From 87704b773654470508de1dc9570914cad168ccf9 Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Sat, 15 May 2021 18:13:04 +0200 Subject: SSH config: fix negated patterns Negated patterns were handled wrongly. According to the OpenBSD ssh_config man page,[1] a negated pattern never matches. Negated patterns make only sense if there are positive patterns; the negated pattern then can define exceptions for the positive patterns. OpenSshConfigFile did this wrongly. It handled "!foo" as "matching everything but foo", but actually the semantics is "if the input is "foo", this entry doesn't apply. If the input is anything else, other patterns determine whether the entry may apply.". [1] https://man.openbsd.org/ssh_config Change-Id: I50f6e46581b7ece4c949eddf62f4a265573ec29e Signed-off-by: Thomas Wolf --- .../eclipse/jgit/transport/OpenSshConfigTest.java | 57 +++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) (limited to 'org.eclipse.jgit.ssh.jsch.test/tst') diff --git a/org.eclipse.jgit.ssh.jsch.test/tst/org/eclipse/jgit/transport/OpenSshConfigTest.java b/org.eclipse.jgit.ssh.jsch.test/tst/org/eclipse/jgit/transport/OpenSshConfigTest.java index 4be2271a8c..82109582f5 100644 --- a/org.eclipse.jgit.ssh.jsch.test/tst/org/eclipse/jgit/transport/OpenSshConfigTest.java +++ b/org.eclipse.jgit.ssh.jsch.test/tst/org/eclipse/jgit/transport/OpenSshConfigTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2017 Google Inc. and others + * Copyright (C) 2008, 2021 Google Inc. and others * * This program and the accompanying materials are made available under the * terms of the Eclipse Distribution License v. 1.0 which is available at @@ -517,4 +517,59 @@ public class OpenSshConfigTest extends RepositoryTestCase { assertEquals("/tmp/${TST_VAR/bar", c.getValue(SshConstants.IDENTITY_AGENT)); } + + @Test + public void testNegativeMatch() throws Exception { + config("Host foo.bar !foobar.baz *.baz\n" + "Port 29418\n"); + Host h = osc.lookup("foo.bar"); + assertNotNull(h); + assertEquals(29418, h.getPort()); + h = osc.lookup("foobar.baz"); + assertNotNull(h); + assertEquals(22, h.getPort()); + h = osc.lookup("foo.baz"); + assertNotNull(h); + assertEquals(29418, h.getPort()); + } + + @Test + public void testNegativeMatch2() throws Exception { + // Negative match after the positive match. + config("Host foo.bar *.baz !foobar.baz\n" + "Port 29418\n"); + Host h = osc.lookup("foo.bar"); + assertNotNull(h); + assertEquals(29418, h.getPort()); + h = osc.lookup("foobar.baz"); + assertNotNull(h); + assertEquals(22, h.getPort()); + h = osc.lookup("foo.baz"); + assertNotNull(h); + assertEquals(29418, h.getPort()); + } + + @Test + public void testNoMatch() throws Exception { + config("Host !host1 !host2\n" + "Port 29418\n"); + Host h = osc.lookup("host1"); + assertNotNull(h); + assertEquals(22, h.getPort()); + h = osc.lookup("host2"); + assertNotNull(h); + assertEquals(22, h.getPort()); + h = osc.lookup("host3"); + assertNotNull(h); + assertEquals(22, h.getPort()); + } + + @Test + public void testMultipleMatch() throws Exception { + config("Host foo.bar\nPort 29418\nIdentityFile /foo\n\n" + + "Host *.bar\nPort 22\nIdentityFile /bar\n" + + "Host foo.bar\nPort 47\nIdentityFile /baz\n"); + Host h = osc.lookup("foo.bar"); + assertNotNull(h); + assertEquals(29418, h.getPort()); + assertArrayEquals(new Object[] { "/foo", "/bar", "/baz" }, + h.getConfig().getValues("IdentityFile")); + } } -- cgit v1.2.3