xref: /freebsd/crypto/openssh/regress/percent.sh (revision 5e3190f700637fcfc1a52daeaa4a031fdd2557c7)
1#	$OpenBSD: percent.sh,v 1.17 2023/03/27 03:56:50 dtucker Exp $
2#	Placed in the Public Domain.
3
4tid="percent expansions"
5
6if [ -x "/usr/xpg4/bin/id" ]; then
7	PATH=/usr/xpg4/bin:$PATH
8	export PATH
9fi
10
11USER=`id -u -n`
12USERID=`id -u`
13HOST=`hostname | cut -f1 -d.`
14HOSTNAME=`hostname`
15HASH=""
16
17# Localcommand is evaluated after connection because %T is not available
18# until then.  Because of this we use a different method of exercising it,
19# and we can't override the remote user otherwise authentication will fail.
20# We also have to explicitly enable it.
21echo "permitlocalcommand yes" >> $OBJ/ssh_proxy
22
23trial()
24{
25	opt="$1"; arg="$2"
26	expect=`echo "$3" | sed 's|^//|/|'` # approximate realpath
27
28	trace "test $opt=$arg $expect"
29	rm -f $OBJ/actual
30	got=""
31	case "$opt" in
32	localcommand)
33		${SSH} -F $OBJ/ssh_proxy -o $opt="echo '$arg' >$OBJ/actual" \
34		    somehost true
35		got=`cat $OBJ/actual`
36		;;
37	userknownhostsfile)
38		# Move the userknownhosts file to what the expansion says,
39		# make sure ssh works then put it back.
40		mv "$OBJ/known_hosts" "$OBJ/$expect"
41		${SSH} -F $OBJ/ssh_proxy -o $opt="$OBJ/$arg" somehost true && \
42			got="$expect"
43		mv "$OBJ/$expect" "$OBJ/known_hosts"
44		;;
45	matchexec)
46		(cat $OBJ/ssh_proxy && \
47		 echo "Match Exec \"echo '$arg' >$OBJ/actual\"") \
48		    >$OBJ/ssh_proxy_match
49		${SSH} -F $OBJ/ssh_proxy_match remuser@somehost true || true
50		got=`cat $OBJ/actual`
51		;;
52	*forward)
53		# LocalForward and RemoteForward take two args and only
54		# operate on Unix domain socket paths
55		got=`${SSH} -F $OBJ/ssh_proxy -o $opt="/$arg /$arg" -G \
56		    remuser@somehost | awk '$1=="'$opt'"{print $2" "$3}'`
57		expect="/$expect /$expect"
58		;;
59	*)
60		got=`${SSH} -F $OBJ/ssh_proxy -o $opt="$arg" -G \
61		    remuser@somehost | awk '$1=="'$opt'"{print $2}'`
62	esac
63	if [ "$got" != "$expect" ]; then
64		fail "$opt=$arg expect $expect got $got"
65	fi
66}
67
68for i in matchexec localcommand remotecommand controlpath identityagent \
69    forwardagent localforward remoteforward revokedhostkeys \
70    userknownhostsfile; do
71	verbose $tid $i percent
72	case "$i" in
73	localcommand|userknownhostsfile)
74		# Any test that's going to actually make a connection needs
75		# to use the real username.
76		REMUSER=$USER ;;
77	*)
78		REMUSER=remuser ;;
79	esac
80	if [ "$i" = "$localcommand" ]; then
81		trial $i '%T' NONE
82	fi
83	# Matches implementation in readconf.c:ssh_connection_hash()
84	if [ ! -z "${OPENSSL_BIN}" ]; then
85		HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" |
86		    $OPENSSL_BIN sha1 | cut -f2 -d' '`
87		trial $i '%C' $HASH
88	fi
89	trial $i '%%' '%'
90	trial $i '%i' $USERID
91	trial $i '%h' 127.0.0.1
92	trial $i '%L' $HOST
93	trial $i '%l' $HOSTNAME
94	trial $i '%n' somehost
95	trial $i '%k' localhost-with-alias
96	trial $i '%p' $PORT
97	trial $i '%r' $REMUSER
98	trial $i '%u' $USER
99	# We can't specify a full path outside the regress dir, so skip tests
100	# containing %d for UserKnownHostsFile
101	if [ "$i" != "userknownhostsfile" ]; then
102		trial $i '%d' $HOME
103		in='%%/%i/%h/%d/%L/%l/%n/%p/%r/%u'
104		out="%/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
105		if [ ! -z "${HASH}" ]; then
106			in="$in/%C"
107			out="$out/$HASH"
108		fi
109		trial $i "$in" "$out"
110	fi
111done
112
113# Subset of above since we don't expand shell-style variables on anything that
114# runs a command because the shell will expand those.
115for i in controlpath identityagent forwardagent localforward remoteforward \
116    userknownhostsfile; do
117	verbose $tid $i dollar
118	FOO=bar
119	export FOO
120	trial $i '${FOO}' $FOO
121done
122
123
124# A subset of options support tilde expansion
125for i in controlpath identityagent forwardagent; do
126	verbose $tid $i tilde
127	trial $i '~' $HOME/
128	trial $i '~/.ssh' $HOME/.ssh
129done
130