dtucker@openbsd.org | df88551 | 2018-02-09 03:40:22 +0000 | [diff] [blame] | 1 | # $OpenBSD: agent-getpeereid.sh,v 1.10 2018/02/09 03:40:22 dtucker Exp $ |
Damien Miller | 8b9cde7 | 2003-01-22 17:53:16 +1100 | [diff] [blame] | 2 | # Placed in the Public Domain. |
| 3 | |
| 4 | tid="disallow agent attach from other uid" |
| 5 | |
| 6 | UNPRIV=nobody |
| 7 | ASOCK=${OBJ}/agent |
Damien Miller | d666d8e | 2008-03-12 23:58:55 +1100 | [diff] [blame] | 8 | SSH_AUTH_SOCK=/nonexistent |
Damien Miller | 8b9cde7 | 2003-01-22 17:53:16 +1100 | [diff] [blame] | 9 | |
Tim Rice | 6dfcd34 | 2011-01-16 22:53:56 -0800 | [diff] [blame] | 10 | if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then |
| 11 | : |
| 12 | else |
Darren Tucker | 2297ac4 | 2003-09-04 13:49:30 +1000 | [diff] [blame] | 13 | echo "skipped (not supported on this platform)" |
| 14 | exit 0 |
| 15 | fi |
djm@openbsd.org | 07d5608 | 2016-05-03 14:41:04 +0000 | [diff] [blame] | 16 | case "x$SUDO" in |
| 17 | xsudo) sudo=1;; |
| 18 | xdoas) ;; |
| 19 | x) |
| 20 | echo "need SUDO to switch to uid $UNPRIV" |
Damien Miller | a8dd6fe | 2018-02-23 14:19:11 +1100 | [diff] [blame] | 21 | echo SKIPPED |
djm@openbsd.org | 07d5608 | 2016-05-03 14:41:04 +0000 | [diff] [blame] | 22 | exit 0 ;; |
| 23 | *) |
| 24 | echo "unsupported $SUDO - "doas" and "sudo" are allowed" |
| 25 | exit 0 ;; |
| 26 | esac |
Damien Miller | 7b1877c | 2006-07-24 15:31:41 +1000 | [diff] [blame] | 27 | |
Damien Miller | 8b9cde7 | 2003-01-22 17:53:16 +1100 | [diff] [blame] | 28 | trace "start agent" |
| 29 | eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null |
| 30 | r=$? |
| 31 | if [ $r -ne 0 ]; then |
| 32 | fail "could not start ssh-agent: exit code $r" |
| 33 | else |
| 34 | chmod 644 ${SSH_AUTH_SOCK} |
| 35 | |
djm@openbsd.org | 01cfaa2 | 2017-01-06 02:51:16 +0000 | [diff] [blame] | 36 | ${SSHADD} -l > /dev/null 2>&1 |
Damien Miller | 8b9cde7 | 2003-01-22 17:53:16 +1100 | [diff] [blame] | 37 | r=$? |
| 38 | if [ $r -ne 1 ]; then |
| 39 | fail "ssh-add failed with $r != 1" |
| 40 | fi |
djm@openbsd.org | 07d5608 | 2016-05-03 14:41:04 +0000 | [diff] [blame] | 41 | if test -z "$sudo" ; then |
| 42 | # doas |
djm@openbsd.org | 01cfaa2 | 2017-01-06 02:51:16 +0000 | [diff] [blame] | 43 | ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null |
djm@openbsd.org | 07d5608 | 2016-05-03 14:41:04 +0000 | [diff] [blame] | 44 | else |
| 45 | # sudo |
djm@openbsd.org | 01cfaa2 | 2017-01-06 02:51:16 +0000 | [diff] [blame] | 46 | < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null |
djm@openbsd.org | 07d5608 | 2016-05-03 14:41:04 +0000 | [diff] [blame] | 47 | fi |
Damien Miller | 8b9cde7 | 2003-01-22 17:53:16 +1100 | [diff] [blame] | 48 | r=$? |
| 49 | if [ $r -lt 2 ]; then |
| 50 | fail "ssh-add did not fail for ${UNPRIV}: $r < 2" |
| 51 | fi |
| 52 | |
| 53 | trace "kill agent" |
| 54 | ${SSHAGENT} -k > /dev/null |
| 55 | fi |
| 56 | |
| 57 | rm -f ${OBJ}/agent |