diff options
author | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
commit | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch) | |
tree | 3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /regress/cert-userkey.sh | |
parent | 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff) | |
parent | 66bf74a92131b7effe49fb0eefe5225151869dc5 (diff) |
Import openssh_7.6p1.orig.tar.gz
Diffstat (limited to 'regress/cert-userkey.sh')
-rw-r--r-- | regress/cert-userkey.sh | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 7005fd55e..6a23fe300 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.18 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified user keys" | 4 | tid="certified user keys" |
@@ -67,7 +67,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
67 | # Missing authorized_principals | 67 | # Missing authorized_principals |
68 | verbose "$tid: ${_prefix} missing authorized_principals" | 68 | verbose "$tid: ${_prefix} missing authorized_principals" |
69 | rm -f $OBJ/authorized_principals_$USER | 69 | rm -f $OBJ/authorized_principals_$USER |
70 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 70 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
71 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 71 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
72 | if [ $? -eq 0 ]; then | 72 | if [ $? -eq 0 ]; then |
73 | fail "ssh cert connect succeeded unexpectedly" | 73 | fail "ssh cert connect succeeded unexpectedly" |
@@ -76,7 +76,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
76 | # Empty authorized_principals | 76 | # Empty authorized_principals |
77 | verbose "$tid: ${_prefix} empty authorized_principals" | 77 | verbose "$tid: ${_prefix} empty authorized_principals" |
78 | echo > $OBJ/authorized_principals_$USER | 78 | echo > $OBJ/authorized_principals_$USER |
79 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 79 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
80 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 80 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
81 | if [ $? -eq 0 ]; then | 81 | if [ $? -eq 0 ]; then |
82 | fail "ssh cert connect succeeded unexpectedly" | 82 | fail "ssh cert connect succeeded unexpectedly" |
@@ -85,7 +85,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
85 | # Wrong authorized_principals | 85 | # Wrong authorized_principals |
86 | verbose "$tid: ${_prefix} wrong authorized_principals" | 86 | verbose "$tid: ${_prefix} wrong authorized_principals" |
87 | echo gregorsamsa > $OBJ/authorized_principals_$USER | 87 | echo gregorsamsa > $OBJ/authorized_principals_$USER |
88 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 88 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
89 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 89 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
90 | if [ $? -eq 0 ]; then | 90 | if [ $? -eq 0 ]; then |
91 | fail "ssh cert connect succeeded unexpectedly" | 91 | fail "ssh cert connect succeeded unexpectedly" |
@@ -94,7 +94,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
94 | # Correct authorized_principals | 94 | # Correct authorized_principals |
95 | verbose "$tid: ${_prefix} correct authorized_principals" | 95 | verbose "$tid: ${_prefix} correct authorized_principals" |
96 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER | 96 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER |
97 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 97 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
98 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 98 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
99 | if [ $? -ne 0 ]; then | 99 | if [ $? -ne 0 ]; then |
100 | fail "ssh cert connect failed" | 100 | fail "ssh cert connect failed" |
@@ -103,7 +103,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
103 | # authorized_principals with bad key option | 103 | # authorized_principals with bad key option |
104 | verbose "$tid: ${_prefix} authorized_principals bad key opt" | 104 | verbose "$tid: ${_prefix} authorized_principals bad key opt" |
105 | echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER | 105 | echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER |
