From: Ian Jackson Date: Tue, 1 Jun 2021 19:31:09 +0000 (+0100) Subject: sshkeys: Tests, wip X-Git-Tag: otter-0.7.0~103 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=ccdd9b6f716ccfc940c2c75e38463f796203e735;p=otter.git sshkeys: Tests, wip Signed-off-by: Ian Jackson --- diff --git a/apitest/apitest.rs b/apitest/apitest.rs index bee1d168..d7562521 100644 --- a/apitest/apitest.rs +++ b/apitest/apitest.rs @@ -624,6 +624,9 @@ shapelibs = [ "@src@/library/*.toml" ] libexec_dir = "@target@/debug" usvg_bin = "@target@/release/usvg" +authorized_keys = "@abstmp@/authorized_keys" +ssh_proxy_command = "@target@/debug/otter-ssh-proxy --config @abstmp@/server-config.toml" + debug_js_inject_file = "@src@/templates/log-save.js" check_bundled_sources = false # For testing only! see LICENCE! diff --git a/apitest/at-otter.rs b/apitest/at-otter.rs index f51b79bf..1bdb05f0 100644 --- a/apitest/at-otter.rs +++ b/apitest/at-otter.rs @@ -210,6 +210,14 @@ impl Ctx { --config @config@ mgmtchannel-proxy" )?); self.otter(&command)?; + + let dummy_key_path = ds.subst("@src@/apitest/dummy.pub")?; + let ds = ds.also(&[("dummy_key_path", &dummy_key_path)]); + + self.otter(&ds.gss( + "--super --account ssh:test: set-ssh-keys \ + @dummy_key_path@" + )?)?; } } diff --git a/apitest/mock-ssh-restricted b/apitest/mock-ssh-restricted new file mode 100755 index 00000000..d34d8cdc --- /dev/null +++ b/apitest/mock-ssh-restricted @@ -0,0 +1,32 @@ +#!/usr/bin/perl -w + +use strict; + +our $ak = shift @ARGV // die; +our $pk = shift @ARGV // die; +our $uh = shift @ARGV // die; +print STDERR "$0: ak=$ak pk=$pk user\@host=$uh\n"; + +$ENV{'USER'} = 'no-such-user'; + +my $command = "@ARGV"; + +open AK, "<", "$ak" or die "$ak $!"; +while () { + next if m{^\#}; + next unless m{\S}; + if(s{^(?:\S+,)?command="([^"\\]+)"(?:,\S+)?\s+}{}) { + $command = $1; + } + if (!m{^ssh-\w+ \S+}) { + warn "$_ ?"; + next; + } + my $tk = $&; + next unless $tk eq $pk; + print STDERR "+ $command\n"; + exec "$command"; + die $!; +} + +die "not authorised";