source-git / libssh

Clone
Source Code
GIT

Blame tests/unittests/torture_config.c

c8 c8s master
  1.   a2e944b9df4f0164936d3babbb910a2479718f52
  2.   tests
  3.   unittests
  4.   torture_config.c
Blob History Raw
Packit Service 31306d 
#include "config.h"
Packit Service 31306d
Packit Service 31306d 
#define LIBSSH_STATIC
Packit Service 31306d
Packit Service 31306d 
#include "torture.h"
Packit Service 31306d 
#include "libssh/options.h"
Packit Service 31306d 
#include "libssh/session.h"
Packit Service 31306d 
#include "libssh/config_parser.h"
Packit Service 31306d 
#include "match.c"
Packit Service 31306d
Packit Service 31306d 
extern LIBSSH_THREAD int ssh_log_level;
Packit Service 31306d
Packit Service 31306d 
#define LIBSSH_TESTCONFIG1 "libssh_testconfig1.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG2 "libssh_testconfig2.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG3 "libssh_testconfig3.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG4 "libssh_testconfig4.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG5 "libssh_testconfig5.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG6 "libssh_testconfig6.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG7 "libssh_testconfig7.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG8 "libssh_testconfig8.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG9 "libssh_testconfig9.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG10 "libssh_testconfig10.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG11 "libssh_testconfig11.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIG12 "libssh_testconfig12.tmp"
Packit Service 31306d 
#define LIBSSH_TESTCONFIGGLOB "libssh_testc*[36].tmp"
Packit Service 31306d 
#define LIBSSH_TEST_PUBKEYACCEPTEDKEYTYPES "libssh_test_PubkeyAcceptedKeyTypes.tmp"
Packit Service 31306d
Packit Service 31306d 
#define USERNAME "testuser"
Packit Service 31306d 
#define PROXYCMD "ssh -q -W %h:%p gateway.example.com"
Packit Service 31306d 
#define ID_FILE "/etc/xxx"
Packit Service 31306d 
#define KEXALGORITHMS "ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"
Packit Service 31306d 
#define HOSTKEYALGORITHMS "ssh-ed25519,ecdsa-sha2-nistp521,ssh-rsa"
Packit Service 31306d 
#define PUBKEYACCEPTEDTYPES "rsa-sha2-512,ssh-rsa,ecdsa-sha2-nistp521"
Packit Service 31306d 
#define MACS "hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com"
Packit Service 31306d 
#define USER_KNOWN_HOSTS "%d/my_known_hosts"
Packit Service 31306d 
#define GLOBAL_KNOWN_HOSTS "/etc/ssh/my_ssh_known_hosts"
Packit Service 31306d 
#define BIND_ADDRESS "::1"
Packit Service 31306d
Packit Service 31306d
Packit Service 31306d
Packit Service 31306d 
static int setup_config_files(void **state)
Packit Service 31306d 
{
Packit Service 31306d 
    ssh_session session;
Packit Service 31306d 
    int verbosity;
Packit Service 31306d
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG1);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG2);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG3);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG4);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG5);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG6);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG7);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG9);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    unlink(LIBSSH_TEST_PUBKEYACCEPTEDKEYTYPES);
Packit Service 31306d
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG1,
Packit Service 31306d 
                       "User "USERNAME"\nInclude "LIBSSH_TESTCONFIG2"\n\n");
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG2,
Packit Service 31306d 
                       "Include "LIBSSH_TESTCONFIG3"\n"
Packit Service 31306d 
                       "ProxyCommand "PROXYCMD"\n\n");
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG3,
Packit Service 31306d 
                       "\n\nIdentityFile "ID_FILE"\n"
Packit Service 31306d 
                       "\n\nKexAlgorithms "KEXALGORITHMS"\n"
Packit Service 31306d 
                       "\n\nHostKeyAlgorithms "HOSTKEYALGORITHMS"\n"
Packit Service 31306d 
                       "\n\nPubkeyAcceptedTypes "PUBKEYACCEPTEDTYPES"\n"
Packit Service 31306d 
                       "\n\nMACs "MACS"\n");
Packit Service 31306d
Packit Service 31306d 
    /* Multiple Port settings -> parsing returns early. */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG4,
Packit Service 31306d 
                       "Port 123\nPort 456\n");
Packit Service 31306d
Packit Service 31306d 
    /* Testing glob include */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG5,
Packit Service 31306d 
                        "User "USERNAME"\nInclude "LIBSSH_TESTCONFIGGLOB"\n\n");
Packit Service 31306d
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG6,
