1323134Sdes# $OpenBSD: connect-privsep.sh,v 1.8 2016/11/01 13:43:27 tb Exp $ 298937Sdes# Placed in the Public Domain. 398937Sdes 498937Sdestid="proxy connect with privsep" 598937Sdes 6225825Sdescp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig 798937Sdesecho 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy 898937Sdes 9294332Sdesfor p in ${SSH_PROTOCOLS}; do 1098937Sdes ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 1198937Sdes if [ $? -ne 0 ]; then 1298937Sdes fail "ssh privsep+proxyconnect protocol $p failed" 1398937Sdes fi 1498937Sdesdone 15225825Sdes 16225825Sdescp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy 17225825Sdesecho 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy 18225825Sdes 19294332Sdesfor p in ${SSH_PROTOCOLS}; do 20225825Sdes ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 21225825Sdes if [ $? -ne 0 ]; then 22225825Sdes # XXX replace this with fail once sandbox has stabilised 23225825Sdes warn "ssh privsep/sandbox+proxyconnect protocol $p failed" 24225825Sdes fi 25225825Sdesdone 26239849Sdes 27239849Sdes# Because sandbox is sensitive to changes in libc, especially malloc, retest 28239849Sdes# with every malloc.conf option (and none). 29323129Sdesif [ -z "TEST_MALLOC_OPTIONS" ]; then 30323134Sdes mopts="C F G J R S U X < >" 31323129Sdeselse 32323129Sdes mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` 33323129Sdesfi 34323129Sdesfor m in '' $mopts ; do 35294332Sdes for p in ${SSH_PROTOCOLS}; do 36239849Sdes env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 37239849Sdes if [ $? -ne 0 ]; then 38239849Sdes fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed" 39239849Sdes fi 40239849Sdes done 41239849Sdesdone 42