upstream: unit tests for new authorized_keys options API
OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
This commit is contained in:
parent
dc3e92df17
commit
de1920d743
regress/unittests
Makefile
authopt
|
@ -1,6 +1,7 @@
|
|||
# $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $
|
||||
# $OpenBSD: Makefile,v 1.10 2018/03/03 03:16:17 djm Exp $
|
||||
|
||||
REGRESS_FAIL_EARLY?= yes
|
||||
SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
|
||||
SUBDIR+=authopt
|
||||
|
||||
.include <bsd.subdir.mk>
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOv/h7mJS1WkRHukSvqPwKDiNVrcib/VqBLpbHW6xjWCAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQNe1XDN+J4Eb82TH5J5sYypcabocufjTFRfpU57K+csRP41Yo1FCSEWx95ilUuNvK9Iv3yFDOeVPzdqRqzWoHwE= user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILFEJyunlz9scYU3mwbOEJoSSkeO1z20uNBw13tEn+lJAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAHwAAAA5zb3VyY2UtYWRkcmVzcwAAAAkAAAAFeHh4eHgAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEA5xY/OEAJ3tgg8/KJqaBR5KMdYYRDiMJ6u4VKS9lQOV1HJQvDDvjj3F5k53BIqTJRVQx242YWs+B3C4db/uLgB user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJkpCeqaVl6qnp7qa90KehAmHFecx3HW8HZQ22KEqeKBAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAHAAAAA1mb3JjZS1jb21tYW5kAAAABwAAAANmb28AAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEAxbhjgbXvfEumRP1E7VH8nUfuJyVlDChhCxiPg9Nvb9PFK8cHdDUEybDCzKCsIDieRc3mtLTyEu7Kb52va/B4C user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFWMw3ftP29RSefnxQwdvK1KiE2G9Y7rPRrJ7ZsrDiOeAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAACAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAKTMqwPkaBg23RS7/aj347dc2kY4bWt/sHwzREYSrKRqZ5RNBnSvZOQ8m5euMCEuf92bZ8VJEdF653jRiW6VoBA== user key
|
|
@ -0,0 +1,48 @@
|
|||
#/bin/sh
|
||||
|
||||
set -xe
|
||||
|
||||
rm -f ca_key ca_key.pub
|
||||
rm -f user_key user_key.pub
|
||||
rm -f *.cert
|
||||
|
||||
ssh-keygen -q -f ca_key -t ed25519 -C CA -N ''
|
||||
ssh-keygen -q -f user_key -t ed25519 -C "user key" -N ''
|
||||
|
||||
sign() {
|
||||
output=$1
|
||||
shift
|
||||
set -xe
|
||||
ssh-keygen -q -s ca_key -I user -n user \
|
||||
-V 19990101:19991231 -z 1 "$@" user_key.pub
|
||||
mv user_key-cert.pub "$output"
|
||||
}
|
||||
|
||||
sign all_permit.cert -Opermit-agent-forwarding -Opermit-port-forwarding \
|
||||
-Opermit-pty -Opermit-user-rc -Opermit-X11-forwarding
|
||||
sign no_permit.cert -Oclear
|
||||
|
||||
sign no_agentfwd.cert -Ono-agent-forwarding
|
||||
sign no_portfwd.cert -Ono-port-forwarding
|
||||
sign no_pty.cert -Ono-pty
|
||||
sign no_user_rc.cert -Ono-user-rc
|
||||
sign no_x11fwd.cert -Ono-X11-forwarding
|
||||
|
||||
sign only_agentfwd.cert -Oclear -Opermit-agent-forwarding
|
||||
sign only_portfwd.cert -Oclear -Opermit-port-forwarding
|
||||
sign only_pty.cert -Oclear -Opermit-pty
|
||||
sign only_user_rc.cert -Oclear -Opermit-user-rc
|
||||
sign only_x11fwd.cert -Oclear -Opermit-X11-forwarding
|
||||
|
||||
sign force_command.cert -Oforce-command="foo"
|
||||
sign sourceaddr.cert -Osource-address="127.0.0.1/32,::1/128"
