xref: /freebsd/crypto/openssh/regress/forwarding.sh (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1#	$OpenBSD: forwarding.sh,v 1.24 2021/05/07 09:23:40 dtucker Exp $
2#	Placed in the Public Domain.
3
4tid="local and remote forwarding"
5
6DATA=/bin/ls${EXEEXT}
7
8start_sshd
9
10base=33
11last=$PORT
12fwd=""
13make_tmpdir
14CTL=${SSH_REGRESS_TMP}/ctl-sock
15
16for j in 0 1 2; do
17	for i in 0 1 2; do
18		a=$base$j$i
19		b=`expr $a + 50`
20		c=$last
21		# fwd chain: $a -> $b -> $c
22		fwd="$fwd -L$a:127.0.0.1:$b -R$b:127.0.0.1:$c"
23		last=$a
24	done
25done
26
27trace "start forwarding, fork to background"
28rm -f $CTL
29${SSH} -S $CTL -N -M -F $OBJ/ssh_config -f $fwd somehost
30
31trace "transfer over forwarded channels and check result"
32${SSH} -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=10' \
33	somehost cat ${DATA} > ${COPY}
34test -s ${COPY}		|| fail "failed copy of ${DATA}"
35cmp ${DATA} ${COPY}	|| fail "corrupted copy of ${DATA}"
36
37${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
38
39for d in L R; do
40	trace "exit on -$d forward failure"
41
42	# this one should succeed
43	${SSH}  -F $OBJ/ssh_config \
44	    -$d ${base}01:127.0.0.1:$PORT \
45	    -$d ${base}02:127.0.0.1:$PORT \
46	    -$d ${base}03:127.0.0.1:$PORT \
47	    -$d ${base}04:127.0.0.1:$PORT \
48	    -oExitOnForwardFailure=yes somehost true
49	if [ $? != 0 ]; then
50		fatal "connection failed, should not"
51	else
52		# this one should fail
53		${SSH} -q -F $OBJ/ssh_config \
54		    -$d ${base}01:127.0.0.1:$PORT \
55		    -$d ${base}02:127.0.0.1:$PORT \
56		    -$d ${base}03:127.0.0.1:$PORT \
57		    -$d ${base}01:localhost:$PORT \
58		    -$d ${base}04:127.0.0.1:$PORT \
59		    -oExitOnForwardFailure=yes somehost true
60		r=$?
61		if [ $r != 255 ]; then
62			fail "connection not termintated, but should ($r)"
63		fi
64	fi
65done
66
67trace "simple clear forwarding"
68${SSH} -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
69
70trace "clear local forward"
71rm -f $CTL
72${SSH} -S $CTL -N -M -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
73    -oClearAllForwardings=yes somehost
74if [ $? != 0 ]; then
75	fail "connection failed with cleared local forwarding"
76else
77	# this one should fail
78	${SSH} -F $OBJ/ssh_config -p ${base}01 somehost true \
79	     >>$TEST_REGRESS_LOGFILE 2>&1 && \
80		fail "local forwarding not cleared"
81fi
82${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
83
84trace "clear remote forward"
85rm -f $CTL
86${SSH} -S $CTL -N -M -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
87    -oClearAllForwardings=yes somehost
88if [ $? != 0 ]; then
89	fail "connection failed with cleared remote forwarding"
90else
91	# this one should fail
92	${SSH} -F $OBJ/ssh_config -p ${base}01 somehost true \
93	     >>$TEST_REGRESS_LOGFILE 2>&1 && \
94		fail "remote forwarding not cleared"
95fi
96${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
97
98trace "stdio forwarding"
99cmd="${SSH} -F $OBJ/ssh_config"
100$cmd -o "ProxyCommand $cmd -q -W localhost:$PORT somehost" somehost true
101if [ $? != 0 ]; then
102	fail "stdio forwarding"
103fi
104
105echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
106echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
107
108trace "config file: start forwarding, fork to background"
109rm -f $CTL
110${SSH} -S $CTL -N -M -F $OBJ/ssh_config -f somehost
111
112trace "config file: transfer over forwarded channels and check result"
113${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=10' \
114	somehost cat ${DATA} > ${COPY}
115test -s ${COPY}		|| fail "failed copy of ${DATA}"
116cmp ${DATA} ${COPY}	|| fail "corrupted copy of ${DATA}"
117
118${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
119
120trace "transfer over chained unix domain socket forwards and check result"
121rm -f $OBJ/unix-[123].fwd
122rm -f $CTL $CTL.[123]
123${SSH} -S $CTL -N -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost
124${SSH} -S $CTL.1 -N -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost
125${SSH} -S $CTL.2 -N -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost
126${SSH} -S $CTL.3 -N -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost
127${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=10' \
128	somehost cat ${DATA} > ${COPY}
129test -s ${COPY}			|| fail "failed copy ${DATA}"
130cmp ${DATA} ${COPY}		|| fail "corrupted copy of ${DATA}"
131
132${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
133${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost 2>/dev/null
134${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost 2>/dev/null
135${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost 2>/dev/null
136
137