123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- # $OpenBSD: agent-getpeereid.sh,v 1.11 2019/11/26 23:43:10 djm Exp $
- # Placed in the Public Domain.
- tid="disallow agent attach from other uid"
- UNPRIV=nobody
- ASOCK=${OBJ}/agent
- SSH_AUTH_SOCK=/nonexistent
- if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED; then
- :
- else
- echo "skipped (not supported on this platform)"
- exit 0
- fi
- case "x$SUDO" in
- xsudo) sudo=1 ;;
- xdoas) ;;
- x)
- echo "need SUDO to switch to uid $UNPRIV"
- echo SKIPPED
- exit 0
- ;;
- *)
- echo "unsupported $SUDO - "doas" and "sudo" are allowed"
- exit 0
- ;;
- esac
- trace "start agent"
- eval $(${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}) > /dev/null
- r=$?
- if [ $r -ne 0 ]; then
- fail "could not start ssh-agent: exit code $r"
- else
- chmod 644 ${SSH_AUTH_SOCK}
- ${SSHADD} -l > /dev/null 2>&1
- r=$?
- if [ $r -ne 1 ]; then
- fail "ssh-add failed with $r != 1"
- fi
- if test -z "$sudo"; then
- # doas
- ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2> /dev/null
- else
- # sudo
- ${SUDO} < /dev/null -S -u ${UNPRIV} ${SSHADD} -l 2> /dev/null
- fi
- r=$?
- if [ $r -lt 2 ]; then
- fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
- fi
- trace "kill agent"
- ${SSHAGENT} -k > /dev/null
- fi
- rm -f ${OBJ}/agent
|