upstream: unit tests for ForwardAgent=/path; from Eric Chiang

OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da
author: djm@openbsd.org <djm@openbsd.org> 2019-12-21 02:33:07 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-21 13:36:53 +1100
commit: fbd9729d4eadf2f7097b6017156387ac64302453 (patch)
tree: 22b53e2cc19acbfb62a2509b190df10361c5e1b3 /regress
parent: e5b7cf8edca7e843adc125621e1dab14507f430a (diff)
2 files changed, 54 insertions, 3 deletions
diff --git a/regress/agent.sh b/regress/agent.sh
index 922d8436e..39403653c 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $
+#       $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $
 #       Placed in the Public Domain.
 tid="simple agent test"
@@ -15,6 +15,12 @@ if [ $r -ne 0 ]; then
        fatal "could not start ssh-agent: exit code $r"
 fi
+eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s | sed 's/SSH_/FW_SSH_/g'` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+        fatal "could not start second ssh-agent: exit code $r"
+fi
 ${SSHADD} -l > /dev/null 2>&1
 if [ $? -ne 1 ]; then
        fail "ssh-add -l did not fail with exit code 1"
@@ -38,11 +44,16 @@ for t in ${SSH_KEYTYPES}; do
        # add to authorized keys
        cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
-        # add privat key to agent
+        # add private key to agent
        ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
        if [ $? -ne 0 ]; then
                fail "ssh-add failed exit code $?"
        fi
+        # add private key to second agent
+        SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
+        if [ $? -ne 0 ]; then
+                fail "ssh-add failed exit code $?"
+        fi
        # Remove private key to ensure that we aren't accidentally using it.
        rm -f $OBJ/$t-agent
 done
@@ -90,6 +101,11 @@ r=$?
 if [ $r -ne 0 ]; then
        fail "ssh-add -l via agent fwd failed (exit code $r)"
 fi
+${SSH} "-oForwardAgent=$SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+        fail "ssh-add -l via agent path fwd failed (exit code $r)"
+fi
 ${SSH} -A -F $OBJ/ssh_proxy somehost \
        "${SSH} -F $OBJ/ssh_proxy somehost exit 52"
 r=$?
@@ -97,6 +113,30 @@ if [ $r -ne 52 ]; then
        fail "agent fwd failed (exit code $r)"
 fi
+trace "agent forwarding different agent"
+${SSH} "-oForwardAgent=$FW_SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+        fail "ssh-add -l via agent path fwd of different agent failed (exit code $r)"
+fi
+${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+        fail "ssh-add -l via agent path env fwd of different agent failed (exit code $r)"
+fi
+# Remove keys from forwarded agent, ssh-add on remote machine should now fail.
+SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+        fail "ssh-add -D failed: exit code $r"
+fi
+${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 1 ]; then
+        fail "ssh-add -l with different agent did not fail with exit code 1 (exit code $r)"
+fi
 (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
        > $OBJ/authorized_keys_$USER
 for t in ${SSH_KEYTYPES}; do
@@ -121,3 +161,4 @@ fi
 trace "kill agent"
 ${SSHAGENT} -k > /dev/null
+SSH_AGENT_PID=$FW_SSH_AGENT_PID ${SSHAGENT} -k > /dev/null
diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh
index 2c00b64ef..fc72a0a71 100644
--- a/regress/sshcfgparse.sh
+++ b/regress/sshcfgparse.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $
+#       $OpenBSD: sshcfgparse.sh,v 1.6 2019/12/21 02:33:07 djm Exp $
 #       Placed in the Public Domain.
 tid="ssh config parse"
@@ -94,5 +94,15 @@ if [ "$dsa" = "1" ]; then
        expect_result_absent "$f" "ssh-dss-cert-v01.*"
 fi
+verbose "agentforwarding"
+f=`${SSH} -GF none host | awk '/^forwardagent /{print$2}'`
+expect_result_present "$f" "no"
+f=`${SSH} -GF none -oforwardagent=no host | awk '/^forwardagent /{print$2}'`
+expect_result_present "$f" "no"
+f=`${SSH} -GF none -oforwardagent=yes host | awk '/^forwardagent /{print$2}'`
+expect_result_present "$f" "yes"
+f=`${SSH} -GF none '-oforwardagent=SSH_AUTH_SOCK.forward' host | awk '/^forwardagent /{print$2}'`
+expect_result_present "$f" "SSH_AUTH_SOCK.forward"
 # cleanup
 rm -f $OBJ/ssh_config.[012]
author	djm@openbsd.org <djm@openbsd.org>	2019-12-21 02:33:07 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-21 13:36:53 +1100
commit	fbd9729d4eadf2f7097b6017156387ac64302453 (patch)
tree	22b53e2cc19acbfb62a2509b190df10361c5e1b3 /regress
parent	e5b7cf8edca7e843adc125621e1dab14507f430a (diff)

diff --git a/regress/agent.sh b/regress/agent.sh index 922d8436e..39403653c 100644 --- a/regress/agent.sh +++ b/regress/agent.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $	1	# $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="simple agent test"	4	tid="simple agent test"
@@ -15,6 +15,12 @@ if [ $r -ne 0 ]; then
15	fatal "could not start ssh-agent: exit code $r"	15	fatal "could not start ssh-agent: exit code $r"
16	fi	16	fi
17		17
		18	eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s \| sed 's/SSH_/FW_SSH_/g'` > /dev/null
		19	r=$?
		20	if [ $r -ne 0 ]; then
		21	fatal "could not start second ssh-agent: exit code $r"
		22	fi
		23
18	${SSHADD} -l > /dev/null 2>&1	24	${SSHADD} -l > /dev/null 2>&1
19	if [ $? -ne 1 ]; then	25	if [ $? -ne 1 ]; then
20	fail "ssh-add -l did not fail with exit code 1"	26	fail "ssh-add -l did not fail with exit code 1"
@@ -38,11 +44,16 @@ for t in ${SSH_KEYTYPES}; do
38		44
39	# add to authorized keys	45	# add to authorized keys
40	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER	46	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
41	# add privat key to agent	47	# add private key to agent
42	${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1	48	${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
43	if [ $? -ne 0 ]; then	49	if [ $? -ne 0 ]; then
44	fail "ssh-add failed exit code $?"	50	fail "ssh-add failed exit code $?"
45	fi	51	fi
		52	# add private key to second agent
		53	SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
		54	if [ $? -ne 0 ]; then
		55	fail "ssh-add failed exit code $?"
		56	fi
46	# Remove private key to ensure that we aren't accidentally using it.	57	# Remove private key to ensure that we aren't accidentally using it.
47	rm -f $OBJ/$t-agent	58	rm -f $OBJ/$t-agent
48	done	59	done
@@ -90,6 +101,11 @@ r=$?
90	if [ $r -ne 0 ]; then	101	if [ $r -ne 0 ]; then
91	fail "ssh-add -l via agent fwd failed (exit code $r)"	102	fail "ssh-add -l via agent fwd failed (exit code $r)"
92	fi	103	fi
		104	${SSH} "-oForwardAgent=$SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
		105	r=$?
		106	if [ $r -ne 0 ]; then
		107	fail "ssh-add -l via agent path fwd failed (exit code $r)"
		108	fi
93	${SSH} -A -F $OBJ/ssh_proxy somehost \	109	${SSH} -A -F $OBJ/ssh_proxy somehost \
94	"${SSH} -F $OBJ/ssh_proxy somehost exit 52"	110	"${SSH} -F $OBJ/ssh_proxy somehost exit 52"
95	r=$?	111	r=$?
@@ -97,6 +113,30 @@ if [ $r -ne 52 ]; then
97	fail "agent fwd failed (exit code $r)"	113	fail "agent fwd failed (exit code $r)"
98	fi	114	fi
99		115
		116	trace "agent forwarding different agent"
		117	${SSH} "-oForwardAgent=$FW_SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
		118	r=$?
		119	if [ $r -ne 0 ]; then
		120	fail "ssh-add -l via agent path fwd of different agent failed (exit code $r)"
		121	fi
		122	${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
		123	r=$?
		124	if [ $r -ne 0 ]; then
		125	fail "ssh-add -l via agent path env fwd of different agent failed (exit code $r)"
		126	fi
		127
		128	# Remove keys from forwarded agent, ssh-add on remote machine should now fail.
		129	SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1
		130	r=$?
		131	if [ $r -ne 0 ]; then
		132	fail "ssh-add -D failed: exit code $r"
		133	fi
		134	${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
		135	r=$?
		136	if [ $r -ne 1 ]; then
		137	fail "ssh-add -l with different agent did not fail with exit code 1 (exit code $r)"
		138	fi
		139
100	(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \	140	(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
101	> $OBJ/authorized_keys_$USER	141	> $OBJ/authorized_keys_$USER
102	for t in ${SSH_KEYTYPES}; do	142	for t in ${SSH_KEYTYPES}; do
@@ -121,3 +161,4 @@ fi
121		161
122	trace "kill agent"	162	trace "kill agent"
123	${SSHAGENT} -k > /dev/null	163	${SSHAGENT} -k > /dev/null
		164	SSH_AGENT_PID=$FW_SSH_AGENT_PID ${SSHAGENT} -k > /dev/null


diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh index 2c00b64ef..fc72a0a71 100644 --- a/regress/sshcfgparse.sh +++ b/regress/sshcfgparse.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $	1	# $OpenBSD: sshcfgparse.sh,v 1.6 2019/12/21 02:33:07 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="ssh config parse"	4	tid="ssh config parse"
@@ -94,5 +94,15 @@ if [ "$dsa" = "1" ]; then
94	expect_result_absent "$f" "ssh-dss-cert-v01.*"	94	expect_result_absent "$f" "ssh-dss-cert-v01.*"
95	fi	95	fi
96		96
		97	verbose "agentforwarding"
		98	f=`${SSH} -GF none host \| awk '/^forwardagent /{print$2}'`
		99	expect_result_present "$f" "no"
		100	f=`${SSH} -GF none -oforwardagent=no host \| awk '/^forwardagent /{print$2}'`
		101	expect_result_present "$f" "no"
		102	f=`${SSH} -GF none -oforwardagent=yes host \| awk '/^forwardagent /{print$2}'`
		103	expect_result_present "$f" "yes"
		104	f=`${SSH} -GF none '-oforwardagent=SSH_AUTH_SOCK.forward' host \| awk '/^forwardagent /{print$2}'`
		105	expect_result_present "$f" "SSH_AUTH_SOCK.forward"
		106
97	# cleanup	107	# cleanup
98	rm -f $OBJ/ssh_config.[012]	108	rm -f $OBJ/ssh_config.[012]