[openssh-commits] [openssh] 05/07: upstream: add some verbosity

git+noreply at mindrot.org git+noreply at mindrot.org
Sat May 24 17:23:55 AEST 2025 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit a26091ecdb2a3d72b77baf3c253e676a3c835a24
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Sat May 24 04:41:12 2025 +0000

    upstream: add some verbosity
    
    OpenBSD-Regress-ID: 11c86cda4435b5f9ab6172c4742b95899666c977
---
 regress/agent-pkcs11-cert.sh     | 31 ++++++++++---------------------
 regress/agent-pkcs11-restrict.sh | 30 +++++++-----------------------
 2 files changed, 17 insertions(+), 44 deletions(-)

diff --git a/regress/agent-pkcs11-cert.sh b/regress/agent-pkcs11-cert.sh
index 4e8f74846..39e839f9c 100644
--- a/regress/agent-pkcs11-cert.sh
+++ b/regress/agent-pkcs11-cert.sh
@@ -1,15 +1,12 @@
-#	$OpenBSD: agent-pkcs11-cert.sh,v 1.1 2023/12/18 14:50:08 djm Exp $
+#	$OpenBSD: agent-pkcs11-cert.sh,v 1.2 2025/05/24 04:41:12 djm Exp $
 #	Placed in the Public Domain.
 
 tid="pkcs11 agent certificate test"
 
-SSH_AUTH_SOCK="$OBJ/agent.sock"
-export SSH_AUTH_SOCK
 LC_ALL=C
 export LC_ALL
 p11_setup || skip "No PKCS#11 library found"
 
-rm -f $SSH_AUTH_SOCK $OBJ/agent.log
 rm -f $OBJ/output_* $OBJ/expect_*
 rm -f $OBJ/ca*
 
@@ -22,23 +19,9 @@ $SSHKEYGEN -qs $OBJ/ca -I "rsa_key" -n $USER -z 2 ${SSH_SOFTHSM_DIR}/RSA.pub ||
 $SSHKEYGEN -qs $OBJ/ca -I "ca_ca" -n $USER -z 3 $OBJ/ca.pub ||
 	fatal "certify CA key failed"
 
-rm -f $SSH_AUTH_SOCK
-trace "start agent"
-${SSHAGENT} ${EXTRA_AGENT_ARGS} -d -a $SSH_AUTH_SOCK > $OBJ/agent.log 2>&1 &
-AGENT_PID=$!
-trap "kill $AGENT_PID" EXIT
-for x in 0 1 2 3 4 ; do
-	# Give it a chance to start
-	${SSHADD} -l > /dev/null 2>&1
-	r=$?
-	test $r -eq 1 && break
-	sleep 1
-done
-if [ $r -ne 1 ]; then
-	fatal "ssh-add -l did not fail with exit code 1 (got $r)"
-fi
+start_ssh_agent
 
-trace "load pkcs11 keys and certs"
+verbose "load pkcs11 keys and certs"
 # Note: deliberately contains non-cert keys and non-matching cert on commandline
 p11_ssh_add -qs ${TEST_SSH_PKCS11} \
     $OBJ/ca.pub \
@@ -48,6 +31,7 @@ p11_ssh_add -qs ${TEST_SSH_PKCS11} \
     ${SSH_SOFTHSM_DIR}/RSA-cert.pub ||
 	fatal "failed to add keys"
 # Verify their presence
+verbose "verify presence"
 cut -d' ' -f1-2 \
     ${SSH_SOFTHSM_DIR}/EC.pub \
     ${SSH_SOFTHSM_DIR}/RSA.pub \
@@ -57,21 +41,24 @@ $SSHADD -L | cut -d' ' -f1-2 | sort > $OBJ/output_list
 diff $OBJ/expect_list $OBJ/output_list
 
 # Verify that all can perform signatures.
+verbose "check signatures"
 for x in ${SSH_SOFTHSM_DIR}/EC.pub ${SSH_SOFTHSM_DIR}/RSA.pub \
     ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do
 	$SSHADD -T $x || fail "Signing failed for $x"
 done
 
 # Delete plain keys.
+verbose "delete plain keys"
 $SSHADD -qd ${SSH_SOFTHSM_DIR}/EC.pub ${SSH_SOFTHSM_DIR}/RSA.pub
 # Verify that certs can still perform signatures.
+verbose "reverify certificate signatures"
 for x in ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do
 	$SSHADD -T $x || fail "Signing failed for $x"
 done
 
 $SSHADD -qD >/dev/null || fatal "clear agent failed"
 
