summaryrefslogtreecommitdiffstats
path: root/regress/agent-getpeereid.sh
diff options
context:
space:
mode:
Diffstat (limited to 'regress/agent-getpeereid.sh')
-rw-r--r--regress/agent-getpeereid.sh60
1 files changed, 60 insertions, 0 deletions
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
new file mode 100644
index 0000000..f6532f0
--- /dev/null
+++ b/regress/agent-getpeereid.sh
@@ -0,0 +1,60 @@
+# $OpenBSD: agent-getpeereid.sh,v 1.15 2023/02/08 08:06:03 dtucker Exp $
+# $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="disallow agent attach from other uid"
+
+UNPRIV=nobody
+ASOCK=${OBJ}/agent
+SSH_AUTH_SOCK=/nonexistent
+>$OBJ/ssh-agent.log
+>$OBJ/ssh-add.log
+
+if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then
+ :
+else
+ skip "skipped (not supported on this platform)"
+fi
+if test "x$USER" = "xroot"; then
+ skip "skipped (running as root)"
+fi
+case "x$SUDO" in
+ xsudo) sudo=1;;
+ xdoas|xdoas\ *) ;;
+ x)
+ skip "need SUDO to switch to uid $UNPRIV" ;;
+ *)
+ skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;;
+esac
+
+trace "start agent"
+eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ chmod 644 ${SSH_AUTH_SOCK}
+
+ ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1
+ r=$?
+ if [ $r -ne 1 ]; then
+ fail "ssh-add failed with $r != 1"
+ fi
+ if test -z "$sudo" ; then
+ # doas
+ ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
+ else
+ # sudo
+ < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1
+ fi
+ r=$?
+ if [ $r -lt 2 ]; then
+ fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
+ cat $OBJ/ssh-add.log
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k >>$OBJ/ssh-agent.log 2>&1
+fi
+
+rm -f ${OBJ}/agent
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:48:22 +0000