make sure getpeereid works in the agent; XXX test needs sudo

2 files changed, 36 insertions, 1 deletions

diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile
index e50fce34115..508dde024c9 100644
--- a/regress/usr.bin/ssh/Makefile
+++ b/regress/usr.bin/ssh/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.18 2002/12/09 15:38:30 markus Exp $
+#	$OpenBSD: Makefile,v 1.19 2002/12/09 16:05:02 markus Exp $
 
 REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7
 
@@ -17,6 +17,7 @@ LTESTS= 	connect \
 		try-ciphers \
 		yes-head \
 		agent \
+		agent-getpeereid \
 		agent-timeout \
 		agent-ptrace \
 		keyscan \
diff --git a/regress/usr.bin/ssh/agent-getpeereid.sh b/regress/usr.bin/ssh/agent-getpeereid.sh
new file mode 100644
index 00000000000..0889fe80e3f
--- /dev/null
+++ b/regress/usr.bin/ssh/agent-getpeereid.sh
@@ -0,0 +1,34 @@
+#	$OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $
+#	Placed in the Public Domain.
+
+tid="disallow agent attach from other uid"
+
+UNPRIV=nobody
+ASOCK=${OBJ}/agent
+SSH_AUTH_SOCK=/nonexistant
+
+trace "start agent"
+eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+	fail "could not start ssh-agent: exit code $r"
+else
+	chmod 644 ${SSH_AUTH_SOCK}
+
+	ssh-add -l > /dev/null 2>&1
+	r=$?
+	if [ $r -ne 1 ]; then
+		fail "ssh-add failed with $r != 1"
+	fi
+
+	< /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
+	r=$?
+	if [ $r -lt 2 ]; then
+		fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
+	fi
+
+	trace "kill agent"
+	${SSHAGENT} -k > /dev/null
+fi
+
+rm -f ${OBJ}/agent