[regress/keys-command.sh]
     Fix some problems with the keys-command test:
      - use string comparison rather than numeric comparison
      - check for existing KEY_COMMAND file and don't clobber if it exists
      - clean up KEY_COMMAND file if we do create it.
      - check that KEY_COMMAND is executable (which it won't be if eg /var/run
        is mounted noexec).
     ok djm.
This commit is contained in:
Darren Tucker 2012-12-07 13:03:10 +11:00
parent 96ce9a1e45
commit 3dfb877046
2 changed files with 23 additions and 5 deletions

View File

@ -1,3 +1,15 @@
20121207
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2012/12/06 06:06:54
[regress/keys-command.sh]
Fix some problems with the keys-command test:
- use string comparison rather than numeric comparison
- check for existing KEY_COMMAND file and don't clobber if it exists
- clean up KEY_COMMAND file if we do create it.
- check that KEY_COMMAND is executable (which it won't be if eg /var/run
is mounted noexec).
ok djm.
20121205
- (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.

View File

@ -1,4 +1,4 @@
# $OpenBSD: keys-command.sh,v 1.1 2012/11/22 22:49:30 djm Exp $
# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
# Placed in the Public Domain.
tid="authorized keys from command"
@ -14,7 +14,7 @@ fi
KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
#!/bin/sh
test "x\$1" -ne "x${LOGNAME}" && exit 1
test "x\$1" != "x${LOGNAME}" && exit 1
exec cat "$OBJ/authorized_keys_${LOGNAME}"
_EOF
$SUDO chmod 0755 "$KEY_COMMAND"
@ -27,7 +27,13 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
echo AuthorizedKeysCommandUser ${LOGNAME}
) > $OBJ/sshd_proxy
${SSH} -F $OBJ/ssh_proxy somehost true
if [ $? -ne 0 ]; then
fail "connect failed"
if [ -x $KEY_COMMAND ]; then
${SSH} -F $OBJ/ssh_proxy somehost true
if [ $? -ne 0 ]; then
fail "connect failed"
fi
else
echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
fi
$SUDO rm -f $KEY_COMMAND