Packit Service 31306d 
                        "ProxyCommand "PROXYCMD"\n\n");
Packit Service 31306d
Packit Service 31306d 
    /* new options */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG7,
Packit Service 31306d 
                        "\tBindAddress "BIND_ADDRESS"\n"
Packit Service 31306d 
                        "\tConnectTimeout 30\n"
Packit Service 31306d 
                        "\tLogLevel DEBUG3\n"
Packit Service 31306d 
                        "\tGlobalKnownHostsFile "GLOBAL_KNOWN_HOSTS"\n"
Packit Service 31306d 
                        "\tCompression yes\n"
Packit Service 31306d 
                        "\tStrictHostkeyChecking no\n"
Packit Service 31306d 
                        "\tGSSAPIDelegateCredentials yes\n"
Packit Service 31306d 
                        "\tGSSAPIServerIdentity example.com\n"
Packit Service 31306d 
                        "\tGSSAPIClientIdentity home.sweet\n"
Packit Service 31306d 
                        "\tUserKnownHostsFile "USER_KNOWN_HOSTS"\n");
Packit Service 31306d
Packit Service 31306d 
    /* authentication methods */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG8,
Packit Service 31306d 
                        "Host gss\n"
Packit Service 31306d 
                        "\tGSSAPIAuthentication yes\n"
Packit Service 31306d 
                        "Host kbd\n"
Packit Service 31306d 
                        "\tKbdInteractiveAuthentication yes\n"
Packit Service 31306d 
                        "Host pass\n"
Packit Service 31306d 
                        "\tPasswordAuthentication yes\n"
Packit Service 31306d 
                        "Host pubkey\n"
Packit Service 31306d 
                        "\tPubkeyAuthentication yes\n"
Packit Service 31306d 
                        "Host nogss\n"
Packit Service 31306d 
                        "\tGSSAPIAuthentication no\n"
Packit Service 31306d 
                        "Host nokbd\n"
Packit Service 31306d 
                        "\tKbdInteractiveAuthentication no\n"
Packit Service 31306d 
                        "Host nopass\n"
Packit Service 31306d 
                        "\tPasswordAuthentication no\n"
Packit Service 31306d 
                        "Host nopubkey\n"
Packit Service 31306d 
                        "\tPubkeyAuthentication no\n");
Packit Service 31306d
Packit Service 31306d 
    /* unsupported options and corner cases */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG9,
Packit Service 31306d 
                        "\n" /* empty line */
Packit Service 31306d 
                        "# comment line\n"
Packit Service 31306d 
                        "  # comment line not starting with hash\n"
Packit Service 31306d 
                        "UnknownConfigurationOption yes\n"
Packit Service 31306d 
                        "GSSAPIKexAlgorithms yes\n"
Packit Service 31306d 
                        "ControlMaster auto\n" /* SOC_NA */
Packit Service 31306d 
                        "VisualHostkey yes\n" /* SOC_UNSUPPORTED */
Packit Service 31306d 
                        "");
Packit Service 31306d
Packit Service 31306d 
    /* Match keyword */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match host example\n"
Packit Service 31306d 
                       "\tHostName example.com\n"
Packit Service 31306d 
                       "Match host example1,example2\n"
Packit Service 31306d 
                       "\tHostName exampleN\n"
Packit Service 31306d 
                       "Match user guest\n"
Packit Service 31306d 
                       "\tHostName guest.com\n"
Packit Service 31306d 
                       "Match user tester host testhost\n"
Packit Service 31306d 
                       "\tHostName testhost.com\n"
Packit Service 31306d 
                       "Match !user tester host testhost\n"
Packit Service 31306d 
                       "\tHostName nonuser-testhost.com\n"
Packit Service 31306d 
                       "Match all\n"
Packit Service 31306d 
                       "\tHostName all-matched.com\n"
Packit Service 31306d 
                       /* Unsupported options */
Packit Service 31306d 
                       "Match originalhost example\n"
Packit Service 31306d 
                       "\tHostName original-example.com\n"
Packit Service 31306d 
                       "Match localuser guest\n"
Packit Service 31306d 
                       "\tHostName local-guest.com\n"
Packit Service 31306d 
                       "");
Packit Service 31306d
Packit Service 31306d 
    /* ProxyJump */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host simple\n"
Packit Service 31306d 
                       "\tProxyJump jumpbox\n"
Packit Service 31306d 
                       "Host user\n"
Packit Service 31306d 
                       "\tProxyJump user@jumpbox\n"
Packit Service 31306d 
                       "Host port\n"
