From ad44ca81bea83657d558aaef5a1d789a9032bac3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 26 Nov 2019 23:43:10 +0000 Subject: upstream: test FIDO2/U2F key types; ok markus@ OpenBSD-Regress-ID: 367e06d5a260407619b4b113ea0bd7004a435474 --- regress/agent.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'regress/agent.sh') diff --git a/regress/agent.sh b/regress/agent.sh index 48fa12b0e..922d8436e 100644 --- a/regress/agent.sh +++ b/regress/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.15 2019/07/23 07:39:43 dtucker Exp $ +# $OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -8,8 +8,8 @@ if [ $? -ne 2 ]; then fail "ssh-add -l did not fail with exit code 2" fi -trace "start agent" -eval `${SSHAGENT} -s` > /dev/null +trace "start agent, args ${EXTRA_AGENT_ARGS} -s" +eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null r=$? if [ $r -ne 0 ]; then fatal "could not start ssh-agent: exit code $r" @@ -39,9 +39,9 @@ for t in ${SSH_KEYTYPES}; do # add to authorized keys cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER # add privat key to agent - ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 + ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 if [ $? -ne 0 ]; then - fail "ssh-add did succeed exit code 0" + fail "ssh-add failed exit code $?" fi # Remove private key to ensure that we aren't accidentally using it. rm -f $OBJ/$t-agent -- cgit v1.2.3 From fbd9729d4eadf2f7097b6017156387ac64302453 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 21 Dec 2019 02:33:07 +0000 Subject: upstream: unit tests for ForwardAgent=/path; from Eric Chiang OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da --- regress/agent.sh | 45 +++++++++++++++++++++++++++++++++++++++++++-- regress/sshcfgparse.sh | 12 +++++++++++- 2 files changed, 54 insertions(+), 3 deletions(-) (limited to 'regress/agent.sh') diff --git a/regress/agent.sh b/regress/agent.sh index 922d8436e..39403653c 100644 --- a/regress/agent.sh +++ b/regress/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $ +# $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -15,6 +15,12 @@ if [ $r -ne 0 ]; then fatal "could not start ssh-agent: exit code $r" fi +eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s | sed 's/SSH_/FW_SSH_/g'` > /dev/null +r=$? +if [ $r -ne 0 ]; then + fatal "could not start second ssh-agent: exit code $r" +fi + ${SSHADD} -l > /dev/null 2>&1 if [ $? -ne 1 ]; then fail "ssh-add -l did not fail with exit code 1" @@ -38,11 +44,16 @@ for t in ${SSH_KEYTYPES}; do # add to authorized keys cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER - # add privat key to agent + # add private key to agent ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 if [ $? -ne 0 ]; then fail "ssh-add failed exit code $?" fi + # add private key to second agent + SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 + if [ $? -ne 0 ]; then + fail "ssh-add failed exit code $?" + fi # Remove private key to ensure that we aren't accidentally using it. rm -f $OBJ/$t-agent done @@ -90,6 +101,11 @@ r=$? if [ $r -ne 0 ]; then fail "ssh-add -l via agent fwd failed (exit code $r)" fi +${SSH} "-oForwardAgent=$SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -l via agent path fwd failed (exit code $r)" +fi ${SSH} -A -F $OBJ/ssh_proxy somehost \ "${SSH} -F $OBJ/ssh_proxy somehost exit 52" r=$? @@ -97,6 +113,30 @@ if [ $r -ne 52 ]; then fail "agent fwd failed (exit code $r)" fi +trace "agent forwarding different agent" +${SSH} "-oForwardAgent=$FW_SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -l via agent path fwd of different agent failed (exit code $r)" +fi +${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -l via agent path env fwd of different agent failed (exit code $r)" +fi + +# Remove keys from forwarded agent, ssh-add on remote machine should now fail. +SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -D failed: exit code $r" +fi +${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 +r=$? +if [ $r -ne 1 ]; then + fail "ssh-add -l with different agent did not fail with exit code 1 (exit code $r)" +fi + (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ > $OBJ/authorized_keys_$USER for t in ${SSH_KEYTYPES}; do @@ -121,3 +161,4 @@ fi trace "kill agent" ${SSHAGENT} -k > /dev/null +SSH_AGENT_PID=$FW_SSH_AGENT_PID ${SSHAGENT} -k > /dev/null diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh index 2c00b64ef..fc72a0a71 100644 --- a/regress/sshcfgparse.sh +++ b/regress/sshcfgparse.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $ +# $OpenBSD: sshcfgparse.sh,v 1.6 2019/12/21 02:33:07 djm Exp $ # Placed in the Public Domain. tid="ssh config parse" @@ -94,5 +94,15 @@ if [ "$dsa" = "1" ]; then expect_result_absent "$f" "ssh-dss-cert-v01.*" fi +verbose "agentforwarding" +f=`${SSH} -GF none host | awk '/^forwardagent /{print$2}'` +expect_result_present "$f" "no" +f=`${SSH} -GF none -oforwardagent=no host | awk '/^forwardagent /{print$2}'` +expect_result_present "$f" "no" +f=`${SSH} -GF none -oforwardagent=yes host | awk '/^forwardagent /{print$2}'` +expect_result_present "$f" "yes" +f=`${SSH} -GF none '-oforwardagent=SSH_AUTH_SOCK.forward' host | awk '/^forwardagent /{print$2}'` +expect_result_present "$f" "SSH_AUTH_SOCK.forward" + # cleanup rm -f $OBJ/ssh_config.[012] -- cgit v1.2.3