diff options
author | des <des@FreeBSD.org> | 2013-09-21 22:24:10 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2013-09-21 22:24:10 +0000 |
commit | b32fed86db62816ab222f56c1f859a444ac8648b (patch) | |
tree | fb81eca65d09d841e542cd6af66ff14c5004dbd8 /crypto/openssh/regress/agent-pkcs11.sh | |
parent | eaecb3d1ae60457bac557fd719cacb819f801159 (diff) | |
parent | ff2597d3eebc3da3f7cf2a638607274cad9b199e (diff) | |
download | FreeBSD-src-b32fed86db62816ab222f56c1f859a444ac8648b.zip FreeBSD-src-b32fed86db62816ab222f56c1f859a444ac8648b.tar.gz |
Pull in all the OpenSSH bits that we'd previously left out because we
didn't use them. This will make future merges from the vendor tree much
easier.
Approved by: re (gjb)
Diffstat (limited to 'crypto/openssh/regress/agent-pkcs11.sh')
-rwxr-xr-x | crypto/openssh/regress/agent-pkcs11.sh | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/crypto/openssh/regress/agent-pkcs11.sh b/crypto/openssh/regress/agent-pkcs11.sh new file mode 100755 index 0000000..db33ab3 --- /dev/null +++ b/crypto/openssh/regress/agent-pkcs11.sh @@ -0,0 +1,69 @@ +# $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $ +# Placed in the Public Domain. + +tid="pkcs11 agent test" + +TEST_SSH_PIN="" +TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0 + +# setup environment for soft-pkcs11 token +SOFTPKCS11RC=$OBJ/pkcs11.info +export SOFTPKCS11RC +# prevent ssh-agent from calling ssh-askpass +SSH_ASKPASS=/usr/bin/true +export SSH_ASKPASS +unset DISPLAY + +# start command w/o tty, so ssh-add accepts pin from stdin +notty() { + perl -e 'use POSIX; POSIX::setsid(); + if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@" +} + +trace "start agent" +eval `${SSHAGENT} -s` > /dev/null +r=$? +if [ $r -ne 0 ]; then + fail "could not start ssh-agent: exit code $r" +else + trace "generating key/cert" + rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt + openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1 + chmod 600 $OBJ/pkcs11.key + openssl req -key $OBJ/pkcs11.key -new -x509 \ + -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null + printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC + # add to authorized keys + ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER + + trace "add pkcs11 key to agent" + echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1 + r=$? + if [ $r -ne 0 ]; then + fail "ssh-add -s failed: exit code $r" + fi + + trace "pkcs11 list via agent" + ${SSHADD} -l > /dev/null 2>&1 + r=$? + if [ $r -ne 0 ]; then + fail "ssh-add -l failed: exit code $r" + fi + + trace "pkcs11 connect via agent" + ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5 + r=$? + if [ $r -ne 5 ]; then + fail "ssh connect failed (exit code $r)" + fi + + trace "remove pkcs11 keys" + echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1 + r=$? + if [ $r -ne 0 ]; then + fail "ssh-add -e failed: exit code $r" + fi + + trace "kill agent" + ${SSHAGENT} -k > /dev/null +fi |