1 # $OpenBSD: agent-getpeereid.sh,v 1.8 2017/01/06 02:51:16 djm Exp $ 2 # Placed in the Public Domain. 3 4 tid="disallow agent attach from other uid" 5 6 UNPRIV=nobody 7 ASOCK=${OBJ}/agent 8 SSH_AUTH_SOCK=/nonexistent 9 10 if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then 11 : 12 else 13 echo "skipped (not supported on this platform)" 14 exit 0 15 fi 16 case "x$SUDO" in 17 xsudo) sudo=1;; 18 xdoas) ;; 19 x) 20 echo "need SUDO to switch to uid $UNPRIV" 21 exit 0 ;; 22 *) 23 echo "unsupported $SUDO - "doas" and "sudo" are allowed" 24 exit 0 ;; 25 esac 26 27 trace "start agent" 28 eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null 29 r=$? 30 if [ $r -ne 0 ]; then 31 fail "could not start ssh-agent: exit code $r" 32 else 33 chmod 644 ${SSH_AUTH_SOCK} 34 35 ${SSHADD} -l > /dev/null 2>&1 36 r=$? 37 if [ $r -ne 1 ]; then 38 fail "ssh-add failed with $r != 1" 39 fi 40 if test -z "$sudo" ; then 41 # doas 42 ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 43 else 44 # sudo 45 < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 46 fi 47 r=$? 48 if [ $r -lt 2 ]; then 49 fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 50 fi 51 52 trace "kill agent" 53 ${SSHAGENT} -k > /dev/null 54 fi 55 56 rm -f ${OBJ}/agent 57
