xref: /openbsd/regress/usr.bin/ssh/sftp-chroot.sh (revision bfb09990) 
1*bfb09990Sdjm#	$OpenBSD: sftp-chroot.sh,v 1.9 2023/05/12 06:37:42 djm Exp $
2c763b0e2Sdjm#	Placed in the Public Domain.
3c763b0e2Sdjm
4c763b0e2Sdjmtid="sftp in chroot"
5c763b0e2Sdjm
6c763b0e2SdjmCHROOT=/var/run
779792e0aSdtuckerFILENAME=testdata_${USER}.$$
8c763b0e2SdjmPRIVDATA=${CHROOT}/${FILENAME}
979792e0aSdtuckertrap "${SUDO} rm -f ${PRIVDATA}" 0
10c763b0e2Sdjm
112078aca3Sbluhmif [ -z "$SUDO" -a ! -w /var/run ]; then
124233cbebSdtucker	skip "need SUDO to create file in /var/run, test won't work without"
13c763b0e2Sdjmfi
14c763b0e2Sdjm
15c763b0e2Sdjm$SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \
16c763b0e2Sdjm	fatal "create $PRIVDATA failed"
17c763b0e2Sdjm
18*bfb09990Sdjmecho "ForceCommand internal-sftp -d /" >> $OBJ/sshd_config
19*bfb09990Sdjm
20*bfb09990Sdjmstart_sshd -oChrootDirectory=$CHROOT
21c763b0e2Sdjm
22c763b0e2Sdjmverbose "test $tid: get"
23d0627b28Sdtucker${SFTP} -S "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY \
241a896ddcSdtucker    >>$TEST_REGRESS_LOGFILE 2>&1 || \
25c763b0e2Sdjm	fatal "Fetch ${FILENAME} failed"
26c763b0e2Sdjmcmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ"
27*bfb09990Sdjm
28*bfb09990Sdjmstop_sshd
29*bfb09990Sdjm
30*bfb09990Sdjmverbose "test $tid: match"
31*bfb09990Sdjmcat << EOF >> $OBJ/sshd_config
32*bfb09990SdjmMatch All
33*bfb09990Sdjm	ChrootDirectory $CHROOT
34*bfb09990SdjmEOF
35*bfb09990Sdjmstart_sshd
36*bfb09990Sdjm$SUDO sh -c "echo orpheanbeholder > $PRIVDATA" || \
37*bfb09990Sdjm	fatal "create $PRIVDATA failed"
38*bfb09990Sdjm${SFTP} -S "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY \
39*bfb09990Sdjm    >>$TEST_REGRESS_LOGFILE 2>&1 || \
40*bfb09990Sdjm	fatal "Fetch ${FILENAME} failed"
41*bfb09990Sdjmcmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ"
42*bfb09990Sdjm
43*bfb09990Sdjmstop_sshd
44