1# $OpenBSD: percent.sh,v 1.13 2021/07/25 12:13:03 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="percent expansions" 5 6if [ -x "/usr/xpg4/bin/id" ]; then 7 PATH=/usr/xpg4/bin:$PATH 8 export PATH 9fi 10 11USER=`id -u -n` 12USERID=`id -u` 13HOST=`hostname | cut -f1 -d.` 14HOSTNAME=`hostname` 15 16# Localcommand is evaluated after connection because %T is not available 17# until then. Because of this we use a different method of exercising it, 18# and we can't override the remote user otherwise authentication will fail. 19# We also have to explicitly enable it. 20echo "permitlocalcommand yes" >> $OBJ/ssh_proxy 21 22trial() 23{ 24 opt="$1"; arg="$2"; expect="$3" 25 26 trace "test $opt=$arg $expect" 27 rm -f $OBJ/actual 28 got="" 29 case "$opt" in 30 localcommand) 31 ${SSH} -F $OBJ/ssh_proxy -o $opt="echo '$arg' >$OBJ/actual" \ 32 somehost true 33 got=`cat $OBJ/actual` 34 ;; 35 userknownhostsfile) 36 # Move the userknownhosts file to what the expansion says, 37 # make sure ssh works then put it back. 38 mv "$OBJ/known_hosts" "$OBJ/$expect" 39 ${SSH} -F $OBJ/ssh_proxy -o $opt="$OBJ/$arg" somehost true && \ 40 got="$expect" 41 mv "$OBJ/$expect" "$OBJ/known_hosts" 42 ;; 43 matchexec) 44 (cat $OBJ/ssh_proxy && \ 45 echo "Match Exec \"echo '$arg' >$OBJ/actual\"") \ 46 >$OBJ/ssh_proxy_match 47 ${SSH} -F $OBJ/ssh_proxy_match remuser@somehost true || true 48 got=`cat $OBJ/actual` 49 ;; 50 *forward) 51 # LocalForward and RemoteForward take two args and only 52 # operate on Unix domain socket paths 53 got=`${SSH} -F $OBJ/ssh_proxy -o $opt="/$arg /$arg" -G \ 54 remuser@somehost | awk '$1=="'$opt'"{print $2" "$3}'` 55 expect="/$expect /$expect" 56 ;; 57 *) 58 got=`${SSH} -F $OBJ/ssh_proxy -o $opt="$arg" -G \ 59 remuser@somehost | awk '$1=="'$opt'"{print $2}'` 60 esac 61 if [ "$got" != "$expect" ]; then 62 fail "$opt=$arg expect $expect got $got" 63 fi 64} 65 66for i in matchexec localcommand remotecommand controlpath identityagent \ 67 forwardagent localforward remoteforward userknownhostsfile; do 68 verbose $tid $i percent 69 case "$i" in 70 localcommand|userknownhostsfile) 71 # Any test that's going to actually make a connection needs 72 # to use the real username. 73 REMUSER=$USER ;; 74 *) 75 REMUSER=remuser ;; 76 esac 77 if [ "$i" = "$localcommand" ]; then 78 trial $i '%T' NONE 79 fi 80 # Matches implementation in readconf.c:ssh_connection_hash() 81 HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | 82 $OPENSSL_BIN sha1 | cut -f2 -d' '` 83 trial $i '%%' '%' 84 trial $i '%C' $HASH 85 trial $i '%i' $USERID 86 trial $i '%h' 127.0.0.1 87 trial $i '%L' $HOST 88 trial $i '%l' $HOSTNAME 89 trial $i '%n' somehost 90 trial $i '%k' localhost-with-alias 91 trial $i '%p' $PORT 92 trial $i '%r' $REMUSER 93 trial $i '%u' $USER 94 # We can't specify a full path outside the regress dir, so skip tests 95 # containing %d for UserKnownHostsFile 96 if [ "$i" != "userknownhostsfile" ]; then 97 trial $i '%d' $HOME 98 trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \ 99 "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" 100 fi 101done 102 103# Subset of above since we don't expand shell-style variables on anything that 104# runs a command because the shell will expand those. 105for i in controlpath identityagent forwardagent localforward remoteforward \ 106 userknownhostsfile; do 107 verbose $tid $i dollar 108 FOO=bar 109 export FOO 110 trial $i '${FOO}' $FOO 111done 112 113 114# A subset of options support tilde expansion 115for i in controlpath identityagent forwardagent; do 116 verbose $tid $i tilde 117 trial $i '~' $HOME/ 118 trial $i '~/.ssh' $HOME/.ssh 119done 120