aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/regress/agent.sh
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/regress/agent.sh')
-rw-r--r--crypto/openssh/regress/agent.sh124
1 files changed, 117 insertions, 7 deletions
diff --git a/crypto/openssh/regress/agent.sh b/crypto/openssh/regress/agent.sh
index 7111056c9be4..f187b6757201 100644
--- a/crypto/openssh/regress/agent.sh
+++ b/crypto/openssh/regress/agent.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $
+# $OpenBSD: agent.sh,v 1.20 2021/02/25 03:27:34 djm Exp $
# Placed in the Public Domain.
tid="simple agent test"
@@ -8,13 +8,19 @@ if [ $? -ne 2 ]; then
fail "ssh-add -l did not fail with exit code 2"
fi
-trace "start agent"
-eval `${SSHAGENT} -s` > /dev/null
+trace "start agent, args ${EXTRA_AGENT_ARGS} -s"
+eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
r=$?
if [ $r -ne 0 ]; then
fatal "could not start ssh-agent: exit code $r"
fi
+eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s | sed 's/SSH_/FW_SSH_/g'` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fatal "could not start second ssh-agent: exit code $r"
+fi
+
${SSHADD} -l > /dev/null 2>&1
if [ $? -ne 1 ]; then
fail "ssh-add -l did not fail with exit code 1"
@@ -38,13 +44,21 @@ for t in ${SSH_KEYTYPES}; do
# add to authorized keys
cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
- # add privat key to agent
+ # add private key to agent
${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
if [ $? -ne 0 ]; then
- fail "ssh-add did succeed exit code 0"
+ fail "ssh-add failed exit code $?"
+ fi
+ # add private key to second agent
+ SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add failed exit code $?"
fi
- # Remove private key to ensure that we aren't accidentally using it.
- rm -f $OBJ/$t-agent
+ # Move private key to ensure that we aren't accidentally using it.
+ # Keep the corresponding public keys/certs around for later use.
+ mv -f $OBJ/$t-agent $OBJ/$t-agent-private
+ cp -f $OBJ/$t-agent.pub $OBJ/$t-agent-private.pub
+ cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub
done
# Remove explicit identity directives from ssh_proxy
@@ -72,6 +86,10 @@ fi
for t in ${SSH_KEYTYPES}; do
trace "connect via agent using $t key"
+ if [ "$t" = "ssh-dss" ]; then
+ echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/ssh_proxy
+ echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/sshd_proxy
+ fi
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
somehost exit 52
r=$?
@@ -86,6 +104,11 @@ r=$?
if [ $r -ne 0 ]; then
fail "ssh-add -l via agent fwd failed (exit code $r)"
fi
+${SSH} "-oForwardAgent=$SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+ fail "ssh-add -l via agent path fwd failed (exit code $r)"
+fi
${SSH} -A -F $OBJ/ssh_proxy somehost \
"${SSH} -F $OBJ/ssh_proxy somehost exit 52"
r=$?
@@ -93,9 +116,34 @@ if [ $r -ne 52 ]; then
fail "agent fwd failed (exit code $r)"
fi
+trace "agent forwarding different agent"
+${SSH} "-oForwardAgent=$FW_SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+ fail "ssh-add -l via agent path fwd of different agent failed (exit code $r)"
+fi
+${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+ fail "ssh-add -l via agent path env fwd of different agent failed (exit code $r)"
+fi
+
+# Remove keys from forwarded agent, ssh-add on remote machine should now fail.
+SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+ fail "ssh-add -D failed: exit code $r"
+fi
+${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 1 ]; then
+ fail "ssh-add -l with different agent did not fail with exit code 1 (exit code $r)"
+fi
+
(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
> $OBJ/authorized_keys_$USER
for t in ${SSH_KEYTYPES}; do
+ if [ "$t" != "ssh-dss" ]; then
trace "connect via agent using $t key"
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
-oCertificateFile=$OBJ/$t-agent-cert.pub \
@@ -104,14 +152,76 @@ for t in ${SSH_KEYTYPES}; do
if [ $r -ne 52 ]; then
fail "ssh connect with failed (exit code $r)"
fi
+ fi
done
+## Deletion tests.
+
trace "delete all agent keys"
${SSHADD} -D > /dev/null 2>&1
r=$?
if [ $r -ne 0 ]; then
fail "ssh-add -D failed: exit code $r"
fi
+# make sure they're gone
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 1 ]; then
+ fail "ssh-add -l returned unexpected exit code: $r"
+fi
+trace "readd keys"
+# re-add keys/certs to agent
+for t in ${SSH_KEYTYPES}; do
+ ${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \
+ fail "ssh-add failed exit code $?"
+done
+# make sure they are there
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+ fail "ssh-add -l failed: exit code $r"
+fi
+
+check_key_absent() {
+ ${SSHADD} -L | grep "^$1 " >/dev/null
+ if [ $? -eq 0 ]; then
+ fail "$1 key unexpectedly present"
+ fi
+}
+check_key_present() {
+ ${SSHADD} -L | grep "^$1 " >/dev/null
+ if [ $? -ne 0 ]; then
+ fail "$1 key missing from agent"
+ fi
+}
+
+# delete the ed25519 key
+trace "delete single key by file"
+${SSHADD} -qdk $OBJ/ssh-ed25519-agent || fail "ssh-add -d ed25519 failed"
+check_key_absent ssh-ed25519
+check_key_present ssh-ed25519-cert-v01@openssh.com
+# Put key/cert back.
+${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \
+ fail "ssh-add failed exit code $?"
+check_key_present ssh-ed25519
+# Delete both key and certificate.
+trace "delete key/cert by file"
+${SSHADD} -qd $OBJ/ssh-ed25519-agent || fail "ssh-add -d ed25519 failed"
+check_key_absent ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
+# Put key/cert back.
+${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \
+ fail "ssh-add failed exit code $?"
+check_key_present ssh-ed25519
+# Delete certificate via stdin
+${SSHADD} -qd - < $OBJ/ssh-ed25519-agent-cert.pub || fail "ssh-add -d - failed"
+check_key_present ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
+# Delete key via stdin
+${SSHADD} -qd - < $OBJ/ssh-ed25519-agent.pub || fail "ssh-add -d - failed"
+check_key_absent ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
trace "kill agent"
${SSHAGENT} -k > /dev/null
+SSH_AGENT_PID=$FW_SSH_AGENT_PID ${SSHAGENT} -k > /dev/null
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-27 20:59:32 +0000