ssh-agent: perform AGENTC_REMOVE_ALL_IDENTITIES on SIGUSR1
Steffen Nurpmeso
steffen at sdaoden.eu
Fri Sep 10 23:56:04 AEST 2021
Steffen Nurpmeso wrote in
<20210910120610._EV-u%steffen at sdaoden.eu>:
...
||failed or is ongoing. They can merel hope for the best. That's a very weak
||security promise.
And ... a test addition that somehow also escaped me until now.
(Btw i tried "make tests LTESTS=agent" after having run the
complete test once, and for me it seems to run all tests starting
with the one given in LTESTS, or at least:
make[1]: Entering directory '/tmp/x/openssh.tar_bomb_git/regress'
run test agent.sh ...
ok simple agent test
make[1]: Leaving directory '/tmp/x/openssh.tar_bomb_git/regress'
all t-exec passed
BUILDDIR=`pwd`; \
cd ./regress || exit $?; \
EGREP='/usr/bin/grep -E'
...interop-tests
...test_sshbuf: ......^Cmake[1]:
*** [Makefile:251: unit] Interrupt
make: *** [Makefile:713: unit] Interrupt
So i hope i finally made my homework and can now stop making noise.
Ciao.
And a nice weekend everybody.
diff --git a/regress/agent.sh b/regress/agent.sh
index f187b67572..2544f932eb 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -157,30 +157,42 @@ done
## Deletion tests.
+delete_cycle() {
+ # make sure they're gone
+ ${SSHADD} -l > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 1 ]; then
+ fail "ssh-add -l returned unexpected exit code: $r"
+ fi
+ trace "readd keys"
+ # re-add keys/certs to agent
+ for t in ${SSH_KEYTYPES}; do
+ ${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \
+ fail "ssh-add failed exit code $?"
+ done
+ # make sure they are there
+ ${SSHADD} -l > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-add -l failed: exit code $r"
+ fi
+}
+
trace "delete all agent keys"
${SSHADD} -D > /dev/null 2>&1
r=$?
if [ $r -ne 0 ]; then
fail "ssh-add -D failed: exit code $r"
fi
-# make sure they're gone
-${SSHADD} -l > /dev/null 2>&1
-r=$?
-if [ $r -ne 1 ]; then
- fail "ssh-add -l returned unexpected exit code: $r"
-fi
-trace "readd keys"
-# re-add keys/certs to agent
-for t in ${SSH_KEYTYPES}; do
- ${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \
- fail "ssh-add failed exit code $?"
-done
-# make sure they are there
-${SSHADD} -l > /dev/null 2>&1
+delete_cycle
+
+trace "delete all agent keys via SIGUSR1"
+kill -USR1 $SSH_AGENT_PID >/dev/null 2>&1
r=$?
if [ $r -ne 0 ]; then
- fail "ssh-add -l failed: exit code $r"
+ fail "kill -USR1: exit code $r"
fi
+delete_cycle
check_key_absent() {
${SSHADD} -L | grep "^$1 " >/dev/null
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the openssh-unix-dev
mailing list