Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / c63c9a691dca26bb7648827f5a13668832948929 / . / regress / cert-userkey.sh
blob: 739a036e2f67eaeb74a41fdacd73e41700c20586 [file] [log] [blame]
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]1# $OpenBSD: cert-userkey.sh,v 1.14 2015/07/10 06:23:25 markus Exp $
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]2# Placed in the Public Domain.
3
4tid="certified user keys"
5
6rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]8cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]9
Damien Millerf54542a2013-12-07 16:32:44 +1100[diff] [blame]10PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
11
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]12kname() {
13 echo -n $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/'
14 echo "*,ssh-rsa*,ssh-ed25519*"
15}
16
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]17# Create a CA key
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]18${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\
19 fail "ssh-keygen of user_ca_key failed"
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]20
21# Generate and sign user keys
Damien Millerf54542a2013-12-07 16:32:44 +1100[diff] [blame]22for ktype in $PLAIN_TYPES ; do
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]23 verbose "$tid: sign user ${ktype} cert"
24 ${SSHKEYGEN} -q -N '' -t ${ktype} \
25 -f $OBJ/cert_user_key_${ktype} || \
26 fail "ssh-keygen of cert_user_key_${ktype} failed"
Damien Miller6618e922012-12-03 10:09:04 +1100[diff] [blame]27 ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
28 -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} ||
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]29 fail "couldn't sign cert_user_key_${ktype}"
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]30done
31
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]32# Test explicitly-specified principals
djm@openbsd.org6a977a42015-07-03 04:39:23 +0000[diff] [blame]33for ktype in $PLAIN_TYPES ; do
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]34 t=$(kname $ktype)
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]35 for privsep in yes no ; do
36 _prefix="${ktype} privsep $privsep"
37
38 # Setup for AuthorizedPrincipalsFile
39 rm -f $OBJ/authorized_keys_$USER
40 (
41 cat $OBJ/sshd_proxy_bak
42 echo "UsePrivilegeSeparation $privsep"
43 echo "AuthorizedPrincipalsFile " \
44 "$OBJ/authorized_principals_%u"
45 echo "TrustedUserCAKeys $OBJ/user_ca_key.pub"
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]46 echo "PubkeyAcceptedKeyTypes ${t}"
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]47 ) > $OBJ/sshd_proxy
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]48 (
49 cat $OBJ/ssh_proxy_bak
50 echo "PubkeyAcceptedKeyTypes ${t}"
51 ) > $OBJ/ssh_proxy
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]52
53 # Missing authorized_principals
54 verbose "$tid: ${_prefix} missing authorized_principals"
55 rm -f $OBJ/authorized_principals_$USER
56 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
57 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
58 if [ $? -eq 0 ]; then
59 fail "ssh cert connect succeeded unexpectedly"
60 fi
61
62 # Empty authorized_principals
63 verbose "$tid: ${_prefix} empty authorized_principals"
64 echo > $OBJ/authorized_principals_$USER
65 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
66 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
67 if [ $? -eq 0 ]; then
68 fail "ssh cert connect succeeded unexpectedly"
69 fi
70
71 # Wrong authorized_principals
72 verbose "$tid: ${_prefix} wrong authorized_principals"
73 echo gregorsamsa > $OBJ/authorized_principals_$USER
74 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
75 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
76 if [ $? -eq 0 ]; then
77 fail "ssh cert connect succeeded unexpectedly"
78 fi
79
80 # Correct authorized_principals
81 verbose "$tid: ${_prefix} correct authorized_principals"
82 echo mekmitasdigoat > $OBJ/authorized_principals_$USER
83 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
84 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
85 if [ $? -ne 0 ]; then
86 fail "ssh cert connect failed"
87 fi
88
Damien Millerab139cd2010-07-02 13:42:18 +1000[diff] [blame]89 # authorized_principals with bad key option
90 verbose "$tid: ${_prefix} authorized_principals bad key opt"
91 echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
92 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
93 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
94 if [ $? -eq 0 ]; then
95 fail "ssh cert connect succeeded unexpectedly"
96 fi
