diff options
author | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
commit | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch) | |
tree | 3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /regress/key-options.sh | |
parent | 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff) | |
parent | 66bf74a92131b7effe49fb0eefe5225151869dc5 (diff) |
Import openssh_7.6p1.orig.tar.gz
Diffstat (limited to 'regress/key-options.sh')
-rw-r--r-- | regress/key-options.sh | 52 |
1 files changed, 22 insertions, 30 deletions
diff --git a/regress/key-options.sh b/regress/key-options.sh index 7a68ad358..2adee6833 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: key-options.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: key-options.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="key options" | 4 | tid="key options" |
@@ -8,64 +8,56 @@ authkeys="$OBJ/authorized_keys_${USER}" | |||
8 | cp $authkeys $origkeys | 8 | cp $authkeys $origkeys |
9 | 9 | ||
10 | # Test command= forced command | 10 | # Test command= forced command |
11 | for p in ${SSH_PROTOCOLS}; do | 11 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do |
12 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do | ||
13 | sed "s/.*/$c &/" $origkeys >$authkeys | 12 | sed "s/.*/$c &/" $origkeys >$authkeys |
14 | verbose "key option proto $p $c" | 13 | verbose "key option $c" |
15 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo` | 14 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost echo foo` |
16 | if [ "$r" = "foo" ]; then | 15 | if [ "$r" = "foo" ]; then |
17 | fail "key option forced command not restricted" | 16 | fail "key option forced command not restricted" |
18 | fi | 17 | fi |
19 | if [ "$r" != "bar" ]; then | 18 | if [ "$r" != "bar" ]; then |
20 | fail "key option forced command not executed" | 19 | fail "key option forced command not executed" |
21 | fi | 20 | fi |
22 | done | ||
23 | done | 21 | done |
24 | 22 | ||
25 | # Test no-pty | 23 | # Test no-pty |
26 | sed 's/.*/no-pty &/' $origkeys >$authkeys | 24 | sed 's/.*/no-pty &/' $origkeys >$authkeys |
27 | for p in ${SSH_PROTOCOLS}; do | 25 | verbose "key option proto no-pty" |
28 | verbose "key option proto $p no-pty" | 26 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost tty` |
29 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` | 27 | if [ -f "$r" ]; then |
30 | if [ -f "$r" ]; then | 28 | fail "key option failed no-pty (pty $r)" |
31 | fail "key option failed proto $p no-pty (pty $r)" | 29 | fi |
32 | fi | ||
33 | done | ||
34 | 30 | ||
35 | # Test environment= | 31 | # Test environment= |
36 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy | 32 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy |
37 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys | 33 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys |
38 | for p in ${SSH_PROTOCOLS}; do | 34 | verbose "key option environment" |
39 | verbose "key option proto $p environment" | 35 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` |
40 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` | 36 | if [ "$r" != "bar" ]; then |
41 | if [ "$r" != "bar" ]; then | 37 | fail "key option environment not set" |
42 | fail "key option environment not set" | 38 | fi |
43 | fi | ||
44 | done | ||
45 | 39 | ||
46 | # Test from= restriction | 40 | # Test from= restriction |
47 | start_sshd | 41 | start_sshd |
48 | for p in ${SSH_PROTOCOLS}; do | 42 | for f in 127.0.0.1 '127.0.0.0\/8'; do |
49 | for f in 127.0.0.1 '127.0.0.0\/8'; do | ||
50 | cat $origkeys >$authkeys | 43 | cat $origkeys >$authkeys |
51 | ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true | 44 | ${SSH} -q -F $OBJ/ssh_proxy somehost true |
52 | if [ $? -ne 0 ]; then | 45 | if [ $? -ne 0 ]; then |
53 | fail "key option proto $p failed without restriction" | 46 | fail "key option failed without restriction" |
54 | fi | 47 | fi |
55 | 48 | ||
56 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys | 49 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys |
57 | from=`head -1 $authkeys | cut -f1 -d ' '` | 50 | from=`head -1 $authkeys | cut -f1 -d ' '` |
58 | verbose "key option proto $p $from" | 51 | verbose "key option $from" |
59 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` | 52 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'` |
60 | if [ "$r" = "true" ]; then | 53 | if [ "$r" = "true" ]; then |
61 | fail "key option proto $p $from not restricted" | 54 | fail "key option $from not restricted" |
62 | fi | 55 | fi |
63 | 56 | ||
64 | r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'` | 57 | r=`${SSH} -q -F $OBJ/ssh_config somehost 'echo true'` |
65 | if [ "$r" != "true" ]; then | 58 | if [ "$r" != "true" ]; then |
66 | fail "key option proto $p $from not allowed but should be" | 59 | fail "key option $from not allowed but should be" |
67 | fi | 60 | fi |
68 | done | ||
69 | done | 61 | done |
70 | 62 | ||
71 | rm -f "$origkeys" | 63 | rm -f "$origkeys" |