|
||||
|
||||
# ssh-keygen won't permit generation of certs with invalid source-address
|
||||
# values, so we do it as a custom extension.
|
||||
sign bad_sourceaddr.cert -Ocritical:source-address=xxxxx
|
||||
|
||||
sign unknown_critical.cert -Ocritical:blah=foo
|
||||
|
||||
sign host.cert -h
|
||||
|
||||
rm -f user_key ca_key user_key.pub ca_key.pub
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIL2qEsLCVtKaBkbCrZicxbPUorcHHrQ8yw5h/26krTOlAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGMAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAdRhISpol01OwV30g39PM/JD1t35muskX4lyCcGpFQ08GQtBuHE/hABOp6apbGBJIC7CZYYF+uHkD7PfGU3NPAQ== user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGVQtVgp9sD4sc8esIhVWbZaM8d0NxpX3UbEVzTHm9feAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAIKlI0TqqraKjYTjIuKhwoxAV/XnzWRJHq8lNs4aj5yDb84un2xXDF/0vXoLjPgVcLgEbksBKKn0i4whp+xn9Ag== user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIE6gC/QjjuzGWVDkr8ZyaHhja80V+lKLC/MvmEFa+CEBAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGQAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQEzpgckYlfc1BK1ir0reDSXo9OIDx4UoDMrNXrFO6I44NXoJJ4TlUUJH07WcKp/Xp5ESCdyVZtqwgHQxZr0+PwI= user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFFjhISpSDR3blDejuCf2T9Fe4aHW53jG7KOH2PV/E7jAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAHAAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQF5c4BdxVYgqbMGAep414IGFK4deCFBCeNUTOLpKodrfb1M0gS4d2qoeMxZvMv5yMf/viKl/gallHzEmcrEcIQY= user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFUM0VLATkYh05QeS5uuhB1X50NMom3jTWeQUmrPQ1FwAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGwAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAcmJ3c2FCKJL9BCLv1Ij+uN1N+NWZmMXYionsSkv42Go4pMZiH3g8UfTd+OKq9Q7GAcCzGXa///6Dr/wqFssoDA== user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIPRKPAP+b5S+4zihdgoJrYNcMovFBgKZaJupIhN1kUvkAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGUAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECMzj6VDfT+BJmIEo1qUKdr8VDLExF92K7KkbNxTH77n7uip7TL24HDfXjYBCvqxSSn9KAGBhnWsIC/GPx6A+cP user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOvJ28yW5uvA7yxE3ySuyFvPjcRYKAr03CYr4okGTNIFAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB8AAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQEG2uTgmOSk9dJ0s/Ol1EIERXFP9PF6AauF9t5jBMSthNyvSANSrC/1EIaf4TV5kMYfhZxJXoS0XHQjGndcq2AE= user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGPoYoExiSyHMyDEvOFgoNZXk5z91u7xq/7357X23TotAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB4AAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAHN3YnwipcbDKVn+PObGSoaT9rwlau+yrPYZ50oetvCKng3RMjGaV+roqlv0vjjLcxE9J4Y0ti+9MXtQ0D7beBA== user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILvocWYto5Lg7P46YLbe7U4/b2h9Lr5rWqMZ4Cj4ra7RAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAABIAAAAKcGVybWl0LXB0eQAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABASv2xQvp+Y6E8dCf5pzg3MZaan5bl1ToYXNcmQ3ysGrk9Djkcu8m3TytDpF471KmUejxy/iF4xjs9CDpk7h+SBQ== user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJwsRZQ7kx4A8AQ0q/G/3i6sHM48kr4TxJtTcyy3lZAPAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAABYAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQDhgEXsvoHr21XrxmiZq/sIjWeYapp11XvEVkkTBPVhBnPwtrrUeJbPmGs3gmJkQdv8BYajYpT7TXEX8GvEeLwU= user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIDAhZFZBl3eu8Qa8I5BaHCz/mpH8xCjaPusBwo1eJ9OGAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB0AAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDysfgbhniX/zdA8576rrDJpaO2D7QtQse2KWIM9XmREPkLKeP6FKiXKKFcPQiMyV28rptfvK8bBXAiOvITSUgL user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJ54qqoPs87gtjN1aJoLUn7ZTYUtcaGxkzLyJvRkYG7nAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAALgAAAA5zb3VyY2UtYWRkcmVzcwAAABgAAAAUMTI3LjAuMC4xLzMyLDo6MS8xMjgAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEAppSUKQ/a9tw/HgIazWceCO3d48GU7mkV4iQMpWWs2nB1dFryY1GDtZrBggAjMviwmBXyM3jIk5vxJDINZXGQJ user key
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIIjs/wRAB/p5QShSfqoU9cWnCLT3lSveUirk61A27KxVAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAEwAAAARibGFoAAAABwAAAANmb28AAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDix3FV7JIBuHNAwtZOVIqGBq8lqhnEwP51DqPA43qt+Tzynm56EWxuFzgGehBPF3L8gl+fVqxIJmiQ9iHB0LUD user key
|
|
@ -0,0 +1,573 @@
|
|||
/* $OpenBSD: tests.c,v 1.1 2018/03/03 03:16:17 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Regress test for keys options functions.
