diff options
author | Darren Tucker <dtucker@cvs.openbsd.org> | 2006-07-19 13:09:29 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2006-07-19 13:09:29 +0000 |
commit | 3cae87b558e7736f0aa981c4e9821abea795746f (patch) | |
tree | f92fe4f24fa3939ea3cbed3fd735f03a618c3c3f | |
parent | cfa145b22b3709f5d360086de1ea4287c550b37a (diff) |
Add regress test for ForceCommand
-rw-r--r-- | regress/usr.bin/ssh/Makefile | 5 | ||||
-rw-r--r-- | regress/usr.bin/ssh/forcecommand.sh | 42 |
2 files changed, 45 insertions, 2 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index a0f6e952470..8ae2580d527 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.40 2006/07/17 12:08:02 dtucker Exp $ +# $OpenBSD: Makefile,v 1.41 2006/07/19 13:09:28 dtucker Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 @@ -38,7 +38,8 @@ LTESTS= connect \ multiplex \ reexec \ brokenkeys \ - cfgmatch + cfgmatch \ + forcecommand USER!= id -un CLEANFILES+= authorized_keys_${USER} known_hosts pidfile \ diff --git a/regress/usr.bin/ssh/forcecommand.sh b/regress/usr.bin/ssh/forcecommand.sh new file mode 100644 index 00000000000..796e7c2c094 --- /dev/null +++ b/regress/usr.bin/ssh/forcecommand.sh @@ -0,0 +1,42 @@ +# $OpenBSD: forcecommand.sh,v 1.1 2006/07/19 13:09:28 dtucker Exp $ +# Placed in the Public Domain. + +tid="forced command" + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak + +echo -n 'command="true" ' >$OBJ/authorized_keys_$USER +cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER +echo -n 'command="true" ' >>$OBJ/authorized_keys_$USER +cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER + +for p in 1 2; do + trace "forced command in key option proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done + +echo -n 'command="false" ' >$OBJ/authorized_keys_$USER +cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER +echo -n 'command="false" ' >>$OBJ/authorized_keys_$USER +cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "ForceCommand true" >> $OBJ/sshd_proxy + +for p in 1 2; do + trace "forced command in sshd_config overrides key option proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "ForceCommand false" >> $OBJ/sshd_proxy +echo "Match User $USER" >> $OBJ/sshd_proxy +echo " ForceCommand true" >> $OBJ/sshd_proxy + +for p in 1 2; do + trace "forced command with match proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done |