1 files changed, 31 insertions, 1 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 8fd1b48db..a41a9a9c0 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: cert-userkey.sh,v 1.5 2010/05/07 11:31:26 djm Exp $
+#       $OpenBSD: cert-userkey.sh,v 1.6 2010/06/29 23:59:54 djm Exp $
 #       Placed in the Public Domain.
 tid="certified user keys"
@@ -79,6 +79,36 @@ for ktype in rsa dsa rsa_v00 dsa_v00 ; do
                        fail "ssh cert connect failed"
                fi
+                # authorized_principals with bad key option
+                verbose "$tid: ${_prefix} authorized_principals bad key opt"
+                echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
+                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+                if [ $? -eq 0 ]; then
+                        fail "ssh cert connect succeeded unexpectedly"
+                fi
+                # authorized_principals with command=false
+                verbose "$tid: ${_prefix} authorized_principals command=false"
+                echo 'command="false" mekmitasdigoat' > \
+                    $OBJ/authorized_principals_$USER
+                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+                if [ $? -eq 0 ]; then
+                        fail "ssh cert connect succeeded unexpectedly"
+                fi
+                # authorized_principals with command=true
+                verbose "$tid: ${_prefix} authorized_principals command=true"
+                echo 'command="true" mekmitasdigoat' > \
+                    $OBJ/authorized_principals_$USER
+                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                    -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
+                if [ $? -ne 0 ]; then
+                        fail "ssh cert connect failed"
+                fi
                # Setup for principals= key option
                rm -f $OBJ/authorized_principals_$USER
                (

diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 8fd1b48db..a41a9a9c0 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: cert-userkey.sh,v 1.5 2010/05/07 11:31:26 djm Exp $	1	# $OpenBSD: cert-userkey.sh,v 1.6 2010/06/29 23:59:54 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="certified user keys"	4	tid="certified user keys"
@@ -79,6 +79,36 @@ for ktype in rsa dsa rsa_v00 dsa_v00 ; do
79	fail "ssh cert connect failed"	79	fail "ssh cert connect failed"
80	fi	80	fi
81		81
		82	# authorized_principals with bad key option
		83	verbose "$tid: ${_prefix} authorized_principals bad key opt"
		84	echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
		85	${SSH} -2i $OBJ/cert_user_key_${ktype} \
		86	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
		87	if [ $? -eq 0 ]; then
		88	fail "ssh cert connect succeeded unexpectedly"
		89	fi
		90
		91	# authorized_principals with command=false
		92	verbose "$tid: ${_prefix} authorized_principals command=false"
		93	echo 'command="false" mekmitasdigoat' > \
		94	$OBJ/authorized_principals_$USER
		95	${SSH} -2i $OBJ/cert_user_key_${ktype} \
		96	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
		97	if [ $? -eq 0 ]; then
		98	fail "ssh cert connect succeeded unexpectedly"
		99	fi
		100
		101
		102	# authorized_principals with command=true
		103	verbose "$tid: ${_prefix} authorized_principals command=true"
		104	echo 'command="true" mekmitasdigoat' > \
		105	$OBJ/authorized_principals_$USER
		106	${SSH} -2i $OBJ/cert_user_key_${ktype} \
		107	-F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
		108	if [ $? -ne 0 ]; then
		109	fail "ssh cert connect failed"
		110	fi
		111
82	# Setup for principals= key option	112	# Setup for principals= key option
83	rm -f $OBJ/authorized_principals_$USER	113	rm -f $OBJ/authorized_principals_$USER
84	(	114	(