upstream commit

test new behaviour of cert force-command restriction vs. authorized_key/ principals Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c
2024-11-27 14:44:21 +08:00 · 2016-11-30 03:01:33 +00:00 · 2016-11-30 03:01:33 +00:00 · 85aa2efeba
commit 85aa2efeba
parent 5d333131cd
1 changed files with 15 additions and 1 deletions
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@ -1,4 +1,4 @@
-#	$OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $
+#	$OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $
 #	Placed in the Public Domain.

 tid="certified user keys"
@ -354,6 +354,20 @@ test_one "principals key option principals" success "-n mekmitasdigoat" \
 test_one "principals key option no principals" failure "" \
    authorized_keys ',principals="mekmitasdigoat"'

+# command= options vs. force-command in key
+test_one "force-command match true" success \
+    "-n ${USER} -Oforce-command=true" \
+    authorized_keys ',command="true"'
+test_one "force-command match true" failure \
+    "-n ${USER} -Oforce-command=false" \
+    authorized_keys ',command="false"'
+test_one "force-command mismatch 1" failure \
+    "-n ${USER} -Oforce-command=false" \
+    authorized_keys ',command="true"'
+test_one "force-command mismatch 2" failure \
+    "-n ${USER} -Oforce-command=true" \
+    authorized_keys ',command="false"'
+
 # Wrong certificate
 cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
 for ktype in $PLAIN_TYPES ; do