diff options
| author | Russ Allbery <eagle@eyrie.org> | 2016-10-03 21:49:04 -0700 |
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2016-10-03 21:49:04 -0700 |
| commit | 6e989080f30a5959f43c4834730339aa8d0b4b52 (patch) | |
| tree | 4062e63977c19283a539ba7d04d10983f383a0db /tests | |
| parent | 67a2f72e93de4d3235c2d145293adb93566a6986 (diff) | |
Add remctl-shell support for running as a forced command
remctl-shell now also supports being run as a forced command from
authorized_keys (or other methods). This may be preferrable to using
it as a shell since it doesn't require setting non-standard sshd
options.
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/server/shell-misc-t | 18 | ||||
| -rw-r--r-- | tests/server/sudo-t.c | 2 |
2 files changed, 18 insertions, 2 deletions
diff --git a/tests/server/shell-misc-t b/tests/server/shell-misc-t index ebd07a2..a5cbda1 100755 --- a/tests/server/shell-misc-t +++ b/tests/server/shell-misc-t @@ -3,6 +3,7 @@ # Test suite for remctl-shell. # # Written by Russ Allbery <eagle@eyrie.org> +# Copyright 2016 Russ Allbery <eagle@eyrie.org> # Copyright 2016 Dropbox, Inc. # # See LICENSE for licensing terms. @@ -10,17 +11,21 @@ . "${C_TAP_SOURCE}/tap/libtap.sh" # Declare plan. -plan 15 +plan 18 # Clean any leaked environment variables. unset REMCTL_USER unset SSH_CONNECTION +unset SSH_ORIGINAL_COMMAND # Find the remctl-shell binary. shell="${C_TAP_BUILD}/../server/remctl-shell" # Check a few error messages from not having environment variables set, and # set up the environment. +msg='SSH_ORIGINAL_COMMAND not set in the environment' +ok_program 'no SSH_ORIGINAL_COMMAND' 1 "remctl-shell: $msg" \ + "$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" test@EXAMPLE.COM msg='REMCTL_USER must be set in the environment via authorized_keys' ok_program 'no REMCTL_USER' 1 "remctl-shell: $msg" \ "$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test test' @@ -77,3 +82,14 @@ ok_program "...but only matches that subcommand" 255 "Unknown command" \ "$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'foo baz' ok_program "server resets SIGPIPE handler before running client" 255 '' \ "$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" -c 'test sigpipe' + +# Now check passing in a command via SSH_ORIGINAL_COMMAND instead. We should +# ignore the REMCTL_USER environment variable. +SSH_ORIGINAL_COMMAND='test env REMUSER' +export SSH_ORIGINAL_COMMAND +ok_program 'force-command value for REMUSER' 0 command@EXAMPLE.COM \ + "$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" command@EXAMPLE.COM +unset REMCTL_USER +SSH_ORIGINAL_COMMAND='test env "REMOTE_USER"' +ok_program 'force-command value for REMOTE_USER' 0 command@EXAMPLE.COM \ + "$shell" -qSf "${C_TAP_BUILD}/data/conf-simple" command@EXAMPLE.COM diff --git a/tests/server/sudo-t.c b/tests/server/sudo-t.c index 5cd7b34..8196db5 100644 --- a/tests/server/sudo-t.c +++ b/tests/server/sudo-t.c @@ -37,7 +37,7 @@ main(void) command = server_ssh_parse_command("sudo foo bar stdin baz"); putenv((char *) "REMCTL_USER=test@EXAMPLE.ORG"); putenv((char *) "SSH_CONNECTION=127.0.0.1 34537 127.0.0.1 4373"); - client = server_ssh_new_client(); + client = server_ssh_new_client(NULL); /* Run the command. */ server_run_command(client, config, command); |