003 File Manager
Current Path:
/usr/src/crypto/openssh/regress
usr
/
src
/
crypto
/
openssh
/
regress
/
📁
..
📄
Makefile
(6.8 KB)
📄
README.regress
(3.91 KB)
📄
addrmatch.sh
(2.06 KB)
📄
agent-getpeereid.sh
(1.13 KB)
📄
agent-pkcs11.sh
(1.86 KB)
📄
agent-ptrace.sh
(1.31 KB)
📄
agent-timeout.sh
(928 B)
📄
agent.sh
(2.96 KB)
📄
allow-deny-users.sh
(1.45 KB)
📄
authinfo.sh
(574 B)
📄
banner.sh
(1.24 KB)
📄
broken-pipe.sh
(281 B)
📄
brokenkeys.sh
(462 B)
📄
cert-file.sh
(5.25 KB)
📄
cert-hostkey.sh
(10.34 KB)
📄
cert-userkey.sh
(11.95 KB)
📄
cfginclude.sh
(4.39 KB)
📄
cfgmatch.sh
(3.5 KB)
📄
cfgmatchlisten.sh
(6.34 KB)
📄
cfgparse.sh
(2.17 KB)
📄
check-perm.c
(4.33 KB)
📄
cipher-speed.sh
(799 B)
📄
conch-ciphers.sh
(796 B)
📄
connect-privsep.sh
(1.02 KB)
📄
connect-uri.sh
(816 B)
📄
connect.sh
(222 B)
📄
dhgex.sh
(1.47 KB)
📄
dsa_ssh2.prv
(863 B)
📄
dsa_ssh2.pub
(732 B)
📄
dynamic-forward.sh
(1.48 KB)
📄
envpass.sh
(1.54 KB)
📄
exit-status.sh
(562 B)
📄
forcecommand.sh
(1.1 KB)
📄
forward-control.sh
(7.71 KB)
📄
forwarding.sh
(4.22 KB)
📄
host-expand.sh
(384 B)
📄
hostkey-agent.sh
(1.6 KB)
📄
hostkey-rotate.sh
(3.86 KB)
📄
integrity.sh
(2.33 KB)
📄
kextype.sh
(587 B)
📄
key-options.sh
(3.22 KB)
📄
keygen-change.sh
(581 B)
📄
keygen-convert.sh
(1.08 KB)
📄
keygen-knownhosts.sh
(6.42 KB)
📄
keygen-moduli.sh
(702 B)
📄
keys-command.sh
(2.39 KB)
📄
keyscan.sh
(403 B)
📄
keytype.sh
(1.84 KB)
📄
krl.sh
(6.45 KB)
📄
limit-keytype.sh
(3.65 KB)
📄
localcommand.sh
(351 B)
📄
login-timeout.sh
(588 B)
📁
misc
📄
mkdtemp.c
(1.53 KB)
📄
modpipe.c
(3.81 KB)
📄
moduli.in
(1.59 KB)
📄
multiplex.sh
(7.09 KB)
📄
multipubkey.sh
(2.31 KB)
📄
netcat.c
(39.92 KB)
📄
portnum.sh
(624 B)
📄
principals-command.sh
(5.48 KB)
📄
proto-mismatch.sh
(368 B)
📄
proto-version.sh
(527 B)
📄
proxy-connect.sh
(624 B)
📄
putty-ciphers.sh
(678 B)
📄
putty-kex.sh
(553 B)
📄
putty-transfer.sh
(1021 B)
📄
reconfigure.sh
(855 B)
📄
reexec.sh
(878 B)
📄
rekey.sh
(4.12 KB)
📄
rsa_openssh.prv
(883 B)
📄
rsa_openssh.pub
(213 B)
📄
rsa_ssh2.prv
(924 B)
📄
scp-ssh-wrapper.sh
(914 B)
📄
scp-uri.sh
(2.01 KB)
📄
scp.sh
(3.5 KB)
📄
setuid-allowed.c
(1.45 KB)
📄
sftp-badcmds.sh
(2.22 KB)
📄
sftp-batch.sh
(1.16 KB)
📄
sftp-chroot.sh
(845 B)
📄
sftp-cmds.sh
(7.29 KB)
📄
sftp-glob.sh
(2.47 KB)
📄
sftp-perm.sh
(5.23 KB)
📄
sftp-uri.sh
(1.59 KB)
📄
sftp.sh
(737 B)
📄
ssh-com-client.sh
(3.02 KB)
📄
ssh-com-keygen.sh
(1.38 KB)
📄
ssh-com-sftp.sh
(1.19 KB)
📄
ssh-com.sh
(2.71 KB)
📄
ssh2putty.sh
(693 B)
📄
sshcfgparse.sh
(3.8 KB)
📄
sshd-log-wrapper.sh
(285 B)
📄
stderr-after-eof.sh
(603 B)
📄
stderr-data.sh
(709 B)
📄
t11.ok
(51 B)
📄
t4.ok
(52 B)
📄
t5.ok
(66 B)
📄
test-exec.sh
(13.05 KB)
📄
transfer.sh
(583 B)
📄
try-ciphers.sh
(715 B)
📁
unittests
📄
valgrind-unit.sh
(610 B)
📄
yes-head.sh
(401 B)
Editing: forward-control.sh
# $OpenBSD: forward-control.sh,v 1.7 2018/06/07 14:29:43 djm Exp $ # Placed in the Public Domain. tid="sshd control of local and remote forwarding" LFWD_PORT=3320 RFWD_PORT=3321 CTL=$OBJ/ctl-sock READY=$OBJ/ready wait_for_file_to_appear() { _path=$1 _n=0 while test ! -f $_path ; do test $_n -eq 1 && trace "waiting for $_path to appear" _n=`expr $_n + 1` test $_n -ge 20 && return 1 sleep 1 done return 0 } wait_for_process_to_exit() { _pid=$1 _n=0 while kill -0 $_pid 2>/dev/null ; do test $_n -eq 1 && trace "waiting for $_pid