106 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 106 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
107 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 107 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
108 | if [ $? -eq 0 ]; then | 108 | if [ $? -eq 0 ]; then |
109 | fail "ssh cert connect succeeded unexpectedly" | 109 | fail "ssh cert connect succeeded unexpectedly" |
@@ -113,7 +113,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
113 | verbose "$tid: ${_prefix} authorized_principals command=false" | 113 | verbose "$tid: ${_prefix} authorized_principals command=false" |
114 | echo 'command="false" mekmitasdigoat' > \ | 114 | echo 'command="false" mekmitasdigoat' > \ |
115 | $OBJ/authorized_principals_$USER | 115 | $OBJ/authorized_principals_$USER |
116 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 116 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
117 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 117 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
118 | if [ $? -eq 0 ]; then | 118 | if [ $? -eq 0 ]; then |
119 | fail "ssh cert connect succeeded unexpectedly" | 119 | fail "ssh cert connect succeeded unexpectedly" |
@@ -124,7 +124,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
124 | verbose "$tid: ${_prefix} authorized_principals command=true" | 124 | verbose "$tid: ${_prefix} authorized_principals command=true" |
125 | echo 'command="true" mekmitasdigoat' > \ | 125 | echo 'command="true" mekmitasdigoat' > \ |
126 | $OBJ/authorized_principals_$USER | 126 | $OBJ/authorized_principals_$USER |
127 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 127 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
128 | -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 | 128 | -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 |
129 | if [ $? -ne 0 ]; then | 129 | if [ $? -ne 0 ]; then |
130 | fail "ssh cert connect failed" | 130 | fail "ssh cert connect failed" |
@@ -148,7 +148,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
148 | printf 'cert-authority,principals="gregorsamsa" ' | 148 | printf 'cert-authority,principals="gregorsamsa" ' |
149 | cat $OBJ/user_ca_key.pub | 149 | cat $OBJ/user_ca_key.pub |
150 | ) > $OBJ/authorized_keys_$USER | 150 | ) > $OBJ/authorized_keys_$USER |
151 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 151 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
152 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 152 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
153 | if [ $? -eq 0 ]; then | 153 | if [ $? -eq 0 ]; then |
154 | fail "ssh cert connect succeeded unexpectedly" | 154 | fail "ssh cert connect succeeded unexpectedly" |
@@ -160,7 +160,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do | |||
160 | printf 'cert-authority,principals="mekmitasdigoat" ' | 160 | printf 'cert-authority,principals="mekmitasdigoat" ' |
161 | cat $OBJ/user_ca_key.pub | 161 | cat $OBJ/user_ca_key.pub |
162 | ) > $OBJ/authorized_keys_$USER | 162 | ) > $OBJ/authorized_keys_$USER |
163 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 163 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
164 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 164 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
165 | if [ $? -ne 0 ]; then | 165 | if [ $? -ne 0 ]; then |
166 | fail "ssh cert connect failed" | 166 | fail "ssh cert connect failed" |
@@ -198,7 +198,7 @@ basic_tests() { | |||
198 | echo "PubkeyAcceptedKeyTypes ${t}" | 198 | echo "PubkeyAcceptedKeyTypes ${t}" |
199 | ) > $OBJ/ssh_proxy | 199 | ) > $OBJ/ssh_proxy |
200 | 200 | ||
201 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 201 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
202 | -F $OBJ/ssh_proxy somehost true | 202 | -F $OBJ/ssh_proxy somehost true |
203 | if [ $? -ne 0 ]; then | 203 | if [ $? -ne 0 ]; then |
204 | fail "ssh cert connect failed" | 204 | fail "ssh cert connect failed" |
@@ -215,7 +215,7 @@ basic_tests() { | |||
215 | ) > $OBJ/sshd_proxy | 215 | ) > $OBJ/sshd_proxy |
216 | cp $OBJ/cert_user_key_${ktype}.pub \ | 216 | cp $OBJ/cert_user_key_${ktype}.pub \ |
217 | $OBJ/cert_user_key_revoked | 217 | $OBJ/cert_user_key_revoked |
218 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 218 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