Packit Service 31306d 
                       "\tProxyJump jumpbox:2222\n"
Packit Service 31306d 
                       "Host two-step\n"
Packit Service 31306d 
                       "\tProxyJump u1@first:222,u2@second:33\n"
Packit Service 31306d 
                       "Host none\n"
Packit Service 31306d 
                       "\tProxyJump none\n"
Packit Service 31306d 
                       "Host only-command\n"
Packit Service 31306d 
                       "\tProxyCommand "PROXYCMD"\n"
Packit Service 31306d 
                       "\tProxyJump jumpbox\n"
Packit Service 31306d 
                       "Host only-jump\n"
Packit Service 31306d 
                       "\tProxyJump jumpbox\n"
Packit Service 31306d 
                       "\tProxyCommand "PROXYCMD"\n"
Packit Service 31306d 
                       "Host ipv6\n"
Packit Service 31306d 
                       "\tProxyJump [2620:52:0::fed]\n"
Packit Service 31306d 
                       "");
Packit Service 31306d
Packit Service 31306d 
    /* RekeyLimit combinations */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG12,
Packit Service 31306d 
                       "Host default\n"
Packit Service 31306d 
                       "\tRekeyLimit default none\n"
Packit Service 31306d 
                       "Host data1\n"
Packit Service 31306d 
                       "\tRekeyLimit 42G\n"
Packit Service 31306d 
                       "Host data2\n"
Packit Service 31306d 
                       "\tRekeyLimit 31M\n"
Packit Service 31306d 
                       "Host data3\n"
Packit Service 31306d 
                       "\tRekeyLimit 521K\n"
Packit Service 31306d 
                       "Host time1\n"
Packit Service 31306d 
                       "\tRekeyLimit default 3D\n"
Packit Service 31306d 
                       "Host time2\n"
Packit Service 31306d 
                       "\tRekeyLimit default 2h\n"
Packit Service 31306d 
                       "Host time3\n"
Packit Service 31306d 
                       "\tRekeyLimit default 160m\n"
Packit Service 31306d 
                       "Host time4\n"
Packit Service 31306d 
                       "\tRekeyLimit default 9600\n"
Packit Service 31306d 
                       "");
Packit Service 31306d
Packit Service 31306d 
    torture_write_file(LIBSSH_TEST_PUBKEYACCEPTEDKEYTYPES,
Packit Service 31306d 
                       "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n");
Packit Service 31306d
Packit Service 31306d 
    session = ssh_new();
Packit Service 31306d
Packit Service 31306d 
    verbosity = torture_libssh_verbosity();
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
Packit Service 31306d
Packit Service 31306d 
    *state = session;
Packit Service 31306d
Packit Service 31306d 
    return 0;
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
static int teardown(void **state)
Packit Service 31306d 
{
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG1);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG2);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG3);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG4);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG5);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG6);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG7);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG9);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    unlink(LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    unlink(LIBSSH_TEST_PUBKEYACCEPTEDKEYTYPES);
Packit Service 31306d
Packit Service 31306d 
    ssh_free(*state);
Packit Service 31306d
Packit Service 31306d 
    return 0;
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief tests ssh_config_parse_file with Include directives
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_from_file(void **state) {
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int ret;
Packit Service 31306d 
    char *v = NULL;
Packit Service 31306d 
    char *fips_algos = NULL;
Packit Service 31306d
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG1);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d
Packit Service 31306d 
    /* Test the variable presence */
Packit Service 31306d
Packit Service 31306d 
    ret = ssh_options_get(session, SSH_OPTIONS_PROXYCOMMAND, &v);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_non_null(v);
Packit Service 31306d
Packit Service 31306d 
    assert_string_equal(v, PROXYCMD);
Packit Service 31306d 
    SSH_STRING_FREE_CHAR(v);
Packit Service 31306d
Packit Service 31306d 
    ret = ssh_options_get(session, SSH_OPTIONS_IDENTITY, &v);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_non_null(v);
Packit Service 31306d
Packit Service 31306d 
    assert_string_equal(v, ID_FILE);
Packit Service 31306d 
    SSH_STRING_FREE_CHAR(v);
Packit Service 31306d
