1258945Sroberto#	$OpenBSD: match-subsystem.sh,v 1.1 2023/09/06 23:36:09 djm Exp $
2280849Scy#	Placed in the Public Domain.
3258945Sroberto
4258945Srobertotid="sshd_config match subsystem"
5258945Sroberto
6258945Srobertocp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
7258945Sroberto
8258945Srobertotry_subsystem() {
9258945Sroberto	_id=$1
10258945Sroberto	_subsystem=$2
11258945Sroberto	_expect=$3
12258945Sroberto	${SSHD} -tf $OBJ/sshd_proxy || fatal "$_id: bad config"
13258945Sroberto	${SSH} -sF $OBJ/ssh_proxy somehost $_subsystem
14258945Sroberto	_exit=$?
15258945Sroberto	trace "$_id subsystem $_subsystem"
16258945Sroberto	if [ $_exit -ne $_expect ] ; then
17258945Sroberto		fail "$_id: subsystem $_subsystem exit $_exit expected $_expect"
18280849Scy	fi
19258945Sroberto	return $?
20258945Sroberto}
21258945Sroberto
22258945Sroberto# Simple case: subsystem in main config.
23258945Srobertocp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
24258945Srobertocat >> $OBJ/sshd_proxy << _EOF
25258945SrobertoSubsystem xxx /bin/sh -c "exit 23"
26258945Sroberto_EOF
27258945Srobertotry_subsystem "main config" xxx 23
28258945Sroberto
29258945Sroberto# No clobber in main config.
30258945Srobertocp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
31258945Srobertocat >> $OBJ/sshd_proxy << _EOF
32258945SrobertoSubsystem xxx /bin/sh -c "exit 23"
33258945SrobertoSubsystem xxx /bin/sh -c "exit 24"
34258945Sroberto_EOF
35258945Srobertotry_subsystem "main config no clobber" xxx 23
36258945Sroberto
37258945Sroberto# Subsystem in match all block
38258945Srobertocp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
39258945Srobertocat >> $OBJ/sshd_proxy << _EOF
40258945SrobertoMatch all
41258945SrobertoSubsystem xxx /bin/sh -c "exit 21"
42258945Sroberto_EOF
43258945Srobertotry_subsystem "match all" xxx 21
44258945Sroberto
45258945Sroberto# No clobber in match all block
46258945Srobertocp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
47258945Srobertocat >> $OBJ/sshd_proxy << _EOF
48258945SrobertoMatch all
49258945SrobertoSubsystem xxx /bin/sh -c "exit 21"
50258945SrobertoSubsystem xxx /bin/sh -c "exit 24"
51258945Sroberto_EOF
52258945Srobertotry_subsystem "match all no clobber" xxx 21
53258945Sroberto
54258945Sroberto# Subsystem in match user block
55258945Srobertocp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
56258945Srobertocat >> $OBJ/sshd_proxy << _EOF
57258945SrobertoMatch user *
58258945SrobertoSubsystem xxx /bin/sh -c "exit 20"
59258945Sroberto_EOF
60258945Srobertotry_subsystem "match user" xxx 20
61258945Sroberto
62258945Sroberto# No clobber in match user block
63258945Srobertocp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
64258945Srobertocat >> $OBJ/sshd_proxy << _EOF
65258945SrobertoMatch user *
66258945SrobertoSubsystem xxx /bin/sh -c "exit 20"
67258945SrobertoSubsystem xxx /bin/sh -c "exit 24"
68258945SrobertoMatch all
69258945SrobertoSubsystem xxx /bin/sh -c "exit 24"
70258945Sroberto_EOF
71258945Srobertotry_subsystem "match user no clobber" xxx 20
72258945Sroberto
73258945Sroberto# Override main with match all
74258945Srobertocp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
75258945Srobertocat >> $OBJ/sshd_proxy << _EOF
76258945SrobertoSubsystem xxx /bin/sh -c "exit 23"
77258945SrobertoMatch all
78258945SrobertoSubsystem xxx /bin/sh -c "exit 19"
79258945Sroberto_EOF
80258945Srobertotry_subsystem "match all override" xxx 19
81258945Sroberto
82258945Sroberto# Override main with match user
83258945Srobertocp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
84258945Srobertocat >> $OBJ/sshd_proxy << _EOF
85258945SrobertoSubsystem xxx /bin/sh -c "exit 23"
86258945SrobertoMatch user *
87258945SrobertoSubsystem xxx /bin/sh -c "exit 18"
88258945Sroberto_EOF
89258945Srobertotry_subsystem "match user override" xxx 18
90258945Sroberto
91258945Sroberto