From e073106f370cdd2679e41f6f55a37b491f0e82fe Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 26 Jun 2020 05:12:21 +0000 Subject: upstream: regress test for ssh-add -d; ok dtucker@ OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf --- regress/agent.sh | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 68 insertions(+), 5 deletions(-) (limited to 'regress/agent.sh') diff --git a/regress/agent.sh b/regress/agent.sh index 39403653c..66973de2b 100644 --- a/regress/agent.sh +++ b/regress/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $ +# $OpenBSD: agent.sh,v 1.18 2020/06/26 05:12:21 djm Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -45,17 +45,20 @@ for t in ${SSH_KEYTYPES}; do # add to authorized keys cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER # add private key to agent - ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 + ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 if [ $? -ne 0 ]; then fail "ssh-add failed exit code $?" fi # add private key to second agent - SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 + SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 if [ $? -ne 0 ]; then fail "ssh-add failed exit code $?" fi - # Remove private key to ensure that we aren't accidentally using it. - rm -f $OBJ/$t-agent + # Move private key to ensure that we aren't accidentally using it. + # Keep the corresponding public keys/certs around for later use. + mv -f $OBJ/$t-agent $OBJ/$t-agent-private + cp -f $OBJ/$t-agent.pub $OBJ/$t-agent-private.pub + cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub done # Remove explicit identity directives from ssh_proxy @@ -152,12 +155,72 @@ for t in ${SSH_KEYTYPES}; do fi done +## Deletion tests. + trace "delete all agent keys" ${SSHADD} -D > /dev/null 2>&1 r=$? if [ $r -ne 0 ]; then fail "ssh-add -D failed: exit code $r" fi +# make sure they're gone +${SSHADD} -l > /dev/null 2>&1 +r=$? +if [ $r -ne 1 ]; then + fail "ssh-add -l returned unexpected exit code: $r" +fi +trace "readd keys" +# re-add keys/certs to agent +for t in ${SSH_KEYTYPES}; do + ${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \ + fail "ssh-add failed exit code $?" +done +# make sure they are there +${SSHADD} -l > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -l failed: exit code $r" +fi + +check_key_absent() { + ${SSHADD} -L | grep "^$1 " >/dev/null + if [ $? -eq 0 ]; then + fail "$1 key unexpectedly present" + fi +} +check_key_present() { + ${SSHADD} -L | grep "^$1 " >/dev/null + if [ $? -ne 0 ]; then + fail "$1 key missing from agent" + fi +} + +# delete the ed25519 key +trace "delete single key by file" +${SSHADD} -qdk ssh-ed25519-agent || fail "ssh-add -d ed25519 failed" +check_key_absent ssh-ed25519 +check_key_present ssh-ed25519-cert-v01@openssh.com +# Put key/cert back. +${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \ + fail "ssh-add failed exit code $?" +check_key_present ssh-ed25519 +# Delete both key and certificate. +trace "delete key/cert by file" +${SSHADD} -qd ssh-ed25519-agent || fail "ssh-add -d ed25519 failed" +check_key_absent ssh-ed25519 +check_key_absent ssh-ed25519-cert-v01@openssh.com +# Put key/cert back. +${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \ + fail "ssh-add failed exit code $?" +check_key_present ssh-ed25519 +# Delete certificate via stdin +${SSHADD} -qd - < ssh-ed25519-agent-cert.pub || fail "ssh-add -d - failed" +check_key_present ssh-ed25519 +check_key_absent ssh-ed25519-cert-v01@openssh.com +# Delete key via stdin +${SSHADD} -qd - < ssh-ed25519-agent.pub || fail "ssh-add -d - failed" +check_key_absent ssh-ed25519 +check_key_absent ssh-ed25519-cert-v01@openssh.com trace "kill agent" ${SSHAGENT} -k > /dev/null -- cgit v1.2.3