003 File Manager
Current Path:
/usr/src/crypto/openssh/regress
usr
/
src
/
crypto
/
openssh
/
regress
/
📁
..
📄
Makefile
(6.8 KB)
📄
README.regress
(3.91 KB)
📄
addrmatch.sh
(2.06 KB)
📄
agent-getpeereid.sh
(1.13 KB)
📄
agent-pkcs11.sh
(1.86 KB)
📄
agent-ptrace.sh
(1.31 KB)
📄
agent-timeout.sh
(928 B)
📄
agent.sh
(2.96 KB)
📄
allow-deny-users.sh
(1.45 KB)
📄
authinfo.sh
(574 B)
📄
banner.sh
(1.24 KB)
📄
broken-pipe.sh
(281 B)
📄
brokenkeys.sh
(462 B)
📄
cert-file.sh
(5.25 KB)
📄
cert-hostkey.sh
(10.34 KB)
📄
cert-userkey.sh
(11.95 KB)
📄
cfginclude.sh
(4.39 KB)
📄
cfgmatch.sh
(3.5 KB)
📄
cfgmatchlisten.sh
(6.34 KB)
📄
cfgparse.sh
(2.17 KB)
📄
check-perm.c
(4.33 KB)
📄
cipher-speed.sh
(799 B)
📄
conch-ciphers.sh
(796 B)
📄
connect-privsep.sh
(1.02 KB)
📄
connect-uri.sh
(816 B)
📄
connect.sh
(222 B)
📄
dhgex.sh
(1.47 KB)
📄
dsa_ssh2.prv
(863 B)
📄
dsa_ssh2.pub
(732 B)
📄
dynamic-forward.sh
(1.48 KB)
📄
envpass.sh
(1.54 KB)
📄
exit-status.sh
(562 B)
📄
forcecommand.sh
(1.1 KB)
📄
forward-control.sh
(7.71 KB)
📄
forwarding.sh
(4.22 KB)
📄
host-expand.sh
(384 B)
📄
hostkey-agent.sh
(1.6 KB)
📄
hostkey-rotate.sh
(3.86 KB)
📄
integrity.sh
(2.33 KB)
📄
kextype.sh
(587 B)
📄
key-options.sh
(3.22 KB)
📄
keygen-change.sh
(581 B)
📄
keygen-convert.sh
(1.08 KB)
📄
keygen-knownhosts.sh
(6.42 KB)
📄
keygen-moduli.sh
(702 B)
📄
keys-command.sh
(2.39 KB)
📄
keyscan.sh
(403 B)
📄
keytype.sh
(1.84 KB)
📄
krl.sh
(6.45 KB)
📄
limit-keytype.sh
(3.65 KB)
📄
localcommand.sh
(351 B)
📄
login-timeout.sh
(588 B)
📁
misc
📄
mkdtemp.c
(1.53 KB)
📄
modpipe.c
(3.81 KB)
📄
moduli.in
(1.59 KB)
📄
multiplex.sh
(7.09 KB)
📄
multipubkey.sh
(2.31 KB)
📄
netcat.c
(39.92 KB)
📄
portnum.sh
(624 B)
📄
principals-command.sh
(5.48 KB)
📄
proto-mismatch.sh
(368 B)
📄
proto-version.sh
(527 B)
📄
proxy-connect.sh
(624 B)
📄
putty-ciphers.sh
(678 B)
📄
putty-kex.sh
(553 B)
📄
putty-transfer.sh
(1021 B)
📄
reconfigure.sh
(855 B)
📄
reexec.sh
(878 B)
📄
rekey.sh
(4.12 KB)
📄
rsa_openssh.prv
(883 B)
📄
rsa_openssh.pub
(213 B)
📄
rsa_ssh2.prv
(924 B)
📄
scp-ssh-wrapper.sh
(914 B)
📄
scp-uri.sh
(2.01 KB)
📄
scp.sh
(3.5 KB)
📄
setuid-allowed.c
(1.45 KB)
📄
sftp-badcmds.sh
(2.22 KB)
📄
sftp-batch.sh
(1.16 KB)
📄
sftp-chroot.sh
(845 B)
📄
sftp-cmds.sh
(7.29 KB)
📄
sftp-glob.sh
(2.47 KB)
📄
sftp-perm.sh
(5.23 KB)
📄
sftp-uri.sh
(1.59 KB)
📄
sftp.sh
(737 B)
📄
ssh-com-client.sh
(3.02 KB)
📄
ssh-com-keygen.sh
(1.38 KB)
📄
ssh-com-sftp.sh
(1.19 KB)
📄
ssh-com.sh
(2.71 KB)
📄
ssh2putty.sh
(693 B)
📄
sshcfgparse.sh
(3.8 KB)
📄
sshd-log-wrapper.sh
(285 B)
📄
stderr-after-eof.sh
(603 B)
📄
stderr-data.sh
(709 B)
📄
t11.ok
(51 B)
📄
t4.ok
(52 B)
📄
t5.ok
(66 B)
📄
test-exec.sh
(13.05 KB)
📄
transfer.sh
(583 B)
📄
try-ciphers.sh
(715 B)
📁
unittests
📄
valgrind-unit.sh
(610 B)
📄
yes-head.sh
(401 B)
Editing: cfgmatch.sh
