diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-03-03 03:16:17 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-03-03 14:39:25 +1100 |
commit | de1920d743d295f50e6905e5957c4172c038e8eb (patch) | |
tree | 7653a33a7b665d5ac1dc0367a6dec30d29ca6851 /regress/unittests/authopt/testdata/mktestdata.sh | |
parent | dc3e92df17556dc5b0ab19cee8dcb2a6ba348717 (diff) |
upstream: unit tests for new authorized_keys options API
OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
Diffstat (limited to 'regress/unittests/authopt/testdata/mktestdata.sh')
-rw-r--r-- | regress/unittests/authopt/testdata/mktestdata.sh | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/regress/unittests/authopt/testdata/mktestdata.sh b/regress/unittests/authopt/testdata/mktestdata.sh new file mode 100644 index 000000000..06a24e390 --- /dev/null +++ b/regress/unittests/authopt/testdata/mktestdata.sh | |||
@@ -0,0 +1,48 @@ | |||
1 | #/bin/sh | ||
2 | |||
3 | set -xe | ||
4 | |||
5 | rm -f ca_key ca_key.pub | ||
6 | rm -f user_key user_key.pub | ||
7 | rm -f *.cert | ||
8 | |||
9 | ssh-keygen -q -f ca_key -t ed25519 -C CA -N '' | ||
10 | ssh-keygen -q -f user_key -t ed25519 -C "user key" -N '' | ||
11 | |||
12 | sign() { | ||
13 | output=$1 | ||
14 | shift | ||
15 | set -xe | ||
16 | ssh-keygen -q -s ca_key -I user -n user \ | ||
17 | -V 19990101:19991231 -z 1 "$@" user_key.pub | ||
18 | mv user_key-cert.pub "$output" | ||
19 | } | ||
20 | |||
21 | sign all_permit.cert -Opermit-agent-forwarding -Opermit-port-forwarding \ | ||
22 | -Opermit-pty -Opermit-user-rc -Opermit-X11-forwarding | ||
23 | sign no_permit.cert -Oclear | ||
24 | |||
25 | sign no_agentfwd.cert -Ono-agent-forwarding | ||
26 | sign no_portfwd.cert -Ono-port-forwarding | ||
27 | sign no_pty.cert -Ono-pty | ||
28 | sign no_user_rc.cert -Ono-user-rc | ||
29 | sign no_x11fwd.cert -Ono-X11-forwarding | ||
30 | |||
31 | sign only_agentfwd.cert -Oclear -Opermit-agent-forwarding | ||
32 | sign only_portfwd.cert -Oclear -Opermit-port-forwarding | ||
33 | sign only_pty.cert -Oclear -Opermit-pty | ||
34 | sign only_user_rc.cert -Oclear -Opermit-user-rc | ||
35 | sign only_x11fwd.cert -Oclear -Opermit-X11-forwarding | ||
36 | |||
37 | sign force_command.cert -Oforce-command="foo" | ||
38 | sign sourceaddr.cert -Osource-address="127.0.0.1/32,::1/128" | ||
39 | |||
40 | # ssh-keygen won't permit generation of certs with invalid source-address | ||
41 | # values, so we do it as a custom extension. | ||
42 | sign bad_sourceaddr.cert -Ocritical:source-address=xxxxx | ||
43 | |||
44 | sign unknown_critical.cert -Ocritical:blah=foo | ||
45 | |||
46 | sign host.cert -h | ||
47 | |||
48 | rm -f user_key ca_key user_key.pub ca_key.pub | ||