh
+
+ verbose "PermitRemoteOpen=none"
+ start_ssh $d PermitRemoteOpen=none
+ check_socks $d N
+ stop_ssh
+
+ verbose "PermitRemoteOpen=explicit"
+ permit="127.0.0.1:$PORT [::1]:$PORT localhost:$PORT"
+ test -z "$SKIP_IPV6" || permit="127.0.0.1:$PORT localhost:$PORT"
+ start_ssh $d PermitRemoteOpen="$permit"
+ check_socks $d Y
+ stop_ssh
+
+ verbose "PermitRemoteOpen=disallowed"
+ permit="127.0.0.1:1 [::1]:1 localhost:1"
+ test -z "$SKIP_IPV6" || permit="127.0.0.1:1 localhost:1"
+ start_ssh $d PermitRemoteOpen="$permit"
+ check_socks $d N
+ stop_ssh
+done