summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-12-21 02:33:07 +0000
committerDamien Miller <djm@mindrot.org>2019-12-21 13:36:53 +1100
commitfbd9729d4eadf2f7097b6017156387ac64302453 (patch)
tree22b53e2cc19acbfb62a2509b190df10361c5e1b3 /regress
parente5b7cf8edca7e843adc125621e1dab14507f430a (diff)
upstream: unit tests for ForwardAgent=/path; from Eric Chiang
OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da
Diffstat (limited to 'regress')
-rw-r--r--regress/agent.sh45
-rw-r--r--regress/sshcfgparse.sh12
2 files changed, 54 insertions, 3 deletions
diff --git a/regress/agent.sh b/regress/agent.sh
index 922d8436e..39403653c 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $ 1# $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="simple agent test" 4tid="simple agent test"
@@ -15,6 +15,12 @@ if [ $r -ne 0 ]; then
15 fatal "could not start ssh-agent: exit code $r" 15 fatal "could not start ssh-agent: exit code $r"
16fi 16fi
17 17
18eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s | sed 's/SSH_/FW_SSH_/g'` > /dev/null
19r=$?
20if [ $r -ne 0 ]; then
21 fatal "could not start second ssh-agent: exit code $r"
22fi
23
18${SSHADD} -l > /dev/null 2>&1 24${SSHADD} -l > /dev/null 2>&1
19if [ $? -ne 1 ]; then 25if [ $? -ne 1 ]; then
20 fail "ssh-add -l did not fail with exit code 1" 26 fail "ssh-add -l did not fail with exit code 1"
@@ -38,11 +44,16 @@ for t in ${SSH_KEYTYPES}; do
38 44
39 # add to authorized keys 45 # add to authorized keys
40 cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER 46 cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
41 # add privat key to agent 47 # add private key to agent
42 ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 48 ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
43 if [ $? -ne 0 ]; then 49 if [ $? -ne 0 ]; then
44 fail "ssh-add failed exit code $?" 50 fail "ssh-add failed exit code $?"
45 fi 51 fi
52 # add private key to second agent
53 SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
54 if [ $? -ne 0 ]; then
55 fail "ssh-add failed exit code $?"
56 fi
46 # Remove private key to ensure that we aren't accidentally using it. 57 # Remove private key to ensure that we aren't accidentally using it.
47 rm -f $OBJ/$t-agent 58 rm -f $OBJ/$t-agent
48done 59done
@@ -90,6 +101,11 @@ r=$?
90if [ $r -ne 0 ]; then 101if [ $r -ne 0 ]; then
91 fail "ssh-add -l via agent fwd failed (exit code $r)" 102 fail "ssh-add -l via agent fwd failed (exit code $r)"
92fi 103fi
104${SSH} "-oForwardAgent=$SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
105r=$?
106if [ $r -ne 0 ]; then
107 fail "ssh-add -l via agent path fwd failed (exit code $r)"
108fi
93${SSH} -A -F $OBJ/ssh_proxy somehost \ 109${SSH} -A -F $OBJ/ssh_proxy somehost \
94 "${SSH} -F $OBJ/ssh_proxy somehost exit 52" 110 "${SSH} -F $OBJ/ssh_proxy somehost exit 52"
95r=$? 111r=$?
@@ -97,6 +113,30 @@ if [ $r -ne 52 ]; then
97 fail "agent fwd failed (exit code $r)" 113 fail "agent fwd failed (exit code $r)"
98fi 114fi
99 115
116trace "agent forwarding different agent"
117${SSH} "-oForwardAgent=$FW_SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
118r=$?
119if [ $r -ne 0 ]; then
120 fail "ssh-add -l via agent path fwd of different agent failed (exit code $r)"
121fi
122${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
123r=$?
124if [ $r -ne 0 ]; then
125 fail "ssh-add -l via agent path env fwd of different agent failed (exit code $r)"
126fi
127
128# Remove keys from forwarded agent, ssh-add on remote machine should now fail.
129SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1
130r=$?
131if [ $r -ne 0 ]; then
132 fail "ssh-add -D failed: exit code $r"
133fi
134${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
135r=$?
136if [ $r -ne 1 ]; then
137 fail "ssh-add -l with different agent did not fail with exit code 1 (exit code $r)"
138fi
139
100(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ 140(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
101 > $OBJ/authorized_keys_$USER 141 > $OBJ/authorized_keys_$USER
102for t in ${SSH_KEYTYPES}; do 142for t in ${SSH_KEYTYPES}; do
@@ -121,3 +161,4 @@ fi
121 161
122trace "kill agent" 162trace "kill agent"
123${SSHAGENT} -k > /dev/null 163${SSHAGENT} -k > /dev/null
164SSH_AGENT_PID=$FW_SSH_AGENT_PID ${SSHAGENT} -k > /dev/null
diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh
index 2c00b64ef..fc72a0a71 100644
--- a/regress/sshcfgparse.sh
+++ b/regress/sshcfgparse.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $ 1# $OpenBSD: sshcfgparse.sh,v 1.6 2019/12/21 02:33:07 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="ssh config parse" 4tid="ssh config parse"
@@ -94,5 +94,15 @@ if [ "$dsa" = "1" ]; then
94 expect_result_absent "$f" "ssh-dss-cert-v01.*" 94 expect_result_absent "$f" "ssh-dss-cert-v01.*"
95fi 95fi
96 96
97verbose "agentforwarding"
98f=`${SSH} -GF none host | awk '/^forwardagent /{print$2}'`
99expect_result_present "$f" "no"
100f=`${SSH} -GF none -oforwardagent=no host | awk '/^forwardagent /{print$2}'`
101expect_result_present "$f" "no"
102f=`${SSH} -GF none -oforwardagent=yes host | awk '/^forwardagent /{print$2}'`
103expect_result_present "$f" "yes"
104f=`${SSH} -GF none '-oforwardagent=SSH_AUTH_SOCK.forward' host | awk '/^forwardagent /{print$2}'`
105expect_result_present "$f" "SSH_AUTH_SOCK.forward"
106
97# cleanup 107# cleanup
98rm -f $OBJ/ssh_config.[012] 108rm -f $OBJ/ssh_config.[012]