1 # $OpenBSD: addrmatch.sh,v 1.3 2010/02/09 04:57:36 djm Exp $
2 # Placed in the Public Domain.
6 mv $OBJ/sshd_proxy
$OBJ/sshd_proxy_bak
10 user
="$1"; addr
="$2"; host="$3"; expected
="$4"; descr
="$5"
12 verbose
"test $descr for $user $addr $host"
13 result
=`${SSHD} -f $OBJ/sshd_proxy -T \
14 -C user=${user},addr=${addr},host=${host} | \
15 awk '/^passwordauthentication/ {print $2}'`
16 if [ "$result" != "$expected" ]; then
17 fail
"failed for $user $addr $host: expected $expected, got $result"
21 cp $OBJ/sshd_proxy_bak
$OBJ/sshd_proxy
22 cat >>$OBJ/sshd_proxy
<<EOD
23 PasswordAuthentication no
24 Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com
25 PasswordAuthentication yes
26 Match Address 1.1.1.1,::1,!::3,2000::/16
27 PasswordAuthentication yes
30 run_trial user
192.168.0.1 somehost
yes "permit, first entry"
31 run_trial user
192.168.30.1 somehost no
"deny, negative match"
32 run_trial user
19.0.0.1 somehost no
"deny, no match"
33 run_trial user
10.255.255.254 somehost
yes "permit, list middle"
34 run_trial user
192.168.30.1 192.168.0.1 no
"deny, faked IP in hostname"
35 run_trial user
1.1.1.1 somehost.example.com
yes "permit, bare IP4 address"
36 test "$TEST_SSH_IPV6" = "no" && exit
37 run_trial user
::1 somehost.example.com
yes "permit, bare IP6 address"
38 run_trial user
::2 somehost.exaple.com no
"deny IPv6"
39 run_trial user
::3 somehost no
"deny IP6 negated"
40 run_trial user
::4 somehost no
"deny, IP6 no match"
41 run_trial user
2000::1 somehost
yes "permit, IP6 network"
42 run_trial user
2001::1 somehost no
"deny, IP6 network"
44 cp $OBJ/sshd_proxy_bak
$OBJ/sshd_proxy
45 rm $OBJ/sshd_proxy_bak
