1 files changed, 68 insertions, 5 deletions
diff --git a/regress/agent.sh b/regress/agent.sh
index 39403653c..a3ad1385f 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $
+#       $OpenBSD: agent.sh,v 1.19 2020/07/15 04:55:47 dtucker Exp $
 #       Placed in the Public Domain.
 tid="simple agent test"
@@ -45,17 +45,20 @@ for t in ${SSH_KEYTYPES}; do
        # add to authorized keys
        cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
        # add private key to agent
-        ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
+        ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
        if [ $? -ne 0 ]; then
                fail "ssh-add failed exit code $?"
        fi
        # add private key to second agent
-        SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
+        SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
        if [ $? -ne 0 ]; then
                fail "ssh-add failed exit code $?"
        fi
-        # Remove private key to ensure that we aren't accidentally using it.
+        # Move private key to ensure that we aren't accidentally using it.
-        rm -f $OBJ/$t-agent
+        # Keep the corresponding public keys/certs around for later use.
+        mv -f $OBJ/$t-agent $OBJ/$t-agent-private
+        cp -f $OBJ/$t-agent.pub $OBJ/$t-agent-private.pub
+        cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub
 done
 # Remove explicit identity directives from ssh_proxy
@@ -152,12 +155,72 @@ for t in ${SSH_KEYTYPES}; do
    fi
 done
+## Deletion tests.
 trace "delete all agent keys"
 ${SSHADD} -D > /dev/null 2>&1
 r=$?
 if [ $r -ne 0 ]; then
        fail "ssh-add -D failed: exit code $r"
 fi
+# make sure they're gone
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 1 ]; then
+        fail "ssh-add -l returned unexpected exit code: $r"
+fi
+trace "readd keys"
+# re-add keys/certs to agent
+for t in ${SSH_KEYTYPES}; do
+        ${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \
+                fail "ssh-add failed exit code $?"
+done
+# make sure they are there
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+        fail "ssh-add -l failed: exit code $r"
+fi
+check_key_absent() {
+        ${SSHADD} -L | grep "^$1 " >/dev/null
+        if [ $? -eq 0 ]; then
+                fail "$1 key unexpectedly present"
+        fi
+}
+check_key_present() {
+        ${SSHADD} -L | grep "^$1 " >/dev/null
+        if [ $? -ne 0 ]; then
+                fail "$1 key missing from agent"
+        fi
+}
+# delete the ed25519 key
+trace "delete single key by file"
+${SSHADD} -qdk $OBJ/ssh-ed25519-agent || fail "ssh-add -d ed25519 failed"
+check_key_absent ssh-ed25519
+check_key_present ssh-ed25519-cert-v01@openssh.com
+# Put key/cert back.
+${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \
+        fail "ssh-add failed exit code $?"
+check_key_present ssh-ed25519
+# Delete both key and certificate.
+trace "delete key/cert by file"
+${SSHADD} -qd $OBJ/ssh-ed25519-agent || fail "ssh-add -d ed25519 failed"
+check_key_absent ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
+# Put key/cert back.
+${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \
+        fail "ssh-add failed exit code $?"
+check_key_present ssh-ed25519
+# Delete certificate via stdin
+${SSHADD} -qd - < $OBJ/ssh-ed25519-agent-cert.pub || fail "ssh-add -d - failed"
+check_key_present ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
+# Delete key via stdin
+${SSHADD} -qd - < $OBJ/ssh-ed25519-agent.pub || fail "ssh-add -d - failed"
+check_key_absent ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
 trace "kill agent"
 ${SSHAGENT} -k > /dev/null

diff --git a/regress/agent.sh b/regress/agent.sh index 39403653c..a3ad1385f 100644 --- a/regress/agent.sh +++ b/regress/agent.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $	1	# $OpenBSD: agent.sh,v 1.19 2020/07/15 04:55:47 dtucker Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="simple agent test"	4	tid="simple agent test"
@@ -45,17 +45,20 @@ for t in ${SSH_KEYTYPES}; do
45	# add to authorized keys	45	# add to authorized keys
46	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER	46	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
47	# add private key to agent	47	# add private key to agent
48	${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1	48	${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
49	if [ $? -ne 0 ]; then	49	if [ $? -ne 0 ]; then
50	fail "ssh-add failed exit code $?"	50	fail "ssh-add failed exit code $?"
