openssh/regress/keys-command.sh
Darren Tucker 3dfb877046 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
[regress/keys-command.sh]
     Fix some problems with the keys-command test:
      - use string comparison rather than numeric comparison
      - check for existing KEY_COMMAND file and don't clobber if it exists
      - clean up KEY_COMMAND file if we do create it.
      - check that KEY_COMMAND is executable (which it won't be if eg /var/run
        is mounted noexec).
     ok djm.
2012-12-07 13:03:10 +11:00

40 lines
1.0 KiB
Bash

# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
# Placed in the Public Domain.
tid="authorized keys from command"
if test -z "$SUDO" ; then
echo "skipped (SUDO not set)"
echo "need SUDO to create file in /var/run, test won't work without"
exit 0
fi
# Establish a AuthorizedKeysCommand in /var/run where it will have
# acceptable directory permissions.
KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
#!/bin/sh
test "x\$1" != "x${LOGNAME}" && exit 1
exec cat "$OBJ/authorized_keys_${LOGNAME}"
_EOF
$SUDO chmod 0755 "$KEY_COMMAND"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
(
grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
echo AuthorizedKeysFile none
echo AuthorizedKeysCommand $KEY_COMMAND
echo AuthorizedKeysCommandUser ${LOGNAME}
) > $OBJ/sshd_proxy
if [ -x $KEY_COMMAND ]; then
${SSH} -F $OBJ/ssh_proxy somehost true
if [ $? -ne 0 ]; then
fail "connect failed"
fi
else
echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
fi
$SUDO rm -f $KEY_COMMAND