mirror of git://anongit.mindrot.org/openssh.git
91 lines
2.2 KiB
Bash
91 lines
2.2 KiB
Bash
# $OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
|
|
# Placed in the Public Domain.
|
|
|
|
tid="sshd_config match subsystem"
|
|
|
|
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
|
|
|
|
try_subsystem() {
|
|
_id=$1
|
|
_subsystem=$2
|
|
_expect=$3
|
|
${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config"
|
|
${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
|
|
_exit=$?
|
|
trace "$_id subsystem $_subsystem"
|
|
if [ $_exit -ne $_expect ] ; then
|
|
fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
|
|
fi
|
|
return $?
|
|
}
|
|
|
|
# Simple case: subsystem in main config.
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
cat >> $OBJ/sshd_proxy << _EOF
|
|
Subsystem xxx /bin/sh -c "exit 23"
|
|
_EOF
|
|
try_subsystem "main config" xxx 23
|
|
|
|
# No clobber in main config.
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
cat >> $OBJ/sshd_proxy << _EOF
|
|
Subsystem xxx /bin/sh -c "exit 23"
|
|
Subsystem xxx /bin/sh -c "exit 24"
|
|
_EOF
|
|
try_subsystem "main config no clobber" xxx 23
|
|
|
|
# Subsystem in match all block
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
cat >> $OBJ/sshd_proxy << _EOF
|
|
Match all
|
|
Subsystem xxx /bin/sh -c "exit 21"
|
|
_EOF
|
|
try_subsystem "match all" xxx 21
|
|
|
|
# No clobber in match all block
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
cat >> $OBJ/sshd_proxy << _EOF
|
|
Match all
|
|
Subsystem xxx /bin/sh -c "exit 21"
|
|
Subsystem xxx /bin/sh -c "exit 24"
|
|
_EOF
|
|
try_subsystem "match all no clobber" xxx 21
|
|
|
|
# Subsystem in match user block
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
cat >> $OBJ/sshd_proxy << _EOF
|
|
Match user *
|
|
Subsystem xxx /bin/sh -c "exit 20"
|
|
_EOF
|
|
try_subsystem "match user" xxx 20
|
|
|
|
# No clobber in match user block
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
cat >> $OBJ/sshd_proxy << _EOF
|
|
Match user *
|
|
Subsystem xxx /bin/sh -c "exit 20"
|
|
Subsystem xxx /bin/sh -c "exit 24"
|
|
Match all
|
|
Subsystem xxx /bin/sh -c "exit 24"
|
|
_EOF
|
|
try_subsystem "match user no clobber" xxx 20
|
|
|
|
# Override main with match all
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
cat >> $OBJ/sshd_proxy << _EOF
|
|
Subsystem xxx /bin/sh -c "exit 23"
|
|
Match all
|
|
Subsystem xxx /bin/sh -c "exit 19"
|
|
_EOF
|
|
try_subsystem "match all override" xxx 19
|
|
|
|
# Override main with match user
|
|
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
|
|
cat >> $OBJ/sshd_proxy << _EOF
|
|
Subsystem xxx /bin/sh -c "exit 23"
|
|
Match user *
|
|
Subsystem xxx /bin/sh -c "exit 18"
|
|
_EOF
|
|
try_subsystem "match user override" xxx 18
|
|
|