mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-29 13:42:07 +00:00
3dfb877046
[regress/keys-command.sh] Fix some problems with the keys-command test: - use string comparison rather than numeric comparison - check for existing KEY_COMMAND file and don't clobber if it exists - clean up KEY_COMMAND file if we do create it. - check that KEY_COMMAND is executable (which it won't be if eg /var/run is mounted noexec). ok djm.
40 lines
1.0 KiB
Bash
40 lines
1.0 KiB
Bash
# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
|
|
# Placed in the Public Domain.
|
|
|
|
tid="authorized keys from command"
|
|
|
|
if test -z "$SUDO" ; then
|
|
echo "skipped (SUDO not set)"
|
|
echo "need SUDO to create file in /var/run, test won't work without"
|
|
exit 0
|
|
fi
|
|
|
|
# Establish a AuthorizedKeysCommand in /var/run where it will have
|
|
# acceptable directory permissions.
|
|
KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
|
|
cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
|
|
#!/bin/sh
|
|
test "x\$1" != "x${LOGNAME}" && exit 1
|
|
exec cat "$OBJ/authorized_keys_${LOGNAME}"
|
|
_EOF
|
|
$SUDO chmod 0755 "$KEY_COMMAND"
|
|
|
|
cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
|
|
(
|
|
grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
|
|
echo AuthorizedKeysFile none
|
|
echo AuthorizedKeysCommand $KEY_COMMAND
|
|
echo AuthorizedKeysCommandUser ${LOGNAME}
|
|
) > $OBJ/sshd_proxy
|
|
|
|
if [ -x $KEY_COMMAND ]; then
|
|
${SSH} -F $OBJ/ssh_proxy somehost true
|
|
if [ $? -ne 0 ]; then
|
|
fail "connect failed"
|
|
fi
|
|
else
|
|
echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
|
|
fi
|
|
|
|
$SUDO rm -f $KEY_COMMAND
|