# $OpenBSD: cfgmatch.sh,v 1.11 2017/10/04 18:50:23 djm Exp $ # Placed in the Public Domain. tid="sshd_config match" pidfile=$OBJ/remote_pid fwdport=3301 fwd="-L $fwdport:127.0.0.1:$PORT" echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_config echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_proxy start_client() { rm -f $pidfile ${SSH} -q $fwd "$@" somehost \ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ >>$TEST_REGRESS_LOGFILE 2>&1 & client_pid=$! # Wait for remote end n=0 while test ! -f $pidfile ; do sleep 1 n=`expr $n + 1` if test $n -gt 60; then kill $client_pid fatal "timeout waiting for background ssh" fi done } stop_client() { pid=`cat $pidfile` if [ ! -z "$pid" ]; then kill $pid fi wait } cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config echo "Match Address 127.0.0.1" >>$OBJ/sshd_config echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_config grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy echo "Match user $USER" >>$OBJ/sshd_proxy echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy start_sshd #set -x # Test Match + PermitOpen in sshd_config. This should be permitted trace "match permitopen localhost" start_client -F $OBJ/ssh_config ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ fail "match permitopen permit" stop_client # Same but from different source. This should not be permitted trace "match permitopen proxy" start_client -F $OBJ/ssh_proxy ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true && \ fail "match permitopen deny" stop_client # Retry previous with key option, should also be denied. cp /dev/null $OBJ/authorized_keys_$USER for t in ${SSH_KEYTYPES}; do printf 'permitopen="127.0.0.1:'$PORT'" ' >> $OBJ/authorized_keys_$USER cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER done trace "match permitopen proxy w/key opts" start_client -F $OBJ/ssh_proxy ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true && \ fail "match permitopen deny w/key opt" stop_client # Test both sshd_config and key options permitting the same dst/port pair. # Should be permitted. trace "match permitopen localhost" start_client -F $OBJ/ssh_config ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ fail "match permitopen permit" stop_client cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy echo "Match User $USER" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy # Test that a Match overrides a PermitOpen in the global section trace "match permitopen proxy w/key opts" start_client -F $OBJ/ssh_proxy ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true && \ fail "match override permitopen" stop_client cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy echo "Match User NoSuchUser" >>$OBJ/sshd_proxy echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy # Test that a rule that doesn't match doesn't override, plus test a # PermitOpen entry that's not at the start of the list trace "nomatch permitopen proxy w/key opts" start_client -F $OBJ/ssh_proxy ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ fail "nomatch override permitopen" stop_client
Upload File
Create Folder