|
||||
*
|
||||
* Placed in the public domain
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "test_helper.h"
|
||||
|
||||
#include "sshkey.h"
|
||||
#include "authfile.h"
|
||||
#include "auth-options.h"
|
||||
#include "misc.h"
|
||||
#include "log.h"
|
||||
|
||||
static struct sshkey *
|
||||
load_key(const char *name)
|
||||
{
|
||||
struct sshkey *ret;
|
||||
int r;
|
||||
|
||||
r = sshkey_load_public(test_data_file(name), &ret, NULL);
|
||||
ASSERT_INT_EQ(r, 0);
|
||||
ASSERT_PTR_NE(ret, NULL);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static struct sshauthopt *
|
||||
default_authkey_opts(void)
|
||||
{
|
||||
struct sshauthopt *ret = sshauthopt_new();
|
||||
|
||||
ASSERT_PTR_NE(ret, NULL);
|
||||
ret->permit_port_forwarding_flag = 1;
|
||||
ret->permit_agent_forwarding_flag = 1;
|
||||
ret->permit_x11_forwarding_flag = 1;
|
||||
ret->permit_pty_flag = 1;
|
||||
ret->permit_user_rc = 1;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static struct sshauthopt *
|
||||
default_authkey_restrict_opts(void)
|
||||
{
|
||||
struct sshauthopt *ret = sshauthopt_new();
|
||||
|
||||
ASSERT_PTR_NE(ret, NULL);
|
||||
ret->permit_port_forwarding_flag = 0;
|
||||
ret->permit_agent_forwarding_flag = 0;
|
||||
ret->permit_x11_forwarding_flag = 0;
|
||||
ret->permit_pty_flag = 0;
|
||||
ret->permit_user_rc = 0;
|
||||
ret->restricted = 1;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static char **
|
||||
commasplit(const char *s, size_t *np)
|
||||
{
|
||||
char *ocp, *cp, *cp2, **ret = NULL;
|
||||
size_t n;
|
||||
|
||||
ocp = cp = strdup(s);
|
||||
ASSERT_PTR_NE(cp, NULL);
|
||||
for (n = 0; (cp2 = strsep(&cp, ",")) != NULL;) {
|
||||
ret = recallocarray(ret, n, n + 1, sizeof(*ret));
|
||||
ASSERT_PTR_NE(ret, NULL);
|
||||
cp2 = strdup(cp2);
|
||||
ASSERT_PTR_NE(cp2, NULL);
|
||||
ret[n++] = cp2;
|
||||
}
|
||||
free(ocp);
|
||||
*np = n;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
compare_opts(const struct sshauthopt *opts,
|
||||
const struct sshauthopt *expected)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
ASSERT_PTR_NE(opts, NULL);
|
||||
ASSERT_PTR_NE(expected, NULL);
|
||||
ASSERT_PTR_NE(expected, opts); /* bozo :) */
|
||||
|
||||
#define FLAG_EQ(x) ASSERT_INT_EQ(opts->x, expected->x)
|
||||
FLAG_EQ(permit_port_forwarding_flag);
|
||||
FLAG_EQ(permit_agent_forwarding_flag);
|
||||
FLAG_EQ(permit_x11_forwarding_flag);
|
||||
FLAG_EQ(permit_pty_flag);
|
||||
FLAG_EQ(permit_user_rc);
|
||||
FLAG_EQ(restricted);
|
||||
FLAG_EQ(cert_authority);
|
||||
#undef FLAG_EQ
|
||||
|
||||
#define STR_EQ(x) \
|
||||
do { \
|
||||
if (expected->x == NULL) \
|
||||
ASSERT_PTR_EQ(opts->x, expected->x); \
|
||||
else \
|
||||
ASSERT_STRING_EQ(opts->x, expected->x); \
|
||||
} while (0)
|
||||
STR_EQ(cert_principals);
|
||||
STR_EQ(force_command);
|
||||
STR_EQ(required_from_host_cert);
|
||||
STR_EQ(required_from_host_keys);
|
||||
#undef STR_EQ
|
||||
|
||||
#define ARRAY_EQ(nx, x) \
|
||||
do { \
|
||||
ASSERT_SIZE_T_EQ(opts->nx, expected->nx); \
|
||||
if (expected->nx == 0) \
|
||||
break; \
|
||||
for (i = 0; i < expected->nx; i++) \
|
||||