Packit Service 31306d 
    ret = ssh_options_get(session, SSH_OPTIONS_USER, &v);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_non_null(v);
Packit Service 31306d
Packit Service 31306d 
    assert_string_equal(v, USERNAME);
Packit Service 31306d 
    SSH_STRING_FREE_CHAR(v);
Packit Service 31306d
Packit Service 31306d 
    if (ssh_fips_mode()) {
Packit Service 31306d 
        fips_algos = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS);
Packit Service 31306d 
        assert_non_null(fips_algos);
Packit Service 31306d 
        assert_string_equal(session->opts.wanted_methods[SSH_KEX], fips_algos);
Packit Service 31306d 
        SAFE_FREE(fips_algos);
Packit Service 31306d 
        fips_algos = ssh_keep_fips_algos(SSH_HOSTKEYS, HOSTKEYALGORITHMS);
Packit Service 31306d 
        assert_non_null(fips_algos);
Packit Service 31306d 
        assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], fips_algos);
Packit Service 31306d 
        SAFE_FREE(fips_algos);
Packit Service 31306d 
        fips_algos = ssh_keep_fips_algos(SSH_HOSTKEYS, PUBKEYACCEPTEDTYPES);
Packit Service 31306d 
        assert_non_null(fips_algos);
Packit Service 31306d 
        assert_string_equal(session->opts.pubkey_accepted_types, fips_algos);
Packit Service 31306d 
        SAFE_FREE(fips_algos);
Packit Service 31306d 
        fips_algos = ssh_keep_fips_algos(SSH_MAC_C_S, MACS);
Packit Service 31306d 
        assert_non_null(fips_algos);
Packit Service 31306d 
        assert_string_equal(session->opts.wanted_methods[SSH_MAC_C_S], fips_algos);
Packit Service 31306d 
        SAFE_FREE(fips_algos);
Packit Service 31306d 
        fips_algos = ssh_keep_fips_algos(SSH_MAC_S_C, MACS);
Packit Service 31306d 
        assert_non_null(fips_algos);
Packit Service 31306d 
        assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], fips_algos);
Packit Service 31306d 
        SAFE_FREE(fips_algos);
Packit Service 31306d 
    } else {
Packit Service 31306d 
        assert_non_null(session->opts.wanted_methods[SSH_KEX]);
Packit Service 31306d 
        assert_string_equal(session->opts.wanted_methods[SSH_KEX], KEXALGORITHMS);
Packit Service 31306d 
        assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]);
Packit Service 31306d 
        assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
Packit Service 31306d 
        assert_non_null(session->opts.pubkey_accepted_types);
Packit Service 31306d 
        assert_string_equal(session->opts.pubkey_accepted_types, PUBKEYACCEPTEDTYPES);
Packit Service 31306d 
        assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
Packit Service 31306d 
        assert_string_equal(session->opts.wanted_methods[SSH_MAC_C_S], MACS);
Packit Service 31306d 
        assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
Packit Service 31306d 
        assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], MACS);
Packit Service 31306d 
    }
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief tests ssh_config_parse_file with multiple Port settings.
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_double_ports(void **state) {
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG4);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
static void torture_config_glob(void **state) {
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int ret;
Packit Service 31306d 
#if defined(HAVE_GLOB) && defined(HAVE_GLOB_GL_FLAGS_MEMBER)
Packit Service 31306d 
    char *v;
Packit Service 31306d 
#endif /* HAVE_GLOB && HAVE_GLOB_GL_FLAGS_MEMBER */
Packit Service 31306d
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG5);
Packit Service 31306d 
    assert_true(ret == 0); /* non-existing files should not error */
Packit Service 31306d
Packit Service 31306d 
    /* Test the variable presence */
Packit Service 31306d
Packit Service 31306d 
#if defined(HAVE_GLOB) && defined(HAVE_GLOB_GL_FLAGS_MEMBER)
Packit Service 31306d 
    ret = ssh_options_get(session, SSH_OPTIONS_PROXYCOMMAND, &v);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_non_null(v);
Packit Service 31306d
Packit Service 31306d 
    assert_string_equal(v, PROXYCMD);
Packit Service 31306d 
    SSH_STRING_FREE_CHAR(v);
Packit Service 31306d
Packit Service 31306d 
    ret = ssh_options_get(session, SSH_OPTIONS_IDENTITY, &v);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_non_null(v);
Packit Service 31306d
Packit Service 31306d 
    assert_string_equal(v, ID_FILE);
Packit Service 31306d 
    SSH_STRING_FREE_CHAR(v);
Packit Service 31306d 
#endif /* HAVE_GLOB && HAVE_GLOB_GL_FLAGS_MEMBER */
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief Verify the new options are passed from configuration
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_new(void **state)
Packit Service 31306d 
{
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int ret = 0;
