1#	$OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
2#	Placed in the Public Domain.
3
4tid="sshd_config match subsystem"
5
6cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
7
8try_subsystem() {
9	_id=$1
10	_subsystem=$2
11	_expect=$3
12	${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config"
13	${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
14	_exit=$?
15	trace "$_id subsystem $_subsystem"
16	if [ $_exit -ne $_expect ] ; then
17		fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
18	fi
19	return $?
20}
21
22# Simple case: subsystem in main config.
23cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
24cat >> $OBJ/sshd_proxy << _EOF
25Subsystem xxx /bin/sh -c "exit 23"
26_EOF
27try_subsystem "main config" xxx 23
28
29# No clobber in main config.
30cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
31cat >> $OBJ/sshd_proxy << _EOF
32Subsystem xxx /bin/sh -c "exit 23"
33Subsystem xxx /bin/sh -c "exit 24"
34_EOF
35try_subsystem "main config no clobber" xxx 23
36
37# Subsystem in match all block
38cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
39cat >> $OBJ/sshd_proxy << _EOF
40Match all
41Subsystem xxx /bin/sh -c "exit 21"
42_EOF
43try_subsystem "match all" xxx 21
44
45# No clobber in match all block
46cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
47cat >> $OBJ/sshd_proxy << _EOF
48Match all
49Subsystem xxx /bin/sh -c "exit 21"
50Subsystem xxx /bin/sh -c "exit 24"
51_EOF
52try_subsystem "match all no clobber" xxx 21
53
54# Subsystem in match user block
55cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
56cat >> $OBJ/sshd_proxy << _EOF
57Match user *
58Subsystem xxx /bin/sh -c "exit 20"
59_EOF
60try_subsystem "match user" xxx 20
61
62# No clobber in match user block
63cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
64cat >> $OBJ/sshd_proxy << _EOF
65Match user *
66Subsystem xxx /bin/sh -c "exit 20"
67Subsystem xxx /bin/sh -c "exit 24"
68Match all
69Subsystem xxx /bin/sh -c "exit 24"
70_EOF
71try_subsystem "match user no clobber" xxx 20
72
73# Override main with match all
74cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
75cat >> $OBJ/sshd_proxy << _EOF
76Subsystem xxx /bin/sh -c "exit 23"
77Match all
78Subsystem xxx /bin/sh -c "exit 19"
79_EOF
80try_subsystem "match all override" xxx 19
81
82# Override main with match user
83cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
84cat >> $OBJ/sshd_proxy << _EOF
85Subsystem xxx /bin/sh -c "exit 23"
86Match user *
87Subsystem xxx /bin/sh -c "exit 18"
88_EOF
89try_subsystem "match user override" xxx 18
90
91