diff options
| -rw-r--r-- | regress/usr.bin/ssh/Makefile | 5 | ||||
| -rw-r--r-- | regress/usr.bin/ssh/forcecommand.sh | 42 |
2 files changed, 45 insertions, 2 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index a0f6e952470..8ae2580d527 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.40 2006/07/17 12:08:02 dtucker Exp $ +# $OpenBSD: Makefile,v 1.41 2006/07/19 13:09:28 dtucker Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 @@ -38,7 +38,8 @@ LTESTS= connect \ multiplex \ reexec \ brokenkeys \ - cfgmatch + cfgmatch \ + forcecommand USER!= id -un CLEANFILES+= authorized_keys_${USER} known_hosts pidfile \ diff --git a/regress/usr.bin/ssh/forcecommand.sh b/regress/usr.bin/ssh/forcecommand.sh new file mode 100644 index 00000000000..796e7c2c094 --- /dev/null +++ b/regress/usr.bin/ssh/forcecommand.sh @@ -0,0 +1,42 @@ +# $OpenBSD: forcecommand.sh,v 1.1 2006/07/19 13:09:28 dtucker Exp $ +# Placed in the Public Domain. + +tid="forced command" + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak + +echo -n 'command="true" ' >$OBJ/authorized_keys_$USER +cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER +echo -n 'command="true" ' >>$OBJ/authorized_keys_$USER +cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER + +for p in 1 2; do + trace "forced command in key option proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done + +echo -n 'command="false" ' >$OBJ/authorized_keys_$USER +cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER +echo -n 'command="false" ' >>$OBJ/authorized_keys_$USER +cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "ForceCommand true" >> $OBJ/sshd_proxy + +for p in 1 2; do + trace "forced command in sshd_config overrides key option proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "ForceCommand false" >> $OBJ/sshd_proxy +echo "Match User $USER" >> $OBJ/sshd_proxy +echo " ForceCommand true" >> $OBJ/sshd_proxy + +for p in 1 2; do + trace "forced command with match proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done |