1# $OpenBSD: agent-getpeereid.sh,v 1.11 2019/11/26 23:43:10 djm Exp $ 2# Placed in the Public Domain. 3 4tid="disallow agent attach from other uid" 5 6UNPRIV=nobody 7ASOCK=${OBJ}/agent 8SSH_AUTH_SOCK=/nonexistent 9 10if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then 11 : 12else 13 echo "skipped (not supported on this platform)" 14 exit 0 15fi 16case "x$SUDO" in 17 xsudo) sudo=1;; 18 xdoas|xdoas\ *) ;; 19 x) 20 echo "need SUDO to switch to uid $UNPRIV" 21 echo SKIPPED 22 exit 0 ;; 23 *) 24 echo "unsupported $SUDO - "doas" and "sudo" are allowed" 25 exit 0 ;; 26esac 27 28trace "start agent" 29eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` > /dev/null 30r=$? 31if [ $r -ne 0 ]; then 32 fail "could not start ssh-agent: exit code $r" 33else 34 chmod 644 ${SSH_AUTH_SOCK} 35 36 ${SSHADD} -l > /dev/null 2>&1 37 r=$? 38 if [ $r -ne 1 ]; then 39 fail "ssh-add failed with $r != 1" 40 fi 41 if test -z "$sudo" ; then 42 # doas 43 ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 44 else 45 # sudo 46 < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 47 fi 48 r=$? 49 if [ $r -lt 2 ]; then 50 fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 51 fi 52 53 trace "kill agent" 54 ${SSHAGENT} -k > /dev/null 55fi 56 57rm -f ${OBJ}/agent 58