Packit Service 31306d
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG7);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d
Packit Service 31306d 
    assert_string_equal(session->opts.knownhosts, USER_KNOWN_HOSTS);
Packit Service 31306d 
    assert_string_equal(session->opts.global_knownhosts, GLOBAL_KNOWN_HOSTS);
Packit Service 31306d 
    assert_int_equal(session->opts.timeout, 30);
Packit Service 31306d 
    assert_string_equal(session->opts.bindaddr, BIND_ADDRESS);
Packit Service 31306d 
#ifdef WITH_ZLIB
Packit Service 31306d 
    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
Packit Service 31306d 
                        "zlib@openssh.com,zlib");
Packit Service 31306d 
    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
Packit Service 31306d 
                        "zlib@openssh.com,zlib");
Packit Service 31306d 
#else
Packit Service 31306d 
    assert_null(session->opts.wanted_methods[SSH_COMP_C_S]);
Packit Service 31306d 
    assert_null(session->opts.wanted_methods[SSH_COMP_S_C]);
Packit Service 31306d 
#endif /* WITH_ZLIB */
Packit Service 31306d 
    assert_int_equal(session->opts.StrictHostKeyChecking, 0);
Packit Service 31306d 
    assert_int_equal(session->opts.gss_delegate_creds, 1);
Packit Service 31306d 
    assert_string_equal(session->opts.gss_server_identity, "example.com");
Packit Service 31306d 
    assert_string_equal(session->opts.gss_client_identity, "home.sweet");
Packit Service 31306d
Packit Service 31306d 
    assert_int_equal(ssh_get_log_level(), SSH_LOG_TRACE);
Packit Service 31306d 
    assert_int_equal(session->common.log_verbosity, SSH_LOG_TRACE);
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief Verify the authentication methods from configuration are effective
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_auth_methods(void **state) {
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int ret = 0;
Packit Service 31306d
Packit Service 31306d 
    /* gradually disable all the methods based on different hosts */
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "nogss");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_false(session->opts.flags & SSH_OPT_FLAG_GSSAPI_AUTH);
Packit Service 31306d 
    assert_true(session->opts.flags & SSH_OPT_FLAG_KBDINT_AUTH);
Packit Service 31306d
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "nokbd");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_false(session->opts.flags & SSH_OPT_FLAG_KBDINT_AUTH);
Packit Service 31306d
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "nopass");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_false(session->opts.flags & SSH_OPT_FLAG_PASSWORD_AUTH);
Packit Service 31306d
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "nopubkey");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_false(session->opts.flags & SSH_OPT_FLAG_PUBKEY_AUTH);
Packit Service 31306d
Packit Service 31306d 
    /* no method should be left enabled */
Packit Service 31306d 
    assert_int_equal(session->opts.flags, 0);
Packit Service 31306d
Packit Service 31306d 
    /* gradually enable them again */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "gss");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_true(session->opts.flags & SSH_OPT_FLAG_GSSAPI_AUTH);
Packit Service 31306d 
    assert_false(session->opts.flags & SSH_OPT_FLAG_KBDINT_AUTH);
Packit Service 31306d
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "kbd");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_true(session->opts.flags & SSH_OPT_FLAG_KBDINT_AUTH);
Packit Service 31306d
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "pass");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_true(session->opts.flags & SSH_OPT_FLAG_PASSWORD_AUTH);
Packit Service 31306d
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "pubkey");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG8);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    assert_true(session->opts.flags & SSH_OPT_FLAG_PUBKEY_AUTH);
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief Verify the configuration parser does not choke on unknown
Packit Service 31306d 
 * or unsupported configuration options
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_unknown(void **state) {
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int ret = 0;
Packit Service 31306d
Packit Service 31306d 
    /* test corner cases */
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG9);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, "/etc/ssh/ssh_config");
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, GLOBAL_CLIENT_CONFIG);
Packit Service 31306d 
    assert_true(ret == 0);
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief Verify the configuration parser accepts Match keyword with
Packit Service 31306d 
 * full OpenSSH syntax.
