1*edf85781SEd Maste# $OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $ 2*edf85781SEd Maste# Placed in the Public Domain. 3*edf85781SEd Maste 4*edf85781SEd Mastetid="sshd_config match subsystem" 5*edf85781SEd Maste 6*edf85781SEd Mastecp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7*edf85781SEd Maste 8*edf85781SEd Mastetry_subsystem() { 9*edf85781SEd Maste _id=$1 10*edf85781SEd Maste _subsystem=$2 11*edf85781SEd Maste _expect=$3 12*edf85781SEd Maste ${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config" 13*edf85781SEd Maste ${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem 14*edf85781SEd Maste _exit=$? 15*edf85781SEd Maste trace "$_id subsystem $_subsystem" 16*edf85781SEd Maste if [ $_exit -ne $_expect ] ; then 17*edf85781SEd Maste fail "$_id: subsystem $_subsystem exit $_exit expected $_expect" 18*edf85781SEd Maste fi 19*edf85781SEd Maste return $? 20*edf85781SEd Maste} 21*edf85781SEd Maste 22*edf85781SEd Maste# Simple case: subsystem in main config. 23*edf85781SEd Mastecp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 24*edf85781SEd Mastecat >> $OBJ/sshd_proxy << _EOF 25*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 23" 26*edf85781SEd Maste_EOF 27*edf85781SEd Mastetry_subsystem "main config" xxx 23 28*edf85781SEd Maste 29*edf85781SEd Maste# No clobber in main config. 30*edf85781SEd Mastecp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 31*edf85781SEd Mastecat >> $OBJ/sshd_proxy << _EOF 32*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 23" 33*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 24" 34*edf85781SEd Maste_EOF 35*edf85781SEd Mastetry_subsystem "main config no clobber" xxx 23 36*edf85781SEd Maste 37*edf85781SEd Maste# Subsystem in match all block 38*edf85781SEd Mastecp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 39*edf85781SEd Mastecat >> $OBJ/sshd_proxy << _EOF 40*edf85781SEd MasteMatch all 41*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 21" 42*edf85781SEd Maste_EOF 43*edf85781SEd Mastetry_subsystem "match all" xxx 21 44*edf85781SEd Maste 45*edf85781SEd Maste# No clobber in match all block 46*edf85781SEd Mastecp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 47*edf85781SEd Mastecat >> $OBJ/sshd_proxy << _EOF 48*edf85781SEd MasteMatch all 49*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 21" 50*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 24" 51*edf85781SEd Maste_EOF 52*edf85781SEd Mastetry_subsystem "match all no clobber" xxx 21 53*edf85781SEd Maste 54*edf85781SEd Maste# Subsystem in match user block 55*edf85781SEd Mastecp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 56*edf85781SEd Mastecat >> $OBJ/sshd_proxy << _EOF 57*edf85781SEd MasteMatch user * 58*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 20" 59*edf85781SEd Maste_EOF 60*edf85781SEd Mastetry_subsystem "match user" xxx 20 61*edf85781SEd Maste 62*edf85781SEd Maste# No clobber in match user block 63*edf85781SEd Mastecp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 64*edf85781SEd Mastecat >> $OBJ/sshd_proxy << _EOF 65*edf85781SEd MasteMatch user * 66*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 20" 67*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 24" 68*edf85781SEd MasteMatch all 69*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 24" 70*edf85781SEd Maste_EOF 71*edf85781SEd Mastetry_subsystem "match user no clobber" xxx 20 72*edf85781SEd Maste 73*edf85781SEd Maste# Override main with match all 74*edf85781SEd Mastecp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 75*edf85781SEd Mastecat >> $OBJ/sshd_proxy << _EOF 76*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 23" 77*edf85781SEd MasteMatch all 78*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 19" 79*edf85781SEd Maste_EOF 80*edf85781SEd Mastetry_subsystem "match all override" xxx 19 81*edf85781SEd Maste 82*edf85781SEd Maste# Override main with match user 83*edf85781SEd Mastecp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 84*edf85781SEd Mastecat >> $OBJ/sshd_proxy << _EOF 85*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 23" 86*edf85781SEd MasteMatch user * 87*edf85781SEd MasteSubsystem xxx /bin/sh -c "exit 18" 88*edf85781SEd Maste_EOF 89*edf85781SEd Mastetry_subsystem "match user override" xxx 18 90*edf85781SEd Maste 91