import openssh-5.1p1-gsskex-cjwatson-20080722.patch

author: Colin Watson <cjwatson@debian.org> 2009-12-29 21:42:53 +0000
committer: Colin Watson <cjwatson@debian.org> 2009-12-29 21:42:53 +0000
commit: 87552344215a38d3a2b0d4d63dc151e05978bbe1 (patch)
tree: 9f4b96055e6ccaa915e8d59d9f2805e9e119371d /regress/key-options.sh
parent: a25ec0b132c44c9e341e08464ff830de06b81126 (diff)
parent: ef94e5613d37bcbf880f21ee6094e4b1c7683a4c (diff)
1 files changed, 71 insertions, 0 deletions
diff --git a/regress/key-options.sh b/regress/key-options.sh
new file mode 100644
index 000000000..f98d78b30
--- /dev/null
+++ b/regress/key-options.sh
@@ -0,0 +1,71 @@
+#       $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $
+#       Placed in the Public Domain.
+tid="key options"
+origkeys="$OBJ/authkeys_orig"
+authkeys="$OBJ/authorized_keys_${USER}"
+cp $authkeys $origkeys
+# Test command= forced command
+for p in 1 2; do
+    for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do
+        sed "s/.*/$c &/" $origkeys >$authkeys
+        verbose "key option proto $p $c"
+        r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo`
+        if [ "$r" = "foo" ]; then
+                fail "key option forced command not restricted"
+        fi
+        if [ "$r" != "bar" ]; then
+                fail "key option forced command not executed"
+        fi
+    done
+done
+# Test no-pty
+sed 's/.*/no-pty &/' $origkeys >$authkeys
+for p in 1 2; do
+        verbose "key option proto $p no-pty"
+        r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty`
+        if [ -f "$r" ]; then
+                fail "key option failed proto $p no-pty (pty $r)"
+        fi
+done
+# Test environment=
+echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy
+sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys
+for p in 1 2; do
+        verbose "key option proto $p environment"
+        r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'`
+        if [ "$r" != "bar" ]; then
+                fail "key option environment not set"
+        fi
+done
+# Test from= restriction
+start_sshd
+for p in 1 2; do
+    for f in 127.0.0.1 '127.0.0.0\/8'; do
+        cat  $origkeys >$authkeys
+        ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true
+        if [ $? -ne 0 ]; then
+                fail "key option proto $p failed without restriction"
+        fi
+        sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
+        from=`head -1 $authkeys | cut -f1 -d ' '`
+        verbose "key option proto $p $from"
+        r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
+        if [ "$r" = "true" ]; then
+                fail "key option proto $p $from not restricted"
+        fi
+        r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'`
+        if [ "$r" != "true" ]; then
+                fail "key option proto $p $from not allowed but should be"
+        fi
+    done
+done
+rm -f "$origkeys"
author	Colin Watson <cjwatson@debian.org>	2009-12-29 21:42:53 +0000
committer	Colin Watson <cjwatson@debian.org>	2009-12-29 21:42:53 +0000
commit	87552344215a38d3a2b0d4d63dc151e05978bbe1 (patch)
tree	9f4b96055e6ccaa915e8d59d9f2805e9e119371d /regress/key-options.sh
parent	a25ec0b132c44c9e341e08464ff830de06b81126 (diff)
parent	ef94e5613d37bcbf880f21ee6094e4b1c7683a4c (diff)

diff --git a/regress/key-options.sh b/regress/key-options.sh new file mode 100644 index 000000000..f98d78b30 --- /dev/null +++ b/regress/key-options.sh
@@ -0,0 +1,71 @@
	1	# $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $
	2	# Placed in the Public Domain.
	3
	4	tid="key options"
	5
	6	origkeys="$OBJ/authkeys_orig"
	7	authkeys="$OBJ/authorized_keys_${USER}"
	8	cp $authkeys $origkeys
	9
	10	# Test command= forced command
	11	for p in 1 2; do
	12	for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do
	13	sed "s/.*/$c &/" $origkeys >$authkeys
	14	verbose "key option proto $p $c"
	15	r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo`
	16	if [ "$r" = "foo" ]; then
	17	fail "key option forced command not restricted"
	18	fi
	19	if [ "$r" != "bar" ]; then
	20	fail "key option forced command not executed"
	21	fi
	22	done
	23	done
	24
	25	# Test no-pty
	26	sed 's/.*/no-pty &/' $origkeys >$authkeys
	27	for p in 1 2; do
	28	verbose "key option proto $p no-pty"
	29	r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty`
	30	if [ -f "$r" ]; then
	31	fail "key option failed proto $p no-pty (pty $r)"
	32	fi
	33	done
	34
	35	# Test environment=
	36	echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy
	37	sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys
	38	for p in 1 2; do
	39	verbose "key option proto $p environment"
	40	r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'`
	41	if [ "$r" != "bar" ]; then
	42	fail "key option environment not set"
	43	fi
	44	done
	45
	46	# Test from= restriction
	47	start_sshd
	48	for p in 1 2; do
	49	for f in 127.0.0.1 '127.0.0.0\/8'; do
	50	cat $origkeys >$authkeys
	51	${SSH} -$p -q -F $OBJ/ssh_proxy somehost true
	52	if [ $? -ne 0 ]; then
	53	fail "key option proto $p failed without restriction"
	54	fi
	55
	56	sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
	57	from=`head -1 $authkeys \| cut -f1 -d ' '`
	58	verbose "key option proto $p $from"
	59	r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
	60	if [ "$r" = "true" ]; then
	61	fail "key option proto $p $from not restricted"
	62	fi
	63
	64	r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'`
	65	if [ "$r" != "true" ]; then
	66	fail "key option proto $p $from not allowed but should be"
	67	fi
	68	done
	69	done
	70
	71	rm -f "$origkeys"