xref: /freebsd/crypto/openssh/regress/dynamic-forward.sh (revision aa1a8ff2d6dbc51ef058f46f3db5a8bb77967145) 
1#	$OpenBSD: dynamic-forward.sh,v 1.17 2024/03/08 11:34:10 dtucker Exp $
2#	Placed in the Public Domain.
3
4tid="dynamic forwarding"
5
6# This is a reasonable proxy for IPv6 support.
7if ! config_defined HAVE_STRUCT_IN6_ADDR ; then
8	SKIP_IPV6=yes
9fi
10
11FWDPORT=`expr $PORT + 1`
12make_tmpdir
13CTL=${SSH_REGRESS_TMP}/ctl-sock
14cp $OBJ/ssh_config $OBJ/ssh_config.orig
15proxycmd="$OBJ/netcat -x 127.0.0.1:$FWDPORT -X"
16trace "will use ProxyCommand $proxycmd"
17
18start_ssh() {
19	direction="$1"
20	arg="$2"
21	n=0
22	error="1"
23	# Use a multiplexed ssh so we can control its lifecycle.
24	trace "start dynamic -$direction forwarding, fork to background"
25	(cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config
26	${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \
27	    -$direction $FWDPORT -oExitOnForwardFailure=yes \
28	    -oControlMaster=yes -oControlPath=$CTL somehost
29	r=$?
30	test $r -eq 0 || fatal "failed to start dynamic forwarding $r"
31	if ! ${REAL_SSH} -qF$OBJ/ssh_config -O check \
32	     -oControlPath=$CTL somehost >/dev/null 2>&1 ; then
33		fatal "forwarding ssh process unresponsive"
34	fi
35}
36
37stop_ssh() {
38	test -S $CTL || return
39	if ! ${REAL_SSH} -qF$OBJ/ssh_config -O exit \
40	     -oControlPath=$CTL >/dev/null somehost >/dev/null ; then
41		fatal "forwarding ssh process did not respond to close"
42	fi
43	n=0
44	while [ "$n" -lt 20 ] ; do
45		test -S $CTL || break
46		sleep 1
47		n=`expr $n + 1`
48	done
49	if test -S $CTL ; then
50		fatal "forwarding ssh process did not exit"
51	fi
52}
53
54check_socks() {
55	direction=$1
56	expect_success=$2
57	for s in 4 5; do
58	    for h in 127.0.0.1 localhost; do
59		trace "testing ssh socks version $s host $h (-$direction)"
60		${REAL_SSH} -q -F $OBJ/ssh_config -o \
61		   "ProxyCommand ${TEST_SHELL} -c '${proxycmd}${s} $h $PORT 2>/dev/null'" \
62		   somehost cat ${DATA} > ${COPY}
63		r=$?
64		if [ "x$expect_success" = "xY" ] ; then
65			if [ $r -ne 0 ] ; then
66				fail "ssh failed with exit status $r"
67			fi
68			test -f ${COPY}	 || fail "failed copy ${DATA}"
69			cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
70		elif [ $r -eq 0 ] ; then
71			fail "ssh unexpectedly succeeded"
72		fi
73	    done
74	done
75}
76
77start_sshd
78trap "stop_ssh" EXIT
79
80for d in D R; do
81	verbose "test -$d forwarding"
82	start_ssh $d
83	check_socks $d Y
84	stop_ssh
85	test "x$d" = "xR" || continue
86
87	# Test PermitRemoteOpen
88	verbose "PermitRemoteOpen=any"
89	start_ssh $d PermitRemoteOpen=any
90	check_socks $d Y
91	stop_ssh
92
93	verbose "PermitRemoteOpen=none"
94	start_ssh $d PermitRemoteOpen=none
95	check_socks $d N
96	stop_ssh
97
98	verbose "PermitRemoteOpen=explicit"
99	permit="127.0.0.1:$PORT [::1]:$PORT localhost:$PORT"
100	test -z "$SKIP_IPV6" || permit="127.0.0.1:$PORT localhost:$PORT"
101	start_ssh $d PermitRemoteOpen="$permit"
102	check_socks $d Y
103	stop_ssh
104
105	verbose "PermitRemoteOpen=disallowed"
106	permit="127.0.0.1:1 [::1]:1 localhost:1"
107	test -z "$SKIP_IPV6" || permit="127.0.0.1:1 localhost:1"
108	start_ssh $d PermitRemoteOpen="$permit"
109	check_socks $d N
110	stop_ssh
111done
112