- djm@cvs.openbsd.org 2010/06/29 23:59:54

[cert-userkey.sh] regress tests for key options in AuthorizedPrincipals
author: Damien Miller <djm@mindrot.org> 2010-07-02 13:42:18 +1000
committer: Damien Miller <djm@mindrot.org> 2010-07-02 13:42:18 +1000
commit: ab139cde3827744985a7d52da753af8cff27f3a3 (patch)
tree: 6d3a05883982ddbfa2bd31ec232ef6ff86a3b9e8 /regress/cert-userkey.sh
parent: 527ded7f643d99ef0798a3c3a19e4edc56b9289f (diff)
1 files changed, 31 insertions, 1 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 8fd1b48db..a41a9a9c0 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: cert-userkey.sh,v 1.5 2010/05/07 11:31:26 djm Exp $
+#       $OpenBSD: cert-userkey.sh,v 1.6 2010/06/29 23:59:54 djm Exp $
 #       Placed in the Public Domain.
 tid="certified user keys"
@@ -79,6 +79,36 @@ for ktype in rsa dsa rsa_v00 dsa_v00 ; do
                        fail "ssh cert connect failed"
                fi
+                # authorized_principals with bad key option
+                verbose "$tid: ${_prefix} authorized_principals bad key opt"
+                echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
+                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+                if [ $? -eq 0 ]; then
+                        fail "ssh cert connect succeeded unexpectedly"
+                fi
+                # authorized_principals with command=false
+                verbose "$tid: ${_prefix} authorized_principals command=false"
+                echo 'command="false" mekmitasdigoat' > \
+                    $OBJ/authorized_principals_$USER
+                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+                if [ $? -eq 0 ]; then
+                        fail "ssh cert connect succeeded unexpectedly"
+                fi
+                # authorized_principals with command=true
+                verbose "$tid: ${_prefix} authorized_principals command=true"
+                echo 'command="true" mekmitasdigoat' > \
+                    $OBJ/authorized_principals_$USER
+                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                    -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
+                if [ $? -ne 0 ]; then
+                        fail "ssh cert connect failed"
+                fi
                # Setup for principals= key option
                rm -f $OBJ/authorized_principals_$USER
                (
author	Damien Miller <djm@mindrot.org>	2010-07-02 13:42:18 +1000
committer	Damien Miller <djm@mindrot.org>	2010-07-02 13:42:18 +1000
commit	ab139cde3827744985a7d52da753af8cff27f3a3 (patch)
tree	6d3a05883982ddbfa2bd31ec232ef6ff86a3b9e8 /regress/cert-userkey.sh
parent	527ded7f643d99ef0798a3c3a19e4edc56b9289f (diff)

diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 8fd1b48db..a41a9a9c0 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: cert-userkey.sh,v 1.5 2010/05/07 11:31:26 djm Exp $	1	# $OpenBSD: cert-userkey.sh,v 1.6 2010/06/29 23:59:54 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="certified user keys"	4	tid="certified user keys"
@@ -79,6 +79,36 @@ for ktype in rsa dsa rsa_v00 dsa_v00 ; do
79	fail "ssh cert connect failed"	79	fail "ssh cert connect failed"
80	fi	80	fi
81		81
		82	# authorized_principals with bad key option
		83	verbose "$tid: ${_prefix} authorized_principals bad key opt"
		84	echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
		85	${SSH} -2i $OBJ/cert_user_key_${ktype} \
		86	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
		87	if [ $? -eq 0 ]; then
		88	fail "ssh cert connect succeeded unexpectedly"
		89	fi
		90
		91	# authorized_principals with command=false
		92	verbose "$tid: ${_prefix} authorized_principals command=false"
		93	echo 'command="false" mekmitasdigoat' > \
		94	$OBJ/authorized_principals_$USER
		95	${SSH} -2i $OBJ/cert_user_key_${ktype} \
		96	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
		97	if [ $? -eq 0 ]; then
		98	fail "ssh cert connect succeeded unexpectedly"
		99	fi
		100
		101
		102	# authorized_principals with command=true
		103	verbose "$tid: ${_prefix} authorized_principals command=true"
		104	echo 'command="true" mekmitasdigoat' > \
		105	$OBJ/authorized_principals_$USER
		106	${SSH} -2i $OBJ/cert_user_key_${ktype} \
		107	-F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
		108	if [ $? -ne 0 ]; then
		109	fail "ssh cert connect failed"
		110	fi
		111
82	# Setup for principals= key option	112	# Setup for principals= key option
83	rm -f $OBJ/authorized_principals_$USER	113	rm -f $OBJ/authorized_principals_$USER
84	(	114	(