From 2873f19570d4d8758be24dbf78332be9a779009b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Dec 2020 06:03:36 +0000 Subject: [PATCH] upstream: regress test for KnownHostsCommand OpenBSD-Regress-ID: ffc77464320b6dabdcfa0a72e0df02659233a38a --- regress/Makefile | 9 +++--- regress/knownhosts-command.sh | 53 +++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 regress/knownhosts-command.sh diff --git a/regress/Makefile b/regress/Makefile index 8b4ed9de3..43da7c7db 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.109 2020/06/19 05:07:09 dtucker Exp $ +# $OpenBSD: Makefile,v 1.110 2020/12/22 06:03:36 djm Exp $ tests: prep file-tests t-exec unit @@ -93,7 +93,8 @@ LTESTS= connect \ allow-deny-users \ authinfo \ sshsig \ - keygen-comment + keygen-comment \ + knownhosts-command INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers @@ -122,9 +123,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ - ssh-rsa_oldfmt \ + ssh-rsa_oldfmt knownhosts_command \ ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ - ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \ + ssh_proxy_* sshd.log sshd_config sshd_config.* \ sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \ sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \ t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \ diff --git a/regress/knownhosts-command.sh b/regress/knownhosts-command.sh new file mode 100644 index 000000000..6881d6079 --- /dev/null +++ b/regress/knownhosts-command.sh @@ -0,0 +1,53 @@ +# $OpenBSD: knownhosts-command.sh,v 1.1 2020/12/22 06:03:36 djm Exp $ +# Placed in the Public Domain. + +tid="known hosts command " + +rm -f $OBJ/knownhosts_command $OBJ/ssh_proxy_khc +cp $OBJ/ssh_proxy $OBJ/ssh_proxy_orig + +( grep -vi GlobalKnownHostsFile $OBJ/ssh_proxy_orig | \ + grep -vi UserKnownHostsFile; + echo "GlobalKnownHostsFile none" ; + echo "UserKnownHostsFile none" ; + echo "KnownHostsCommand $OBJ/knownhosts_command '%t' '%K' '%u'" ; +) > $OBJ/ssh_proxy + +verbose "simple connection" +cat > $OBJ/knownhosts_command << _EOF +#!/bin/sh +cat $OBJ/known_hosts +_EOF +chmod a+x $OBJ/knownhosts_command +${SSH} -F $OBJ/ssh_proxy x true || fail "ssh connect failed" + +verbose "no keys" +cat > $OBJ/knownhosts_command << _EOF +#!/bin/sh +exit 0 +_EOF +chmod a+x $OBJ/knownhosts_command +${SSH} -F $OBJ/ssh_proxy x true && fail "ssh connect succeeded with no keys" + +verbose "bad exit status" +cat > $OBJ/knownhosts_command << _EOF +#!/bin/sh +cat $OBJ/known_hosts +exit 1 +_EOF +chmod a+x $OBJ/knownhosts_command +${SSH} -F $OBJ/ssh_proxy x true && fail "ssh connect succeeded with bad exit" + +for keytype in ${SSH_HOSTKEY_TYPES} ; do + test "x$keytype" = "xssh-dss" && continue + verbose "keytype $keytype" + cat > $OBJ/knownhosts_command << _EOF +#!/bin/sh +die() { echo "\$@" 1>&2 ; exit 1; } +test "x\$1" = "x$keytype" || die "wrong keytype \$1" +test "x\$3" = "x$LOGNAME" || die "wrong username \$3" +grep -- "\$1.*\$2" $OBJ/known_hosts +_EOF + ${SSH} -F $OBJ/ssh_proxy -oHostKeyAlgorithms=$keytype x true || + fail "ssh connect failed for keytype $x" +done -- 2.47.3