-trace "load pkcs11 certs only"
+verbose "load pkcs11 certs only"
 p11_ssh_add -qCs ${TEST_SSH_PKCS11} \
     $OBJ/ca.pub \
     ${SSH_SOFTHSM_DIR}/EC.pub \
@@ -80,6 +67,7 @@ p11_ssh_add -qCs ${TEST_SSH_PKCS11} \
     ${SSH_SOFTHSM_DIR}/RSA-cert.pub ||
 	fatal "failed to add keys"
 # Verify their presence
+verbose "verify presence"
 cut -d' ' -f1-2 \
     ${SSH_SOFTHSM_DIR}/EC-cert.pub \
     ${SSH_SOFTHSM_DIR}/RSA-cert.pub | sort > $OBJ/expect_list
@@ -87,6 +75,7 @@ $SSHADD -L | cut -d' ' -f1-2 | sort > $OBJ/output_list
 diff $OBJ/expect_list $OBJ/output_list
 
 # Verify that certs can perform signatures.
+verbose "check signatures"
 for x in ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do
 	$SSHADD -T $x || fail "Signing failed for $x"
 done
diff --git a/regress/agent-pkcs11-restrict.sh b/regress/agent-pkcs11-restrict.sh
index 867253211..e5763ea8f 100644
--- a/regress/agent-pkcs11-restrict.sh
+++ b/regress/agent-pkcs11-restrict.sh
@@ -1,11 +1,11 @@
-#	$OpenBSD: agent-pkcs11-restrict.sh,v 1.1 2023/12/18 14:49:39 djm Exp $
+#	$OpenBSD: agent-pkcs11-restrict.sh,v 1.2 2025/05/24 04:41:12 djm Exp $
 #	Placed in the Public Domain.
 
 tid="pkcs11 agent constraint test"
 
 p11_setup || skip "No PKCS#11 library found"
 
-rm -f $SSH_AUTH_SOCK $OBJ/agent.log $OBJ/host_[abcx]* $OBJ/user_[abcx]*
+rm -f $OBJ/host_[abcx]* $OBJ/user_[abcx]*
 rm -f $OBJ/sshd_proxy_host* $OBJ/ssh_output* $OBJ/expect_*
 rm -f $OBJ/ssh_proxy[._]* $OBJ/command $OBJ/authorized_keys_*
 
@@ -26,23 +26,7 @@ key_for() {
 	export K
 }
 
-SSH_AUTH_SOCK="$OBJ/agent.sock"
-export SSH_AUTH_SOCK
-rm -f $SSH_AUTH_SOCK
-trace "start agent"
-${SSHAGENT} ${EXTRA_AGENT_ARGS} -d -a $SSH_AUTH_SOCK > $OBJ/agent.log 2>&1 &
-AGENT_PID=$!
-trap "kill $AGENT_PID" EXIT
-for x in 0 1 2 3 4 ; do
-	# Give it a chance to start
-	${SSHADD} -l > /dev/null 2>&1
-	r=$?
-	test $r -eq 1 && break
-	sleep 1
-done
-if [ $r -ne 1 ]; then
-	fatal "ssh-add -l did not fail with exit code 1 (got $r)"
-fi
+start_ssh_agent
 
 # XXX a lot of this is a copy of agent-restrict.sh, but I couldn't see a nice
 # way to factor it out -djm
@@ -118,7 +102,7 @@ for h in a b ; do
 	 cat $K) >> $OBJ/authorized_keys_$USER
 done
 
-trace "unrestricted keys"
+verbose "unrestricted keys"
 $SSHADD -qD >/dev/null || fatal "clear agent failed"
 p11_ssh_add -qs ${TEST_SSH_PKCS11} ||
 	fatal "failed to add keys"
@@ -134,7 +118,7 @@ for h in a b ; do
 	cmp $OBJ/expect_$h $OBJ/ssh_output || fatal "unexpected output"
 done
 
-trace "restricted to different host"
+verbose "restricted to different host"
 $SSHADD -qD >/dev/null || fatal "clear agent failed"
 p11_ssh_add -q -h host_x -s ${TEST_SSH_PKCS11} -H $OBJ/known_hosts ||
 	fatal "failed to add keys"
@@ -144,7 +128,7 @@ for h in a b ; do
 	    host_$h true > $OBJ/ssh_output && fatal "test ssh $h succeeded"
 done
 
-trace "restricted to destination host"
+verbose "restricted to destination host"
 $SSHADD -qD >/dev/null || fatal "clear agent failed"
 p11_ssh_add -q -h host_a -h host_b -s ${TEST_SSH_PKCS11} -H $OBJ/known_hosts ||
 	fatal "failed to add keys"
@@ -160,7 +144,7 @@ for h in a b ; do
 	cmp $OBJ/expect_$h $OBJ/ssh_output || fatal "unexpected output"
 done
 
-trace "restricted multihop"
+verbose "restricted multihop"
 $SSHADD -qD >/dev/null || fatal "clear agent failed"
 p11_ssh_add -q -h host_a -h "host_a>host_b" \
     -s ${TEST_SSH_PKCS11} -H $OBJ/known_hosts || fatal "failed to add keys"

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list