xref: /freebsd/crypto/openssh/regress/agent-getpeereid.sh (revision 370e009188ba90c3290b1479aa06ec98b66e140a)
1#	$OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $
2#	Placed in the Public Domain.
3
4tid="disallow agent attach from other uid"
5
6UNPRIV=nobody
7ASOCK=${OBJ}/agent
8SSH_AUTH_SOCK=/nonexistent
9>$OBJ/ssh-agent.log
10>$OBJ/ssh-add.log
11
12if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then
13	:
14else
15	skip "skipped (not supported on this platform)"
16fi
17if test "x$USER" = "xroot"; then
18	skip "skipped (running as root)"
19fi
20case "x$SUDO" in
21	xsudo) sudo=1;;
22	xdoas|xdoas\ *) ;;
23	x)
24		skip "need SUDO to switch to uid $UNPRIV" ;;
25	*)
26		skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;;
27esac
28
29trace "start agent"
30eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1
31r=$?
32if [ $r -ne 0 ]; then
33	fail "could not start ssh-agent: exit code $r"
34else
35	chmod 644 ${SSH_AUTH_SOCK}
36
37	${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1
38	r=$?
39	if [ $r -ne 1 ]; then
40		fail "ssh-add failed with $r != 1"
41	fi
42	if test -z "$sudo" ; then
43		# doas
44		${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
45	else
46		# sudo
47		< /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1
48	fi
49	r=$?
50	if [ $r -lt 2 ]; then
51		fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
52		cat $OBJ/ssh-add.log
53	fi
54
55	trace "kill agent"
56	${SSHAGENT} -vvv -k >>$OBJ/ssh-agent.log 2>&1
57fi
58
59rm -f ${OBJ}/agent
60