97
98 # authorized_principals with command=false
99 verbose "$tid: ${_prefix} authorized_principals command=false"
100 echo 'command="false" mekmitasdigoat' > \
101 $OBJ/authorized_principals_$USER
102 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
103 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
104 if [ $? -eq 0 ]; then
105 fail "ssh cert connect succeeded unexpectedly"
106 fi
107
108
109 # authorized_principals with command=true
110 verbose "$tid: ${_prefix} authorized_principals command=true"
111 echo 'command="true" mekmitasdigoat' > \
112 $OBJ/authorized_principals_$USER
113 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
114 -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
115 if [ $? -ne 0 ]; then
116 fail "ssh cert connect failed"
117 fi
118
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]119 # Setup for principals= key option
120 rm -f $OBJ/authorized_principals_$USER
121 (
122 cat $OBJ/sshd_proxy_bak
123 echo "UsePrivilegeSeparation $privsep"
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]124 echo "PubkeyAcceptedKeyTypes ${t}"
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]125 ) > $OBJ/sshd_proxy
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]126 (
127 cat $OBJ/ssh_proxy_bak
128 echo "PubkeyAcceptedKeyTypes ${t}"
129 ) > $OBJ/ssh_proxy
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]130
131 # Wrong principals list
132 verbose "$tid: ${_prefix} wrong principals key option"
133 (
Darren Tucker56347ef2013-05-17 13:28:36 +1000[diff] [blame]134 printf 'cert-authority,principals="gregorsamsa" '
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]135 cat $OBJ/user_ca_key.pub
136 ) > $OBJ/authorized_keys_$USER
137 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
138 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
139 if [ $? -eq 0 ]; then
140 fail "ssh cert connect succeeded unexpectedly"
141 fi
142
143 # Correct principals list
144 verbose "$tid: ${_prefix} correct principals key option"
145 (
Darren Tucker56347ef2013-05-17 13:28:36 +1000[diff] [blame]146 printf 'cert-authority,principals="mekmitasdigoat" '
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]147 cat $OBJ/user_ca_key.pub
148 ) > $OBJ/authorized_keys_$USER
149 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
150 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
151 if [ $? -ne 0 ]; then
152 fail "ssh cert connect failed"
153 fi
154 done
155done
156
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]157basic_tests() {
158 auth=$1
159 if test "x$auth" = "xauthorized_keys" ; then
160 # Add CA to authorized_keys
161 (
Darren Tucker56347ef2013-05-17 13:28:36 +1000[diff] [blame]162 printf 'cert-authority '
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]163 cat $OBJ/user_ca_key.pub
164 ) > $OBJ/authorized_keys_$USER
165 else
166 echo > $OBJ/authorized_keys_$USER
167 extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub"
168 fi
169
djm@openbsd.org6a977a42015-07-03 04:39:23 +0000[diff] [blame]170 for ktype in $PLAIN_TYPES ; do
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]171 t=$(kname $ktype)
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]172 for privsep in yes no ; do
173 _prefix="${ktype} privsep $privsep $auth"
174 # Simple connect
175 verbose "$tid: ${_prefix} connect"
176 (
177 cat $OBJ/sshd_proxy_bak
178 echo "UsePrivilegeSeparation $privsep"
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]179 echo "PubkeyAcceptedKeyTypes ${t}"
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]180 echo "$extra_sshd"
181 ) > $OBJ/sshd_proxy
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]182 (
183 cat $OBJ/ssh_proxy_bak
184 echo "PubkeyAcceptedKeyTypes ${t}"
185 ) > $OBJ/ssh_proxy
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]186
187 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
188 -F $OBJ/ssh_proxy somehost true
189 if [ $? -ne 0 ]; then
190 fail "ssh cert connect failed"
191 fi
192
193 # Revoked keys
194 verbose "$tid: ${_prefix} revoked key"
195 (
196 cat $OBJ/sshd_proxy_bak
197 echo "UsePrivilegeSeparation $privsep"
Damien Millerebafebd2013-01-18 11:51:56 +1100[diff] [blame]198 echo "RevokedKeys $OBJ/cert_user_key_revoked"
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]199 echo "PubkeyAcceptedKeyTypes ${t}"
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]200 echo "$extra_sshd"
201 ) > $OBJ/sshd_proxy
Damien Millerebafebd2013-01-18 11:51:56 +1100[diff] [blame]202 cp $OBJ/cert_user_key_${ktype}.pub \
203 $OBJ/cert_user_key_revoked
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]204 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
