Bugzilla – Attachment 2545 Details for
Bug 2081
extend the parameters to the AuthorizedKeysCommand
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
adjust regression test
keys_command_args_regress.diff (text/plain), 2.63 KB, created by
Damien Miller
on 2015-02-10 00:13:52 AEDT
(
hide
)
Description:
adjust regression test
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2015-02-10 00:13:52 AEDT
Size:
2.63 KB
patch
obsolete
>Index: keys-command.sh >=================================================================== >RCS file: /cvs/src/regress/usr.bin/ssh/keys-command.sh,v >retrieving revision 1.2 >diff -u -p -r1.2 keys-command.sh >--- keys-command.sh 6 Dec 2012 06:06:54 -0000 1.2 >+++ keys-command.sh 9 Feb 2015 13:12:32 -0000 >@@ -7,26 +7,63 @@ if [ -z "$SUDO" ]; then > fatal "need SUDO to create file in /var/run, test won't work without" > fi > >+rm -f $OBJ/keys-command-args >+ >+touch $OBJ/keys-command-args >+chmod a+rw $OBJ/keys-command-args >+ >+expected_key_text=`awk '{ print $2 }' < $OBJ/rsa.pub` >+expected_key_fp=`$SSHKEYGEN -lf $OBJ/rsa.pub | awk '{ print $2 }'` >+ > # Establish a AuthorizedKeysCommand in /var/run where it will have > # acceptable directory permissions. > KEY_COMMAND="/var/run/keycommand_${LOGNAME}" >-cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'" >+cat << _EOF | $SUDO sh -c "rm -f '$KEY_COMMAND' ; cat > '$KEY_COMMAND'" > #!/bin/sh >+echo args: "\$@" >> $OBJ/keys-command-args >+echo "$PATH" | grep -q mekmitasdigoat && exit 7 > test "x\$1" != "x${LOGNAME}" && exit 1 >+if test $# -eq 6 ; then >+ test "x\$2" != "xblah" && exit 2 >+ test "x\$3" != "x${expected_key_text}" && exit 3 >+ test "x\$4" != "xssh-rsa" && exit 4 >+ test "x\$5" != "x${expected_key_fp}" && exit 5 >+ test "x\$6" != "xblah" && exit 6 >+fi > exec cat "$OBJ/authorized_keys_${LOGNAME}" > _EOF > $SUDO chmod 0755 "$KEY_COMMAND" > >-cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak >-( >- grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak >- echo AuthorizedKeysFile none >- echo AuthorizedKeysCommand $KEY_COMMAND >- echo AuthorizedKeysCommandUser ${LOGNAME} >-) > $OBJ/sshd_proxy >- > if [ -x $KEY_COMMAND ]; then >- ${SSH} -F $OBJ/ssh_proxy somehost true >+ cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak >+ >+ verbose "AuthorizedKeysCommand with arguments" >+ ( >+ grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak >+ echo AuthorizedKeysFile none >+ echo AuthorizedKeysCommand $KEY_COMMAND %u blah %k %t %f blah >+ echo AuthorizedKeysCommandUser ${LOGNAME} >+ ) > $OBJ/sshd_proxy >+ >+ # Ensure that $PATH is sanitised in sshd >+ env PATH=$PATH:/sbin/mekmitasdigoat \ >+ ${SSH} -F $OBJ/ssh_proxy somehost true >+ if [ $? -ne 0 ]; then >+ fail "connect failed" >+ fi >+ >+ verbose "AuthorizedKeysCommand without arguments" >+ # Check legacy behavior of no-args resulting in username being passed. >+ ( >+ grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak >+ echo AuthorizedKeysFile none >+ echo AuthorizedKeysCommand $KEY_COMMAND >+ echo AuthorizedKeysCommandUser ${LOGNAME} >+ ) > $OBJ/sshd_proxy >+ >+ # Ensure that $PATH is sanitised in sshd >+ env PATH=$PATH:/sbin/mekmitasdigoat \ >+ ${SSH} -F $OBJ/ssh_proxy somehost true > if [ $? -ne 0 ]; then > fail "connect failed" > fi
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2545">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2081
:
2412
|
2416
|
2417
|
2438
|
2477
|
2478
|
2479
|
2522
|
2544
|
2545
|
2546
|
2549
|
2556
|
2557