From 4da2adaa3072eb71d453466e2ed72eed9dc66dd6 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Sat, 24 Jun 2017 06:35:24 +0000
Subject: [PATCH] regress test for ExposeAuthInfo

---
 regress/usr.bin/ssh/Makefile    |  5 +++--
 regress/usr.bin/ssh/authinfo.sh | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 regress/usr.bin/ssh/authinfo.sh

diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile
index 8a9cb58e5ca..80de10c2a2c 100644
--- a/regress/usr.bin/ssh/Makefile
+++ b/regress/usr.bin/ssh/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.95 2017/06/24 06:35:24 djm Exp $
 
 .ifndef SKIP_UNIT
 SUBDIR=		unittests
@@ -72,7 +72,8 @@ LTESTS= 	connect \
 		principals-command \
 		cert-file \
 		cfginclude \
-		allow-deny-users
+		allow-deny-users \
+		authinfo
 
 INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex conch-ciphers
 #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
diff --git a/regress/usr.bin/ssh/authinfo.sh b/regress/usr.bin/ssh/authinfo.sh
new file mode 100644
index 00000000000..e725296c90a
--- /dev/null
+++ b/regress/usr.bin/ssh/authinfo.sh
@@ -0,0 +1,17 @@
+#	$OpenBSD: authinfo.sh,v 1.1 2017/06/24 06:35:24 djm Exp $
+#	Placed in the Public Domain.
+
+tid="authinfo"
+
+# Ensure the environment variable doesn't leak when ExposeAuthInfo=no.
+verbose "ExposeAuthInfo=no"
+env SSH_USER_AUTH=blah ${SSH} -F $OBJ/ssh_proxy x \
+	'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present"
+
+verbose "ExposeAuthInfo=yes"
+echo ExposeAuthInfo=yes >> $OBJ/sshd_proxy
+${SSH} -F $OBJ/ssh_proxy x \
+	'grep ^publickey "$SSH_USER_AUTH" /dev/null >/dev/null' ||
+	fail "ssh with ExposeAuthInfo failed"
+
+# XXX test multiple auth and key contents
-- 
2.20.1