219 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 219 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
220 | if [ $? -eq 0 ]; then | 220 | if [ $? -eq 0 ]; then |
221 | fail "ssh cert connect succeeded unexpecedly" | 221 | fail "ssh cert connect succeeded unexpecedly" |
@@ -224,14 +224,14 @@ basic_tests() { | |||
224 | rm $OBJ/cert_user_key_revoked | 224 | rm $OBJ/cert_user_key_revoked |
225 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \ | 225 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \ |
226 | $OBJ/cert_user_key_${ktype}.pub | 226 | $OBJ/cert_user_key_${ktype}.pub |
227 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 227 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
228 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 228 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
229 | if [ $? -eq 0 ]; then | 229 | if [ $? -eq 0 ]; then |
230 | fail "ssh cert connect succeeded unexpecedly" | 230 | fail "ssh cert connect succeeded unexpecedly" |
231 | fi | 231 | fi |
232 | verbose "$tid: ${_prefix} empty KRL" | 232 | verbose "$tid: ${_prefix} empty KRL" |
233 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked | 233 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked |
234 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 234 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
235 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 235 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
236 | if [ $? -ne 0 ]; then | 236 | if [ $? -ne 0 ]; then |
237 | fail "ssh cert connect failed" | 237 | fail "ssh cert connect failed" |
@@ -246,7 +246,7 @@ basic_tests() { | |||
246 | echo "PubkeyAcceptedKeyTypes ${t}" | 246 | echo "PubkeyAcceptedKeyTypes ${t}" |
247 | echo "$extra_sshd" | 247 | echo "$extra_sshd" |
248 | ) > $OBJ/sshd_proxy | 248 | ) > $OBJ/sshd_proxy |
249 | ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ | 249 | ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ |
250 | somehost true >/dev/null 2>&1 | 250 | somehost true >/dev/null 2>&1 |
251 | if [ $? -eq 0 ]; then | 251 | if [ $? -eq 0 ]; then |
252 | fail "ssh cert connect succeeded unexpecedly" | 252 | fail "ssh cert connect succeeded unexpecedly" |
@@ -260,7 +260,7 @@ basic_tests() { | |||
260 | echo "$extra_sshd" | 260 | echo "$extra_sshd" |
261 | ) > $OBJ/sshd_proxy | 261 | ) > $OBJ/sshd_proxy |
262 | verbose "$tid: ensure CA key does not authenticate user" | 262 | verbose "$tid: ensure CA key does not authenticate user" |
263 | ${SSH} -2i $OBJ/user_ca_key \ | 263 | ${SSH} -i $OBJ/user_ca_key \ |
264 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 264 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
265 | if [ $? -eq 0 ]; then | 265 | if [ $? -eq 0 ]; then |
266 | fail "ssh cert connect with CA key succeeded unexpectedly" | 266 | fail "ssh cert connect with CA key succeeded unexpectedly" |
@@ -307,7 +307,7 @@ test_one() { | |||
307 | $sign_opts $OBJ/cert_user_key_${ktype} || | 307 | $sign_opts $OBJ/cert_user_key_${ktype} || |
308 | fail "couldn't sign cert_user_key_${ktype}" | 308 | fail "couldn't sign cert_user_key_${ktype}" |
309 | 309 | ||
310 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 310 | ${SSH} -i $OBJ/cert_user_key_${ktype} \ |
311 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 311 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
312 | rc=$? | 312 | rc=$? |
313 | if [ "x$result" = "xsuccess" ] ; then | 313 | if [ "x$result" = "xsuccess" ] ; then |
@@ -378,7 +378,7 @@ for ktype in $PLAIN_TYPES ; do | |||
378 | -n $USER $OBJ/cert_user_key_${ktype} || | 378 | -n $USER $OBJ/cert_user_key_${ktype} || |
379 | fatal "couldn't sign cert_user_key_${ktype}" | 379 | fatal "couldn't sign cert_user_key_${ktype}" |
380 | verbose "$tid: user ${ktype} connect wrong cert" | 380 | verbose "$tid: user ${ktype} connect wrong cert" |
381 | ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ | 381 | ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ |
382 | somehost true >/dev/null 2>&1 | 382 | somehost true >/dev/null 2>&1 |
383 | if [ $? -eq 0 ]; then | 383 | if [ $? -eq 0 ]; then |
384 | fail "ssh cert connect $ident succeeded unexpectedly" | 384 | fail "ssh cert connect $ident succeeded unexpectedly" |