From 2c3404e3e27b95d66ab3861c2dcae9f617e7d904 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 2 Jun 2021 17:57:22 +0100
Subject: [PATCH] sshkeys: Tests a restricted command

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 apitest/at-otter.rs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/apitest/at-otter.rs b/apitest/at-otter.rs
index fdd8414c..009266c1 100644
--- a/apitest/at-otter.rs
+++ b/apitest/at-otter.rs
@@ -213,8 +213,14 @@ impl Ctx {
 
     let ds = {
       let dummy_key_path = ds.subst("@src@/apitest/dummy.pub")?;
+
+      let dummy_key_data = fs::read_to_string(&dummy_key_path)?;
+      let second_space = dummy_key_data.match_indices(' ').nth(1).unwrap().0;
+      let dummy_key_data = dummy_key_data.split_at(second_space).0.to_owned();
+
       ds.also(&[
         ("dummy_key_path", dummy_key_path),
+        ("dummy_key_data", dummy_key_data),
         ("authkeys", ds.subst("@abstmp@/authorized_keys")?),
       ])
     };
@@ -239,6 +245,17 @@ impl Ctx {
     assert_eq!( BufReader::new(File::open(ds.subst("@authkeys@")?)?)
                 .lines().nth(2).unwrap().unwrap(),
                 STATIC_TEST.strip_suffix("\n").unwrap() );
+
+    let mut command = ds.gss(
+      "--account ssh:test: \
+       --ssh nowhere \
+       list-accounts"
+    )?;
+    command.insert(0, ds.subst(
+      "--ssh-command=@src@/apitest/mock-ssh-restricted \
+                     @authkeys@ '@dummy_key_data@'"
+    )?);
+    self.otter(&command)?;
   }
 }
 
-- 
2.30.2