upstream commit

test new behaviour of cert force-command restriction vs. authorized_key/ principals Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c
author: djm@openbsd.org <djm@openbsd.org> 2016-11-30 03:01:33 +0000
committer: Damien Miller <djm@mindrot.org> 2016-11-30 19:44:50 +1100
commit: 85aa2efeba51a96bf6834f9accf2935d96150296 (patch)
tree: c8352636487fccfabbd65a9d122e7ab5f19785fb /regress/cert-userkey.sh
parent: 5d333131cd8519d022389cfd3236280818dae1bc (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 319746395..7005fd55e 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $
+#       $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $
 #       Placed in the Public Domain.
 tid="certified user keys"
@@ -354,6 +354,20 @@ test_one "principals key option principals" success "-n mekmitasdigoat" \
 test_one "principals key option no principals" failure "" \
    authorized_keys ',principals="mekmitasdigoat"'
+# command= options vs. force-command in key
+test_one "force-command match true" success \
+    "-n ${USER} -Oforce-command=true" \
+    authorized_keys ',command="true"'
+test_one "force-command match true" failure \
+    "-n ${USER} -Oforce-command=false" \
+    authorized_keys ',command="false"'
+test_one "force-command mismatch 1" failure \
+    "-n ${USER} -Oforce-command=false" \
+    authorized_keys ',command="true"'
+test_one "force-command mismatch 2" failure \
+    "-n ${USER} -Oforce-command=true" \
+    authorized_keys ',command="false"'
 # Wrong certificate
 cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
 for ktype in $PLAIN_TYPES ; do
author	djm@openbsd.org <djm@openbsd.org>	2016-11-30 03:01:33 +0000
committer	Damien Miller <djm@mindrot.org>	2016-11-30 19:44:50 +1100
commit	85aa2efeba51a96bf6834f9accf2935d96150296 (patch)
tree	c8352636487fccfabbd65a9d122e7ab5f19785fb /regress/cert-userkey.sh
parent	5d333131cd8519d022389cfd3236280818dae1bc (diff)

diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 319746395..7005fd55e 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $	1	# $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="certified user keys"	4	tid="certified user keys"
@@ -354,6 +354,20 @@ test_one "principals key option principals" success "-n mekmitasdigoat" \
354	test_one "principals key option no principals" failure "" \	354	test_one "principals key option no principals" failure "" \
355	authorized_keys ',principals="mekmitasdigoat"'	355	authorized_keys ',principals="mekmitasdigoat"'
356		356
		357	# command= options vs. force-command in key
		358	test_one "force-command match true" success \
		359	"-n ${USER} -Oforce-command=true" \
		360	authorized_keys ',command="true"'
		361	test_one "force-command match true" failure \
		362	"-n ${USER} -Oforce-command=false" \
		363	authorized_keys ',command="false"'
		364	test_one "force-command mismatch 1" failure \
		365	"-n ${USER} -Oforce-command=false" \
		366	authorized_keys ',command="true"'
		367	test_one "force-command mismatch 2" failure \
		368	"-n ${USER} -Oforce-command=true" \
		369	authorized_keys ',command="false"'
		370
357	# Wrong certificate	371	# Wrong certificate
358	cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy	372	cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
359	for ktype in $PLAIN_TYPES ; do	373	for ktype in $PLAIN_TYPES ; do