From dc3e92df17556dc5b0ab19cee8dcb2a6ba348717 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 2 Mar 2018 02:53:27 +0000 Subject: upstream: fix testing of pty option, include positive test and testing of restrict keyword OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d --- regress/key-options.sh | 43 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) (limited to 'regress/key-options.sh') diff --git a/regress/key-options.sh b/regress/key-options.sh index 2adee6833..aa5f8bf97 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh @@ -1,4 +1,4 @@ -# $OpenBSD: key-options.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: key-options.sh,v 1.5 2018/03/02 02:53:27 djm Exp $ # Placed in the Public Domain. tid="key options" @@ -21,12 +21,41 @@ for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do done # Test no-pty -sed 's/.*/no-pty &/' $origkeys >$authkeys -verbose "key option proto no-pty" -r=`${SSH} -q -F $OBJ/ssh_proxy somehost tty` -if [ -f "$r" ]; then - fail "key option failed no-pty (pty $r)" -fi +expect_pty_succeed() { + which=$1 + opts=$2 + rm -f $OBJ/data + sed "s/.*/$opts &/" $origkeys >$authkeys + verbose "key option pty $which" + ${SSH} -ttq -F $OBJ/ssh_proxy somehost "tty > $OBJ/data; exit 0" + if [ $? -ne 0 ] ; then + fail "key option failed $which" + else + r=`cat $OBJ/data` + if [ ! -e "$r" ]; then + fail "key option failed $which (pty $r)" + fi + fi +} +expect_pty_fail() { + which=$1 + opts=$2 + rm -f $OBJ/data + sed "s/.*/$opts &/" $origkeys >$authkeys + verbose "key option pty $which" + ${SSH} -ttq -F $OBJ/ssh_proxy somehost "tty > $OBJ/data; exit 0" + if [ $? -eq 0 ]; then + r=`cat $OBJ/data` + if [ -e "$r" ]; then + fail "key option failed $which (pty $r)" + fi + fi +} +# First ensure that we can allocate a pty by default. +expect_pty_succeed "default" "" +expect_pty_fail "no-pty" "no-pty" +expect_pty_fail "restrict" "restrict" +expect_pty_succeed "restrict,pty" "restrict,pty" # Test environment= echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy -- cgit v1.2.3 From 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 4 Mar 2018 01:46:48 +0000 Subject: upstream: for the pty control tests, just check that the PTY path points to something in /dev (rather than checking the device node itself); makes life easier for portable, where systems with dynamic ptys can delete nodes before we get around to testing their existence. OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994 --- regress/key-options.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'regress/key-options.sh') diff --git a/regress/key-options.sh b/regress/key-options.sh index aa5f8bf97..5e3a4f66a 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh @@ -1,4 +1,4 @@ -# $OpenBSD: key-options.sh,v 1.5 2018/03/02 02:53:27 djm Exp $ +# $OpenBSD: key-options.sh,v 1.6 2018/03/04 01:46:48 djm Exp $ # Placed in the Public Domain. tid="key options" @@ -32,9 +32,10 @@ expect_pty_succeed() { fail "key option failed $which" else r=`cat $OBJ/data` - if [ ! -e "$r" ]; then - fail "key option failed $which (pty $r)" - fi + case "$r" in + /dev/*) ;; + *) fail "key option failed $which (pty $r)" ;; + esac fi } expect_pty_fail() { @@ -49,6 +50,10 @@ expect_pty_fail() { if [ -e "$r" ]; then fail "key option failed $which (pty $r)" fi + case "$r" in + /dev/*) fail "key option failed $which (pty $r)" ;; + *) ;; + esac fi } # First ensure that we can allocate a pty by default. -- cgit v1.2.3 From 500396b204c58e78ad9d081516a365a9f28dc3fd Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 12 Mar 2018 00:56:03 +0000 Subject: upstream: check valid-before option in authorized_keys OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11 --- regress/key-options.sh | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'regress/key-options.sh') diff --git a/regress/key-options.sh b/regress/key-options.sh index 5e3a4f66a..991849949 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh @@ -1,4 +1,4 @@ -# $OpenBSD: key-options.sh,v 1.6 2018/03/04 01:46:48 djm Exp $ +# $OpenBSD: key-options.sh,v 1.7 2018/03/12 00:56:03 djm Exp $ # Placed in the Public Domain. tid="key options" @@ -94,4 +94,21 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do fi done -rm -f "$origkeys" +check_valid_before() { + which=$1 + opts=$2 + expect=$3 + sed "s/.*/$opts &/" $origkeys >$authkeys + verbose "key option valid-before $which" + ${SSH} -q -F $OBJ/ssh_proxy somehost true + case "$expect" in + fail) test $? -eq 0 && fail "key option succeeded $which" ;; + pass) test $? -ne 0 && fail "key option failed $which" ;; + *) fatal "unknown expectation $expect" ;; + esac +} +check_valid_before "default" "" "pass" +check_valid_before "invalid" 'valid-before="INVALID"' "fail" +check_valid_before "expired" 'valid-before="19990101"' "fail" +check_valid_before "valid" 'valid-before="20380101"' "pass" + -- cgit v1.2.3 From 4c4e7f783b43b264c247233acb887ee10ed4ce4d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 14 Mar 2018 05:35:40 +0000 Subject: upstream: rename recently-added "valid-before" key restriction to "expiry-time" as the former is confusing wrt similar terminology in X.509; pointed out by jsing@ OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793 --- regress/key-options.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'regress/key-options.sh') diff --git a/regress/key-options.sh b/regress/key-options.sh index 991849949..e03cae585 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh @@ -1,4 +1,4 @@ -# $OpenBSD: key-options.sh,v 1.7 2018/03/12 00:56:03 djm Exp $ +# $OpenBSD: key-options.sh,v 1.8 2018/03/14 05:35:40 djm Exp $ # Placed in the Public Domain. tid="key options" @@ -99,7 +99,7 @@ check_valid_before() { opts=$2 expect=$3 sed "s/.*/$opts &/" $origkeys >$authkeys - verbose "key option valid-before $which" + verbose "key option expiry-time $which" ${SSH} -q -F $OBJ/ssh_proxy somehost true case "$expect" in fail) test $? -eq 0 && fail "key option succeeded $which" ;; @@ -108,7 +108,7 @@ check_valid_before() { esac } check_valid_before "default" "" "pass" -check_valid_before "invalid" 'valid-before="INVALID"' "fail" -check_valid_before "expired" 'valid-before="19990101"' "fail" -check_valid_before "valid" 'valid-before="20380101"' "pass" +check_valid_before "invalid" 'expiry-time="INVALID"' "fail" +check_valid_before "expired" 'expiry-time="19990101"' "fail" +check_valid_before "valid" 'expiry-time="20380101"' "pass" -- cgit v1.2.3 From c6cb2565c9285eb54fa9dfbb3890f5464aff410f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 22 Mar 2018 17:00:28 +1100 Subject: Save $? before case statement. In some shells (FreeBSD 9, ash) the case statement resets $?, so save for later testing. --- regress/key-options.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'regress/key-options.sh') diff --git a/regress/key-options.sh b/regress/key-options.sh index e03cae585..d680737c1 100644 --- a/regress/key-options.sh +++ b/regress/key-options.sh @@ -101,9 +101,10 @@ check_valid_before() { sed "s/.*/$opts &/" $origkeys >$authkeys verbose "key option expiry-time $which" ${SSH} -q -F $OBJ/ssh_proxy somehost true + r=$? case "$expect" in - fail) test $? -eq 0 && fail "key option succeeded $which" ;; - pass) test $? -ne 0 && fail "key option failed $which" ;; + fail) test $r -eq 0 && fail "key option succeeded $which" ;; + pass) test $r -ne 0 && fail "key option failed $which" ;; *) fatal "unknown expectation $expect" ;; esac } -- cgit v1.2.3