From bae7e0329adf50af874bf323cefc9e54c2cd00a0 Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Mon, 8 Jan 2018 20:44:32 +0100 Subject: add tests using shunit2 --- tests | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100755 tests (limited to 'tests') diff --git a/tests b/tests new file mode 100755 index 0000000..b952141 --- /dev/null +++ b/tests @@ -0,0 +1,85 @@ +#!/bin/sh + +oneTimeSetUp () { + set -e + + # prepare keys + ( cd "$SHUNIT_TMPDIR"; ssh-keygen -q -t ed25519 -N '' -C key0 -f key0 ) + ( cd "$SHUNIT_TMPDIR"; ssh-keygen -q -t ed25519 -N '' -C key1 -f key1 ) + + # prepare agent + eval "$(ssh-agent)" + + ( cd "$SHUNIT_TMPDIR"; ssh-add key0 key1 ) + + # delete private keys from file system, they are in the agent now + ( cd "$SHUNIT_TMPDIR"; rm key0 key1 ) + + set +e +} + +oneTimeTearDown () { + [ -z "$SSH_AGENT_PID" ] || kill "$SSH_AGENT_PID" +} + +with_saf_in_tmp () { + set -e + cd "$SHUNIT_TMPDIR" + unset SSH_AGENT_PID + eval "$(ssh-agent-filter "$@")" > /dev/null + trap 'kill "$SSH_AGENT_PID"' EXIT +} + +produce_filtered_list () ( + with_saf_in_tmp "$@" + ssh-add -L +) + +test_list_filter () { + reference_out=$(ssh-add -L | grep ' key0$') + + # sanity check: unfiltered shold be different from filtered + assertNotSame "$reference_out" "$(ssh-add -L)" + + assertSame "$reference_out" "$(produce_filtered_list --comment key0)" + assertSame "$reference_out" "$(produce_filtered_list --comment-confirmed key0)" + + key0_md5=$(cut -d\ -f2 "$SHUNIT_TMPDIR/key0.pub" | base64 -d | md5sum - | cut -d\ -f1) + assertSame "$reference_out" "$(produce_filtered_list --fingerprint "$key0_md5")" + assertSame "$reference_out" "$(produce_filtered_list --fingerprint-confirmed "$key0_md5")" + + key0_base64=$(cut -d\ -f2 "$SHUNIT_TMPDIR/key0.pub") + assertSame "$reference_out" "$(produce_filtered_list --key "$key0_base64")" + assertSame "$reference_out" "$(produce_filtered_list --key-confirmed "$key0_base64")" +} + +sign_key_with_key_filtered () ( + key_to_be_signed="$1" + signing_key="$2" + shift 2 + with_saf_in_tmp "$@" + ssh-keygen -Us "$signing_key" -I identify "$key_to_be_signed" +) + +test_sign_filter () { + # try to sign with a key that is allowed by the filter + assertTrue 'sign_key_with_key_filtered key0 key1 --comment key1' + + # try to sign with a key that is not allowed by the filter + assertFalse 'sign_key_with_key_filtered key1 key0 --comment key1' +} + +test_confirmation () { + assertTrue 'export SSH_ASKPASS=/bin/true; sign_key_with_key_filtered key0 key1 --comment-confirmed key1' + assertFalse 'export SSH_ASKPASS=/bin/false; sign_key_with_key_filtered key0 key1 --comment-confirmed key1' + + cat > "$SHUNIT_TMPDIR/sap" <<-EOT + #!/bin/sh + echo "\$1" > "$SHUNIT_TMPDIR/sap_out" + EOT + chmod +x "$SHUNIT_TMPDIR/sap" + assertTrue 'export SSH_ASKPASS="$SHUNIT_TMPDIR/sap"; sign_key_with_key_filtered key0 key1 --comment-confirmed key1' + assertSame "Something behind the ssh-agent-filter requested use of the key named 'key1'." "$(head -n1 "$SHUNIT_TMPDIR/sap_out")" +} + +. shunit2 -- cgit v1.2.3 From 3b9460a74b51119e15e0d57dafb2e0c66326890a Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Mon, 8 Jan 2018 21:08:09 +0100 Subject: update copyright --- Makefile | 2 +- ssh-agent-filter.C | 2 +- tests | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/Makefile b/Makefile index 9e112a3..9c6a8a4 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# Copyright (C) 2013-2016 Timo Weingärtner +# Copyright (C) 2013-2018 Timo Weingärtner # # This file is part of ssh-agent-filter. # diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 7213f7c..74b15ab 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -1,7 +1,7 @@ /* * ssh-agent-filter.C -- filtering proxy for ssh-agent meant to be forwarded to untrusted servers * - * Copyright (C) 2013-2016 Timo Weingärtner + * Copyright (C) 2013-2018 Timo Weingärtner * * This file is part of ssh-agent-filter. * diff --git a/tests b/tests index b952141..d47daf1 100755 --- a/tests +++ b/tests @@ -1,5 +1,24 @@ #!/bin/sh +# tests for ssh-agent-filter +# +# Copyright (C) 2018 Timo Weingärtner +# +# This file is part of ssh-agent-filter. +# +# ssh-agent-filter is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# ssh-agent-filter is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with ssh-agent-filter. If not, see . + oneTimeSetUp () { set -e -- cgit v1.2.3