205 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
206 if [ $? -eq 0 ]; then
207 fail "ssh cert connect succeeded unexpecedly"
208 fi
Damien Millerebafebd2013-01-18 11:51:56 +1100[diff] [blame]209 verbose "$tid: ${_prefix} revoked via KRL"
210 rm $OBJ/cert_user_key_revoked
211 ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \
212 $OBJ/cert_user_key_${ktype}.pub
213 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
214 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
215 if [ $? -eq 0 ]; then
216 fail "ssh cert connect succeeded unexpecedly"
217 fi
218 verbose "$tid: ${_prefix} empty KRL"
219 ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked
220 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
221 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
222 if [ $? -ne 0 ]; then
223 fail "ssh cert connect failed"
224 fi
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]225 done
226
227 # Revoked CA
228 verbose "$tid: ${ktype} $auth revoked CA key"
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]229 (
230 cat $OBJ/sshd_proxy_bak
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]231 echo "RevokedKeys $OBJ/user_ca_key.pub"
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]232 echo "PubkeyAcceptedKeyTypes ${t}"
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]233 echo "$extra_sshd"
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]234 ) > $OBJ/sshd_proxy
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]235 ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]236 somehost true >/dev/null 2>&1
237 if [ $? -eq 0 ]; then
238 fail "ssh cert connect succeeded unexpecedly"
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]239 fi
240 done
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]241
242 verbose "$tid: $auth CA does not authenticate"
243 (
244 cat $OBJ/sshd_proxy_bak
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]245 echo "PubkeyAcceptedKeyTypes ${t}"
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]246 echo "$extra_sshd"
247 ) > $OBJ/sshd_proxy
248 verbose "$tid: ensure CA key does not authenticate user"
249 ${SSH} -2i $OBJ/user_ca_key \
250 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
251 if [ $? -eq 0 ]; then
252 fail "ssh cert connect with CA key succeeded unexpectedly"
253 fi
254}
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]255
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]256basic_tests authorized_keys
257basic_tests TrustedUserCAKeys
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]258
259test_one() {
260 ident=$1
261 result=$2
262 sign_opts=$3
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]263 auth_choice=$4
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]264 auth_opt=$5
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]265
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]266 if test "x$auth_choice" = "x" ; then
267 auth_choice="authorized_keys TrustedUserCAKeys"
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]268 fi
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]269
270 for auth in $auth_choice ; do
djm@openbsd.org6a977a42015-07-03 04:39:23 +0000[diff] [blame]271 for ktype in rsa ed25519 ; do
Damien Miller53f4bb62010-04-18 08:15:14 +1000[diff] [blame]272 cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
273 if test "x$auth" = "xauthorized_keys" ; then
274 # Add CA to authorized_keys
275 (
Darren Tucker56347ef2013-05-17 13:28:36 +1000[diff] [blame]276 printf "cert-authority${auth_opt} "
Damien Miller53f4bb62010-04-18 08:15:14 +1000[diff] [blame]277 cat $OBJ/user_ca_key.pub
278 ) > $OBJ/authorized_keys_$USER
279 else
280 echo > $OBJ/authorized_keys_$USER
281 echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" \
282 >> $OBJ/sshd_proxy
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]283 echo "PubkeyAcceptedKeyTypes ${t}*" \
284 >> $OBJ/sshd_proxy
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]285 if test "x$auth_opt" != "x" ; then
286 echo $auth_opt >> $OBJ/sshd_proxy
287 fi
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]288 fi
Damien Miller53f4bb62010-04-18 08:15:14 +1000[diff] [blame]289
290 verbose "$tid: $ident auth $auth expect $result $ktype"
291 ${SSHKEYGEN} -q -s $OBJ/user_ca_key \
292 -I "regress user key for $USER" \
djm@openbsd.org6a977a42015-07-03 04:39:23 +0000[diff] [blame]293 $sign_opts $OBJ/cert_user_key_${ktype} ||
Damien Miller53f4bb62010-04-18 08:15:14 +1000[diff] [blame]294 fail "couldn't sign cert_user_key_${ktype}"
295
296 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
297 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
298 rc=$?
