tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2008/06/10 23:13:43 

[Makefile regress/key-options.sh]
     Add regress test for key options.  ok djm@
This commit is contained in:
Darren Tucker 2008-06-11 09:38:12 +10:00
parent 2a8b138ed8
commit e045e0c62a
2 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -58,6 +58,9 @@
- dtucker@cvs.openbsd.org 2008/06/10 23:21:34 - dtucker@cvs.openbsd.org 2008/06/10 23:21:34
[bufaux.c] [bufaux.c]
Use '\0' for a nul byte rather than unadorned 0. ok djm@ Use '\0' for a nul byte rather than unadorned 0. ok djm@
- dtucker@cvs.openbsd.org 2008/06/10 23:13:43
[Makefile regress/key-options.sh]
Add regress test for key options. ok djm@
- (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6
since the new CIDR code in addmatch.c references it. since the new CIDR code in addmatch.c references it.
- (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6
@ -4150,4 +4153,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4964 2008/06/10 23:35:37 dtucker Exp $ $Id: ChangeLog,v 1.4965 2008/06/10 23:38:12 dtucker Exp $

71
regress/key-options.sh Normal file
View File

@ -0,0 +1,71 @@
# $OpenBSD: key-options.sh,v 1.1 2008/06/10 23:13:43 dtucker Exp $
# Placed in the Public Domain.
tid="key options"
origkeys="$OBJ/authkeys_orig"
authkeys="$OBJ/authorized_keys_${USER}"
cp $authkeys $origkeys
# Test command= forced command
for p in 1 2; do
for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do
sed "s/.*/$c &/" $origkeys >$authkeys
verbose "key option proto $p $c"
r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo`
if [ "$r" = "foo" ]; then
fail "key option forced command not restricted"
fi
if [ "$r" != "bar" ]; then
fail "key option forced command not executed"
fi
done
done
# Test no-pty
sed 's/.*/no-pty &/' $origkeys >$authkeys
for p in 1 2; do
verbose "key option proto $p no-pty"
r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty`
if [ -f "$r" ]; then
fail "key option failed proto $p no-pty (pty $r)"
fi
done
# Test environment=
echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy
sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys
for p in 1 2; do
verbose "key option proto $p environment"
r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'`
if [ "$r" != "bar" ]; then
fail "key option environment not set"
fi
done
# Test from= restriction
start_sshd
for p in 1 2; do
for f in 127.0.0.1 '127.0.0.0\/8'; do
cat $origkeys >$authkeys
${SSH} -$p -q -F $OBJ/ssh_proxy somehost true
if [ $? -ne 0 ]; then
fail "key option proto $p failed without restriction"
fi
sed 's/.*/from="'$f'" &/' $origkeys >$authkeys
from=`head -1 $authkeys | cut -f1 -d ' '`
verbose "key option proto $p $from"
r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
if [ "$r" == "true" ]; then
fail "key option proto $p $from not restricted"
fi
r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'`
if [ "$r" != "true" ]; then
fail "key option proto $p $from not allowed but should be"
fi
done
done
rm -f "$origkeys"