(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:tid) op: assign_op.Equal rhs: {(DQ <'disallow agent attach from other uid'>)} spids: [7] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:UNPRIV) op: assign_op.Equal rhs: {<nobody>} spids: [13] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:ASOCK) op: assign_op.Equal rhs: {(${ Id.VSub_Name OBJ) <'/agent'>} spids: [16] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:SSH_AUTH_SOCK) op: assign_op.Equal rhs: {<'/nonexistent'>} spids: [22] ) ] ) (command.If arms: [ (if_arm cond: (condition.Shell commands: [ (command.Sentence child: (C {<config_defined>} {<HAVE_GETPEEREID>} {<HAVE_GETPEERUCRED>} {<HAVE_SO_PEERCRED>}) terminator: <Id.Op_Semi _> ) ] ) action: [(C {<Id.Lit_Colon ':'>})] spids: [26 38] ) ] else_action: [ (C {<echo>} {(DQ <'skipped (not supported on this platform)'>)}) (command.ControlFlow token:<Id.ControlFlow_Exit exit> arg_word:{<0>}) ] ) (command.Case to_match: {(DQ <x> ($ Id.VSub_DollarName '$SUDO'))} arms: [ (case_arm pat_list: [{<xsudo>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:sudo) op: assign_op.Equal rhs: {<1>} spids: [72] ) ] ) ] spids: [69 70 74 -1] ) (case_arm pat_list:[{<xdoas>}] spids:[77 78 80 -1]) (case_arm pat_list: [{<x>}] action: [ (C {<echo>} {(DQ <'need SUDO to switch to uid '> ($ Id.VSub_DollarName '$UNPRIV'))}) (command.ControlFlow token:<Id.ControlFlow_Exit exit> arg_word:{<0>}) ] spids: [83 84 99 -1] ) (case_arm pat_list: [{<Id.Lit_Star '*'>}] action: [ (C {<echo>} {(DQ <'unsupported '> ($ Id.VSub_DollarName '$SUDO') <' - '>) <doas> (DQ <' and '>) <sudo> (DQ <' are allowed'>) } ) (command.ControlFlow token:<Id.ControlFlow_Exit exit> arg_word:{<0>}) ] spids: [102 103 127 -1] ) ] ) (C {<trace>} {(DQ <'start agent'>)}) (command.Simple words: [ {<eval>} { (command_sub left_token: <Id.Left_Backtick '`'> child: (C {(${ Id.VSub_Name SSHAGENT)} {<-s>} {<-a>} {(${ Id.VSub_Name ASOCK)}) ) } ] redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})] do_fork: T ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:r) op: assign_op.Equal rhs: {($ Id.VSub_QMark '$?')} spids: [160] ) ] ) (command.If arms: [ (if_arm cond: (condition.Shell commands: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {($ Id.VSub_DollarName '$r')} {<-ne>} {<0>} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] ) action: [ (C {<fail>} {(DQ <'could not start ssh-agent: exit code '> ($ Id.VSub_DollarName '$r'))}) ] spids: [163 176] ) ] else_action: [ (C {<chmod>} {<644>} {(${ Id.VSub_Name SSH_AUTH_SOCK)}) (command.Simple words: [{(${ Id.VSub_Name SSHADD)} {<-l>}] redirects: [ (redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>}) (redir op:<Id.Redir_GreatAnd '2>&'> loc:(redir_loc.Fd fd:2) arg:{<1>}) ] do_fork: T ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:r) op: assign_op.Equal rhs: {($ Id.VSub_QMark '$?')} spids: [213] ) ] ) (command.If arms: [ (if_arm cond: (condition.Shell commands: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {($ Id.VSub_DollarName '$r')} {<-ne>} {<1>} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] ) action: [ (C {<fail>} {(DQ <'ssh-add failed with '> ($ Id.VSub_DollarName '$r') <' != 1'>)}) ] spids: [217 230] ) ] ) (command.If arms: [ (if_arm cond: (condition.Shell commands: [ (command.Sentence child: (C {<test>} {<-z>} {(DQ ($ Id.VSub_DollarName '$sudo'))}) terminator: <Id.Op_Semi _> ) ] ) action: [ (command.Simple words: [ {(${ Id.VSub_Name SUDO)} {<-n>} {<-u>} {(${ Id.VSub_Name UNPRIV)} {(${ Id.VSub_Name SSHADD)} {<-l>} ] redirects: [ (redir op: <Id.Redir_Great '2>'> loc: (redir_loc.Fd fd:2) arg: {<'/dev/null'>} ) ] do_fork: T ) ] spids: [245 257] ) ] else_action: [ (command.Simple words: [ {(${ Id.VSub_Name SUDO)} {<-S>} {<-u>} {(${ Id.VSub_Name UNPRIV)} {(${ Id.VSub_Name SSHADD)} {<-l>} ] redirects: [ (redir op: <Id.Redir_Less '<'> loc: (redir_loc.Fd fd:0) arg: {<'/dev/null'>} ) (redir op: <Id.Redir_Great '2>'> loc: (redir_loc.Fd fd:2) arg: {<'/dev/null'>} ) ] do_fork: T ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:r) op: assign_op.Equal rhs: {($ Id.VSub_QMark '$?')} spids: [322] ) ] ) (command.If arms: [ (if_arm cond: (condition.Shell commands: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {($ Id.VSub_DollarName '$r')} {<-lt>} {<2>} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] ) action: [ (C {<fail>} { (DQ <'ssh-add did not fail for '> (${ Id.VSub_Name UNPRIV) <': '> ($ Id.VSub_DollarName '$r') <' < 2'> ) } ) ] spids: [326 339] ) ] ) (C {<trace>} {(DQ <'kill agent'>)}) (command.Simple words: [{(${ Id.VSub_Name SSHAGENT)} {<-k>}] redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})] do_fork: T ) ] ) (C {<rm>} {<-f>} {(${ Id.VSub_Name OBJ) <'/agent'>}) ] )