1 files changed, 92 insertions, 52 deletions
diff --git a/regress/agent.sh b/regress/agent.sh
index 0baf0c74a..7111056c9 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: agent.sh,v 1.12 2017/04/30 23:34:55 djm Exp $
+#       $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $
 #       Placed in the Public Domain.
 tid="simple agent test"
@@ -12,66 +12,106 @@ trace "start agent"
 eval `${SSHAGENT} -s` > /dev/null
 r=$?
 if [ $r -ne 0 ]; then
-        fail "could not start ssh-agent: exit code $r"
+        fatal "could not start ssh-agent: exit code $r"
-else
+fi
-        ${SSHADD} -l > /dev/null 2>&1
-        if [ $? -ne 1 ]; then
+${SSHADD} -l > /dev/null 2>&1
-                fail "ssh-add -l did not fail with exit code 1"
+if [ $? -ne 1 ]; then
-        fi
+        fail "ssh-add -l did not fail with exit code 1"
-        trace "overwrite authorized keys"
+fi
-        printf '' > $OBJ/authorized_keys_$USER
-        for t in ${SSH_KEYTYPES}; do
+rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub
-                # generate user key for agent
+${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
-                rm -f $OBJ/$t-agent
+        || fatal "ssh-keygen failed"
-                ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
-                         fail "ssh-keygen for $t-agent failed"
+trace "overwrite authorized keys"
-                # add to authorized keys
+printf '' > $OBJ/authorized_keys_$USER
-                cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
-                # add privat key to agent
+for t in ${SSH_KEYTYPES}; do
-                ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
+        # generate user key for agent
-                if [ $? -ne 0 ]; then
+        rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
-                        fail "ssh-add did succeed exit code 0"
+        ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
-                fi
+                 fatal "ssh-keygen for $t-agent failed"
-        done
+        # Make a certificate for each too.
-        ${SSHADD} -l > /dev/null 2>&1
+        ${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \
-        r=$?
+                -n estragon $OBJ/$t-agent.pub || fatal "ca sign failed"
-        if [ $r -ne 0 ]; then
-                fail "ssh-add -l failed: exit code $r"
+        # add to authorized keys
-        fi
+        cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
-        # the same for full pubkey output
+        # add privat key to agent
-        ${SSHADD} -L > /dev/null 2>&1
+        ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
-        r=$?
+        if [ $? -ne 0 ]; then
-        if [ $r -ne 0 ]; then
+                fail "ssh-add did succeed exit code 0"
-                fail "ssh-add -L failed: exit code $r"
        fi
+        # Remove private key to ensure that we aren't accidentally using it.
+        rm -f $OBJ/$t-agent
+done
+# Remove explicit identity directives from ssh_proxy
+mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
+grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+        fail "ssh-add -l failed: exit code $r"
+fi
+# the same for full pubkey output
+${SSHADD} -L > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+        fail "ssh-add -L failed: exit code $r"
+fi
-        trace "simple connect via agent"
+trace "simple connect via agent"
-        ${SSH} -F $OBJ/ssh_proxy somehost exit 52
+${SSH} -F $OBJ/ssh_proxy somehost exit 52
+r=$?
+if [ $r -ne 52 ]; then
+        fail "ssh connect with failed (exit code $r)"
+fi
+for t in ${SSH_KEYTYPES}; do
+        trace "connect via agent using $t key"
+        ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
+                somehost exit 52
        r=$?
        if [ $r -ne 52 ]; then
                fail "ssh connect with failed (exit code $r)"
        fi
+done
-        trace "agent forwarding"
+trace "agent forwarding"
-        ${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
-        r=$?
+r=$?
