diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | configure.ac | 19 | ||||
-rw-r--r-- | openbsd-compat/bsd-getpeereid.c | 22 |
3 files changed, 36 insertions, 10 deletions
@@ -29,6 +29,9 @@ | |||
29 | - sort FILES | 29 | - sort FILES |
30 | - +.Xr ssh-keyscan 1 , | 30 | - +.Xr ssh-keyscan 1 , |
31 | from Igor Sobrado | 31 | from Igor Sobrado |
32 | - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use | ||
33 | getpeerucred to implement getpeereid (currently only Solaris 10 and up). | ||
34 | Patch by Jan.Pechanec at Sun. | ||
32 | 35 | ||
33 | 20070313 | 36 | 20070313 |
34 | - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include | 37 | - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include |
@@ -2858,4 +2861,4 @@ | |||
2858 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 2861 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
2859 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 2862 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
2860 | 2863 | ||
2861 | $Id: ChangeLog,v 1.4645 2007/03/21 09:46:54 dtucker Exp $ | 2864 | $Id: ChangeLog,v 1.4646 2007/03/21 10:39:57 dtucker Exp $ |
diff --git a/configure.ac b/configure.ac index a2b236355..f155ada60 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.372 2007/03/05 00:51:27 djm Exp $ | 1 | # $Id: configure.ac,v 1.373 2007/03/21 10:39:57 dtucker Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) | 17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) |
18 | AC_REVISION($Revision: 1.372 $) | 18 | AC_REVISION($Revision: 1.373 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | 20 | ||
21 | AC_CONFIG_HEADER(config.h) | 21 | AC_CONFIG_HEADER(config.h) |
@@ -1241,6 +1241,7 @@ AC_CHECK_FUNCS( \ | |||
1241 | getnameinfo \ | 1241 | getnameinfo \ |
1242 | getopt \ | 1242 | getopt \ |
1243 | getpeereid \ | 1243 | getpeereid \ |
1244 | getpeerucred \ | ||
1244 | _getpty \ | 1245 | _getpty \ |
1245 | getrlimit \ | 1246 | getrlimit \ |
1246 | getttyent \ | 1247 | getttyent \ |
@@ -1489,7 +1490,7 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h> | |||
1489 | 1490 | ||
1490 | # Check for missing getpeereid (or equiv) support | 1491 | # Check for missing getpeereid (or equiv) support |
1491 | NO_PEERCHECK="" | 1492 | NO_PEERCHECK="" |
1492 | if test "x$ac_cv_func_getpeereid" != "xyes" ; then | 1493 | if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then |
1493 | AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) | 1494 | AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) |
1494 | AC_TRY_COMPILE( | 1495 | AC_TRY_COMPILE( |
1495 | [#include <sys/types.h> | 1496 | [#include <sys/types.h> |
@@ -4030,12 +4031,12 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then | |||
4030 | fi | 4031 | fi |
4031 | 4032 | ||
4032 | if test ! -z "$NO_PEERCHECK" ; then | 4033 | if test ! -z "$NO_PEERCHECK" ; then |
4033 | echo "WARNING: the operating system that you are using does not " | 4034 | echo "WARNING: the operating system that you are using does not" |
4034 | echo "appear to support either the getpeereid() API nor the " | 4035 | echo "appear to support getpeereid(), getpeerucred() or the" |
4035 | echo "SO_PEERCRED getsockopt() option. These facilities are used to " | 4036 | echo "SO_PEERCRED getsockopt() option. These facilities are used to" |
4036 | echo "enforce security checks to prevent unauthorised connections to " | 4037 | echo "enforce security checks to prevent unauthorised connections to" |
4037 | echo "ssh-agent. Their absence increases the risk that a malicious " | 4038 | echo "ssh-agent. Their absence increases the risk that a malicious" |
4038 | echo "user can connect to your agent. " | 4039 | echo "user can connect to your agent." |
4039 | echo "" | 4040 | echo "" |
4040 | fi | 4041 | fi |
4041 | 4042 | ||
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c index bdae8b637..5f7e677e5 100644 --- a/openbsd-compat/bsd-getpeereid.c +++ b/openbsd-compat/bsd-getpeereid.c | |||
@@ -37,6 +37,28 @@ getpeereid(int s, uid_t *euid, gid_t *gid) | |||
37 | 37 | ||
38 | return (0); | 38 | return (0); |
39 | } | 39 | } |
40 | #elif defined(HAVE_GETPEERUCRED) | ||
41 | |||
42 | #ifdef HAVE_UCRED_H | ||
43 | # include <ucred.h> | ||
44 | #endif | ||
45 | |||
46 | int | ||
47 | getpeereid(int s, uid_t *euid, gid_t *gid) | ||
48 | { | ||
49 | ucred_t *ucred = NULL; | ||
50 | |||
51 | if (getpeerucred(s, &ucred) == -1) | ||
52 | return (-1); | ||
53 | if ((*euid = ucred_geteuid(ucred)) == -1) | ||
54 | return (-1); | ||
55 | if ((*gid = ucred_getrgid(ucred)) == -1) | ||
56 | return (-1); | ||
57 | |||
58 | ucred_free(ucred); | ||
59 | |||
60 | return (0); | ||
61 | } | ||
40 | #else | 62 | #else |
41 | int | 63 | int |
42 | getpeereid(int s, uid_t *euid, gid_t *gid) | 64 | getpeereid(int s, uid_t *euid, gid_t *gid) |