Blame - regress/key-options.sh - platform/external/openssh

blob: 2adee6833475bfc82cafc17157f9df8675833273 [file] [log] [blame]

djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	1	# $OpenBSD: key-options.sh,v 1.4 2017/04/30 23:34:55 djm Exp $
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	2	# Placed in the Public Domain.
				3
				4	tid="key options"
				5
				6	origkeys="$OBJ/authkeys_orig"
				7	authkeys="$OBJ/authorized_keys_${USER}"
				8	cp $authkeys $origkeys
				9
				10	# Test command= forced command
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	11	for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	12	sed "s/.*/$c &/" $origkeys >$authkeys
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	13	verbose "key option $c"
				14	r=`${SSH} -q -F $OBJ/ssh_proxy somehost echo foo`
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	15	if [ "$r" = "foo" ]; then
				16	fail "key option forced command not restricted"
				17	fi
				18	if [ "$r" != "bar" ]; then
				19	fail "key option forced command not executed"
				20	fi
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	21	done
				22
				23	# Test no-pty
				24	sed 's/.*/no-pty &/' $origkeys >$authkeys
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	25	verbose "key option proto no-pty"
				26	r=`${SSH} -q -F $OBJ/ssh_proxy somehost tty`
				27	if [ -f "$r" ]; then
				28	fail "key option failed no-pty (pty $r)"
				29	fi
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	30
				31	# Test environment=
				32	echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy
				33	sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	34	verbose "key option environment"
				35	r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo $FOO'`
				36	if [ "$r" != "bar" ]; then
				37	fail "key option environment not set"
				38	fi
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	39
				40	# Test from= restriction
				41	start_sshd
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	42	for f in 127.0.0.1 '127.0.0.0\/8'; do
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	43	cat $origkeys >$authkeys
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	44	${SSH} -q -F $OBJ/ssh_proxy somehost true
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	45	if [ $? -ne 0 ]; then
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	46	fail "key option failed without restriction"
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	47	fi
				48
Darren Tucker	8c7a14e	2008-07-04 17:08:58 +1000	[diff] [blame]	49	sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	50	from=`head -1 $authkeys \| cut -f1 -d ' '`
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	51	verbose "key option $from"
				52	r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
Darren Tucker	8c7a14e	2008-07-04 17:08:58 +1000	[diff] [blame]	53	if [ "$r" = "true" ]; then
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	54	fail "key option $from not restricted"
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	55	fi
				56
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	57	r=`${SSH} -q -F $OBJ/ssh_config somehost 'echo true'`
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	58	if [ "$r" != "true" ]; then
djm@openbsd.org	dd36932	2017-04-30 23:34:55 +0000	[diff] [blame]	59	fail "key option $from not allowed but should be"
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	60	fi
Darren Tucker	e045e0c	2008-06-11 09:38:12 +1000	[diff] [blame]	61	done
				62
				63	rm -f "$origkeys"