-        if [ $r -ne 0 ]; then
+if [ $r -ne 0 ]; then
-                fail "ssh-add -l via agent fwd failed (exit code $r)"
+        fail "ssh-add -l via agent fwd failed (exit code $r)"
-        fi
+fi
-        ${SSH} -A -F $OBJ/ssh_proxy somehost \
+${SSH} -A -F $OBJ/ssh_proxy somehost \
-                "${SSH} -F $OBJ/ssh_proxy somehost exit 52"
+        "${SSH} -F $OBJ/ssh_proxy somehost exit 52"
-        r=$?
+r=$?
-        if [ $r -ne 52 ]; then
+if [ $r -ne 52 ]; then
-                fail "agent fwd failed (exit code $r)"
+        fail "agent fwd failed (exit code $r)"
-        fi
+fi
-        trace "delete all agent keys"
+(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
-        ${SSHADD} -D > /dev/null 2>&1
+        > $OBJ/authorized_keys_$USER
+for t in ${SSH_KEYTYPES}; do
+        trace "connect via agent using $t key"
+        ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
+                -oCertificateFile=$OBJ/$t-agent-cert.pub \
+                -oIdentitiesOnly=yes somehost exit 52
        r=$?
-        if [ $r -ne 0 ]; then
+        if [ $r -ne 52 ]; then
-                fail "ssh-add -D failed: exit code $r"
+                fail "ssh connect with failed (exit code $r)"
        fi
+done
-        trace "kill agent"
+trace "delete all agent keys"
-        ${SSHAGENT} -k > /dev/null
+${SSHADD} -D > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+        fail "ssh-add -D failed: exit code $r"
 fi
+trace "kill agent"
+${SSHAGENT} -k > /dev/null

diff --git a/regress/agent.sh b/regress/agent.sh index 0baf0c74a..7111056c9 100644 --- a/regress/agent.sh +++ b/regress/agent.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: agent.sh,v 1.12 2017/04/30 23:34:55 djm Exp $	1	# $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="simple agent test"	4	tid="simple agent test"
@@ -12,66 +12,106 @@ trace "start agent"
12	eval `${SSHAGENT} -s` > /dev/null	12	eval `${SSHAGENT} -s` > /dev/null
13	r=$?	13	r=$?
14	if [ $r -ne 0 ]; then	14	if [ $r -ne 0 ]; then
15	fail "could not start ssh-agent: exit code $r"	15	fatal "could not start ssh-agent: exit code $r"
16	else	16	fi
17	${SSHADD} -l > /dev/null 2>&1	17
18	if [ $? -ne 1 ]; then	18	${SSHADD} -l > /dev/null 2>&1
19	fail "ssh-add -l did not fail with exit code 1"	19	if [ $? -ne 1 ]; then
20	fi	20	fail "ssh-add -l did not fail with exit code 1"
21	trace "overwrite authorized keys"	21	fi
22	printf '' > $OBJ/authorized_keys_$USER	22
23	for t in ${SSH_KEYTYPES}; do	23	rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub
24	# generate user key for agent	24	${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
25	rm -f $OBJ/$t-agent	25	\|\| fatal "ssh-keygen failed"
26	${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent \|\|\	26
27	fail "ssh-keygen for $t-agent failed"	27	trace "overwrite authorized keys"
28	# add to authorized keys	28	printf '' > $OBJ/authorized_keys_$USER
29	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER	29
30	# add privat key to agent	30	for t in ${SSH_KEYTYPES}; do
31	${SSHADD} $OBJ/$t-agent > /dev/null 2>&1	31	# generate user key for agent
32	if [ $? -ne 0 ]; then	32	rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
33	fail "ssh-add did succeed exit code 0"	33	${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent \|\|\
34	fi	34	fatal "ssh-keygen for $t-agent failed"
35	done	35	# Make a certificate for each too.
