1180750Sdes# $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $ 2180750Sdes# Placed in the Public Domain. 3180750Sdes 4180750Sdestid="key options" 5180750Sdes 6180750Sdesorigkeys="$OBJ/authkeys_orig" 7180750Sdesauthkeys="$OBJ/authorized_keys_${USER}" 8180750Sdescp $authkeys $origkeys 9180750Sdes 10180750Sdes# Test command= forced command 11180750Sdesfor p in 1 2; do 12180750Sdes for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do 13180750Sdes sed "s/.*/$c &/" $origkeys >$authkeys 14180750Sdes verbose "key option proto $p $c" 15180750Sdes r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo` 16180750Sdes if [ "$r" = "foo" ]; then 17180750Sdes fail "key option forced command not restricted" 18180750Sdes fi 19180750Sdes if [ "$r" != "bar" ]; then 20180750Sdes fail "key option forced command not executed" 21180750Sdes fi 22180750Sdes done 23180750Sdesdone 24180750Sdes 25180750Sdes# Test no-pty 26180750Sdessed 's/.*/no-pty &/' $origkeys >$authkeys 27180750Sdesfor p in 1 2; do 28180750Sdes verbose "key option proto $p no-pty" 29180750Sdes r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` 30180750Sdes if [ -f "$r" ]; then 31180750Sdes fail "key option failed proto $p no-pty (pty $r)" 32180750Sdes fi 33180750Sdesdone 34180750Sdes 35180750Sdes# Test environment= 36180750Sdesecho 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy 37180750Sdessed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys 38180750Sdesfor p in 1 2; do 39180750Sdes verbose "key option proto $p environment" 40180750Sdes r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` 41180750Sdes if [ "$r" != "bar" ]; then 42180750Sdes fail "key option environment not set" 43180750Sdes fi 44180750Sdesdone 45180750Sdes 46180750Sdes# Test from= restriction 47180750Sdesstart_sshd 48180750Sdesfor p in 1 2; do 49180750Sdes for f in 127.0.0.1 '127.0.0.0\/8'; do 50180750Sdes cat $origkeys >$authkeys 51180750Sdes ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true 52180750Sdes if [ $? -ne 0 ]; then 53180750Sdes fail "key option proto $p failed without restriction" 54180750Sdes fi 55180750Sdes 56180750Sdes sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys 57180750Sdes from=`head -1 $authkeys | cut -f1 -d ' '` 58180750Sdes verbose "key option proto $p $from" 59180750Sdes r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` 60180750Sdes if [ "$r" = "true" ]; then 61180750Sdes fail "key option proto $p $from not restricted" 62180750Sdes fi 63180750Sdes 64180750Sdes r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'` 65180750Sdes if [ "$r" != "true" ]; then 66180750Sdes fail "key option proto $p $from not allowed but should be" 67180750Sdes fi 68180750Sdes done 69180750Sdesdone 70180750Sdes 71180750Sdesrm -f "$origkeys" 72