51	fi	51	fi
52	# add private key to second agent	52	# add private key to second agent
53	SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1	53	SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
54	if [ $? -ne 0 ]; then	54	if [ $? -ne 0 ]; then
55	fail "ssh-add failed exit code $?"	55	fail "ssh-add failed exit code $?"
56	fi	56	fi
57	# Remove private key to ensure that we aren't accidentally using it.	57	# Move private key to ensure that we aren't accidentally using it.
58	rm -f $OBJ/$t-agent	58	# Keep the corresponding public keys/certs around for later use.
		59	mv -f $OBJ/$t-agent $OBJ/$t-agent-private
		60	cp -f $OBJ/$t-agent.pub $OBJ/$t-agent-private.pub
		61	cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub
59	done	62	done
60		63
61	# Remove explicit identity directives from ssh_proxy	64	# Remove explicit identity directives from ssh_proxy
@@ -152,12 +155,72 @@ for t in ${SSH_KEYTYPES}; do
152	fi	155	fi
153	done	156	done
154		157
		158	## Deletion tests.
		159
155	trace "delete all agent keys"	160	trace "delete all agent keys"
156	${SSHADD} -D > /dev/null 2>&1	161	${SSHADD} -D > /dev/null 2>&1
157	r=$?	162	r=$?
158	if [ $r -ne 0 ]; then	163	if [ $r -ne 0 ]; then
159	fail "ssh-add -D failed: exit code $r"	164	fail "ssh-add -D failed: exit code $r"
160	fi	165	fi
		166	# make sure they're gone
		167	${SSHADD} -l > /dev/null 2>&1
		168	r=$?
		169	if [ $r -ne 1 ]; then
		170	fail "ssh-add -l returned unexpected exit code: $r"
		171	fi
		172	trace "readd keys"
		173	# re-add keys/certs to agent
		174	for t in ${SSH_KEYTYPES}; do
		175	${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 \|\| \
		176	fail "ssh-add failed exit code $?"
		177	done
		178	# make sure they are there
		179	${SSHADD} -l > /dev/null 2>&1
		180	r=$?
		181	if [ $r -ne 0 ]; then
		182	fail "ssh-add -l failed: exit code $r"
		183	fi
		184
		185	check_key_absent() {
		186	${SSHADD} -L \| grep "^$1 " >/dev/null
		187	if [ $? -eq 0 ]; then
		188	fail "$1 key unexpectedly present"
		189	fi
		190	}
		191	check_key_present() {
		192	${SSHADD} -L \| grep "^$1 " >/dev/null
		193	if [ $? -ne 0 ]; then
		194	fail "$1 key missing from agent"
		195	fi
		196	}
		197
		198	# delete the ed25519 key
		199	trace "delete single key by file"
		200	${SSHADD} -qdk $OBJ/ssh-ed25519-agent \|\| fail "ssh-add -d ed25519 failed"
		201	check_key_absent ssh-ed25519
		202	check_key_present ssh-ed25519-cert-v01@openssh.com
		203	# Put key/cert back.
		204	${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 \|\| \
		205	fail "ssh-add failed exit code $?"
		206	check_key_present ssh-ed25519
		207	# Delete both key and certificate.
		208	trace "delete key/cert by file"
		209	${SSHADD} -qd $OBJ/ssh-ed25519-agent \|\| fail "ssh-add -d ed25519 failed"
		210	check_key_absent ssh-ed25519
		211	check_key_absent ssh-ed25519-cert-v01@openssh.com
		212	# Put key/cert back.
		213	${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 \|\| \
		214	fail "ssh-add failed exit code $?"
		215	check_key_present ssh-ed25519
		216	# Delete certificate via stdin
		217	${SSHADD} -qd - < $OBJ/ssh-ed25519-agent-cert.pub \|\| fail "ssh-add -d - failed"
		218	check_key_present ssh-ed25519
		219	check_key_absent ssh-ed25519-cert-v01@openssh.com
		220	# Delete key via stdin
		221	${SSHADD} -qd - < $OBJ/ssh-ed25519-agent.pub \|\| fail "ssh-add -d - failed"
		222	check_key_absent ssh-ed25519
		223	check_key_absent ssh-ed25519-cert-v01@openssh.com
161		224
162	trace "kill agent"	225	trace "kill agent"
163	${SSHAGENT} -k > /dev/null	226	${SSHAGENT} -k > /dev/null