1*4d3fc8b0SEd Maste# $OpenBSD: agent-getpeereid.sh,v 1.15 2023/02/08 08:06:03 dtucker Exp $ 2e9e8876aSEd Maste# $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $ 3ce3adf43SDag-Erling Smørgrav# Placed in the Public Domain. 4ce3adf43SDag-Erling Smørgrav 5ce3adf43SDag-Erling Smørgravtid="disallow agent attach from other uid" 6ce3adf43SDag-Erling Smørgrav 7ce3adf43SDag-Erling SmørgravUNPRIV=nobody 8ce3adf43SDag-Erling SmørgravASOCK=${OBJ}/agent 9ce3adf43SDag-Erling SmørgravSSH_AUTH_SOCK=/nonexistent 10f374ba41SEd Maste>$OBJ/ssh-agent.log 11f374ba41SEd Maste>$OBJ/ssh-add.log 12ce3adf43SDag-Erling Smørgrav 13ce3adf43SDag-Erling Smørgravif config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then 14ce3adf43SDag-Erling Smørgrav : 15ce3adf43SDag-Erling Smørgravelse 16e9e8876aSEd Maste skip "skipped (not supported on this platform)" 17ce3adf43SDag-Erling Smørgravfi 181323ec57SEd Masteif test "x$USER" = "xroot"; then 191323ec57SEd Maste skip "skipped (running as root)" 201323ec57SEd Mastefi 21076ad2f8SDag-Erling Smørgravcase "x$SUDO" in 22076ad2f8SDag-Erling Smørgrav xsudo) sudo=1;; 2319261079SEd Maste xdoas|xdoas\ *) ;; 24076ad2f8SDag-Erling Smørgrav x) 25e9e8876aSEd Maste skip "need SUDO to switch to uid $UNPRIV" ;; 26076ad2f8SDag-Erling Smørgrav *) 27e9e8876aSEd Maste skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;; 28076ad2f8SDag-Erling Smørgravesac 29ce3adf43SDag-Erling Smørgrav 30ce3adf43SDag-Erling Smørgravtrace "start agent" 31f374ba41SEd Masteeval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1 32ce3adf43SDag-Erling Smørgravr=$? 33ce3adf43SDag-Erling Smørgravif [ $r -ne 0 ]; then 34ce3adf43SDag-Erling Smørgrav fail "could not start ssh-agent: exit code $r" 35ce3adf43SDag-Erling Smørgravelse 36ce3adf43SDag-Erling Smørgrav chmod 644 ${SSH_AUTH_SOCK} 37ce3adf43SDag-Erling Smørgrav 38f374ba41SEd Maste ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 39ce3adf43SDag-Erling Smørgrav r=$? 40ce3adf43SDag-Erling Smørgrav if [ $r -ne 1 ]; then 41ce3adf43SDag-Erling Smørgrav fail "ssh-add failed with $r != 1" 42ce3adf43SDag-Erling Smørgrav fi 43076ad2f8SDag-Erling Smørgrav if test -z "$sudo" ; then 44076ad2f8SDag-Erling Smørgrav # doas 45d93a896eSDag-Erling Smørgrav ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 46076ad2f8SDag-Erling Smørgrav else 47076ad2f8SDag-Erling Smørgrav # sudo 48f374ba41SEd Maste < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 49076ad2f8SDag-Erling Smørgrav fi 50ce3adf43SDag-Erling Smørgrav r=$? 51ce3adf43SDag-Erling Smørgrav if [ $r -lt 2 ]; then 52ce3adf43SDag-Erling Smørgrav fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 53f374ba41SEd Maste cat $OBJ/ssh-add.log 54ce3adf43SDag-Erling Smørgrav fi 55ce3adf43SDag-Erling Smørgrav 56ce3adf43SDag-Erling Smørgrav trace "kill agent" 57*4d3fc8b0SEd Maste ${SSHAGENT} -k >>$OBJ/ssh-agent.log 2>&1 58ce3adf43SDag-Erling Smørgravfi 59ce3adf43SDag-Erling Smørgrav 60ce3adf43SDag-Erling Smørgravrm -f ${OBJ}/agent 61