diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | regress/Makefile | 5 | ||||
-rw-r--r-- | regress/keys-command.sh | 33 |
3 files changed, 39 insertions, 2 deletions
@@ -24,6 +24,9 @@ | |||
24 | - djm@cvs.openbsd.org 2012/10/19 05:10:42 | 24 | - djm@cvs.openbsd.org 2012/10/19 05:10:42 |
25 | [regress/cert-userkey.sh] | 25 | [regress/cert-userkey.sh] |
26 | include a serial number when generating certs | 26 | include a serial number when generating certs |
27 | - djm@cvs.openbsd.org 2012/11/22 22:49:30 | ||
28 | [regress/Makefile regress/keys-command.sh] | ||
29 | regress for AuthorizedKeysCommand; hints from markus@ | ||
27 | 30 | ||
28 | 20121114 | 31 | 20121114 |
29 | - (djm) OpenBSD CVS Sync | 32 | - (djm) OpenBSD CVS Sync |
diff --git a/regress/Makefile b/regress/Makefile index f114c27e9..dcc80b734 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.58 2011/01/06 22:46:21 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.59 2012/11/22 22:49:30 djm Exp $ |
2 | 2 | ||
3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec | 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec |
4 | tests: $(REGRESS_TARGETS) | 4 | tests: $(REGRESS_TARGETS) |
@@ -57,7 +57,8 @@ LTESTS= connect \ | |||
57 | kextype \ | 57 | kextype \ |
58 | cert-hostkey \ | 58 | cert-hostkey \ |
59 | cert-userkey \ | 59 | cert-userkey \ |
60 | host-expand | 60 | host-expand \ |
61 | keys-command | ||
61 | 62 | ||
62 | INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers | 63 | INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers |
63 | #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp | 64 | #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp |
diff --git a/regress/keys-command.sh b/regress/keys-command.sh new file mode 100644 index 000000000..09f4db4b7 --- /dev/null +++ b/regress/keys-command.sh | |||
@@ -0,0 +1,33 @@ | |||
1 | # $OpenBSD: keys-command.sh,v 1.1 2012/11/22 22:49:30 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="authorized keys from command" | ||
5 | |||
6 | if test -z "$SUDO" ; then | ||
7 | echo "skipped (SUDO not set)" | ||
8 | echo "need SUDO to create file in /var/run, test won't work without" | ||
9 | exit 0 | ||
10 | fi | ||
11 | |||
12 | # Establish a AuthorizedKeysCommand in /var/run where it will have | ||
13 | # acceptable directory permissions. | ||
14 | KEY_COMMAND="/var/run/keycommand_${LOGNAME}" | ||
15 | cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'" | ||
16 | #!/bin/sh | ||
17 | test "x\$1" -ne "x${LOGNAME}" && exit 1 | ||
18 | exec cat "$OBJ/authorized_keys_${LOGNAME}" | ||
19 | _EOF | ||
20 | $SUDO chmod 0755 "$KEY_COMMAND" | ||
21 | |||
22 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak | ||
23 | ( | ||
24 | grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak | ||
25 | echo AuthorizedKeysFile none | ||
26 | echo AuthorizedKeysCommand $KEY_COMMAND | ||
27 | echo AuthorizedKeysCommandUser ${LOGNAME} | ||
28 | ) > $OBJ/sshd_proxy | ||
29 | |||
30 | ${SSH} -F $OBJ/ssh_proxy somehost true | ||
31 | if [ $? -ne 0 ]; then | ||
32 | fail "connect failed" | ||
33 | fi | ||