to exit" _n=`expr $_n + 1` test $_n -ge 20 && return 1 sleep 1 done return 0 } # usage: check_lfwd Y|N message check_lfwd() { _expected=$1 _message=$2 rm -f $READY ${SSH} -F $OBJ/ssh_proxy \ -L$LFWD_PORT:127.0.0.1:$PORT \ -o ExitOnForwardFailure=yes \ -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ >/dev/null 2>&1 & _sshpid=$! wait_for_file_to_appear $READY || \ fatal "check_lfwd ssh fail: $_message" ${SSH} -F $OBJ/ssh_config -p $LFWD_PORT \ -oConnectionAttempts=4 host true >/dev/null 2>&1 _result=$? kill $_sshpid `cat $READY` 2>/dev/null wait_for_process_to_exit $_sshpid if test "x$_expected" = "xY" -a $_result -ne 0 ; then fail "check_lfwd failed (expecting success): $_message" elif test "x$_expected" = "xN" -a $_result -eq 0 ; then fail "check_lfwd succeeded (expecting failure): $_message" elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then fatal "check_lfwd invalid argument \"$_expected\"" else verbose "check_lfwd done (expecting $_expected): $_message" fi } # usage: check_rfwd Y|N message check_rfwd() { _expected=$1 _message=$2 rm -f $READY ${SSH} -F $OBJ/ssh_proxy \ -R127.0.0.1:$RFWD_PORT:127.0.0.1:$PORT \ -o ExitOnForwardFailure=yes \ -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ >/dev/null 2>&1 & _sshpid=$! wait_for_file_to_appear $READY _result=$? if test $_result -eq 0 ; then ${SSH} -F $OBJ/ssh_config -p $RFWD_PORT \ -oConnectionAttempts=4 host true >/dev/null 2>&1 _result=$? kill $_sshpid `cat $READY` 2>/dev/null wait_for_process_to_exit $_sshpid fi if test "x$_expected" = "xY" -a $_result -ne 0 ; then fail "check_rfwd failed (expecting success): $_message" elif test "x$_expected" = "xN" -a $_result -eq 0 ; then fail "check_rfwd succeeded (expecting failure): $_message" elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then fatal "check_rfwd invalid argument \"$_expected\"" else verbose "check_rfwd done (expecting $_expected): $_message" fi } start_sshd cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak # Sanity check: ensure the default config allows forwarding check_lfwd Y "default configuration" check_rfwd Y "default configuration" # Usage: lperm_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N lperm_tests() { _tcpfwd=$1 _plain_lfwd=$2 _plain_rfwd=$3 _nopermit_lfwd=$4 _nopermit_rfwd=$5 _permit_lfwd=$6 _permit_rfwd=$7 _badfwd1=127.0.0.1:22 _badfwd2=127.0.0.2:22 _goodfwd=127.0.0.1:${PORT} cp ${OBJ}/authorized_keys_${USER}.bak ${OBJ}/authorized_keys_${USER} _prefix="AllowTcpForwarding=$_tcpfwd" # No PermitOpen ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ) \ > ${OBJ}/sshd_proxy check_lfwd $_plain_lfwd "$_prefix" check_rfwd $_plain_rfwd "$_prefix" # PermitOpen via sshd_config that doesn't match ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ; echo "PermitOpen $_badfwd1 $_badfwd2" ) \ > ${OBJ}/sshd_proxy check_lfwd $_nopermit_lfwd "$_prefix, !PermitOpen" check_rfwd $_nopermit_rfwd "$_prefix, !PermitOpen" # PermitOpen via sshd_config that does match ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ; echo "PermitOpen $_badfwd1 $_goodfwd $_badfwd2" ) \ > ${OBJ}/sshd_proxy check_lfwd $_plain_lfwd "$_prefix, PermitOpen" check_rfwd $_plain_rfwd "$_prefix, PermitOpen" # permitopen keys option. # NB. permitopen via authorized_keys