1# $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="disallow agent attach from other uid" 5 6UNPRIV=nobody 7ASOCK=${OBJ}/agent 8SSH_AUTH_SOCK=/nonexistent 9>$OBJ/ssh-agent.log 10>$OBJ/ssh-add.log 11 12if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then 13 : 14else 15 skip "skipped (not supported on this platform)" 16fi 17if test "x$USER" = "xroot"; then 18 skip "skipped (running as root)" 19fi 20case "x$SUDO" in 21 xsudo) sudo=1;; 22 xdoas|xdoas\ *) ;; 23 x) 24 skip "need SUDO to switch to uid $UNPRIV" ;; 25 *) 26 skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;; 27esac 28 29trace "start agent" 30eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1 31r=$? 32if [ $r -ne 0 ]; then 33 fail "could not start ssh-agent: exit code $r" 34else 35 chmod 644 ${SSH_AUTH_SOCK} 36 37 ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 38 r=$? 39 if [ $r -ne 1 ]; then 40 fail "ssh-add failed with $r != 1" 41 fi 42 if test -z "$sudo" ; then 43 # doas 44 ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 45 else 46 # sudo 47 < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 48 fi 49 r=$? 50 if [ $r -lt 2 ]; then 51 fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 52 cat $OBJ/ssh-add.log 53 fi 54 55 trace "kill agent" 56 ${SSHAGENT} -vvv -k >>$OBJ/ssh-agent.log 2>&1 57fi 58 59rm -f ${OBJ}/agent 60