xref: /freebsd/crypto/openssh/regress/dynamic-forward.sh (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1#	$OpenBSD: dynamic-forward.sh,v 1.15 2023/01/06 08:50:33 dtucker Exp $
2#	Placed in the Public Domain.
3
4tid="dynamic forwarding"
5
6# This is a reasonable proxy for IPv6 support.
7if ! config_defined HAVE_STRUCT_IN6_ADDR ; then
8	SKIP_IPV6=yes
9fi
10
11FWDPORT=`expr $PORT + 1`
12make_tmpdir
13CTL=${SSH_REGRESS_TMP}/ctl-sock
14cp $OBJ/ssh_config $OBJ/ssh_config.orig
15proxycmd="$OBJ/netcat -x 127.0.0.1:$FWDPORT -X"
16trace "will use ProxyCommand $proxycmd"
17
18start_ssh() {
19	direction="$1"
20	arg="$2"
21	n=0
22	error="1"
23	trace "start dynamic -$direction forwarding, fork to background"
24	(cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config
25	${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \
26	    -$direction $FWDPORT -oExitOnForwardFailure=yes \
27	    -oControlMaster=yes -oControlPath=$CTL somehost
28	r=$?
29	test $r -eq 0 || fatal "failed to start dynamic forwarding $r"
30	if ! ${REAL_SSH} -qF$OBJ/ssh_config -O check \
31	     -oControlPath=$CTL somehost >/dev/null 2>&1 ; then
32		fatal "forwarding ssh process unresponsive"
33	fi
34}
35
36stop_ssh() {
37	test -S $CTL || return
38	if ! ${REAL_SSH} -qF$OBJ/ssh_config -O exit \
39	     -oControlPath=$CTL >/dev/null somehost >/dev/null ; then
40		fatal "forwarding ssh process did not respond to close"
41	fi
42	n=0
43	while [ "$n" -lt 20 ] ; do
44		test -S $CTL || break
45		sleep 1
46		n=`expr $n + 1`
47	done
48	if test -S $CTL ; then
49		fatal "forwarding ssh process did not exit"
50	fi
51}
52
53check_socks() {
54	direction=$1
55	expect_success=$2
56	for s in 4 5; do
57	    for h in 127.0.0.1 localhost; do
58		trace "testing ssh socks version $s host $h (-$direction)"
59		${REAL_SSH} -q -F $OBJ/ssh_config \
60			-o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \
61			somehost cat ${DATA} > ${COPY}
62		r=$?
63		if [ "x$expect_success" = "xY" ] ; then
64			if [ $r -ne 0 ] ; then
65				fail "ssh failed with exit status $r"
66			fi
67			test -f ${COPY}	 || fail "failed copy ${DATA}"
68			cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
69		elif [ $r -eq 0 ] ; then
70			fail "ssh unexpectedly succeeded"
71		fi
72	    done
73	done
74}
75
76start_sshd
77trap "stop_ssh" EXIT
78
79for d in D R; do
80	verbose "test -$d forwarding"
81	start_ssh $d
82	check_socks $d Y
83	stop_ssh
84	test "x$d" = "xR" || continue
85
86	# Test PermitRemoteOpen
87	verbose "PermitRemoteOpen=any"
88	start_ssh $d PermitRemoteOpen=any
89	check_socks $d Y
90	stop_ssh
91
92	verbose "PermitRemoteOpen=none"
93	start_ssh $d PermitRemoteOpen=none
94	check_socks $d N
95	stop_ssh
96
97	verbose "PermitRemoteOpen=explicit"
98	permit="127.0.0.1:$PORT [::1]:$PORT localhost:$PORT"
99	test -z "$SKIP_IPV6" || permit="127.0.0.1:$PORT localhost:$PORT"
100	start_ssh $d PermitRemoteOpen="$permit"
101	check_socks $d Y
102	stop_ssh
103
104	verbose "PermitRemoteOpen=disallowed"
105	permit="127.0.0.1:1 [::1]:1 localhost:1"
106	test -z "$SKIP_IPV6" || permit="127.0.0.1:1 localhost:1"
107	start_ssh $d PermitRemoteOpen="$permit"
108	check_socks $d N
109	stop_ssh
110done
111