003 File Manager
Current Path:
/usr/src/crypto/openssh/regress
usr
/
src
/
crypto
/
openssh
/
regress
/
📁
..
📄
Makefile
(6.8 KB)
📄
README.regress
(3.91 KB)
📄
addrmatch.sh
(2.06 KB)
📄
agent-getpeereid.sh
(1.13 KB)
📄
agent-pkcs11.sh
(1.86 KB)
📄
agent-ptrace.sh
(1.31 KB)
📄
agent-timeout.sh
(928 B)
📄
agent.sh
(2.96 KB)
📄
allow-deny-users.sh
(1.45 KB)
📄
authinfo.sh
(574 B)
📄
banner.sh
(1.24 KB)
📄
broken-pipe.sh
(281 B)
📄
brokenkeys.sh
(462 B)
📄
cert-file.sh
(5.25 KB)
📄
cert-hostkey.sh
(10.34 KB)
📄
cert-userkey.sh
(11.95 KB)
📄
cfginclude.sh
(4.39 KB)
📄
cfgmatch.sh
(3.5 KB)
📄
cfgmatchlisten.sh
(6.34 KB)
📄
cfgparse.sh
(2.17 KB)
📄
check-perm.c
(4.33 KB)
📄
cipher-speed.sh
(799 B)
📄
conch-ciphers.sh
(796 B)
📄
connect-privsep.sh
(1.02 KB)
📄
connect-uri.sh
(816 B)
📄
connect.sh
(222 B)
📄
dhgex.sh
(1.47 KB)
📄
dsa_ssh2.prv
(863 B)
📄
dsa_ssh2.pub
(732 B)
📄
dynamic-forward.sh
(1.48 KB)
📄
envpass.sh
(1.54 KB)
📄
exit-status.sh
(562 B)
📄
forcecommand.sh
(1.1 KB)
📄
forward-control.sh
(7.71 KB)
📄
forwarding.sh
(4.22 KB)
📄
host-expand.sh
(384 B)
📄
hostkey-agent.sh
(1.6 KB)
📄
hostkey-rotate.sh
(3.86 KB)
📄
integrity.sh
(2.33 KB)
📄
kextype.sh
(587 B)
📄
key-options.sh
(3.22 KB)
📄
keygen-change.sh
(581 B)
📄
keygen-convert.sh
(1.08 KB)
📄
keygen-knownhosts.sh
(6.42 KB)
📄
keygen-moduli.sh
(702 B)
📄
keys-command.sh
(2.39 KB)
📄
keyscan.sh
(403 B)
📄
keytype.sh
(1.84 KB)
📄
krl.sh
(6.45 KB)
📄
limit-keytype.sh
(3.65 KB)
📄
localcommand.sh
(351 B)
📄
login-timeout.sh
(588 B)
📁
misc
📄
mkdtemp.c
(1.53 KB)
📄
modpipe.c
(3.81 KB)
📄
moduli.in
(1.59 KB)
📄
multiplex.sh
(7.09 KB)
📄
multipubkey.sh
(2.31 KB)
📄
netcat.c
(39.92 KB)
📄
portnum.sh
(624 B)
📄
principals-command.sh
(5.48 KB)
📄
proto-mismatch.sh
(368 B)
📄
proto-version.sh
(527 B)
📄
proxy-connect.sh
(624 B)
📄
putty-ciphers.sh
(678 B)
📄
putty-kex.sh
(553 B)
📄
putty-transfer.sh
(1021 B)
📄
reconfigure.sh
(855 B)
📄
reexec.sh
(878 B)
📄
rekey.sh
(4.12 KB)
📄
rsa_openssh.prv
(883 B)
📄
rsa_openssh.pub
(213 B)
📄
rsa_ssh2.prv
(924 B)
📄
scp-ssh-wrapper.sh
(914 B)
📄
scp-uri.sh
(2.01 KB)
📄
scp.sh
(3.5 KB)
📄
setuid-allowed.c
(1.45 KB)
📄
sftp-badcmds.sh
(2.22 KB)
📄
sftp-batch.sh
(1.16 KB)
📄
sftp-chroot.sh
(845 B)
📄
sftp-cmds.sh
(7.29 KB)
📄
sftp-glob.sh
(2.47 KB)
📄
sftp-perm.sh
(5.23 KB)
📄
sftp-uri.sh
(1.59 KB)
📄
sftp.sh
(737 B)
📄
ssh-com-client.sh
(3.02 KB)
📄
ssh-com-keygen.sh
(1.38 KB)
📄
ssh-com-sftp.sh
(1.19 KB)
📄
ssh-com.sh
(2.71 KB)
📄
ssh2putty.sh
(693 B)
📄
sshcfgparse.sh
(3.8 KB)
📄
sshd-log-wrapper.sh
(285 B)
📄
stderr-after-eof.sh
(603 B)
📄
stderr-data.sh
(709 B)
📄
t11.ok
(51 B)
📄
t4.ok
(52 B)
📄
t5.ok
(66 B)
📄
test-exec.sh
(13.05 KB)
📄
transfer.sh
(583 B)
📄
try-ciphers.sh
(715 B)
📁
unittests
📄
valgrind-unit.sh
(610 B)
📄
yes-head.sh
(401 B)
Editing: principals-command.sh
# $OpenBSD: principals-command.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ # Placed in the Public Domain. tid="authorized principals command" rm -f $OBJ/user_ca_key* $OBJ/cert_user_key* cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak if [ -z "$SUDO" -a ! -w /var/run ]; then echo "skipped (SUDO not set)" echo "need SUDO to create file in /var/run, test won't work without" exit 0 fi SERIAL=$$ # Create a CA key and a user certificate. ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ fatal "ssh-keygen of user_ca_key failed" ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/cert_user_key || \ fatal "ssh-keygen of cert_user_key failed" ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "Joanne User" \ -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \ fatal "couldn't sign cert_user_key" CERT_BODY=`cat $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'` CA_BODY=`cat $OBJ/user_ca_key.pub | awk '{ print $2 }'` CERT_FP=`${SSHKEYGEN} -lf $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'` CA_FP=`${SSHKEYGEN} -lf $OBJ/user_ca_key.pub | awk '{ print $2 }'` # Establish a AuthorizedPrincipalsCommand in /var/run where it will have # acceptable directory permissions. PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}" cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'" #!