diff options
author | Damien Miller <djm@mindrot.org> | 2010-07-02 13:42:18 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-07-02 13:42:18 +1000 |
commit | ab139cde3827744985a7d52da753af8cff27f3a3 (patch) | |
tree | 6d3a05883982ddbfa2bd31ec232ef6ff86a3b9e8 | |
parent | 527ded7f643d99ef0798a3c3a19e4edc56b9289f (diff) |
- djm@cvs.openbsd.org 2010/06/29 23:59:54
[cert-userkey.sh]
regress tests for key options in AuthorizedPrincipals
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | regress/cert-userkey.sh | 32 |
2 files changed, 34 insertions, 1 deletions
@@ -32,6 +32,9 @@ [regress/Makefile] fix how we run the tests so we can successfully use SUDO='sudo -E' in our env + - djm@cvs.openbsd.org 2010/06/29 23:59:54 + [cert-userkey.sh] + regress tests for key options in AuthorizedPrincipals 20100627 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 8fd1b48d..a41a9a9c 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.5 2010/05/07 11:31:26 djm Exp $ +# $OpenBSD: cert-userkey.sh,v 1.6 2010/06/29 23:59:54 djm Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -79,6 +79,36 @@ for ktype in rsa dsa rsa_v00 dsa_v00 ; do fail "ssh cert connect failed" fi + # authorized_principals with bad key option + verbose "$tid: ${_prefix} authorized_principals bad key opt" + echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER + ${SSH} -2i $OBJ/cert_user_key_${ktype} \ + -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 + if [ $? -eq 0 ]; then + fail "ssh cert connect succeeded unexpectedly" + fi + + # authorized_principals with command=false + verbose "$tid: ${_prefix} authorized_principals command=false" + echo 'command="false" mekmitasdigoat' > \ + $OBJ/authorized_principals_$USER + ${SSH} -2i $OBJ/cert_user_key_${ktype} \ + -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 + if [ $? -eq 0 ]; then + fail "ssh cert connect succeeded unexpectedly" + fi + + + # authorized_principals with command=true + verbose "$tid: ${_prefix} authorized_principals command=true" + echo 'command="true" mekmitasdigoat' > \ + $OBJ/authorized_principals_$USER + ${SSH} -2i $OBJ/cert_user_key_${ktype} \ + -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 + if [ $? -ne 0 ]; then + fail "ssh cert connect failed" + fi + # Setup for principals= key option rm -f $OBJ/authorized_principals_$USER ( |