ASSERT_STRING_EQ(opts->x[i], expected->x[i]); \
|
||||
} while (0)
|
||||
ARRAY_EQ(nenv, env);
|
||||
ARRAY_EQ(npermitopen, permitopen);
|
||||
#undef ARRAY_EQ
|
||||
}
|
||||
|
||||
static void
|
||||
test_authkeys_parse(void)
|
||||
{
|
||||
struct sshauthopt *opts, *expected;
|
||||
const char *errstr;
|
||||
|
||||
#define FAIL_TEST(label, keywords) \
|
||||
do { \
|
||||
TEST_START("sshauthopt_parse invalid " label); \
|
||||
opts = sshauthopt_parse(keywords, &errstr); \
|
||||
ASSERT_PTR_EQ(opts, NULL); \
|
||||
ASSERT_PTR_NE(errstr, NULL); \
|
||||
TEST_DONE(); \
|
||||
} while (0)
|
||||
#define CHECK_SUCCESS_AND_CLEANUP() \
|
||||
do { \
|
||||
if (errstr != NULL) \
|
||||
ASSERT_STRING_EQ(errstr, ""); \
|
||||
compare_opts(opts, expected); \
|
||||
sshauthopt_free(expected); \
|
||||
sshauthopt_free(opts); \
|
||||
} while (0)
|
||||
|
||||
/* Basic tests */
|
||||
TEST_START("sshauthopt_parse empty");
|
||||
expected = default_authkey_opts();
|
||||
opts = sshauthopt_parse("", &errstr);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
TEST_START("sshauthopt_parse trailing whitespace");
|
||||
expected = default_authkey_opts();
|
||||
opts = sshauthopt_parse(" ", &errstr);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
TEST_START("sshauthopt_parse restrict");
|
||||
expected = default_authkey_restrict_opts();
|
||||
opts = sshauthopt_parse("restrict", &errstr);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
/* Invalid syntax */
|
||||
FAIL_TEST("trailing comma", "restrict,");
|
||||
FAIL_TEST("bare comma", ",");
|
||||
FAIL_TEST("unknown option", "BLAH");
|
||||
FAIL_TEST("unknown option with trailing comma", "BLAH,");
|
||||
FAIL_TEST("unknown option with trailing whitespace", "BLAH ");
|
||||
|
||||
/* force_tun_device */
|
||||
TEST_START("sshauthopt_parse tunnel explicit");
|
||||
expected = default_authkey_opts();
|
||||
expected->force_tun_device = 1;
|
||||
opts = sshauthopt_parse("tunnel=\"1\"", &errstr);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
TEST_START("sshauthopt_parse tunnel any");
|
||||
expected = default_authkey_opts();
|
||||
expected->force_tun_device = SSH_TUNID_ANY;
|
||||
opts = sshauthopt_parse("tunnel=\"any\"", &errstr);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
FAIL_TEST("tunnel", "tunnel=\"blah\"");
|
||||
|
||||
/* Flag options */
|
||||
#define FLAG_TEST(keyword, var, val) \
|
||||
do { \
|
||||
TEST_START("sshauthopt_parse " keyword); \
|
||||
expected = default_authkey_opts(); \
|
||||
expected->var = val; \
|
||||
opts = sshauthopt_parse(keyword, &errstr); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
expected = default_authkey_restrict_opts(); \
|
||||
expected->var = val; \
|
||||
opts = sshauthopt_parse("restrict,"keyword, &errstr); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
TEST_DONE(); \
|
||||
} while (0)
|
||||
/* Positive flags */
|
||||
FLAG_TEST("cert-authority", cert_authority, 1);
|
||||
FLAG_TEST("port-forwarding", permit_port_forwarding_flag, 1);
|
||||
FLAG_TEST("agent-forwarding", permit_agent_forwarding_flag, 1);
|
||||
FLAG_TEST("x11-forwarding", permit_x11_forwarding_flag, 1);
