- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
[openssh-git.git] / regress / agent-pkcs11.sh
blobdb33ab37eb60306db288707d00e04c69bc4a9736
1 # $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $
2 # Placed in the Public Domain.
4 tid="pkcs11 agent test"
6 TEST_SSH_PIN=""
7 TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0
9 # setup environment for soft-pkcs11 token
10 SOFTPKCS11RC=$OBJ/pkcs11.info
11 export SOFTPKCS11RC
12 # prevent ssh-agent from calling ssh-askpass
13 SSH_ASKPASS=/usr/bin/true
14 export SSH_ASKPASS
15 unset DISPLAY
17 # start command w/o tty, so ssh-add accepts pin from stdin
18 notty() {
19 perl -e 'use POSIX; POSIX::setsid();
20 if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
23 trace "start agent"
24 eval `${SSHAGENT} -s` > /dev/null
25 r=$?
26 if [ $r -ne 0 ]; then
27 fail "could not start ssh-agent: exit code $r"
28 else
29 trace "generating key/cert"
30 rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt
31 openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1
32 chmod 600 $OBJ/pkcs11.key
33 openssl req -key $OBJ/pkcs11.key -new -x509 \
34 -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null
35 printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC
36 # add to authorized keys
37 ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER
39 trace "add pkcs11 key to agent"
40 echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1
41 r=$?
42 if [ $r -ne 0 ]; then
43 fail "ssh-add -s failed: exit code $r"
46 trace "pkcs11 list via agent"
47 ${SSHADD} -l > /dev/null 2>&1
48 r=$?
49 if [ $r -ne 0 ]; then
50 fail "ssh-add -l failed: exit code $r"
53 trace "pkcs11 connect via agent"
54 ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5
55 r=$?
56 if [ $r -ne 5 ]; then
57 fail "ssh connect failed (exit code $r)"
60 trace "remove pkcs11 keys"
61 echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1
62 r=$?
63 if [ $r -ne 0 ]; then
64 fail "ssh-add -e failed: exit code $r"
67 trace "kill agent"
68 ${SSHAGENT} -k > /dev/null