diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:49:46 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:49:46 +0000 |
| commit | 0b6b94e6b6152f15cf4c2247c5974f539aae28cd (patch) | |
| tree | a7698198a1f527ede17a929af46e456e03d50600 /regress/forcecommand.sh | |
| parent | Initial commit. (diff) | |
| download | openssh-0b6b94e6b6152f15cf4c2247c5974f539aae28cd.tar.xz openssh-0b6b94e6b6152f15cf4c2247c5974f539aae28cd.zip | |
Adding upstream version 1:9.6p1.upstream/1%9.6p1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'regress/forcecommand.sh')
| -rw-r--r-- | regress/forcecommand.sh | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/regress/forcecommand.sh b/regress/forcecommand.sh new file mode 100644 index 0000000..825ab25 --- /dev/null +++ b/regress/forcecommand.sh @@ -0,0 +1,67 @@ +# $OpenBSD: forcecommand.sh,v 1.7 2023/11/01 02:08:38 dtucker Exp $ +# Placed in the Public Domain. + +tid="forced command" + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak + +authorized_keys() { + cmd=$1 + cp /dev/null $OBJ/authorized_keys_$USER + for t in ${SSH_KEYTYPES}; do + test -z "$cmd" || \ + printf "command=\"$cmd\" " >>$OBJ/authorized_keys_$USER + cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER + done +} + +trace "test config with sftp" +authorized_keys +rm -f $OBJ/ssh_proxy.tmp +echo "@get $OBJ/ssh_proxy $OBJ/ssh_proxy.tmp" | \ + ${SFTP} -S ${SSH} -b - -qF $OBJ/ssh_proxy somehost 2>/dev/null || \ + fail "sftp failed" +test -f "$OBJ/ssh_proxy.tmp" || fail "sftp did not download file" +rm -f $OBJ/ssh_proxy.tmp + +trace "forced command in key option" +authorized_keys true +${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key option" + +authorized_keys false +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "ForceCommand true" >> $OBJ/sshd_proxy + +trace "forced command in sshd_config overrides key option" +${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command config" + +authorized_keys +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "ForceCommand false" >> $OBJ/sshd_proxy + +trace "force command overriding subsystem" +echo "@get $OBJ/ssh_proxy $OBJ/ssh_proxy.tmp" | \ + ${SFTP} -S ${SSH} -F $OBJ/ssh_proxy -oLoglevel=quiet somehost && \ + fail "sftp succeeded" + +echo "Match User $USER" >> $OBJ/sshd_proxy +echo " ForceCommand true" >> $OBJ/sshd_proxy + +trace "forced command with match" +${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command match" + +trace "force command in match overriding subsystem" +echo "@get $OBJ/ssh_proxy $OBJ/ssh_proxy.tmp" | \ + ${SFTP} -S ${SSH} -F $OBJ/ssh_proxy -oLoglevel=quiet somehost && \ + fail "sftp succeeded" + +trace "force command to sftpserver" +grep -vi subsystem $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy +echo "Subsystem sftp /bin/false" >> $OBJ/sshd_proxy +echo "ForceCommand ${SFTPSERVER}" >> $OBJ/sshd_proxy +rm -f $OBJ/ssh_proxy.tmp +echo "@get $OBJ/ssh_proxy $OBJ/ssh_proxy.tmp" | \ + ${SFTP} -S ${SSH} -b - -qF $OBJ/ssh_proxy somehost 2>/dev/null || \ + fail "sftp failed" +test -f "$OBJ/ssh_proxy.tmp" || fail "sftp did not download file" +rm -f $OBJ/ssh_proxy.tmp |