upstream: it's no longer possible to disable privilege separation

in sshd, so don't double the tests' work by trying both off/on OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
author: djm@openbsd.org <djm@openbsd.org> 2019-12-11 18:47:14 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-16 14:20:35 +1100
commit: a7fc1df246e80bfdabd09b069b91c72f9c578ca8 (patch)
tree: fde2c7b364ccc1f3b1c4c6e08b853651f1dc3a68 /regress
parent: 3145d38ea06820a66c0f5e068f49af14fd2b7ac1 (diff)
5 files changed, 12 insertions, 12 deletions
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index dc40b782a..67a9795d0 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: cert-hostkey.sh,v 1.20 2019/11/26 23:43:10 djm Exp $
+#       $OpenBSD: cert-hostkey.sh,v 1.21 2019/12/11 18:47:14 djm Exp $
 #       Placed in the Public Domain.
 tid="certified host keys"
@@ -131,7 +131,7 @@ attempt_connect() {
 }
 # Basic connect and revocation tests.
-for privsep in yes sandbox ; do
+for privsep in yes ; do
        for ktype in $PLAIN_TYPES ; do
                verbose "$tid: host ${ktype} cert connect privsep $privsep"
                (
@@ -169,7 +169,7 @@ for ktype in $PLAIN_TYPES ; do
        kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig
 done
 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
-for privsep in yes sandbox ; do
+for privsep in yes ; do
        for ktype in $PLAIN_TYPES ; do
                verbose "$tid: host ${ktype} revoked cert privsep $privsep"
                (
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index d6e293d57..87d30d27b 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: cert-userkey.sh,v 1.23 2019/11/26 23:43:10 djm Exp $
+#       $OpenBSD: cert-userkey.sh,v 1.24 2019/12/11 18:47:14 djm Exp $
 #       Placed in the Public Domain.
 tid="certified user keys"
@@ -60,7 +60,7 @@ done
 # Test explicitly-specified principals
 for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
        t=$(kname $ktype)
-        for privsep in yes sandbox ; do
+        for privsep in yes ; do
                _prefix="${ktype} privsep $privsep"
                # Setup for AuthorizedPrincipalsFile
@@ -197,7 +197,7 @@ basic_tests() {
        for ktype in $PLAIN_TYPES ; do
                t=$(kname $ktype)
-                for privsep in yes no ; do
+                for privsep in yes ; do
                        _prefix="${ktype} privsep $privsep $auth"
                        # Simple connect
                        verbose "$tid: ${_prefix} connect"
diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index af2ed7806..7f490e013 100644
--- a/regress/hostkey-agent.sh
+++ b/regress/hostkey-agent.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: hostkey-agent.sh,v 1.9 2019/11/26 23:43:10 djm Exp $
+#       $OpenBSD: hostkey-agent.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
 #       Placed in the Public Domain.
 tid="hostkey agent"
@@ -30,7 +30,7 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts
 unset SSH_AUTH_SOCK
-for ps in no yes; do
+for ps in yes; do
        for k in `${SSH} -Q key-plain | filter_sk` ; do
                verbose "key type $k privsep=$ps"
                cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
diff --git a/regress/multipubkey.sh b/regress/multipubkey.sh
index 4d443ec45..9b2273353 100644
--- a/regress/multipubkey.sh
+++ b/regress/multipubkey.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: multipubkey.sh,v 1.2 2018/10/31 11:09:27 dtucker Exp $
+#       $OpenBSD: multipubkey.sh,v 1.3 2019/12/11 18:47:14 djm Exp $
 #       Placed in the Public Domain.
 tid="multiple pubkey"
@@ -31,7 +31,7 @@ grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
 opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
 opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2"
-for privsep in yes sandbox ; do
+for privsep in yes ; do
        (
                grep -v "Protocol"  $OBJ/sshd_proxy.orig
                echo "Protocol 2"
diff --git a/regress/principals-command.sh b/regress/principals-command.sh
index a91858cbb..9e85e8e75 100644
--- a/regress/principals-command.sh
+++ b/regress/principals-command.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: principals-command.sh,v 1.8 2019/11/01 01:55:41 djm Exp $
+#       $OpenBSD: principals-command.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
 #       Placed in the Public Domain.
 tid="authorized principals command"
@@ -63,7 +63,7 @@ fi
 if [ -x $PRINCIPALS_COMMAND ]; then
        # Test explicitly-specified principals
-        for privsep in yes sandbox ; do
+        for privsep in yes ; do
                _prefix="privsep $privsep"
                # Setup for AuthorizedPrincipalsCommand
author	djm@openbsd.org <djm@openbsd.org>	2019-12-11 18:47:14 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-16 14:20:35 +1100
commit	a7fc1df246e80bfdabd09b069b91c72f9c578ca8 (patch)
tree	fde2c7b364ccc1f3b1c4c6e08b853651f1dc3a68 /regress
parent	3145d38ea06820a66c0f5e068f49af14fd2b7ac1 (diff)

diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index dc40b782a..67a9795d0 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: cert-hostkey.sh,v 1.20 2019/11/26 23:43:10 djm Exp $	1	# $OpenBSD: cert-hostkey.sh,v 1.21 2019/12/11 18:47:14 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="certified host keys"	4	tid="certified host keys"
@@ -131,7 +131,7 @@ attempt_connect() {
131	}	131	}
132		132
133	# Basic connect and revocation tests.	133	# Basic connect and revocation tests.
134	for privsep in yes sandbox ; do	134	for privsep in yes ; do
135	for ktype in $PLAIN_TYPES ; do	135	for ktype in $PLAIN_TYPES ; do
136	verbose "$tid: host ${ktype} cert connect privsep $privsep"	136	verbose "$tid: host ${ktype} cert connect privsep $privsep"
137	(	137	(
@@ -169,7 +169,7 @@ for ktype in $PLAIN_TYPES ; do
169	kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig	169	kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig
170	done	170	done
171	cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert	171	cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
172	for privsep in yes sandbox ; do	172	for privsep in yes ; do
173	for ktype in $PLAIN_TYPES ; do	173	for ktype in $PLAIN_TYPES ; do
174	verbose "$tid: host ${ktype} revoked cert privsep $privsep"	174	verbose "$tid: host ${ktype} revoked cert privsep $privsep"
175	(	175	(


diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index d6e293d57..87d30d27b 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: cert-userkey.sh,v 1.23 2019/11/26 23:43:10 djm Exp $	1	# $OpenBSD: cert-userkey.sh,v 1.24 2019/12/11 18:47:14 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="certified user keys"	4	tid="certified user keys"
@@ -60,7 +60,7 @@ done
60	# Test explicitly-specified principals	60	# Test explicitly-specified principals
61	for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do	61	for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
62	t=$(kname $ktype)	62	t=$(kname $ktype)
63	for privsep in yes sandbox ; do	63	for privsep in yes ; do
64	_prefix="${ktype} privsep $privsep"	64	_prefix="${ktype} privsep $privsep"
65		65
66	# Setup for AuthorizedPrincipalsFile	66	# Setup for AuthorizedPrincipalsFile
@@ -197,7 +197,7 @@ basic_tests() {
197		197
198	for ktype in $PLAIN_TYPES ; do	198	for ktype in $PLAIN_TYPES ; do
199	t=$(kname $ktype)	199	t=$(kname $ktype)
200	for privsep in yes no ; do	200	for privsep in yes ; do
201	_prefix="${ktype} privsep $privsep $auth"	201	_prefix="${ktype} privsep $privsep $auth"
202	# Simple connect	202	# Simple connect
203	verbose "$tid: ${_prefix} connect"	203	verbose "$tid: ${_prefix} connect"


diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh index af2ed7806..7f490e013 100644 --- a/regress/hostkey-agent.sh +++ b/regress/hostkey-agent.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: hostkey-agent.sh,v 1.9 2019/11/26 23:43:10 djm Exp $	1	# $OpenBSD: hostkey-agent.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="hostkey agent"	4	tid="hostkey agent"
@@ -30,7 +30,7 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts
30		30
31	unset SSH_AUTH_SOCK	31	unset SSH_AUTH_SOCK
32		32
33	for ps in no yes; do	33	for ps in yes; do
34	for k in `${SSH} -Q key-plain \| filter_sk` ; do	34	for k in `${SSH} -Q key-plain \| filter_sk` ; do
35	verbose "key type $k privsep=$ps"	35	verbose "key type $k privsep=$ps"
36	cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy	36	cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy


diff --git a/regress/multipubkey.sh b/regress/multipubkey.sh index 4d443ec45..9b2273353 100644 --- a/regress/multipubkey.sh +++ b/regress/multipubkey.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: multipubkey.sh,v 1.2 2018/10/31 11:09:27 dtucker Exp $	1	# $OpenBSD: multipubkey.sh,v 1.3 2019/12/11 18:47:14 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="multiple pubkey"	4	tid="multiple pubkey"
@@ -31,7 +31,7 @@ grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
31	opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes"	31	opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
32	opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2"	32	opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2"
33		33
34	for privsep in yes sandbox ; do	34	for privsep in yes ; do
35	(	35	(
36	grep -v "Protocol" $OBJ/sshd_proxy.orig	36	grep -v "Protocol" $OBJ/sshd_proxy.orig
37	echo "Protocol 2"	37	echo "Protocol 2"


diff --git a/regress/principals-command.sh b/regress/principals-command.sh index a91858cbb..9e85e8e75 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: principals-command.sh,v 1.8 2019/11/01 01:55:41 djm Exp $	1	# $OpenBSD: principals-command.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="authorized principals command"	4	tid="authorized principals command"
@@ -63,7 +63,7 @@ fi
63		63
64	if [ -x $PRINCIPALS_COMMAND ]; then	64	if [ -x $PRINCIPALS_COMMAND ]; then
65	# Test explicitly-specified principals	65	# Test explicitly-specified principals
66	for privsep in yes sandbox ; do	66	for privsep in yes ; do
67	_prefix="privsep $privsep"	67	_prefix="privsep $privsep"
68		68
69	# Setup for AuthorizedPrincipalsCommand	69	# Setup for AuthorizedPrincipalsCommand