|
||||
FLAG_TEST("pty", permit_pty_flag, 1);
|
||||
FLAG_TEST("user-rc", permit_user_rc, 1);
|
||||
/* Negative flags */
|
||||
FLAG_TEST("no-port-forwarding", permit_port_forwarding_flag, 0);
|
||||
FLAG_TEST("no-agent-forwarding", permit_agent_forwarding_flag, 0);
|
||||
FLAG_TEST("no-x11-forwarding", permit_x11_forwarding_flag, 0);
|
||||
FLAG_TEST("no-pty", permit_pty_flag, 0);
|
||||
FLAG_TEST("no-user-rc", permit_user_rc, 0);
|
||||
#undef FLAG_TEST
|
||||
FAIL_TEST("no-cert-authority", "no-cert-authority");
|
||||
|
||||
/* String options */
|
||||
#define STRING_TEST(keyword, var, val) \
|
||||
do { \
|
||||
TEST_START("sshauthopt_parse " keyword); \
|
||||
expected = default_authkey_opts(); \
|
||||
expected->var = strdup(val); \
|
||||
ASSERT_PTR_NE(expected->var, NULL); \
|
||||
opts = sshauthopt_parse(keyword "=" #val, &errstr); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
expected = default_authkey_restrict_opts(); \
|
||||
expected->var = strdup(val); \
|
||||
ASSERT_PTR_NE(expected->var, NULL); \
|
||||
opts = sshauthopt_parse( \
|
||||
"restrict," keyword "=" #val ",restrict", &errstr); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
TEST_DONE(); \
|
||||
} while (0)
|
||||
STRING_TEST("command", force_command, "/bin/true");
|
||||
STRING_TEST("principals", cert_principals, "gregor,josef,K");
|
||||
STRING_TEST("from", required_from_host_keys, "127.0.0.0/8");
|
||||
#undef STRING_TEST
|
||||
FAIL_TEST("unquoted command", "command=oops");
|
||||
FAIL_TEST("unquoted principals", "principals=estragon");
|
||||
FAIL_TEST("unquoted from", "from=127.0.0.1");
|
||||
|
||||
/* String array option tests */
|
||||
#define ARRAY_TEST(label, keywords, var, nvar, val) \
|
||||
do { \
|
||||
TEST_START("sshauthopt_parse " label); \
|
||||
expected = default_authkey_opts(); \
|
||||
expected->var = commasplit(val, &expected->nvar); \
|
||||
ASSERT_PTR_NE(expected->var, NULL); \
|
||||
opts = sshauthopt_parse(keywords, &errstr); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
expected = default_authkey_restrict_opts(); \
|
||||
expected->var = commasplit(val, &expected->nvar); \
|
||||
ASSERT_PTR_NE(expected->var, NULL); \
|
||||
opts = sshauthopt_parse( \
|
||||
"restrict," keywords ",restrict", &errstr); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
TEST_DONE(); \
|
||||
} while (0)
|
||||
ARRAY_TEST("environment", "environment=\"foo=1\",environment=\"bar=2\"",
|
||||
env, nenv, "foo=1,bar=2");
|
||||
ARRAY_TEST("permitopen", "permitopen=\"foo:123\",permitopen=\"bar:*\"",
|
||||
permitopen, npermitopen, "foo:123,bar:*");
|
||||
#undef ARRAY_TEST
|
||||
FAIL_TEST("environment", "environment=\",=bah\"");
|
||||
FAIL_TEST("permitopen port", "foo:bar");
|
||||
FAIL_TEST("permitopen missing port", "foo:");
|
||||
FAIL_TEST("permitopen missing port specification", "foo");
|
||||
FAIL_TEST("permitopen invalid host", "[:");
|
||||
|
||||
#undef CHECK_SUCCESS_AND_CLEANUP
|
||||
#undef FAIL_TEST
|
||||
}
|
||||
|
||||
static void
|
||||
test_cert_parse(void)
|
||||
{
|
||||
struct sshkey *cert;
|
||||
struct sshauthopt *opts, *expected;
|
||||
|
||||
