xref: /freebsd/crypto/openssh/regress/agent-getpeereid.sh (revision f7c32ed617858bcd22f8d1b03199099d50125721)
1#	$OpenBSD: agent-getpeereid.sh,v 1.11 2019/11/26 23:43:10 djm Exp $
2#	Placed in the Public Domain.
3
4tid="disallow agent attach from other uid"
5
6UNPRIV=nobody
7ASOCK=${OBJ}/agent
8SSH_AUTH_SOCK=/nonexistent
9
10if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then
11	:
12else
13	echo "skipped (not supported on this platform)"
14	exit 0
15fi
16case "x$SUDO" in
17	xsudo) sudo=1;;
18	xdoas|xdoas\ *) ;;
19	x)
20		echo "need SUDO to switch to uid $UNPRIV"
21		echo SKIPPED
22		exit 0 ;;
23	*)
24		echo "unsupported $SUDO - "doas" and "sudo" are allowed"
25		exit 0 ;;
26esac
27
28trace "start agent"
29eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` > /dev/null
30r=$?
31if [ $r -ne 0 ]; then
32	fail "could not start ssh-agent: exit code $r"
33else
34	chmod 644 ${SSH_AUTH_SOCK}
35
36	${SSHADD} -l > /dev/null 2>&1
37	r=$?
38	if [ $r -ne 1 ]; then
39		fail "ssh-add failed with $r != 1"
40	fi
41	if test -z "$sudo" ; then
42		# doas
43		${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
44	else
45		# sudo
46		< /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
47	fi
48	r=$?
49	if [ $r -lt 2 ]; then
50		fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
51	fi
52
53	trace "kill agent"
54	${SSHAGENT} -k > /dev/null
55fi
56
57rm -f ${OBJ}/agent
58