should have same # success/fail as via sshd_config # permitopen via authorized_keys that doesn't match sed "s/^/permitopen=\"$_badfwd1\",permitopen=\"$_badfwd2\" /" \ < ${OBJ}/authorized_keys_${USER}.bak \ > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail" ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ) \ > ${OBJ}/sshd_proxy check_lfwd $_nopermit_lfwd "$_prefix, !permitopen" check_rfwd $_nopermit_rfwd "$_prefix, !permitopen" # permitopen via authorized_keys that does match sed "s/^/permitopen=\"$_badfwd1\",permitopen=\"$_goodfwd\" /" \ < ${OBJ}/authorized_keys_${USER}.bak \ > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail" ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ) \ > ${OBJ}/sshd_proxy check_lfwd $_permit_lfwd "$_prefix, permitopen" check_rfwd $_permit_rfwd "$_prefix, permitopen" # Check port-forwarding flags in authorized_keys. # These two should refuse all. sed "s/^/no-port-forwarding /" \ < ${OBJ}/authorized_keys_${USER}.bak \ > ${OBJ}/authorized_keys_${USER} || fatal "sed 3 fail" ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ) \ > ${OBJ}/sshd_proxy check_lfwd N "$_prefix, no-port-forwarding" check_rfwd N "$_prefix, no-port-forwarding" sed "s/^/restrict /" \ < ${OBJ}/authorized_keys_${USER}.bak \ > ${OBJ}/authorized_keys_${USER} || fatal "sed 4 fail" ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ) \ > ${OBJ}/sshd_proxy check_lfwd N "$_prefix, restrict" check_rfwd N "$_prefix, restrict" # This should pass the same cases as _nopermit* sed "s/^/restrict,port-forwarding /" \ < ${OBJ}/authorized_keys_${USER}.bak \ > ${OBJ}/authorized_keys_${USER} || fatal "sed 5 fail" ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ) \ > ${OBJ}/sshd_proxy check_lfwd $_plain_lfwd "$_prefix, restrict,port-forwarding" check_rfwd $_plain_rfwd "$_prefix, restrict,port-forwarding" } # permit-open none mismatch match # AllowTcpForwarding local remote local remote local remote lperm_tests yes Y Y N Y Y Y lperm_tests local Y N N N Y N lperm_tests remote N Y N Y N Y lperm_tests no N N N N N N # Usage: rperm_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N rperm_tests() { _tcpfwd=$1 _plain_lfwd=$2 _plain_rfwd=$3 _nopermit_lfwd=$4 _nopermit_rfwd=$5 _permit_lfwd=$6 _permit_rfwd=$7 _badfwd1=127.0.0.1:22 _badfwd2=127.0.0.2:${RFWD_PORT} _goodfwd=127.0.0.1:${RFWD_PORT} cp ${OBJ}/authorized_keys_${USER}.bak ${OBJ}/authorized_keys_${USER} _prefix="AllowTcpForwarding=$_tcpfwd" # PermitListen via sshd_config that doesn't match ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ; echo "PermitListen $_badfwd1 $_badfwd2" ) \ > ${OBJ}/sshd_proxy check_lfwd $_nopermit_lfwd "$_prefix, !PermitListen" check_rfwd $_nopermit_rfwd "$_prefix, !PermitListen" # PermitListen via sshd_config that does match ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ; echo "PermitListen $_badfwd1 $_goodfwd $_badfwd2" ) \ > ${OBJ}/sshd_proxy check_lfwd $_plain_lfwd "$_prefix, PermitListen" check_rfwd $_plain_rfwd "$_prefix, PermitListen" } # permit-remote-open none mismatch match # AllowTcpForwarding local remote local remote local remote rperm_tests yes Y Y Y N Y Y rperm_tests local Y N Y N Y N rperm_tests remote N Y N N N Y rperm_tests no N N N N N N
Upload File
Create Folder