#define CHECK_SUCCESS_AND_CLEANUP() \
|
||||
do { \
|
||||
compare_opts(opts, expected); \
|
||||
sshauthopt_free(expected); \
|
||||
sshauthopt_free(opts); \
|
||||
sshkey_free(cert); \
|
||||
} while (0)
|
||||
#define FLAG_TEST(keybase, var) \
|
||||
do { \
|
||||
TEST_START("sshauthopt_from_cert no_" keybase); \
|
||||
cert = load_key("no_" keybase ".cert"); \
|
||||
expected = default_authkey_opts(); \
|
||||
expected->var = 0; \
|
||||
opts = sshauthopt_from_cert(cert); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
TEST_DONE(); \
|
||||
TEST_START("sshauthopt_from_cert only_" keybase); \
|
||||
cert = load_key("only_" keybase ".cert"); \
|
||||
expected = sshauthopt_new(); \
|
||||
ASSERT_PTR_NE(expected, NULL); \
|
||||
expected->var = 1; \
|
||||
opts = sshauthopt_from_cert(cert); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
TEST_DONE(); \
|
||||
} while (0)
|
||||
FLAG_TEST("agentfwd", permit_agent_forwarding_flag);
|
||||
FLAG_TEST("portfwd", permit_port_forwarding_flag);
|
||||
FLAG_TEST("pty", permit_pty_flag);
|
||||
FLAG_TEST("user_rc", permit_user_rc);
|
||||
FLAG_TEST("x11fwd", permit_x11_forwarding_flag);
|
||||
#undef FLAG_TEST
|
||||
|
||||
TEST_START("sshauthopt_from_cert all permitted");
|
||||
cert = load_key("all_permit.cert");
|
||||
expected = default_authkey_opts();
|
||||
opts = sshauthopt_from_cert(cert);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
TEST_START("sshauthopt_from_cert nothing permitted");
|
||||
cert = load_key("no_permit.cert");
|
||||
expected = sshauthopt_new();
|
||||
ASSERT_PTR_NE(expected, NULL);
|
||||
opts = sshauthopt_from_cert(cert);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
TEST_START("sshauthopt_from_cert force-command");
|
||||
cert = load_key("force_command.cert");
|
||||
expected = default_authkey_opts();
|
||||
expected->force_command = strdup("foo");
|
||||
ASSERT_PTR_NE(expected->force_command, NULL);
|
||||
opts = sshauthopt_from_cert(cert);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
TEST_START("sshauthopt_from_cert source-address");
|
||||
cert = load_key("sourceaddr.cert");
|
||||
expected = default_authkey_opts();
|
||||
expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
|
||||
ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
|
||||
opts = sshauthopt_from_cert(cert);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
#undef CHECK_SUCCESS_AND_CLEANUP
|
||||
|
||||
#define FAIL_TEST(keybase) \
|
||||
do { \
|
||||
TEST_START("sshauthopt_from_cert " keybase); \
|
||||
cert = load_key(keybase ".cert"); \
|
||||
opts = sshauthopt_from_cert(cert); \
|
||||
ASSERT_PTR_EQ(opts, NULL); \
|
||||
sshkey_free(cert); \
|
||||
TEST_DONE(); \
|
||||
} while (0)
|
||||
FAIL_TEST("host");
|
||||
FAIL_TEST("bad_sourceaddr");
|
||||
FAIL_TEST("unknown_critical");
|
||||
#undef FAIL_TEST
|
||||
}
|
||||
|
||||
static void
|
||||
test_merge(void)
|
||||
{
|
||||
struct sshkey *cert;
|
||||
struct sshauthopt *key_opts, *cert_opts, *merge_opts, *expected;
|
||||
const char *errstr;
|
||||
|
||||
/*
|
||||
* Prepare for a test by making some key and cert options and
|
||||
* attempting to merge them.
