Home | History | Annotate | Download | only in regress 
      1 #	$OpenBSD: connect-privsep.sh,v 1.8 2016/11/01 13:43:27 tb Exp $
      2 #	Placed in the Public Domain.
      3 
      4 tid="proxy connect with privsep"
      5 
      6 cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
      7 echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy
      8 
      9 for p in ${SSH_PROTOCOLS}; do
     10 	${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
     11 	if [ $? -ne 0 ]; then
     12 		fail "ssh privsep+proxyconnect protocol $p failed"
     13 	fi
     14 done
     15 
     16 cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
     17 echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy
     18 
     19 for p in ${SSH_PROTOCOLS}; do
     20 	${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
     21 	if [ $? -ne 0 ]; then
     22 		# XXX replace this with fail once sandbox has stabilised
     23 		warn "ssh privsep/sandbox+proxyconnect protocol $p failed"
     24 	fi
     25 done
     26 
     27 # Because sandbox is sensitive to changes in libc, especially malloc, retest
     28 # with every malloc.conf option (and none).
     29 if [ -z "TEST_MALLOC_OPTIONS" ]; then
     30 	mopts="C F G J R S U X < >"
     31 else
     32 	mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'`
     33 fi
     34 for m in '' $mopts ; do
     35     for p in ${SSH_PROTOCOLS}; do
     36 	env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
     37 	if [ $? -ne 0 ]; then
     38 		fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed"
     39 	fi
     40     done
     41 done
     42