upstream: check valid-before option in authorized_keys

OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11
author: djm@openbsd.org <djm@openbsd.org> 2018-03-12 00:56:03 +0000
committer: Damien Miller <djm@mindrot.org> 2018-03-14 18:55:47 +1100
commit: 500396b204c58e78ad9d081516a365a9f28dc3fd (patch)
tree: a84bdc544228dfdd2dbbac68063687ab7e102f36
parent: a76b5d26c2a51d7dd7a5164e683ab3f4419be215 (diff)
1 files changed, 19 insertions, 2 deletions
diff --git a/regress/key-options.sh b/regress/key-options.sh
index 5e3a4f66a..991849949 100644
--- a/regress/key-options.sh
+++ b/regress/key-options.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: key-options.sh,v 1.6 2018/03/04 01:46:48 djm Exp $
+#       $OpenBSD: key-options.sh,v 1.7 2018/03/12 00:56:03 djm Exp $
 #       Placed in the Public Domain.
 tid="key options"
@@ -94,4 +94,21 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
        fi
 done
-rm -f "$origkeys"
+check_valid_before() {
+        which=$1
+        opts=$2
+        expect=$3
+        sed "s/.*/$opts &/" $origkeys >$authkeys
+        verbose "key option valid-before $which"
+        ${SSH} -q -F $OBJ/ssh_proxy somehost true
+        case "$expect" in
+        fail)   test $? -eq 0 && fail "key option succeeded $which" ;;
+        pass)   test $? -ne 0 && fail "key option failed $which" ;;
+        *)      fatal "unknown expectation $expect" ;;
+        esac
+}
+check_valid_before "default"    ""                              "pass"
+check_valid_before "invalid"    'valid-before="INVALID"'        "fail"
+check_valid_before "expired"    'valid-before="19990101"'       "fail"
+check_valid_before "valid"      'valid-before="20380101"'       "pass"
author	djm@openbsd.org <djm@openbsd.org>	2018-03-12 00:56:03 +0000
committer	Damien Miller <djm@mindrot.org>	2018-03-14 18:55:47 +1100
commit	500396b204c58e78ad9d081516a365a9f28dc3fd (patch)
tree	a84bdc544228dfdd2dbbac68063687ab7e102f36
parent	a76b5d26c2a51d7dd7a5164e683ab3f4419be215 (diff)

diff --git a/regress/key-options.sh b/regress/key-options.sh index 5e3a4f66a..991849949 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: key-options.sh,v 1.6 2018/03/04 01:46:48 djm Exp $	1	# $OpenBSD: key-options.sh,v 1.7 2018/03/12 00:56:03 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="key options"	4	tid="key options"
@@ -94,4 +94,21 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
94	fi	94	fi
95	done	95	done
96		96
97	rm -f "$origkeys"	97	check_valid_before() {
		98	which=$1
		99	opts=$2
		100	expect=$3
		101	sed "s/.*/$opts &/" $origkeys >$authkeys
		102	verbose "key option valid-before $which"
		103	${SSH} -q -F $OBJ/ssh_proxy somehost true
		104	case "$expect" in
		105	fail) test $? -eq 0 && fail "key option succeeded $which" ;;
		106	pass) test $? -ne 0 && fail "key option failed $which" ;;
		107	*) fatal "unknown expectation $expect" ;;
		108	esac
		109	}
		110	check_valid_before "default" "" "pass"
		111	check_valid_before "invalid" 'valid-before="INVALID"' "fail"
		112	check_valid_before "expired" 'valid-before="19990101"' "fail"
		113	check_valid_before "valid" 'valid-before="20380101"' "pass"
		114