Re: ssh-agent: perform AGENTC_REMOVE_ALL_IDENTITIES on SIGUSR1

Steffen Nurpmeso <steffen@xxxxxxxxxx> · Fri, 10 Sep 2021 15:56:04 +0200

Steffen Nurpmeso wrote in
 <20210910120610._EV-u%steffen@xxxxxxxxxx>:
 ...
 ||failed or is ongoing. They can merel hope for the best. That's a very weak
 ||security promise.

And ... a test addition that somehow also escaped me until now.
(Btw i tried "make tests LTESTS=agent" after having run the
complete test once, and for me it seems to run all tests starting
with the one given in LTESTS, or at least:

  make[1]: Entering directory '/tmp/x/openssh.tar_bomb_git/regress'
  run test agent.sh ...
  ok simple agent test
  make[1]: Leaving directory '/tmp/x/openssh.tar_bomb_git/regress'
  all t-exec passed
  BUILDDIR=`pwd`; \
  cd ./regress || exit $?; \
  EGREP='/usr/bin/grep -E'
  ...interop-tests
  ...test_sshbuf: ......^Cmake[1]:
  *** [Makefile:251: unit] Interrupt
  make: *** [Makefile:713: unit] Interrupt

So i hope i finally made my homework and can now stop making noise.

Ciao.
And a nice weekend everybody.

diff --git a/regress/agent.sh b/regress/agent.sh
index f187b67572..2544f932eb 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -157,30 +157,42 @@ done
 
 ## Deletion tests.
 
+delete_cycle() {
+	# make sure they're gone
+	${SSHADD} -l > /dev/null 2>&1
+	r=$?
+	if [ $r -ne 1 ]; then
+		fail "ssh-add -l returned unexpected exit code: $r"
+	fi
+	trace "readd keys"
+	# re-add keys/certs to agent
+	for t in ${SSH_KEYTYPES}; do
+		${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \
+			fail "ssh-add failed exit code $?"
+	done
+	# make sure they are there
+	${SSHADD} -l > /dev/null 2>&1
+	r=$?
+	if [ $r -ne 0 ]; then
+		fail "ssh-add -l failed: exit code $r"
+	fi
+}
+
 trace "delete all agent keys"
 ${SSHADD} -D > /dev/null 2>&1
 r=$?
 if [ $r -ne 0 ]; then
 	fail "ssh-add -D failed: exit code $r"
 fi
-# make sure they're gone
-${SSHADD} -l > /dev/null 2>&1
-r=$?
-if [ $r -ne 1 ]; then
-	fail "ssh-add -l returned unexpected exit code: $r"
-fi
-trace "readd keys"
-# re-add keys/certs to agent
-for t in ${SSH_KEYTYPES}; do
-	${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \
-		fail "ssh-add failed exit code $?"
-done
-# make sure they are there
-${SSHADD} -l > /dev/null 2>&1
+delete_cycle
+
+trace "delete all agent keys via SIGUSR1"
+kill -USR1 $SSH_AGENT_PID >/dev/null 2>&1
 r=$?
 if [ $r -ne 0 ]; then
-	fail "ssh-add -l failed: exit code $r"
+	fail "kill -USR1: exit code $r"
 fi
+delete_cycle
 
 check_key_absent() {
 	${SSHADD} -L | grep "^$1 " >/dev/null

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev






