diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-21 02:33:07 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-21 13:36:53 +1100 |
commit | fbd9729d4eadf2f7097b6017156387ac64302453 (patch) | |
tree | 22b53e2cc19acbfb62a2509b190df10361c5e1b3 /regress | |
parent | e5b7cf8edca7e843adc125621e1dab14507f430a (diff) |
upstream: unit tests for ForwardAgent=/path; from Eric Chiang
OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da
Diffstat (limited to 'regress')
-rw-r--r-- | regress/agent.sh | 45 | ||||
-rw-r--r-- | regress/sshcfgparse.sh | 12 |
2 files changed, 54 insertions, 3 deletions
diff --git a/regress/agent.sh b/regress/agent.sh index 922d8436e..39403653c 100644 --- a/regress/agent.sh +++ b/regress/agent.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $ | 1 | # $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple agent test" | 4 | tid="simple agent test" |
@@ -15,6 +15,12 @@ if [ $r -ne 0 ]; then | |||
15 | fatal "could not start ssh-agent: exit code $r" | 15 | fatal "could not start ssh-agent: exit code $r" |
16 | fi | 16 | fi |
17 | 17 | ||
18 | eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s | sed 's/SSH_/FW_SSH_/g'` > /dev/null | ||
19 | r=$? | ||
20 | if [ $r -ne 0 ]; then | ||
21 | fatal "could not start second ssh-agent: exit code $r" | ||
22 | fi | ||
23 | |||
18 | ${SSHADD} -l > /dev/null 2>&1 | 24 | ${SSHADD} -l > /dev/null 2>&1 |
19 | if [ $? -ne 1 ]; then | 25 | if [ $? -ne 1 ]; then |
20 | fail "ssh-add -l did not fail with exit code 1" | 26 | fail "ssh-add -l did not fail with exit code 1" |
@@ -38,11 +44,16 @@ for t in ${SSH_KEYTYPES}; do | |||
38 | 44 | ||
39 | # add to authorized keys | 45 | # add to authorized keys |
40 | cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER | 46 | cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER |
41 | # add privat key to agent | 47 | # add private key to agent |
42 | ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 | 48 | ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 |
43 | if [ $? -ne 0 ]; then | 49 | if [ $? -ne 0 ]; then |
44 | fail "ssh-add failed exit code $?" | 50 | fail "ssh-add failed exit code $?" |
45 | fi | 51 | fi |
52 | # add private key to second agent | ||
53 | SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 | ||
54 | if [ $? -ne 0 ]; then | ||
55 | fail "ssh-add failed exit code $?" | ||
56 | fi | ||
46 | # Remove private key to ensure that we aren't accidentally using it. | 57 | # Remove private key to ensure that we aren't accidentally using it. |
47 | rm -f $OBJ/$t-agent | 58 | rm -f $OBJ/$t-agent |
48 | done | 59 | done |
@@ -90,6 +101,11 @@ r=$? | |||
90 | if [ $r -ne 0 ]; then | 101 | if [ $r -ne 0 ]; then |
91 | fail "ssh-add -l via agent fwd failed (exit code $r)" | 102 | fail "ssh-add -l via agent fwd failed (exit code $r)" |
92 | fi | 103 | fi |
104 | ${SSH} "-oForwardAgent=$SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 | ||
105 | r=$? | ||
106 | if [ $r -ne 0 ]; then | ||
107 | fail "ssh-add -l via agent path fwd failed (exit code $r)" | ||
108 | fi | ||
93 | ${SSH} -A -F $OBJ/ssh_proxy somehost \ | 109 | ${SSH} -A -F $OBJ/ssh_proxy somehost \ |
94 | "${SSH} -F $OBJ/ssh_proxy somehost exit 52" | 110 | "${SSH} -F $OBJ/ssh_proxy somehost exit 52" |
95 | r=$? | 111 | r=$? |
@@ -97,6 +113,30 @@ if [ $r -ne 52 ]; then | |||
97 | fail "agent fwd failed (exit code $r)" | 113 | fail "agent fwd failed (exit code $r)" |
98 | fi | 114 | fi |
99 | 115 | ||
116 | trace "agent forwarding different agent" | ||
117 | ${SSH} "-oForwardAgent=$FW_SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 | ||
118 | r=$? | ||
119 | if [ $r -ne 0 ]; then | ||
120 | fail "ssh-add -l via agent path fwd of different agent failed (exit code $r)" | ||
121 | fi | ||
122 | ${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 | ||
123 | r=$? | ||
124 | if [ $r -ne 0 ]; then | ||
125 | fail "ssh-add -l via agent path env fwd of different agent failed (exit code $r)" | ||
126 | fi | ||
127 | |||
128 | # Remove keys from forwarded agent, ssh-add on remote machine should now fail. | ||
129 | SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1 | ||
130 | r=$? | ||
131 | if [ $r -ne 0 ]; then | ||
132 | fail "ssh-add -D failed: exit code $r" | ||
133 | fi | ||
134 | ${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 | ||
135 | r=$? | ||
136 | if [ $r -ne 1 ]; then | ||
137 | fail "ssh-add -l with different agent did not fail with exit code 1 (exit code $r)" | ||
138 | fi | ||
139 | |||
100 | (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ | 140 | (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ |
101 | > $OBJ/authorized_keys_$USER | 141 | > $OBJ/authorized_keys_$USER |
102 | for t in ${SSH_KEYTYPES}; do | 142 | for t in ${SSH_KEYTYPES}; do |
@@ -121,3 +161,4 @@ fi | |||
121 | 161 | ||
122 | trace "kill agent" | 162 | trace "kill agent" |
123 | ${SSHAGENT} -k > /dev/null | 163 | ${SSHAGENT} -k > /dev/null |
164 | SSH_AGENT_PID=$FW_SSH_AGENT_PID ${SSHAGENT} -k > /dev/null | ||
diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh index 2c00b64ef..fc72a0a71 100644 --- a/regress/sshcfgparse.sh +++ b/regress/sshcfgparse.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $ | 1 | # $OpenBSD: sshcfgparse.sh,v 1.6 2019/12/21 02:33:07 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="ssh config parse" | 4 | tid="ssh config parse" |
@@ -94,5 +94,15 @@ if [ "$dsa" = "1" ]; then | |||
94 | expect_result_absent "$f" "ssh-dss-cert-v01.*" | 94 | expect_result_absent "$f" "ssh-dss-cert-v01.*" |
95 | fi | 95 | fi |
96 | 96 | ||
97 | verbose "agentforwarding" | ||
98 | f=`${SSH} -GF none host | awk '/^forwardagent /{print$2}'` | ||
99 | expect_result_present "$f" "no" | ||
100 | f=`${SSH} -GF none -oforwardagent=no host | awk '/^forwardagent /{print$2}'` | ||
101 | expect_result_present "$f" "no" | ||
102 | f=`${SSH} -GF none -oforwardagent=yes host | awk '/^forwardagent /{print$2}'` | ||
103 | expect_result_present "$f" "yes" | ||
104 | f=`${SSH} -GF none '-oforwardagent=SSH_AUTH_SOCK.forward' host | awk '/^forwardagent /{print$2}'` | ||
105 | expect_result_present "$f" "SSH_AUTH_SOCK.forward" | ||
106 | |||
97 | # cleanup | 107 | # cleanup |
98 | rm -f $OBJ/ssh_config.[012] | 108 | rm -f $OBJ/ssh_config.[012] |