36	${SSHADD} -l > /dev/null 2>&1	36	${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \
37	r=$?	37	-n estragon $OBJ/$t-agent.pub \|\| fatal "ca sign failed"
38	if [ $r -ne 0 ]; then	38
39	fail "ssh-add -l failed: exit code $r"	39	# add to authorized keys
40	fi	40	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
41	# the same for full pubkey output	41	# add privat key to agent
42	${SSHADD} -L > /dev/null 2>&1	42	${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
43	r=$?	43	if [ $? -ne 0 ]; then
44	if [ $r -ne 0 ]; then	44	fail "ssh-add did succeed exit code 0"
45	fail "ssh-add -L failed: exit code $r"
46	fi	45	fi
		46	# Remove private key to ensure that we aren't accidentally using it.
		47	rm -f $OBJ/$t-agent
		48	done
		49
		50	# Remove explicit identity directives from ssh_proxy
		51	mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
		52	grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy
		53
		54	${SSHADD} -l > /dev/null 2>&1
		55	r=$?
		56	if [ $r -ne 0 ]; then
		57	fail "ssh-add -l failed: exit code $r"
		58	fi
		59	# the same for full pubkey output
		60	${SSHADD} -L > /dev/null 2>&1
		61	r=$?
		62	if [ $r -ne 0 ]; then
		63	fail "ssh-add -L failed: exit code $r"
		64	fi
47		65
48	trace "simple connect via agent"	66	trace "simple connect via agent"
49	${SSH} -F $OBJ/ssh_proxy somehost exit 52	67	${SSH} -F $OBJ/ssh_proxy somehost exit 52
		68	r=$?
		69	if [ $r -ne 52 ]; then
		70	fail "ssh connect with failed (exit code $r)"
		71	fi
		72
		73	for t in ${SSH_KEYTYPES}; do
		74	trace "connect via agent using $t key"
		75	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
		76	somehost exit 52
50	r=$?	77	r=$?
51	if [ $r -ne 52 ]; then	78	if [ $r -ne 52 ]; then
52	fail "ssh connect with failed (exit code $r)"	79	fail "ssh connect with failed (exit code $r)"
53	fi	80	fi
		81	done
54		82
55	trace "agent forwarding"	83	trace "agent forwarding"
56	${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1	84	${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
57	r=$?	85	r=$?
58	if [ $r -ne 0 ]; then	86	if [ $r -ne 0 ]; then
59	fail "ssh-add -l via agent fwd failed (exit code $r)"	87	fail "ssh-add -l via agent fwd failed (exit code $r)"
60	fi	88	fi
61	${SSH} -A -F $OBJ/ssh_proxy somehost \	89	${SSH} -A -F $OBJ/ssh_proxy somehost \
62	"${SSH} -F $OBJ/ssh_proxy somehost exit 52"	90	"${SSH} -F $OBJ/ssh_proxy somehost exit 52"
63	r=$?	91	r=$?
64	if [ $r -ne 52 ]; then	92	if [ $r -ne 52 ]; then
65	fail "agent fwd failed (exit code $r)"	93	fail "agent fwd failed (exit code $r)"
66	fi	94	fi
67		95
68	trace "delete all agent keys"	96	(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
69	${SSHADD} -D > /dev/null 2>&1	97	> $OBJ/authorized_keys_$USER
		98	for t in ${SSH_KEYTYPES}; do
		99	trace "connect via agent using $t key"
		100	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
		101	-oCertificateFile=$OBJ/$t-agent-cert.pub \
		102	-oIdentitiesOnly=yes somehost exit 52
70	r=$?	103	r=$?
71	if [ $r -ne 0 ]; then	104	if [ $r -ne 52 ]; then
72	fail "ssh-add -D failed: exit code $r"	105	fail "ssh connect with failed (exit code $r)"
73	fi	106	fi
		107	done
74		108
75	trace "kill agent"	109	trace "delete all agent keys"
76	${SSHAGENT} -k > /dev/null	110	${SSHADD} -D > /dev/null 2>&1
		111	r=$?
		112	if [ $r -ne 0 ]; then
		113	fail "ssh-add -D failed: exit code $r"
77	fi	114	fi
		115
		116	trace "kill agent"
		117	${SSHAGENT} -k > /dev/null