1*e9e8876aSEd Maste# $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $ 2ce3adf43SDag-Erling Smørgrav# Placed in the Public Domain. 3ce3adf43SDag-Erling Smørgrav 4ce3adf43SDag-Erling Smørgravtid="disallow agent attach from other uid" 5ce3adf43SDag-Erling Smørgrav 6ce3adf43SDag-Erling SmørgravUNPRIV=nobody 7ce3adf43SDag-Erling SmørgravASOCK=${OBJ}/agent 8ce3adf43SDag-Erling SmørgravSSH_AUTH_SOCK=/nonexistent 9ce3adf43SDag-Erling Smørgrav 10ce3adf43SDag-Erling Smørgravif config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then 11ce3adf43SDag-Erling Smørgrav : 12ce3adf43SDag-Erling Smørgravelse 13*e9e8876aSEd Maste skip "skipped (not supported on this platform)" 14ce3adf43SDag-Erling Smørgravfi 15076ad2f8SDag-Erling Smørgravcase "x$SUDO" in 16076ad2f8SDag-Erling Smørgrav xsudo) sudo=1;; 1719261079SEd Maste xdoas|xdoas\ *) ;; 18076ad2f8SDag-Erling Smørgrav x) 19*e9e8876aSEd Maste skip "need SUDO to switch to uid $UNPRIV" ;; 20076ad2f8SDag-Erling Smørgrav *) 21*e9e8876aSEd Maste skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;; 22076ad2f8SDag-Erling Smørgravesac 23ce3adf43SDag-Erling Smørgrav 24ce3adf43SDag-Erling Smørgravtrace "start agent" 2519261079SEd Masteeval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` > /dev/null 26ce3adf43SDag-Erling Smørgravr=$? 27ce3adf43SDag-Erling Smørgravif [ $r -ne 0 ]; then 28ce3adf43SDag-Erling Smørgrav fail "could not start ssh-agent: exit code $r" 29ce3adf43SDag-Erling Smørgravelse 30ce3adf43SDag-Erling Smørgrav chmod 644 ${SSH_AUTH_SOCK} 31ce3adf43SDag-Erling Smørgrav 32d93a896eSDag-Erling Smørgrav ${SSHADD} -l > /dev/null 2>&1 33ce3adf43SDag-Erling Smørgrav r=$? 34ce3adf43SDag-Erling Smørgrav if [ $r -ne 1 ]; then 35ce3adf43SDag-Erling Smørgrav fail "ssh-add failed with $r != 1" 36ce3adf43SDag-Erling Smørgrav fi 37076ad2f8SDag-Erling Smørgrav if test -z "$sudo" ; then 38076ad2f8SDag-Erling Smørgrav # doas 39d93a896eSDag-Erling Smørgrav ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 40076ad2f8SDag-Erling Smørgrav else 41076ad2f8SDag-Erling Smørgrav # sudo 42d93a896eSDag-Erling Smørgrav < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 43076ad2f8SDag-Erling Smørgrav fi 44ce3adf43SDag-Erling Smørgrav r=$? 45ce3adf43SDag-Erling Smørgrav if [ $r -lt 2 ]; then 46ce3adf43SDag-Erling Smørgrav fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 47ce3adf43SDag-Erling Smørgrav fi 48ce3adf43SDag-Erling Smørgrav 49ce3adf43SDag-Erling Smørgrav trace "kill agent" 50ce3adf43SDag-Erling Smørgrav ${SSHAGENT} -k > /dev/null 51ce3adf43SDag-Erling Smørgravfi 52ce3adf43SDag-Erling Smørgrav 53ce3adf43SDag-Erling Smørgravrm -f ${OBJ}/agent 54