xref: /freebsd/crypto/openssh/regress/proxyjump.sh (revision 2574974648c68c738aec3ff96644d888d7913a37) 
1*25749746SEd Maste#	$OpenBSD: proxyjump.sh,v 1.1 2026/03/30 07:19:02 djm Exp $
2*25749746SEd Maste#	Placed in the Public Domain.
3*25749746SEd Maste
4*25749746SEd Mastetid="proxyjump"
5*25749746SEd Maste
6*25749746SEd Maste# Parsing tests
7*25749746SEd Masteverbose "basic parsing"
8*25749746SEd Mastefor jspec in \
9*25749746SEd Maste	"jump1" \
10*25749746SEd Maste	"user@jump1" \
11*25749746SEd Maste	"jump1:2222" \
12*25749746SEd Maste	"user@jump1:2222" \
13*25749746SEd Maste	"jump1,jump2" \
14*25749746SEd Maste	"user1@jump1:2221,user2@jump2:2222" \
15*25749746SEd Maste	"ssh://user@host:2223" \
16*25749746SEd Maste	; do
17*25749746SEd Maste	case "$jspec" in
18*25749746SEd Maste	"jump1")		expected="jump1" ;;
19*25749746SEd Maste	"user@jump1")		expected="user@jump1" ;;
20*25749746SEd Maste	"jump1:2222")		expected="jump1:2222" ;;
21*25749746SEd Maste	"user@jump1:2222")	expected="user@jump1:2222" ;;
22*25749746SEd Maste	"jump1,jump2")		expected="jump1,jump2" ;;
23*25749746SEd Maste	"user1@jump1:2221,user2@jump2:2222")
24*25749746SEd Maste		expected="user1@jump1:2221,user2@jump2:2222" ;;
25*25749746SEd Maste	"ssh://user@host:2223")	expected="user@host:2223" ;;
26*25749746SEd Maste	esac
27*25749746SEd Maste	f=`${SSH} -GF /dev/null -oProxyJump="$jspec" somehost | \
28*25749746SEd Maste		awk '/^proxyjump /{print $2}'`
29*25749746SEd Maste	if [ "$f" != "$expected" ]; then
30*25749746SEd Maste		fail "ProxyJump $jspec: expected $expected, got $f"
31*25749746SEd Maste	fi
32*25749746SEd Maste	f=`${SSH} -GF /dev/null -J "$jspec" somehost | \
33*25749746SEd Maste		awk '/^proxyjump /{print $2}'`
34*25749746SEd Maste	if [ "$f" != "$expected" ]; then
35*25749746SEd Maste		fail "ssh -J $jspec: expected $expected, got $f"
36*25749746SEd Maste	fi
37*25749746SEd Mastedone
38*25749746SEd Maste
39*25749746SEd Masteverbose "precedence"
40*25749746SEd Mastef=`${SSH} -GF /dev/null -oProxyJump=none -oProxyJump=jump1 somehost | \
41*25749746SEd Maste	grep "^proxyjump "`
42*25749746SEd Masteif [ -n "$f" ]; then
43*25749746SEd Maste	fail "ProxyJump=none first did not win"
44*25749746SEd Mastefi
45*25749746SEd Mastef=`${SSH} -GF /dev/null -oProxyJump=jump -oProxyCommand=foo somehost | \
46*25749746SEd Maste	grep "^proxyjump "`
47*25749746SEd Masteif [ "$f" != "proxyjump jump" ]; then
48*25749746SEd Maste	fail "ProxyJump first did not win over ProxyCommand"
49*25749746SEd Mastefi
50*25749746SEd Mastef=`${SSH} -GF /dev/null -oProxyCommand=foo -oProxyJump=jump somehost | \
51*25749746SEd Maste	grep "^proxycommand "`
52*25749746SEd Masteif [ "$f" != "proxycommand foo" ]; then
53*25749746SEd Maste	fail "ProxyCommand first did not win over ProxyJump"
54*25749746SEd Mastefi
55*25749746SEd Maste
56*25749746SEd Masteverbose "command-line -J invalid characters"
57*25749746SEd Mastecp $OBJ/ssh_config $OBJ/ssh_config.orig
58*25749746SEd Mastefor jspec in \
59*25749746SEd Maste	"host;with;semicolon" \
60*25749746SEd Maste	"host'with'quote" \
61*25749746SEd Maste	"host\`with\`backtick" \
62*25749746SEd Maste	"host\$with\$dollar" \
63*25749746SEd Maste	"host(with)brace" \
64*25749746SEd Maste	"user;with;semicolon@host" \
65*25749746SEd Maste	"user'with'quote@host" \
66*25749746SEd Maste	"user\`with\`backtick@host" \
67*25749746SEd Maste	"user(with)brace@host" ; do
68*25749746SEd Maste	${SSH} -GF /dev/null -J "$jspec" somehost >/dev/null 2>&1
69*25749746SEd Maste	if [ $? -ne 255 ]; then
70*25749746SEd Maste		fail "ssh -J \"$jspec\" was not rejected"
71*25749746SEd Maste	fi
72*25749746SEd Maste	${SSH} -GF /dev/null -oProxyJump="$jspec" somehost >/dev/null 2>&1
73*25749746SEd Maste	if [ $? -ne 255 ]; then
74*25749746SEd Maste		fail "ssh -oProxyJump=\"$jspec\" was not rejected"
75*25749746SEd Maste	fi
76*25749746SEd Mastedone
77*25749746SEd Maste# Special characters should be accepted in the config though.
78*25749746SEd Masteecho "ProxyJump user;with;semicolon@host;with;semicolon" >> $OBJ/ssh_config
79*25749746SEd Mastef=`${SSH} -GF $OBJ/ssh_config somehost | grep "^proxyjump "`
80*25749746SEd Masteif [ "$f" != "proxyjump user;with;semicolon@host;with;semicolon" ]; then
81*25749746SEd Maste	fail "ProxyJump did not allow special characters in config: $f"
82*25749746SEd Mastefi
83*25749746SEd Maste
84*25749746SEd Masteverbose "functional test"
85*25749746SEd Maste# Use different names to avoid the loop detection in ssh.c
86*25749746SEd Mastegrep -iv HostKeyAlias $OBJ/ssh_config.orig > $OBJ/ssh_config
87*25749746SEd Mastecat << _EOF >> $OBJ/ssh_config
88*25749746SEd MasteHost jump-host
89*25749746SEd Maste	HostkeyAlias jump-host
90*25749746SEd MasteHost target-host
91*25749746SEd Maste	HostkeyAlias target-host
92*25749746SEd Maste_EOF
93*25749746SEd Mastecp $OBJ/known_hosts $OBJ/known_hosts.orig
94*25749746SEd Mastesed 's/^[^ ]* /jump-host /' < $OBJ/known_hosts.orig > $OBJ/known_hosts
95*25749746SEd Mastesed 's/^[^ ]* /target-host /' < $OBJ/known_hosts.orig >> $OBJ/known_hosts
96*25749746SEd Mastestart_sshd
97*25749746SEd Maste
98*25749746SEd Masteverbose "functional ProxyJump"
99*25749746SEd Masteres=`${REAL_SSH} -F $OBJ/ssh_config -J jump-host target-host echo "SUCCESS" 2>/dev/null`
100*25749746SEd Masteif [ "$res" != "SUCCESS" ]; then
101*25749746SEd Maste	fail "functional test failed: expected SUCCESS, got $res"
102*25749746SEd Mastefi
103