1# $OpenBSD: agent-getpeereid.sh,v 1.15 2023/02/08 08:06:03 dtucker Exp $ 2# $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $ 3# Placed in the Public Domain. 4 5tid="disallow agent attach from other uid" 6 7UNPRIV=nobody 8ASOCK=${OBJ}/agent 9SSH_AUTH_SOCK=/nonexistent 10>$OBJ/ssh-agent.log 11>$OBJ/ssh-add.log 12 13if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then 14 : 15else 16 skip "skipped (not supported on this platform)" 17fi 18if test "x$USER" = "xroot"; then 19 skip "skipped (running as root)" 20fi 21case "x$SUDO" in 22 xsudo) sudo=1;; 23 xdoas|xdoas\ *) ;; 24 x) 25 skip "need SUDO to switch to uid $UNPRIV" ;; 26 *) 27 skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;; 28esac 29 30trace "start agent" 31eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1 32r=$? 33if [ $r -ne 0 ]; then 34 fail "could not start ssh-agent: exit code $r" 35else 36 chmod 644 ${SSH_AUTH_SOCK} 37 38 ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 39 r=$? 40 if [ $r -ne 1 ]; then 41 fail "ssh-add failed with $r != 1" 42 fi 43 if test -z "$sudo" ; then 44 # doas 45 ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 46 else 47 # sudo 48 < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 49 fi 50 r=$? 51 if [ $r -lt 2 ]; then 52 fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 53 cat $OBJ/ssh-add.log 54 fi 55 56 trace "kill agent" 57 ${SSHAGENT} -k >>$OBJ/ssh-agent.log 2>&1 58fi 59 60rm -f ${OBJ}/agent 61