1# $OpenBSD: percent.sh,v 1.16 2023/01/14 09:57:08 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="percent expansions" 5 6if [ -x "/usr/xpg4/bin/id" ]; then 7 PATH=/usr/xpg4/bin:$PATH 8 export PATH 9fi 10 11USER=`id -u -n` 12USERID=`id -u` 13HOST=`hostname | cut -f1 -d.` 14HOSTNAME=`hostname` 15HASH="" 16 17# Localcommand is evaluated after connection because %T is not available 18# until then. Because of this we use a different method of exercising it, 19# and we can't override the remote user otherwise authentication will fail. 20# We also have to explicitly enable it. 21echo "permitlocalcommand yes" >> $OBJ/ssh_proxy 22 23trial() 24{ 25 opt="$1"; arg="$2" 26 expect=`echo "$3" | sed 's|^//|/|'` # approximate realpath 27 28 trace "test $opt=$arg $expect" 29 rm -f $OBJ/actual 30 got="" 31 case "$opt" in 32 localcommand) 33 ${SSH} -F $OBJ/ssh_proxy -o $opt="echo '$arg' >$OBJ/actual" \ 34 somehost true 35 got=`cat $OBJ/actual` 36 ;; 37 userknownhostsfile) 38 # Move the userknownhosts file to what the expansion says, 39 # make sure ssh works then put it back. 40 mv "$OBJ/known_hosts" "$OBJ/$expect" 41 ${SSH} -F $OBJ/ssh_proxy -o $opt="$OBJ/$arg" somehost true && \ 42 got="$expect" 43 mv "$OBJ/$expect" "$OBJ/known_hosts" 44 ;; 45 matchexec) 46 (cat $OBJ/ssh_proxy && \ 47 echo "Match Exec \"echo '$arg' >$OBJ/actual\"") \ 48 >$OBJ/ssh_proxy_match 49 ${SSH} -F $OBJ/ssh_proxy_match remuser@somehost true || true 50 got=`cat $OBJ/actual` 51 ;; 52 *forward) 53 # LocalForward and RemoteForward take two args and only 54 # operate on Unix domain socket paths 55 got=`${SSH} -F $OBJ/ssh_proxy -o $opt="/$arg /$arg" -G \ 56 remuser@somehost | awk '$1=="'$opt'"{print $2" "$3}'` 57 expect="/$expect /$expect" 58 ;; 59 *) 60 got=`${SSH} -F $OBJ/ssh_proxy -o $opt="$arg" -G \ 61 remuser@somehost | awk '$1=="'$opt'"{print $2}'` 62 esac 63 if [ "$got" != "$expect" ]; then 64 fail "$opt=$arg expect $expect got $got" 65 fi 66} 67 68for i in matchexec localcommand remotecommand controlpath identityagent \ 69 forwardagent localforward remoteforward userknownhostsfile; do 70 verbose $tid $i percent 71 case "$i" in 72 localcommand|userknownhostsfile) 73 # Any test that's going to actually make a connection needs 74 # to use the real username. 75 REMUSER=$USER ;; 76 *) 77 REMUSER=remuser ;; 78 esac 79 if [ "$i" = "$localcommand" ]; then 80 trial $i '%T' NONE 81 fi 82 # Matches implementation in readconf.c:ssh_connection_hash() 83 if [ ! -z "${OPENSSL_BIN}" ]; then 84 HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | 85 $OPENSSL_BIN sha1 | cut -f2 -d' '` 86 trial $i '%C' $HASH 87 fi 88 trial $i '%%' '%' 89 trial $i '%i' $USERID 90 trial $i '%h' 127.0.0.1 91 trial $i '%L' $HOST 92 trial $i '%l' $HOSTNAME 93 trial $i '%n' somehost 94 trial $i '%k' localhost-with-alias 95 trial $i '%p' $PORT 96 trial $i '%r' $REMUSER 97 trial $i '%u' $USER 98 # We can't specify a full path outside the regress dir, so skip tests 99 # containing %d for UserKnownHostsFile 100 if [ "$i" != "userknownhostsfile" ]; then 101 trial $i '%d' $HOME 102 in='%%/%i/%h/%d/%L/%l/%n/%p/%r/%u' 103 out="%/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" 104 if [ ! -z "${HASH}" ]; then 105 in="$in/%C" 106 out="$out/$HASH" 107 fi 108 trial $i "$in" "$out" 109 fi 110done 111 112# Subset of above since we don't expand shell-style variables on anything that 113# runs a command because the shell will expand those. 114for i in controlpath identityagent forwardagent localforward remoteforward \ 115 userknownhostsfile; do 116 verbose $tid $i dollar 117 FOO=bar 118 export FOO 119 trial $i '${FOO}' $FOO 120done 121 122 123# A subset of options support tilde expansion 124for i in controlpath identityagent forwardagent; do 125 verbose $tid $i tilde 126 trial $i '~' $HOME/ 127 trial $i '~/.ssh' $HOME/.ssh 128done 129