diff options
Diffstat (limited to 'regress')
-rw-r--r-- | regress/agent.sh | 73 |
1 files changed, 68 insertions, 5 deletions
diff --git a/regress/agent.sh b/regress/agent.sh index 39403653c..66973de2b 100644 --- a/regress/agent.sh +++ b/regress/agent.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $ | 1 | # $OpenBSD: agent.sh,v 1.18 2020/06/26 05:12:21 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple agent test" | 4 | tid="simple agent test" |
@@ -45,17 +45,20 @@ for t in ${SSH_KEYTYPES}; do | |||
45 | # add to authorized keys | 45 | # add to authorized keys |
46 | cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER | 46 | cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER |
47 | # add private key to agent | 47 | # add private key to agent |
48 | ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 | 48 | ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 |
49 | if [ $? -ne 0 ]; then | 49 | if [ $? -ne 0 ]; then |
50 | fail "ssh-add failed exit code $?" | 50 | fail "ssh-add failed exit code $?" |
51 | fi | 51 | fi |
52 | # add private key to second agent | 52 | # add private key to second agent |
53 | SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 | 53 | SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 |
54 | if [ $? -ne 0 ]; then | 54 | if [ $? -ne 0 ]; then |
55 | fail "ssh-add failed exit code $?" | 55 | fail "ssh-add failed exit code $?" |
56 | fi | 56 | fi |
57 | # Remove private key to ensure that we aren't accidentally using it. | 57 | # Move private key to ensure that we aren't accidentally using it. |
58 | rm -f $OBJ/$t-agent | 58 | # Keep the corresponding public keys/certs around for later use. |
59 | mv -f $OBJ/$t-agent $OBJ/$t-agent-private | ||
60 | cp -f $OBJ/$t-agent.pub $OBJ/$t-agent-private.pub | ||
61 | cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub | ||
59 | done | 62 | done |
60 | 63 | ||
61 | # Remove explicit identity directives from ssh_proxy | 64 | # Remove explicit identity directives from ssh_proxy |
@@ -152,12 +155,72 @@ for t in ${SSH_KEYTYPES}; do | |||
152 | fi | 155 | fi |
153 | done | 156 | done |
154 | 157 | ||
158 | ## Deletion tests. | ||
159 | |||
155 | trace "delete all agent keys" | 160 | trace "delete all agent keys" |
156 | ${SSHADD} -D > /dev/null 2>&1 | 161 | ${SSHADD} -D > /dev/null 2>&1 |
157 | r=$? | 162 | r=$? |
158 | if [ $r -ne 0 ]; then | 163 | if [ $r -ne 0 ]; then |
159 | fail "ssh-add -D failed: exit code $r" | 164 | fail "ssh-add -D failed: exit code $r" |
160 | fi | 165 | fi |
166 | # make sure they're gone | ||
167 | ${SSHADD} -l > /dev/null 2>&1 | ||
168 | r=$? | ||
169 | if [ $r -ne 1 ]; then | ||
170 | fail "ssh-add -l returned unexpected exit code: $r" | ||
171 | fi | ||
172 | trace "readd keys" | ||
173 | # re-add keys/certs to agent | ||
174 | for t in ${SSH_KEYTYPES}; do | ||
175 | ${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \ | ||
176 | fail "ssh-add failed exit code $?" | ||
177 | done | ||
178 | # make sure they are there | ||
179 | ${SSHADD} -l > /dev/null 2>&1 | ||
180 | r=$? | ||
181 | if [ $r -ne 0 ]; then | ||
182 | fail "ssh-add -l failed: exit code $r" | ||
183 | fi | ||
184 | |||
185 | check_key_absent() { | ||
186 | ${SSHADD} -L | grep "^$1 " >/dev/null | ||
187 | if [ $? -eq 0 ]; then | ||
188 | fail "$1 key unexpectedly present" | ||
189 | fi | ||
190 | } | ||
191 | check_key_present() { | ||
192 | ${SSHADD} -L | grep "^$1 " >/dev/null | ||
193 | if [ $? -ne 0 ]; then | ||
194 | fail "$1 key missing from agent" | ||
195 | fi | ||
196 | } | ||
197 | |||
198 | # delete the ed25519 key | ||
199 | trace "delete single key by file" | ||
200 | ${SSHADD} -qdk ssh-ed25519-agent || fail "ssh-add -d ed25519 failed" | ||
201 | check_key_absent ssh-ed25519 | ||
202 | check_key_present ssh-ed25519-cert-v01@openssh.com | ||
203 | # Put key/cert back. | ||
204 | ${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \ | ||
205 | fail "ssh-add failed exit code $?" | ||
206 | check_key_present ssh-ed25519 | ||
207 | # Delete both key and certificate. | ||
208 | trace "delete key/cert by file" | ||
209 | ${SSHADD} -qd ssh-ed25519-agent || fail "ssh-add -d ed25519 failed" | ||
210 | check_key_absent ssh-ed25519 | ||
211 | check_key_absent ssh-ed25519-cert-v01@openssh.com | ||
212 | # Put key/cert back. | ||
213 | ${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \ | ||
214 | fail "ssh-add failed exit code $?" | ||
215 | check_key_present ssh-ed25519 | ||
216 | # Delete certificate via stdin | ||
217 | ${SSHADD} -qd - < ssh-ed25519-agent-cert.pub || fail "ssh-add -d - failed" | ||
218 | check_key_present ssh-ed25519 | ||
219 | check_key_absent ssh-ed25519-cert-v01@openssh.com | ||
220 | # Delete key via stdin | ||
221 | ${SSHADD} -qd - < ssh-ed25519-agent.pub || fail "ssh-add -d - failed" | ||
222 | check_key_absent ssh-ed25519 | ||
223 | check_key_absent ssh-ed25519-cert-v01@openssh.com | ||
161 | 224 | ||
162 | trace "kill agent" | 225 | trace "kill agent" |
163 | ${SSHAGENT} -k > /dev/null | 226 | ${SSHAGENT} -k > /dev/null |