|
||||
*/
|
||||
#define PREPARE(label, keyname, keywords) \
|
||||
do { \
|
||||
expected = NULL; \
|
||||
TEST_START("sshauthopt_merge " label); \
|
||||
cert = load_key(keyname ".cert"); \
|
||||
cert_opts = sshauthopt_from_cert(cert); \
|
||||
ASSERT_PTR_NE(cert_opts, NULL); \
|
||||
key_opts = sshauthopt_parse(keywords, &errstr); \
|
||||
if (errstr != NULL) \
|
||||
ASSERT_STRING_EQ(errstr, ""); \
|
||||
ASSERT_PTR_NE(key_opts, NULL); \
|
||||
merge_opts = sshauthopt_merge(key_opts, \
|
||||
cert_opts, &errstr); \
|
||||
} while (0)
|
||||
|
||||
/* Cleanup stuff allocated by PREPARE() */
|
||||
#define CLEANUP() \
|
||||
do { \
|
||||
sshauthopt_free(expected); \
|
||||
sshauthopt_free(merge_opts); \
|
||||
sshauthopt_free(key_opts); \
|
||||
sshauthopt_free(cert_opts); \
|
||||
sshkey_free(cert); \
|
||||
} while (0)
|
||||
|
||||
/* Check the results of PREPARE() against expectation; calls CLEANUP */
|
||||
#define CHECK_SUCCESS_AND_CLEANUP() \
|
||||
do { \
|
||||
if (errstr != NULL) \
|
||||
ASSERT_STRING_EQ(errstr, ""); \
|
||||
compare_opts(merge_opts, expected); \
|
||||
CLEANUP(); \
|
||||
} while (0)
|
||||
|
||||
/* Check a single case of merging of flag options */
|
||||
#define FLAG_CASE(keybase, label, keyname, keywords, mostly_off, var, val) \
|
||||
do { \
|
||||
PREPARE(keybase " " label, keyname, keywords); \
|
||||
expected = mostly_off ? \
|
||||
sshauthopt_new() : default_authkey_opts(); \
|
||||
expected->var = val; \
|
||||
ASSERT_PTR_NE(expected, NULL); \
|
||||
CHECK_SUCCESS_AND_CLEANUP(); \
|
||||
TEST_DONE(); \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* Fairly exhaustive exercise of a flag option. Tests
|
||||
* option both set and clear in certificate, set and clear in
|
||||
* authorized_keys and set and cleared via restrict keyword.
|
||||
*/
|
||||
#define FLAG_TEST(keybase, keyword, var) \
|
||||
do { \
|
||||
FLAG_CASE(keybase, "keys:default,yes cert:default,no", \
|
||||
"no_" keybase, keyword, 0, var, 0); \
|
||||
FLAG_CASE(keybase,"keys:-*,yes cert:default,no", \
|
||||
"no_" keybase, "restrict," keyword, 1, var, 0); \
|
||||
FLAG_CASE(keybase, "keys:default,no cert:default,no", \
|
||||
"no_" keybase, "no-" keyword, 0, var, 0); \
|
||||
FLAG_CASE(keybase, "keys:-*,no cert:default,no", \
|
||||
"no_" keybase, "restrict,no-" keyword, 1, var, 0); \
|
||||
\
|
||||
FLAG_CASE(keybase, "keys:default,yes cert:-*,yes", \
|
||||
"only_" keybase, keyword, 1, var, 1); \
|
||||
FLAG_CASE(keybase,"keys:-*,yes cert:-*,yes", \
|
||||
"only_" keybase, "restrict," keyword, 1, var, 1); \
|
||||
FLAG_CASE(keybase, "keys:default,no cert:-*,yes", \
|
||||
"only_" keybase, "no-" keyword, 1, var, 0); \
|
||||
FLAG_CASE(keybase, "keys:-*,no cert:-*,yes", \
|
||||
"only_" keybase, "restrict,no-" keyword, 1, var, 0); \
|
||||
\
|
||||
FLAG_CASE(keybase, "keys:default,yes cert:-*", \
|
||||
"no_permit", keyword, 1, var, 0); \
|
||||
FLAG_CASE(keybase,"keys:-*,yes cert:-*", \
|
||||
"no_permit", "restrict," keyword, 1, var, 0); \
|
||||
FLAG_CASE(keybase, "keys:default,no cert:-*", \
|
||||
"no_permit", "no-" keyword, 1, var, 0); \
|
||||
FLAG_CASE(keybase, "keys:-*,no cert:-*", \
|
||||
"no_permit", "restrict,no-" keyword, 1, var, 0); \
|
||||
\
|
||||
FLAG_CASE(keybase, "keys:default,yes cert:*", \
|
||||
"all_permit", keyword, 0, var, 1); \
|
||||
FLAG_CASE(keybase,"keys:-*,yes cert:*", \
|
||||
"all_permit", "restrict," keyword, 1, var, 1); \
|
||||
FLAG_CASE(keybase, "keys:default,no cert:*", \
|
||||
"all_permit", "no-" keyword, 0, var, 0); \
|
||||
FLAG_CASE(keybase, "keys:-*,no cert:*", \
|
||||
"all_permit", "restrict,no-" keyword, 1, var, 0); \
|
||||
\
|
||||
