diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-06-10 23:16:46 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-10 23:16:46 +1000 |
| commit | 10f9242b86bc570638b5c0e985e4f4b98c1dd073 (patch) | |
| tree | 1e3d5604e39c1680b258c477ecb76fad41294ed6 | |
| parent | d788b7cb35ed9964f8a15201e3b28e992228eadb (diff) | |
| download | openssh-git-10f9242b86bc570638b5c0e985e4f4b98c1dd073.tar.gz | |
- dtucker@cvs.openbsd.org 2008/06/10 05:23:32
[addrmatch.sh Makefile]
Regress test for Match CIDR rules. ok djm@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | regress/Makefile | 1 | ||||
| -rw-r--r-- | regress/addrmatch.sh | 41 |
3 files changed, 46 insertions, 1 deletions
@@ -29,6 +29,9 @@ - dtucker@cvs.openbsd.org 2008/06/09 18:06:32 [regress/test-exec.sh] Don't generate putty keys if we're not going to use them. ok djm + - dtucker@cvs.openbsd.org 2008/06/10 05:23:32 + [regress/addrmatch.sh regress/Makefile] + Regress test for Match CIDR rules. ok djm@ 20080609 - (dtucker) OpenBSD CVS Sync @@ -4115,4 +4118,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4954 2008/06/10 13:15:54 dtucker Exp $ +$Id: ChangeLog,v 1.4955 2008/06/10 13:16:46 dtucker Exp $ diff --git a/regress/Makefile b/regress/Makefile index b229fca4..bae34de4 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -47,6 +47,7 @@ LTESTS= connect \ reexec \ brokenkeys \ cfgmatch \ + addrmatch \ localcommand \ forcecommand diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh new file mode 100644 index 00000000..f89e9f05 --- /dev/null +++ b/regress/addrmatch.sh @@ -0,0 +1,41 @@ +# $OpenBSD: addrmatch.sh,v 1.0 2008/06/10 05:23:32 dtucker Exp $ +# Placed in the Public Domain. + +tid="address match" + +mv $OBJ/sshd_proxy $OBJ/sshd_proxy_orig + +run_trial() +{ + user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5" + + verbose "test $descr for $user $addr $host" + result=`${SSHD} -f $OBJ/sshd_proxy -T \ + -C user=${user},addr=${addr},host=${host} | \ + awk '/passwordauthentication/ {print $2}'` + if [ "$result" != "$expected" ]; then + fail "failed for $user $addr $host: expected $expected, got $result" + fi +} + +cp $OBJ/sshd_proxy_orig $OBJ/sshd_proxy +cat >>$OBJ/sshd_proxy <<EOD +PasswordAuthentication no +Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com + PasswordAuthentication yes +Match Address 1.1.1.1,::1,!::3,2000::/16 + PasswordAuthentication yes +EOD + +run_trial user 192.168.0.1 somehost yes "permit, first entry" +run_trial user 192.168.30.1 somehost no "deny, negative match" +run_trial user 19.0.0.1 somehost no "deny, no match" +run_trial user 10.255.255.254 somehost yes "permit, list middle" +run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname" +run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address" +run_trial user ::1 somehost.example.com yes "permit, bare IP6 address" +run_trial user ::2 somehost.exaple.com no "deny IPv6" +run_trial user ::3 somehost no "deny IP6 negated" +run_trial user ::4 somehost no "deny, IP6 no match" +run_trial user 2000::1 somehost yes "permit, IP6 network" +run_trial user 2001::1 somehost no "deny, IP6 network" |