upstream: regress test for ssh-add -d; ok dtucker@

OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf

diff --git a/regress/agent.sh b/regress/agent.sh
index 39403653c34da99b5edec442986118121adbef89..66973de2b5f6742f61b8a05909b8c9b7cab18f41 100644 (file)
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $
+#      $OpenBSD: agent.sh,v 1.18 2020/06/26 05:12:21 djm Exp $
 #      Placed in the Public Domain.
 
 tid="simple agent test"
@@ -45,17 +45,20 @@ for t in ${SSH_KEYTYPES}; do
        # add to authorized keys
        cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
        # add private key to agent
-       ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
+       ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
        if [ $? -ne 0 ]; then
                fail "ssh-add failed exit code $?"
        fi
        # add private key to second agent
-       SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
+       SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
        if [ $? -ne 0 ]; then
                fail "ssh-add failed exit code $?"
        fi
-       # Remove private key to ensure that we aren't accidentally using it.
-       rm -f $OBJ/$t-agent
+       # Move private key to ensure that we aren't accidentally using it.
+       # Keep the corresponding public keys/certs around for later use.
+       mv -f $OBJ/$t-agent $OBJ/$t-agent-private
+       cp -f $OBJ/$t-agent.pub $OBJ/$t-agent-private.pub
+       cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub
 done
 
 # Remove explicit identity directives from ssh_proxy
@@ -152,12 +155,72 @@ for t in ${SSH_KEYTYPES}; do
     fi
 done
 
+## Deletion tests.
+
 trace "delete all agent keys"
 ${SSHADD} -D > /dev/null 2>&1
 r=$?
 if [ $r -ne 0 ]; then
        fail "ssh-add -D failed: exit code $r"
 fi
+# make sure they're gone
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 1 ]; then
+       fail "ssh-add -l returned unexpected exit code: $r"
+fi
+trace "readd keys"
+# re-add keys/certs to agent
+for t in ${SSH_KEYTYPES}; do
+       ${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \
+               fail "ssh-add failed exit code $?"
+done
+# make sure they are there
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+       fail "ssh-add -l failed: exit code $r"
+fi
+
+check_key_absent() {
+       ${SSHADD} -L | grep "^$1 " >/dev/null
+       if [ $? -eq 0 ]; then
+               fail "$1 key unexpectedly present"
+       fi
+}
+check_key_present() {
+       ${SSHADD} -L | grep "^$1 " >/dev/null
+       if [ $? -ne 0 ]; then
+               fail "$1 key missing from agent"
+       fi
+}
+
+# delete the ed25519 key
+trace "delete single key by file"
+${SSHADD} -qdk ssh-ed25519-agent || fail "ssh-add -d ed25519 failed"
+check_key_absent ssh-ed25519
+check_key_present ssh-ed25519-cert-v01@openssh.com
+# Put key/cert back.
+${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \
+       fail "ssh-add failed exit code $?"
+check_key_present ssh-ed25519
+# Delete both key and certificate.
+trace "delete key/cert by file"
+${SSHADD} -qd ssh-ed25519-agent || fail "ssh-add -d ed25519 failed"
+check_key_absent ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
+# Put key/cert back.
+${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \
+       fail "ssh-add failed exit code $?"
+check_key_present ssh-ed25519
+# Delete certificate via stdin
+${SSHADD} -qd - < ssh-ed25519-agent-cert.pub || fail "ssh-add -d - failed"
+check_key_present ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
+# Delete key via stdin
+${SSHADD} -qd - < ssh-ed25519-agent.pub || fail "ssh-add -d - failed"
+check_key_absent ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
 
 trace "kill agent"
 ${SSHAGENT} -k > /dev/null