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_match(void **state)
Packit Service 31306d 
{
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    char *localuser = NULL;
Packit Service 31306d 
    char config[1024];
Packit Service 31306d 
    int ret = 0;
Packit Service 31306d
Packit Service 31306d 
    /* Without any settings we should get all-matched.com hostname */
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "unmatched");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "all-matched.com");
Packit Service 31306d
Packit Service 31306d 
    /* Hostname example does simple hostname matching */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "example");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "example.com");
Packit Service 31306d
Packit Service 31306d 
    /* We can match also both hosts from a comma separated list */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "example1");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "exampleN");
Packit Service 31306d
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "example2");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "exampleN");
Packit Service 31306d
Packit Service 31306d 
    /* We can match by user */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_USER, "guest");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "guest.com");
Packit Service 31306d
Packit Service 31306d 
    /* We can combine two options on a single line to match both of them */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_USER, "tester");
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "testhost");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "testhost.com");
Packit Service 31306d
Packit Service 31306d 
    /* We can also negate conditions */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_USER, "not-tester");
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "testhost");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "nonuser-testhost.com");
Packit Service 31306d
Packit Service 31306d 
    /* Match final is not completely supported, but should do quite much the
Packit Service 31306d 
     * same as "match all". The trailing "all" is not mandatory. */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match final all\n"
Packit Service 31306d 
                       "\tHostName final-all.com\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "final-all.com");
Packit Service 31306d
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match final\n"
Packit Service 31306d 
                       "\tHostName final.com\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "final.com");
Packit Service 31306d
Packit Service 31306d 
    /* Match canonical is not completely supported, but should do quite much the
Packit Service 31306d 
     * same as "match all". The trailing "all" is not mandatory. */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match canonical all\n"
Packit Service 31306d 
                       "\tHostName canonical-all.com\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "canonical-all.com");
Packit Service 31306d
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match canonical all\n"
Packit Service 31306d 
                       "\tHostName canonical.com\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "canonical.com");
Packit Service 31306d
Packit Service 31306d 
    localuser = ssh_get_local_username();
Packit Service 31306d 
    assert_non_null(localuser);
Packit Service 31306d 
    snprintf(config, sizeof(config),
Packit Service 31306d 
             "Match localuser %s\n"
Packit Service 31306d 
             "\tHostName otherhost\n"
Packit Service 31306d 
             "", localuser);
Packit Service 31306d 
    free(localuser);
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10, config);
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.host, "otherhost");
Packit Service 31306d
Packit Service 31306d 
    /* Try to create some invalid configurations */
Packit Service 31306d 
    /* Missing argument to Match*/
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match\n"
Packit Service 31306d 
                       "\tHost missing.com\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing argument to unsupported option originalhost */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match originalhost\n"
Packit Service 31306d 
                       "\tHost originalhost.com\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing argument to option localuser */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match localuser\n"
Packit Service 31306d 
                       "\tUser localuser2\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing argument to option user */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match user\n"
Packit Service 31306d 
                       "\tUser user2\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing argument to option host */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match host\n"
Packit Service 31306d 
                       "\tUser host2\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing argument to unsupported option exec */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG10,
Packit Service 31306d 
                       "Match exec\n"
Packit Service 31306d 
                       "\tUser exec\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG10);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief Verify we can parse ProxyJump configuration option
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_proxyjump(void **state) {
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int ret = 0;
Packit Service 31306d
Packit Service 31306d 
    /* Simplest version with just a hostname */
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "simple");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.ProxyCommand, "ssh -W [%h]:%p jumpbox");
Packit Service 31306d
Packit Service 31306d 
    /* With username */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "user");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.ProxyCommand,
Packit Service 31306d 
                        "ssh -l user -W [%h]:%p jumpbox");
Packit Service 31306d
Packit Service 31306d 
    /* With port */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "port");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.ProxyCommand,
Packit Service 31306d 
                        "ssh -p 2222 -W [%h]:%p jumpbox");
Packit Service 31306d
Packit Service 31306d 
    /* Two step jump */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "two-step");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.ProxyCommand,
Packit Service 31306d 
                        "ssh -l u1 -p 222 -J u2@second:33 -W [%h]:%p first");
Packit Service 31306d
Packit Service 31306d 
    /* none */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "none");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_true(session->opts.ProxyCommand == NULL);
Packit Service 31306d
Packit Service 31306d 
