summaryrefslogtreecommitdiff
path: root/regress/cert-userkey.sh
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-02-21 11:57:14 +0000
committerColin Watson <cjwatson@debian.org>2020-02-21 11:57:14 +0000
commitf0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree856b0dee3f2764c13a32dad5ffe2424fab7fef41 /regress/cert-userkey.sh
parent4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)
Import openssh_8.2p1.orig.tar.gz
Diffstat (limited to 'regress/cert-userkey.sh')
-rw-r--r--regress/cert-userkey.sh16
1 files changed, 9 insertions, 7 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 38c14a698..91596fa78 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-userkey.sh,v 1.21 2019/07/25 08:28:15 dtucker Exp $ 1# $OpenBSD: cert-userkey.sh,v 1.25 2020/01/03 03:02:26 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="certified user keys" 4tid="certified user keys"
@@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
8cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 8cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
9 9
10PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` 10PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
11EXTRA_TYPES="" 11EXTRA_TYPES=""
12rsa="" 12rsa=""
13 13
@@ -17,8 +17,10 @@ if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
17fi 17fi
18 18
19kname() { 19kname() {
20 case $ktype in 20 case $1 in
21 rsa-sha2-*) n="$ktype" ;; 21 rsa-sha2-*) n="$1" ;;
22 sk-ecdsa-*) n="sk-ecdsa" ;;
23 sk-ssh-ed25519*) n="sk-ssh-ed25519" ;;
22 # subshell because some seds will add a newline 24 # subshell because some seds will add a newline
23 *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;; 25 *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
24 esac 26 esac
@@ -58,7 +60,7 @@ done
58# Test explicitly-specified principals 60# Test explicitly-specified principals
59for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do 61for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
60 t=$(kname $ktype) 62 t=$(kname $ktype)
61 for privsep in yes sandbox ; do 63 for privsep in yes ; do
62 _prefix="${ktype} privsep $privsep" 64 _prefix="${ktype} privsep $privsep"
63 65
64 # Setup for AuthorizedPrincipalsFile 66 # Setup for AuthorizedPrincipalsFile
@@ -195,7 +197,7 @@ basic_tests() {
195 197
196 for ktype in $PLAIN_TYPES ; do 198 for ktype in $PLAIN_TYPES ; do
197 t=$(kname $ktype) 199 t=$(kname $ktype)
198 for privsep in yes no ; do 200 for privsep in yes ; do
199 _prefix="${ktype} privsep $privsep $auth" 201 _prefix="${ktype} privsep $privsep $auth"
200 # Simple connect 202 # Simple connect
201 verbose "$tid: ${_prefix} connect" 203 verbose "$tid: ${_prefix} connect"
@@ -338,7 +340,7 @@ test_one() {
338test_one "correct principal" success "-n ${USER}" 340test_one "correct principal" success "-n ${USER}"
339test_one "host-certificate" failure "-n ${USER} -h" 341test_one "host-certificate" failure "-n ${USER} -h"
340test_one "wrong principals" failure "-n foo" 342test_one "wrong principals" failure "-n foo"
341test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101" 343test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101"
342test_one "cert expired" failure "-n ${USER} -V19800101:19900101" 344test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
343test_one "cert valid interval" success "-n ${USER} -V-1w:+2w" 345test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
344test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8" 346test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"