1239849Sdes# $OpenBSD: connect-privsep.sh,v 1.4 2012/07/02 14:37:06 dtucker Exp $ 298937Sdes# Placed in the Public Domain. 398937Sdes 498937Sdestid="proxy connect with privsep" 598937Sdes 6225825Sdescp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig 798937Sdesecho 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy 898937Sdes 998937Sdesfor p in 1 2; do 1098937Sdes ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 1198937Sdes if [ $? -ne 0 ]; then 1298937Sdes fail "ssh privsep+proxyconnect protocol $p failed" 1398937Sdes fi 1498937Sdesdone 15225825Sdes 16225825Sdescp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy 17225825Sdesecho 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy 18225825Sdes 19225825Sdesfor p in 1 2; do 20225825Sdes ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 21225825Sdes if [ $? -ne 0 ]; then 22225825Sdes # XXX replace this with fail once sandbox has stabilised 23225825Sdes warn "ssh privsep/sandbox+proxyconnect protocol $p failed" 24225825Sdes fi 25225825Sdesdone 26239849Sdes 27239849Sdes# Because sandbox is sensitive to changes in libc, especially malloc, retest 28239849Sdes# with every malloc.conf option (and none). 29239849Sdesfor m in '' A F G H J P R S X Z '<' '>'; do 30239849Sdes for p in 1 2; do 31239849Sdes env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 32239849Sdes if [ $? -ne 0 ]; then 33239849Sdes fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed" 34239849Sdes fi 35239849Sdes done 36239849Sdesdone 37