On 29 September 2017 at 11:05, Iain Morgan <imorgan+openssh at nas.nasa.gov> wrote: [...]> This is due to my shell being csh, which is pickier about undefined > variables than the Bourne-style shells. The attached patch fixes the > issue.Thanks for figuring this out.> - 'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present" > + 'test -z `printenv SSH_USER_AUTH`' || fail "SSH_USER_AUTH present"Unfortunately printenv is not specified by posix (AFAICT it's a gnuism) so that would likely break many other currently working platforms. Would it be possible to do something like: 'test -z `sh -c "echo $SSH_USER_AUTH"`' || fail "SSH_USER_AUTH present" (plus or minus some quoting, probably) ? -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Fri, Sep 29, 2017 at 11:55:26 -0700, Darren Tucker wrote:> On 29 September 2017 at 11:05, Iain Morgan <imorgan+openssh at nas.nasa.gov> wrote: > [...] > > This is due to my shell being csh, which is pickier about undefined > > variables than the Bourne-style shells. The attached patch fixes the > > issue. > > Thanks for figuring this out. > > > - 'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present" > > + 'test -z `printenv SSH_USER_AUTH`' || fail "SSH_USER_AUTH present" > > Unfortunately printenv is not specified by posix (AFAICT it's a > gnuism) so that would likely break many other currently working > platforms. > Would it be possible to do something like: > > 'test -z `sh -c "echo $SSH_USER_AUTH"`' || fail "SSH_USER_AUTH present" > > (plus or minus some quoting, probably) ? >Actually, according to OpenBSD's printenv(1) man page, it first appeared in 2BSD. The man page on OS X claims it was BSD 3.0. However, it doesn't appear to be part of any standard. Your suggestion ran into the same issue as the original test, but escaping the evaluation by the user's shell appears to work: 'test -z `sh -c "echo \$SSH_USER_AUTH"`' || fail "SSH_USER_AUTH present" -- Iain Morgan
On Fri, 29 Sep 2017, Iain Morgan wrote:> Actually, according to OpenBSD's printenv(1) man page, it first appeared > in 2BSD. The man page on OS X claims it was BSD 3.0. However, it doesn't > appear to be part of any standard. > > Your suggestion ran into the same issue as the original test, but > escaping the evaluation by the user's shell appears to work: > > 'test -z `sh -c "echo \$SSH_USER_AUTH"`' || fail "SSH_USER_AUTH present"How about: diff --git a/regress/authinfo.sh b/regress/authinfo.sh index e725296c..b47f4e5a 100644 --- a/regress/authinfo.sh +++ b/regress/authinfo.sh @@ -5,8 +5,10 @@ tid="authinfo" # Ensure the environment variable doesn't leak when ExposeAuthInfo=no. verbose "ExposeAuthInfo=no" + env SSH_USER_AUTH=blah ${SSH} -F $OBJ/ssh_proxy x \ - 'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present" + "exec sh -c 'test -z \"\$SSH_USER_AUTH\"'" || \ + fail "SSH_USER_AUTH present" verbose "ExposeAuthInfo=yes" echo ExposeAuthInfo=yes >> $OBJ/sshd_proxy