    /* If also ProxyCommand is specifed, the first is applied */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "only-command");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.ProxyCommand, PROXYCMD);
Packit Service 31306d
Packit Service 31306d 
    /* If also ProxyCommand is specifed, the first is applied */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "only-jump");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.ProxyCommand,
Packit Service 31306d 
                        "ssh -W [%h]:%p jumpbox");
Packit Service 31306d
Packit Service 31306d 
    /* IPv6 address */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "ipv6");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_string_equal(session->opts.ProxyCommand,
Packit Service 31306d 
                        "ssh -W [%h]:%p 2620:52:0::fed");
Packit Service 31306d
Packit Service 31306d 
    /* Try to create some invalid configurations */
Packit Service 31306d 
    /* Non-numeric port */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host bad-port\n"
Packit Service 31306d 
                       "\tProxyJump jumpbox:22bad22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Too many @ */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host bad-hostname\n"
Packit Service 31306d 
                       "\tProxyJump user@principal.com@jumpbox:22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Braces mismatch in hostname */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host mismatch\n"
Packit Service 31306d 
                       "\tProxyJump [::1\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "mismatch");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Bad host-port separator */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host beef\n"
Packit Service 31306d 
                       "\tProxyJump [dead::beef]::22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "beef");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing hostname */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host no-host\n"
Packit Service 31306d 
                       "\tProxyJump user@:22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "no-host");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing user */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host no-user\n"
Packit Service 31306d 
                       "\tProxyJump @host:22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "no-user");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing port */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host no-port\n"
Packit Service 31306d 
                       "\tProxyJump host:\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "no-port");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Non-numeric port in second jump */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host bad-port-2\n"
Packit Service 31306d 
                       "\tProxyJump localhost,jumpbox:22bad22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port-2");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Too many @ in second jump */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host bad-hostname\n"
Packit Service 31306d 
                       "\tProxyJump localhost,user@principal.com@jumpbox:22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Braces mismatch in second jump */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host mismatch\n"
Packit Service 31306d 
                       "\tProxyJump localhost,[::1:20\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "mismatch");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Bad host-port separator in second jump */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host beef\n"
Packit Service 31306d 
                       "\tProxyJump localhost,[dead::beef]::22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "beef");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing hostname in second jump */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host no-host\n"
Packit Service 31306d 
                       "\tProxyJump localhost,user@:22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "no-host");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing user in second jump */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host no-user\n"
Packit Service 31306d 
                       "\tProxyJump localhost,@host:22\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "no-user");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d
Packit Service 31306d 
    /* Missing port in second jump */
Packit Service 31306d 
    torture_write_file(LIBSSH_TESTCONFIG11,
Packit Service 31306d 
                       "Host no-port\n"
Packit Service 31306d 
                       "\tProxyJump localhost,host:\n"
Packit Service 31306d 
                       "");
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "no-port");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
Packit Service 31306d 
    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief Verify the configuration parser handles all the possible
Packit Service 31306d 
 * versions of RekeyLimit configuration option.
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_rekey(void **state)
Packit Service 31306d 
{
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int ret = 0;
Packit Service 31306d
Packit Service 31306d 
    /* Default values */
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "default");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_data, 0);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_time, 0);
Packit Service 31306d
Packit Service 31306d 
    /* 42 GB */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "data1");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_data, (uint64_t) 42 * 1024 * 1024 * 1024);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_time, 0);
Packit Service 31306d
Packit Service 31306d 
    /* 41 MB */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "data2");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_data, 31 * 1024 * 1024);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_time, 0);
Packit Service 31306d
Packit Service 31306d 
    /* 521 KB */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "data3");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_data, 521 * 1024);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_time, 0);
Packit Service 31306d
Packit Service 31306d 
    /* default 3D */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "time1");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_data, 0);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_time, 3 * 24 * 60 * 60 * 1000);
Packit Service 31306d
Packit Service 31306d 
    /* default 2h */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "time2");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_data, 0);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_time, 2 * 60 * 60 * 1000);
Packit Service 31306d
Packit Service 31306d 
