1# $OpenBSD: percent.sh,v 1.17 2023/03/27 03:56:50 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="percent expansions" 5 6if [ -x "/usr/xpg4/bin/id" ]; then 7 PATH=/usr/xpg4/bin:$PATH 8 export PATH 9fi 10 11USER=`id -u -n` 12USERID=`id -u` 13HOST=`hostname | cut -f1 -d.` 14HOSTNAME=`hostname` 15HASH="" 16 17# Localcommand is evaluated after connection because %T is not available 18# until then. Because of this we use a different method of exercising it, 19# and we can't override the remote user otherwise authentication will fail. 20# We also have to explicitly enable it. 21echo "permitlocalcommand yes" >> $OBJ/ssh_proxy 22 23trial() 24{ 25 opt="$1"; arg="$2" 26 expect=`echo "$3" | sed 's|^//|/|'` # approximate realpath 27 28 trace "test $opt=$arg $expect" 29 rm -f $OBJ/actual 30 got="" 31 case "$opt" in 32 localcommand) 33 ${SSH} -F $OBJ/ssh_proxy -o $opt="echo '$arg' >$OBJ/actual" \ 34 somehost true 35 got=`cat $OBJ/actual` 36 ;; 37 userknownhostsfile) 38 # Move the userknownhosts file to what the expansion says, 39 # make sure ssh works then put it back. 40 mv "$OBJ/known_hosts" "$OBJ/$expect" 41 ${SSH} -F $OBJ/ssh_proxy -o $opt="$OBJ/$arg" somehost true && \ 42 got="$expect" 43 mv "$OBJ/$expect" "$OBJ/known_hosts" 44 ;; 45 matchexec) 46 (cat $OBJ/ssh_proxy && \ 47 echo "Match Exec \"echo '$arg' >$OBJ/actual\"") \ 48 >$OBJ/ssh_proxy_match 49 ${SSH} -F $OBJ/ssh_proxy_match remuser@somehost true || true 50 got=`cat $OBJ/actual` 51 ;; 52 *forward) 53 # LocalForward and RemoteForward take two args and only 54 # operate on Unix domain socket paths 55 got=`${SSH} -F $OBJ/ssh_proxy -o $opt="/$arg /$arg" -G \ 56 remuser@somehost | awk '$1=="'$opt'"{print $2" "$3}'` 57 expect="/$expect /$expect" 58 ;; 59 *) 60 got=`${SSH} -F $OBJ/ssh_proxy -o $opt="$arg" -G \ 61 remuser@somehost | awk '$1=="'$opt'"{print $2}'` 62 esac 63 if [ "$got" != "$expect" ]; then 64 fail "$opt=$arg expect $expect got $got" 65 fi 66} 67 68for i in matchexec localcommand remotecommand controlpath identityagent \ 69 forwardagent localforward remoteforward revokedhostkeys \ 70 userknownhostsfile; do 71 verbose $tid $i percent 72 case "$i" in 73 localcommand|userknownhostsfile) 74 # Any test that's going to actually make a connection needs 75 # to use the real username. 76 REMUSER=$USER ;; 77 *) 78 REMUSER=remuser ;; 79 esac 80 if [ "$i" = "$localcommand" ]; then 81 trial $i '%T' NONE 82 fi 83 # Matches implementation in readconf.c:ssh_connection_hash() 84 if [ ! -z "${OPENSSL_BIN}" ]; then 85 HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | 86 $OPENSSL_BIN sha1 | cut -f2 -d' '` 87 trial $i '%C' $HASH 88 fi 89 trial $i '%%' '%' 90 trial $i '%i' $USERID 91 trial $i '%h' 127.0.0.1 92 trial $i '%L' $HOST 93 trial $i '%l' $HOSTNAME 94 trial $i '%n' somehost 95 trial $i '%k' localhost-with-alias 96 trial $i '%p' $PORT 97 trial $i '%r' $REMUSER 98 trial $i '%u' $USER 99 # We can't specify a full path outside the regress dir, so skip tests 100 # containing %d for UserKnownHostsFile 101 if [ "$i" != "userknownhostsfile" ]; then 102 trial $i '%d' $HOME 103 in='%%/%i/%h/%d/%L/%l/%n/%p/%r/%u' 104 out="%/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" 105 if [ ! -z "${HASH}" ]; then 106 in="$in/%C" 107 out="$out/$HASH" 108 fi 109 trial $i "$in" "$out" 110 fi 111done 112 113# Subset of above since we don't expand shell-style variables on anything that 114# runs a command because the shell will expand those. 115for i in controlpath identityagent forwardagent localforward remoteforward \ 116 userknownhostsfile; do 117 verbose $tid $i dollar 118 FOO=bar 119 export FOO 120 trial $i '${FOO}' $FOO 121done 122 123 124# A subset of options support tilde expansion 125for i in controlpath identityagent forwardagent; do 126 verbose $tid $i tilde 127 trial $i '~' $HOME/ 128 trial $i '~/.ssh' $HOME/.ssh 129done 130