xref: /freebsd/crypto/openssh/regress/servcfginclude.sh (revision 643ac419fafba89f5adda0e0ea75b538727453fb)
1#	Placed in the Public Domain.
2
3tid="server config include"
4
5cat > $OBJ/sshd_config.i << _EOF
6HostKey $OBJ/host.ssh-ed25519
7Match host a
8	Banner /aa
9
10Match host b
11	Banner /bb
12	Include $OBJ/sshd_config.i.* # comment
13
14Match host c
15	Include $OBJ/sshd_config.i.* # comment
16	Banner /cc
17
18Match host m
19	Include $OBJ/sshd_config.i.*
20
21Match Host d
22	Banner /dd # comment
23
24Match Host e
25	Banner /ee
26	Include $OBJ/sshd_config.i.*
27
28Match Host f
29	Include $OBJ/sshd_config.i.*
30	Banner /ff
31
32Match Host n
33	Include $OBJ/sshd_config.i.*
34_EOF
35
36cat > $OBJ/sshd_config.i.0 << _EOF
37Match host xxxxxx
38_EOF
39
40cat > $OBJ/sshd_config.i.1 << _EOF
41Match host a
42	Banner /aaa
43
44Match host b
45	Banner /bbb
46
47Match host c
48	Banner /ccc
49
50Match Host d
51	Banner /ddd
52
53Match Host e
54	Banner /eee
55
56Match Host f
57	Banner /fff
58_EOF
59
60cat > $OBJ/sshd_config.i.2 << _EOF
61Match host a
62	Banner /aaaa
63
64Match host b
65	Banner /bbbb
66
67Match host c # comment
68	Banner /cccc
69
70Match Host d
71	Banner /dddd
72
73Match Host e
74	Banner /eeee
75
76Match Host f
77	Banner /ffff
78
79Match all
80	Banner /xxxx
81_EOF
82
83trial() {
84	_host="$1"
85	_exp="$2"
86	_desc="$3"
87	test -z "$_desc" && _desc="test match"
88	trace "$_desc host=$_host expect=$_exp"
89	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
90	    -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
91		fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
92	_got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
93	if test "x$_exp" != "x$_got" ; then
94		fail "$desc_ host $_host include fail: expected $_exp got $_got"
95	fi
96}
97
98trial a /aa
99trial b /bb
100trial c /ccc
101trial d /dd
102trial e /ee
103trial f /fff
104trial m /xxxx
105trial n /xxxx
106trial x none
107
108# Prepare an included config with an error.
109
110cat > $OBJ/sshd_config.i.3 << _EOF
111Banner xxxx
112	Junk
113_EOF
114
115trace "disallow invalid config host=a"
116${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
117    -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
118	fail "sshd include allowed invalid config"
119
120trace "disallow invalid config host=x"
121${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
122    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
123	fail "sshd include allowed invalid config"
124
125rm -f $OBJ/sshd_config.i.*
126
127# Ensure that a missing include is not fatal.
128cat > $OBJ/sshd_config.i << _EOF
129HostKey $OBJ/host.ssh-ed25519
130Include $OBJ/sshd_config.i.*
131Banner /aa
132_EOF
133
134trial a /aa "missing include non-fatal"
135
136# Ensure that Match/Host in an included config does not affect parent.
137cat > $OBJ/sshd_config.i.x << _EOF
138Match host x
139_EOF
140
141trial a /aa "included file does not affect match state"
142
143# Ensure the empty include directive is not accepted
144cat > $OBJ/sshd_config.i.x << _EOF
145Include
146_EOF
147
148trace "disallow invalid with no argument"
149${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x -T \
150    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
151	fail "sshd allowed Include with no argument"
152
153# Ensure the Include before any Match block works as expected (bug #3122)
154cat > $OBJ/sshd_config.i << _EOF
155Banner /xx
156HostKey $OBJ/host.ssh-ed25519
157Include $OBJ/sshd_config.i.2
158Match host a
159	Banner /aaaa
160_EOF
161cat > $OBJ/sshd_config.i.2 << _EOF
162Match host a
163	Banner /aa
164_EOF
165
166trace "Include before match blocks"
167trial a /aa "included file before match blocks is properly evaluated"
168
169# Port in included file is correctly interpretted (bug #3169)
170cat > $OBJ/sshd_config.i << _EOF
171Include $OBJ/sshd_config.i.2
172Port 7722
173_EOF
174cat > $OBJ/sshd_config.i.2 << _EOF
175HostKey $OBJ/host.ssh-ed25519
176_EOF
177
178trace "Port after included files"
179${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
180    -C "host=x,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out || \
181	fail "failed to parse Port after included files"
182_port=`grep -i '^port ' $OBJ/sshd_config.out | awk '{print $2}'`
183if test "x7722" != "x$_port" ; then
184	fail "The Port in included file was intertepretted wrongly. Expected 7722, got $_port"
185fi
186
187# cleanup
188rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out
189