regress/agent-getpeereid.sh - third_party/openssh-portable - Git at Google

 #	$OpenBSD: agent-getpeereid.sh,v 1.15 2023/02/08 08:06:03 dtucker Exp $
 #	$OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $
 #	Placed in the Public Domain.

 tid="disallow agent attach from other uid"

 UNPRIV=nobody
 ASOCK=${OBJ}/agent
 SSH_AUTH_SOCK=/nonexistent
 >$OBJ/ssh-agent.log
 >$OBJ/ssh-add.log

 if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then
 	:
 else
 	skip "skipped (not supported on this platform)"
 fi
 if test "x$USER" = "xroot"; then
 	skip "skipped (running as root)"
 fi
 case "x$SUDO" in
 	xsudo) sudo=1;;
 	xdoas|xdoas\ *) ;;
 	x)
 		skip "need SUDO to switch to uid $UNPRIV" ;;
 	*)
 		skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;;
 esac

 trace "start agent"
 eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1
 r=$?
 if [ $r -ne 0 ]; then
 	fail "could not start ssh-agent: exit code $r"
 else
 	chmod 644 ${SSH_AUTH_SOCK}

 	${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1
 	r=$?
 	if [ $r -ne 1 ]; then
 		fail "ssh-add failed with $r != 1"
 	fi
 	if test -z "$sudo" ; then
 		# doas
 		${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
 	else
 		# sudo
 		< /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1
 	fi
 	r=$?
 	if [ $r -lt 2 ]; then
 		fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
 		cat $OBJ/ssh-add.log
 	fi

 	trace "kill agent"
 	${SSHAGENT} -k >>$OBJ/ssh-agent.log 2>&1
 fi

 rm -f ${OBJ}/agent
	# $OpenBSD: agent-getpeereid.sh,v 1.15 2023/02/08 08:06:03 dtucker Exp $
	# $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $
	# Placed in the Public Domain.

	tid="disallow agent attach from other uid"

	UNPRIV=nobody
	ASOCK=${OBJ}/agent
	SSH_AUTH_SOCK=/nonexistent
	>$OBJ/ssh-agent.log
	>$OBJ/ssh-add.log

	if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then
	:
	else
	skip "skipped (not supported on this platform)"
	fi
	if test "x$USER" = "xroot"; then
	skip "skipped (running as root)"
	fi
	case "x$SUDO" in
	xsudo) sudo=1;;
	xdoas\|xdoas\ *) ;;
	x)
	skip "need SUDO to switch to uid $UNPRIV" ;;
	*)
	skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;;
	esac

	trace "start agent"
	eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1
	r=$?
	if [ $r -ne 0 ]; then
	fail "could not start ssh-agent: exit code $r"
	else
	chmod 644 ${SSH_AUTH_SOCK}

	${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1
	r=$?
	if [ $r -ne 1 ]; then
	fail "ssh-add failed with $r != 1"
	fi
	if test -z "$sudo" ; then
	# doas
	${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
	else
	# sudo
	< /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1
	fi
	r=$?
	if [ $r -lt 2 ]; then
	fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
	cat $OBJ/ssh-add.log
	fi

	trace "kill agent"
	${SSHAGENT} -k >>$OBJ/ssh-agent.log 2>&1
	fi

	rm -f ${OBJ}/agent