diff options
Diffstat (limited to 'regress/dynamic-forward.sh')
-rw-r--r-- | regress/dynamic-forward.sh | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh new file mode 100644 index 0000000..5a4aa6d --- /dev/null +++ b/regress/dynamic-forward.sh @@ -0,0 +1,110 @@ +# $OpenBSD: dynamic-forward.sh,v 1.15 2023/01/06 08:50:33 dtucker Exp $ +# Placed in the Public Domain. + +tid="dynamic forwarding" + +# This is a reasonable proxy for IPv6 support. +if ! config_defined HAVE_STRUCT_IN6_ADDR ; then + SKIP_IPV6=yes +fi + +FWDPORT=`expr $PORT + 1` +make_tmpdir +CTL=${SSH_REGRESS_TMP}/ctl-sock +cp $OBJ/ssh_config $OBJ/ssh_config.orig +proxycmd="$OBJ/netcat -x 127.0.0.1:$FWDPORT -X" +trace "will use ProxyCommand $proxycmd" + +start_ssh() { + direction="$1" + arg="$2" + n=0 + error="1" + trace "start dynamic -$direction forwarding, fork to background" + (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config + ${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \ + -$direction $FWDPORT -oExitOnForwardFailure=yes \ + -oControlMaster=yes -oControlPath=$CTL somehost + r=$? + test $r -eq 0 || fatal "failed to start dynamic forwarding $r" + if ! ${REAL_SSH} -qF$OBJ/ssh_config -O check \ + -oControlPath=$CTL somehost >/dev/null 2>&1 ; then + fatal "forwarding ssh process unresponsive" + fi +} + +stop_ssh() { + test -S $CTL || return + if ! ${REAL_SSH} -qF$OBJ/ssh_config -O exit \ + -oControlPath=$CTL >/dev/null somehost >/dev/null ; then + fatal "forwarding ssh process did not respond to close" + fi + n=0 + while [ "$n" -lt 20 ] ; do + test -S $CTL || break + sleep 1 + n=`expr $n + 1` + done + if test -S $CTL ; then + fatal "forwarding ssh process did not exit" + fi +} + +check_socks() { + direction=$1 + expect_success=$2 + for s in 4 5; do + for h in 127.0.0.1 localhost; do + trace "testing ssh socks version $s host $h (-$direction)" + ${REAL_SSH} -q -F $OBJ/ssh_config \ + -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \ + somehost cat ${DATA} > ${COPY} + r=$? + if [ "x$expect_success" = "xY" ] ; then + if [ $r -ne 0 ] ; then + fail "ssh failed with exit status $r" + fi + test -f ${COPY} || fail "failed copy ${DATA}" + cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" + elif [ $r -eq 0 ] ; then + fail "ssh unexpectedly succeeded" + fi + done + done +} + +start_sshd +trap "stop_ssh" EXIT + +for d in D R; do + verbose "test -$d forwarding" + start_ssh $d + check_socks $d Y + stop_ssh + test "x$d" = "xR" || continue + + # Test PermitRemoteOpen + verbose "PermitRemoteOpen=any" + start_ssh $d PermitRemoteOpen=any + check_socks $d Y + stop_ssh + + verbose "PermitRemoteOpen=none" + start_ssh $d PermitRemoteOpen=none + check_socks $d N + stop_ssh + + verbose "PermitRemoteOpen=explicit" + permit="127.0.0.1:$PORT [::1]:$PORT localhost:$PORT" + test -z "$SKIP_IPV6" || permit="127.0.0.1:$PORT localhost:$PORT" + start_ssh $d PermitRemoteOpen="$permit" + check_socks $d Y + stop_ssh + + verbose "PermitRemoteOpen=disallowed" + permit="127.0.0.1:1 [::1]:1 localhost:1" + test -z "$SKIP_IPV6" || permit="127.0.0.1:1 localhost:1" + start_ssh $d PermitRemoteOpen="$permit" + check_socks $d N + stop_ssh +done |