299 if [ "x$result" = "xsuccess" ] ; then
300 if [ $rc -ne 0 ]; then
301 fail "$ident failed unexpectedly"
302 fi
303 else
304 if [ $rc -eq 0 ]; then
305 fail "$ident succeeded unexpectedly"
306 fi
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]307 fi
Damien Miller53f4bb62010-04-18 08:15:14 +1000[diff] [blame]308 done
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]309 done
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]310}
311
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]312test_one "correct principal" success "-n ${USER}"
313test_one "host-certificate" failure "-n ${USER} -h"
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]314test_one "wrong principals" failure "-n foo"
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]315test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101"
316test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
317test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
318test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"
319test_one "force-command" failure "-n ${USER} -Oforce-command=false"
320
321# Behaviour is different here: TrustedUserCAKeys doesn't allow empty principals
322test_one "empty principals" success "" authorized_keys
323test_one "empty principals" failure "" TrustedUserCAKeys
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]324
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]325# Check explicitly-specified principals: an empty principals list in the cert
326# should always be refused.
327
328# AuthorizedPrincipalsFile
329rm -f $OBJ/authorized_keys_$USER
330echo mekmitasdigoat > $OBJ/authorized_principals_$USER
331test_one "AuthorizedPrincipalsFile principals" success "-n mekmitasdigoat" \
332 TrustedUserCAKeys "AuthorizedPrincipalsFile $OBJ/authorized_principals_%u"
333test_one "AuthorizedPrincipalsFile no principals" failure "" \
334 TrustedUserCAKeys "AuthorizedPrincipalsFile $OBJ/authorized_principals_%u"
335
336# principals= key option
337rm -f $OBJ/authorized_principals_$USER
338test_one "principals key option principals" success "-n mekmitasdigoat" \
339 authorized_keys ',principals="mekmitasdigoat"'
340test_one "principals key option no principals" failure "" \
341 authorized_keys ',principals="mekmitasdigoat"'
342
Damien Miller017d1e72010-03-04 21:57:21 +1100[diff] [blame]343# Wrong certificate
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]344cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
djm@openbsd.org6a977a42015-07-03 04:39:23 +0000[diff] [blame]345for ktype in $PLAIN_TYPES ; do
markus@openbsd.org5bf09332015-07-10 06:23:25 +0000[diff] [blame]346 t=$(kname $ktype)
Damien Miller017d1e72010-03-04 21:57:21 +1100[diff] [blame]347 # Self-sign
djm@openbsd.org6a977a42015-07-03 04:39:23 +0000[diff] [blame]348 ${SSHKEYGEN} -q -s $OBJ/cert_user_key_${ktype} -I \
Damien Miller017d1e72010-03-04 21:57:21 +1100[diff] [blame]349 "regress user key for $USER" \
350 -n $USER $OBJ/cert_user_key_${ktype} ||
351 fail "couldn't sign cert_user_key_${ktype}"
352 verbose "$tid: user ${ktype} connect wrong cert"
353 ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
354 somehost true >/dev/null 2>&1
355 if [ $? -eq 0 ]; then
356 fail "ssh cert connect $ident succeeded unexpectedly"
357 fi
358done
359
Damien Miller58ac6de2010-02-27 07:57:12 +1100[diff] [blame]360rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
Damien Miller3bcce802010-05-21 14:48:16 +1000[diff] [blame]361rm -f $OBJ/authorized_principals_$USER
Damien Miller700dcfa2010-03-04 21:58:01 +1100[diff] [blame]362