/bin/sh test "x\$1" != "x${LOGNAME}" && exit 1 test "x\$2" != "xssh-rsa-cert-v01@openssh.com" && exit 1 test "x\$3" != "xssh-ed25519" && exit 1 test "x\$4" != "xJoanne User" && exit 1 test "x\$5" != "x${SERIAL}" && exit 1 test "x\$6" != "x${CA_FP}" && exit 1 test "x\$7" != "x${CERT_FP}" && exit 1 test "x\$8" != "x${CERT_BODY}" && exit 1 test "x\$9" != "x${CA_BODY}" && exit 1 test -f "$OBJ/authorized_principals_${LOGNAME}" && exec cat "$OBJ/authorized_principals_${LOGNAME}" _EOF test $? -eq 0 || fatal "couldn't prepare principals command" $SUDO chmod 0755 "$PRINCIPALS_COMMAND" if ! $OBJ/check-perm -m keys-command $PRINCIPALS_COMMAND ; then echo "skipping: $PRINCIPALS_COMMAND is unsuitable as " \ "AuthorizedPrincipalsCommand" $SUDO rm -f $PRINCIPALS_COMMAND exit 0 fi if [ -x $PRINCIPALS_COMMAND ]; then # Test explicitly-specified principals for privsep in yes no ; do _prefix="privsep $privsep" # Setup for AuthorizedPrincipalsCommand rm -f $OBJ/authorized_keys_$USER ( cat $OBJ/sshd_proxy_bak echo "UsePrivilegeSeparation $privsep" echo "AuthorizedKeysFile none" echo "AuthorizedPrincipalsCommand $PRINCIPALS_COMMAND" \ "%u %t %T %i %s %F %f %k %K" echo "AuthorizedPrincipalsCommandUser ${LOGNAME}" echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" ) > $OBJ/sshd_proxy # XXX test missing command # XXX test failing command # Empty authorized_principals verbose "$tid: ${_prefix} empty authorized_principals" echo > $OBJ/authorized_principals_$USER ${SSH} -i $OBJ/cert_user_key \ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 if [ $? -eq 0 ]; then fail "ssh cert connect succeeded unexpectedly" fi # Wrong authorized_principals verbose "$tid: ${_prefix} wrong authorized_principals" echo gregorsamsa > $OBJ/authorized_principals_$USER ${SSH} -i $OBJ/cert_user_key \ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 if [ $? -eq 0 ]; then fail "ssh cert connect succeeded unexpectedly" fi # Correct authorized_principals verbose "$tid: ${_prefix} correct authorized_principals" echo mekmitasdigoat > $OBJ/authorized_principals_$USER ${SSH} -i $OBJ/cert_user_key \ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 if [ $? -ne 0 ]; then fail "ssh cert connect failed" fi # authorized_principals with bad key option verbose "$tid: ${_prefix} authorized_principals bad key opt" echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER ${SSH} -i $OBJ/cert_user_key \ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 if [ $? -eq 0 ]; then fail "ssh cert connect succeeded unexpectedly" fi # authorized_principals with command=false verbose "$tid: ${_prefix} authorized_principals command=false" echo 'command="false" mekmitasdigoat' > \ $OBJ/authorized_principals_$USER ${SSH} -i $OBJ/cert_user_key \ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 if [ $? -eq 0 ]; then fail "ssh cert connect succeeded unexpectedly" fi # authorized_principals with command=true verbose "$tid: ${_prefix} authorized_principals command=true" echo 'command="true" mekmitasdigoat' > \ $OBJ/authorized_principals_$USER ${SSH} -i $OBJ/cert_user_key \ -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 if [ $? -ne 0 ]; then fail "ssh cert connect failed" fi # Setup for principals= key option rm -f $OBJ/authorized_principals_$USER ( cat $OBJ/sshd_proxy_bak echo "UsePrivilegeSeparation $privsep" ) > $OBJ/sshd_proxy # Wrong principals list verbose "$tid: ${_prefix} wrong principals key option" ( printf 'cert-authority,principals="gregorsamsa" ' cat $OBJ/user_ca_key.pub ) > $OBJ/authorized_keys_$USER ${SSH} -i $OBJ/cert_user_key \ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 if [ $? -eq 0 ]; then fail "ssh cert connect succeeded unexpectedly" fi # Correct principals list verbose "$tid: ${_prefix} correct principals key option" ( printf 'cert-authority,principals="mekmitasdigoat" ' cat $OBJ/user_ca_key.pub ) > $OBJ/authorized_keys_$USER ${SSH} -i $OBJ/cert_user_key \ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 if [ $? -ne 0 ]; then fail "ssh cert connect failed" fi done else echo "SKIPPED: $PRINCIPALS_COMMAND not executable " \ "(/var/run mounted noexec?)" fi
Upload File
Create Folder