} while (0)
|
||||
FLAG_TEST("portfwd", "port-forwarding", permit_port_forwarding_flag);
|
||||
FLAG_TEST("agentfwd", "agent-forwarding", permit_agent_forwarding_flag);
|
||||
FLAG_TEST("pty", "pty", permit_pty_flag);
|
||||
FLAG_TEST("user_rc", "user-rc", permit_user_rc);
|
||||
FLAG_TEST("x11fwd", "x11-forwarding", permit_x11_forwarding_flag);
|
||||
#undef FLAG_TEST
|
||||
|
||||
PREPARE("source-address both", "sourceaddr", "from=\"127.0.0.1\"");
|
||||
expected = default_authkey_opts();
|
||||
expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
|
||||
ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
|
||||
expected->required_from_host_keys = strdup("127.0.0.1");
|
||||
ASSERT_PTR_NE(expected->required_from_host_keys, NULL);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("source-address none", "all_permit", "");
|
||||
expected = default_authkey_opts();
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("source-address keys", "all_permit", "from=\"127.0.0.1\"");
|
||||
expected = default_authkey_opts();
|
||||
expected->required_from_host_keys = strdup("127.0.0.1");
|
||||
ASSERT_PTR_NE(expected->required_from_host_keys, NULL);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("source-address cert", "sourceaddr", "");
|
||||
expected = default_authkey_opts();
|
||||
expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
|
||||
ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("force-command both", "force_command", "command=\"foo\"");
|
||||
expected = default_authkey_opts();
|
||||
expected->force_command = strdup("foo");
|
||||
ASSERT_PTR_NE(expected->force_command, NULL);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("force-command none", "all_permit", "");
|
||||
expected = default_authkey_opts();
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("force-command keys", "all_permit", "command=\"bar\"");
|
||||
expected = default_authkey_opts();
|
||||
expected->force_command = strdup("bar");
|
||||
ASSERT_PTR_NE(expected->force_command, NULL);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("force-command cert", "force_command", "");
|
||||
expected = default_authkey_opts();
|
||||
expected->force_command = strdup("foo");
|
||||
ASSERT_PTR_NE(expected->force_command, NULL);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("force-command mismatch", "force_command", "command=\"bar\"");
|
||||
ASSERT_PTR_EQ(merge_opts, NULL);
|
||||
CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("tunnel", "all_permit", "tunnel=\"6\"");
|
||||
expected = default_authkey_opts();
|
||||
expected->force_tun_device = 6;
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("permitopen", "all_permit",
|
||||
"permitopen=\"127.0.0.1:*\",permitopen=\"127.0.0.1:123\"");
|
||||
expected = default_authkey_opts();
|
||||
expected->permitopen = commasplit("127.0.0.1:*,127.0.0.1:123",
|
||||
&expected->npermitopen);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
|
||||
PREPARE("environment", "all_permit",
|
||||
"environment=\"foo=a\",environment=\"bar=b\"");
|
||||
expected = default_authkey_opts();
|
||||
expected->env = commasplit("foo=a,bar=b", &expected->nenv);
|
||||
CHECK_SUCCESS_AND_CLEANUP();
|
||||
TEST_DONE();
|
||||
}
|
||||
|
||||
void
|
||||
tests(void)
|
||||
{
|
||||
extern char *__progname;
|
||||
LogLevel ll = test_is_verbose() ?
|
||||
SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_QUIET;
|
||||
|
||||
/* test_cert_parse() are a bit spammy to error() by default... */
|
||||
log_init(__progname, ll, SYSLOG_FACILITY_USER, 1);
|
||||
|
||||
test_authkeys_parse();
|
||||
test_cert_parse();
|
||||
test_merge();
|
||||
}
|
Loading…
Reference in New Issue