    /* default 160m */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "time3");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_data, 0);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_time, 160 * 60 * 1000);
Packit Service 31306d
Packit Service 31306d 
    /* default 9600 [s] */
Packit Service 31306d 
    torture_reset_config(session);
Packit Service 31306d 
    ssh_options_set(session, SSH_OPTIONS_HOST, "time4");
Packit Service 31306d 
    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG12);
Packit Service 31306d 
    assert_ssh_return_code(session, ret);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_data, 0);
Packit Service 31306d 
    assert_int_equal(session->opts.rekey_time, 9600 * 1000);
Packit Service 31306d
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/**
Packit Service 31306d 
 * @brief test ssh_config_parse_file with PubkeyAcceptedKeyTypes
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_pubkeyacceptedkeytypes(void **state)
Packit Service 31306d 
{
Packit Service 31306d 
    ssh_session session = *state;
Packit Service 31306d 
    int rc;
Packit Service 31306d 
    char *fips_algos;
Packit Service 31306d
Packit Service 31306d 
    rc = ssh_config_parse_file(session, LIBSSH_TEST_PUBKEYACCEPTEDKEYTYPES);
Packit Service 31306d 
    assert_int_equal(rc, SSH_OK);
Packit Service 31306d
Packit Service 31306d 
    if (ssh_fips_mode()) {
Packit Service 31306d 
        fips_algos = ssh_keep_fips_algos(SSH_HOSTKEYS, PUBKEYACCEPTEDTYPES);
Packit Service 31306d 
        assert_non_null(fips_algos);
Packit Service 31306d 
        assert_string_equal(session->opts.pubkey_accepted_types, fips_algos);
Packit Service 31306d 
        SAFE_FREE(fips_algos);
Packit Service 31306d 
    } else {
Packit Service 31306d 
        assert_string_equal(session->opts.pubkey_accepted_types, PUBKEYACCEPTEDTYPES);
Packit Service 31306d 
    }
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d 
/* match_pattern() sanity tests
Packit Service 31306d 
 */
Packit Service 31306d 
static void torture_config_match_pattern(void **state)
Packit Service 31306d 
{
Packit Service 31306d 
    int rv = 0;
Packit Service 31306d
Packit Service 31306d 
    (void) state;
Packit Service 31306d
Packit Service 31306d 
    /* Simple test "a" matches "a" */
Packit Service 31306d 
    rv = match_pattern("a", "a", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d
Packit Service 31306d 
    /* Simple test "a" does not match "b" */
Packit Service 31306d 
    rv = match_pattern("a", "b", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d
Packit Service 31306d 
    /* NULL arguments are correctly handled */
Packit Service 31306d 
    rv = match_pattern("a", NULL, MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d 
    rv = match_pattern(NULL, "a", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d
Packit Service 31306d 
    /* Simple wildcard ? is handled in pattern */
Packit Service 31306d 
    rv = match_pattern("a", "?", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("aa", "?", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d 
    rv = match_pattern("?", "a", MAX_MATCH_RECURSION); /* Wildcard in search string */
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d 
    rv = match_pattern("?", "?", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d
Packit Service 31306d 
    /* Simple wildcard * is handled in pattern */
Packit Service 31306d 
    rv = match_pattern("a", "*", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("aa", "*", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("*", "a", MAX_MATCH_RECURSION); /* Wildcard in search string */
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d 
    rv = match_pattern("*", "*", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d
Packit Service 31306d 
    /* More complicated patterns */
Packit Service 31306d 
    rv = match_pattern("a", "*a", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("a", "a*", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("abababc", "*abc", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("ababababca", "*abc", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d 
    rv = match_pattern("ababababca", "*abc*", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d
Packit Service 31306d 
    /* Multiple wildcards in row */
Packit Service 31306d 
    rv = match_pattern("aa", "??", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("bba", "??a", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("aaa", "**a", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("bbb", "**a", MAX_MATCH_RECURSION);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d
Packit Service 31306d 
    /* Consecutive asterisks do not make sense and do not need to recurse */
Packit Service 31306d 
    rv = match_pattern("hostname", "**********pattern", 5);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d 
    rv = match_pattern("hostname", "pattern**********", 5);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d 
    rv = match_pattern("pattern", "***********pattern", 5);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d 
    rv = match_pattern("pattern", "pattern***********", 5);
Packit Service 31306d 
    assert_int_equal(rv, 1);
Packit Service 31306d
Packit Service 31306d 
    /* Limit the maximum recursion */
Packit Service 31306d 
    rv = match_pattern("hostname", "*p*a*t*t*e*r*n*", 5);
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d 
    rv = match_pattern("pattern", "*p*a*t*t*e*r*n*", 5); /* Too much recursion */
Packit Service 31306d 
    assert_int_equal(rv, 0);
Packit Service 31306d
Packit Service 31306d 
}
Packit Service 31306d
Packit Service 31306d
Packit Service 31306d 
int torture_run_tests(void) {
Packit Service 31306d 
    int rc;
Packit Service 31306d 
    struct CMUnitTest tests[] = {
Packit Service 31306d 
        cmocka_unit_test(torture_config_from_file),
Packit Service 31306d 
        cmocka_unit_test(torture_config_double_ports),
Packit Service 31306d 
        cmocka_unit_test(torture_config_glob),
Packit Service 31306d 
        cmocka_unit_test(torture_config_new),
Packit Service 31306d 
        cmocka_unit_test(torture_config_auth_methods),
Packit Service 31306d 
        cmocka_unit_test(torture_config_unknown),
Packit Service 31306d 
        cmocka_unit_test(torture_config_match),
Packit Service 31306d 
        cmocka_unit_test(torture_config_proxyjump),
Packit Service 31306d 
        cmocka_unit_test(torture_config_rekey),
Packit Service 31306d 
        cmocka_unit_test(torture_config_pubkeyacceptedkeytypes),
Packit Service 31306d 
        cmocka_unit_test(torture_config_match_pattern),
Packit Service 31306d 
    };
Packit Service 31306d
Packit Service 31306d
Packit Service 31306d 
    ssh_init();
Packit Service 31306d 
    torture_filter_tests(tests);
Packit Service 31306d 
    rc = cmocka_run_group_tests(tests, setup_config_files, teardown);
Packit Service 31306d 
    ssh_finalize();
Packit Service 31306d 
    return rc;
Packit Service 31306d 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation