[openssh-commits] [openssh] 03/04: upstream: regression test for match-principals. Mostly by Fabian

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Nov 27 18:25:31 AEDT 2021


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a443491e6782ef0f5a8bb87a5536c8ee4ff233a1
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sat Nov 27 07:20:58 2021 +0000

    upstream: regression test for match-principals. Mostly by Fabian
    
    Stelzer
    
    OpenBSD-Regress-ID: ced0bec89af90935103438986bbbc4ad1df9cfa7
---
 regress/sshsig.sh | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/regress/sshsig.sh b/regress/sshsig.sh
index 6ff932ea..d4aee54c 100644
--- a/regress/sshsig.sh
+++ b/regress/sshsig.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshsig.sh,v 1.9 2021/11/18 03:53:48 djm Exp $
+#	$OpenBSD: sshsig.sh,v 1.10 2021/11/27 07:20:58 djm Exp $
 #	Placed in the Public Domain.
 
 tid="sshsig"
@@ -410,6 +410,32 @@ for t in $SIGNKEYS; do
 
 done
 
+# Test key independant match-principals
+(
+	printf "principal1 " ; cat $pubkey;
+	printf "princi* " ; cat $pubkey;
+	printf "unique " ; cat $pubkey;
+) > $OBJ/allowed_signers
+
+verbose "$tid: match principals"
+${SSHKEYGEN} -Y match-principals -f $OBJ/allowed_signers -I "unique" | \
+    fgrep "unique" >/dev/null || \
+	fail "faild to match static principal"
+
+${SSHKEYGEN} -Y match-principals -f $OBJ/allowed_signers -I "princip" | \
+    fgrep "princi*" >/dev/null || \
+	fail "faild to match wildcard principal"
+
+${SSHKEYGEN} -Y match-principals -f $OBJ/allowed_signers -I "principal1" | \
+    fgrep -e "principal1" -e "princi*" >/dev/null || \
+	fail "faild to match static and wildcard principal"
+verbose "$tid: nomatch principals"
+for x in princ prince unknown ; do 
+	${SSHKEYGEN} -Y match-principals -f $OBJ/allowed_signers \
+	    -I $x >/dev/null 2>&1 && \
+		fail "succeeded to match unknown principal \"$x\""
+done
+
 trace "kill agent"
 ${SSHAGENT} -k > /dev/null
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list