]>
Commit | Line | Data |
---|---|---|
c7cbf377 | 1 | # $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $ |
a6d05adf | 2 | # Placed in the Public Domain. |
3 | ||
4 | tid="key options" | |
5 | ||
6 | origkeys="$OBJ/authkeys_orig" | |
7 | authkeys="$OBJ/authorized_keys_${USER}" | |
8 | cp $authkeys $origkeys | |
9 | ||
10 | # Test command= forced command | |
11 | for p in 1 2; do | |
12 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do | |
13 | sed "s/.*/$c &/" $origkeys >$authkeys | |
14 | verbose "key option proto $p $c" | |
15 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo` | |
16 | if [ "$r" = "foo" ]; then | |
17 | fail "key option forced command not restricted" | |
18 | fi | |
19 | if [ "$r" != "bar" ]; then | |
20 | fail "key option forced command not executed" | |
21 | fi | |
22 | done | |
23 | done | |
24 | ||
25 | # Test no-pty | |
26 | sed 's/.*/no-pty &/' $origkeys >$authkeys | |
27 | for p in 1 2; do | |
28 | verbose "key option proto $p no-pty" | |
29 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` | |
30 | if [ -f "$r" ]; then | |
31 | fail "key option failed proto $p no-pty (pty $r)" | |
32 | fi | |
33 | done | |
34 | ||
35 | # Test environment= | |
36 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy | |
37 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys | |
38 | for p in 1 2; do | |
39 | verbose "key option proto $p environment" | |
40 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` | |
41 | if [ "$r" != "bar" ]; then | |
42 | fail "key option environment not set" | |
43 | fi | |
44 | done | |
45 | ||
46 | # Test from= restriction | |
47 | start_sshd | |
48 | for p in 1 2; do | |
49 | for f in 127.0.0.1 '127.0.0.0\/8'; do | |
50 | cat $origkeys >$authkeys | |
51 | ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true | |
52 | if [ $? -ne 0 ]; then | |
53 | fail "key option proto $p failed without restriction" | |
54 | fi | |
55 | ||
c7cbf377 | 56 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys |
a6d05adf | 57 | from=`head -1 $authkeys | cut -f1 -d ' '` |
58 | verbose "key option proto $p $from" | |
59 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` | |
c7cbf377 | 60 | if [ "$r" = "true" ]; then |
a6d05adf | 61 | fail "key option proto $p $from not restricted" |
62 | fi | |
63 | ||
64 | r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'` | |
65 | if [ "$r" != "true" ]; then | |
66 | fail "key option proto $p $from not allowed but should be" | |
67 | fi | |
68 | done | |
69 | done | |
70 | ||
71 | rm -f "$origkeys" |