diff options
author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-10-27 14:57:27 -0400 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-10-27 14:57:27 -0400 |
commit | 330cb7b513575a3d7e1956276b52ecd2cda25d95 (patch) | |
tree | e4b6a4889a928684a8abb896a28b42ca1f0dc782 | |
parent | d0c45a59abaaad797498c6ace5364497bfd0c313 (diff) |
extend test suite to check for authentication denial when
authorized_user_ids has been removed.
-rwxr-xr-x | tests/basic | 52 | ||||
-rw-r--r-- | tests/home/testuser/.ssh/config | 1 |
2 files changed, 43 insertions, 10 deletions
diff --git a/tests/basic b/tests/basic index 2befac2..46ba63c 100755 --- a/tests/basic +++ b/tests/basic @@ -19,15 +19,28 @@ gpgadmin() { GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" } +launch_sshd() { + socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & + export SSHD_PID=$! + + while [ ! -S "$SOCKET" ] ; do + sleep 1 + done +} + +ssh_test() { + ssh-agent bash -c \ + "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true" +} + failed_cleanup() { -# FIXME: can we be more verbose here? - echo 'FAILED!' - read -p "press enter to cleanup and remove tmp:" + # FIXME: can we be more verbose here? + echo 'FAILED!' + read -p "press enter to cleanup and remove tmp:" - cleanup + cleanup } -# cleanup: cleanup() { if ( ps "$SSHD_PID" >/dev/null ) ; then echo "### stopping still-running sshd..." @@ -66,7 +79,7 @@ export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src export MONKEYSPHERE_MONKEYSPHERE_USER="$USER" export MONKEYSPHERE_CHECK_KEYSERVER=false -SSHD_CONFIG="$TEMPDIR"/sshd_config +export SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket # copy in admin and testuser home to tmp @@ -132,8 +145,7 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." -socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & -export SSHD_PID=$! +launch_sshd ### TESTUSER TESTS @@ -158,9 +170,29 @@ monkeysphere-server update-users "$USER" # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." +ssh_test -ssh-agent bash -c \ - "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true" +# kill the previous sshd process if it's still running +kill "$SSHD_PID" + +# now remove the testuser's authorized_user_ids file and reupdate +# authorized_keys file... +echo "### removing testuser authorized_user_ids and reupdating authorized_keys..." +rm -f "$TEMPDIR"/testuser/.monkeysphere/authorized_user_ids +monkeysphere-server update-users "$USER" + +# restart the sshd +echo "### restarting sshd..." +launch_sshd + +# and make sure the user can no longer connect +echo "### testuser attempting to connect to sshd socket..." +# FIXME: this prompts for the passphrase for the default identity +# file. how can this be avoided? +ssh_test || SSH_RETURN="$?" +if [ "$SSH_RETURN" != '255' ] ; then + exit +fi trap - EXIT diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config index 1da2344..ab1efa6 100644 --- a/tests/home/testuser/.ssh/config +++ b/tests/home/testuser/.ssh/config @@ -1,5 +1,6 @@ # ssh config file for testuser for monkeysphere test suite. Host * +ChallengeResponseAuthentication no PasswordAuthentication no KbdInteractiveAuthentication no RSAAuthentication no |