]>
Commit | Line | Data |
---|---|---|
1aeac41e | 1 | # $OpenBSD: addrmatch.sh,v 1.2 2008/12/07 22:17:48 djm Exp $ |
16d46c30 | 2 | # Placed in the Public Domain. |
3 | ||
4 | tid="address match" | |
5 | ||
6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy_orig | |
7 | ||
8 | run_trial() | |
9 | { | |
10 | user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5" | |
11 | ||
12 | verbose "test $descr for $user $addr $host" | |
13 | result=`${SSHD} -f $OBJ/sshd_proxy -T \ | |
14 | -C user=${user},addr=${addr},host=${host} | \ | |
1aeac41e | 15 | awk '/^passwordauthentication/ {print $2}'` |
16d46c30 | 16 | if [ "$result" != "$expected" ]; then |
17 | fail "failed for $user $addr $host: expected $expected, got $result" | |
18 | fi | |
19 | } | |
20 | ||
21 | cp $OBJ/sshd_proxy_orig $OBJ/sshd_proxy | |
22 | cat >>$OBJ/sshd_proxy <<EOD | |
23 | PasswordAuthentication no | |
24 | Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com | |
25 | PasswordAuthentication yes | |
26 | Match Address 1.1.1.1,::1,!::3,2000::/16 | |
27 | PasswordAuthentication yes | |
28 | EOD | |
29 | ||
30 | run_trial user 192.168.0.1 somehost yes "permit, first entry" | |
31 | run_trial user 192.168.30.1 somehost no "deny, negative match" | |
32 | run_trial user 19.0.0.1 somehost no "deny, no match" | |
33 | run_trial user 10.255.255.254 somehost yes "permit, list middle" | |
34 | run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname" | |
35 | run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address" | |
edee47f5 | 36 | test "$TEST_SSH_IPV6" = "no" && exit |
16d46c30 | 37 | run_trial user ::1 somehost.example.com yes "permit, bare IP6 address" |
38 | run_trial user ::2 somehost.exaple.com no "deny IPv6" | |
39 | run_trial user ::3 somehost no "deny IP6 negated" | |
40 | run_trial user ::4 somehost no "deny, IP6 no match" | |
41 | run_trial user 2000::1 somehost yes "permit, IP6 network" | |
42 | run_trial user 2001::1 somehost no "deny, IP6 network" |