3 files changed, 36 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 880d2cc2b..2120e702d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,9 @@
     - sort FILES
     - +.Xr ssh-keyscan 1 ,
     from Igor Sobrado
+ - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
+   getpeerucred to implement getpeereid (currently only Solaris 10 and up).
+   Patch by Jan.Pechanec at Sun.
 20070313
 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
@@ -2858,4 +2861,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4645 2007/03/21 09:46:54 dtucker Exp $
+$Id: ChangeLog,v 1.4646 2007/03/21 10:39:57 dtucker Exp $
diff --git a/configure.ac b/configure.ac
index a2b236355..f155ada60 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.372 2007/03/05 00:51:27 djm Exp $
+# $Id: configure.ac,v 1.373 2007/03/21 10:39:57 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.372 $)
+AC_REVISION($Revision: 1.373 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_CONFIG_HEADER(config.h)
@@ -1241,6 +1241,7 @@ AC_CHECK_FUNCS( \
        getnameinfo \
        getopt \
        getpeereid \
+        getpeerucred \
        _getpty \
        getrlimit \
        getttyent \
@@ -1489,7 +1490,7 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
 # Check for missing getpeereid (or equiv) support
 NO_PEERCHECK=""
-if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
        AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
        AC_TRY_COMPILE(
                [#include <sys/types.h>
@@ -4030,12 +4031,12 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then
 fi
 if test ! -z "$NO_PEERCHECK" ; then
-        echo "WARNING: the operating system that you are using does not "
+        echo "WARNING: the operating system that you are using does not"
-        echo "appear to support either the getpeereid() API nor the "
+        echo "appear to support getpeereid(), getpeerucred() or the"
-        echo "SO_PEERCRED getsockopt() option. These facilities are used to "
+        echo "SO_PEERCRED getsockopt() option. These facilities are used to"
-        echo "enforce security checks to prevent unauthorised connections to "
+        echo "enforce security checks to prevent unauthorised connections to"
-        echo "ssh-agent. Their absence increases the risk that a malicious "
+        echo "ssh-agent. Their absence increases the risk that a malicious"
-        echo "user can connect to your agent. "
+        echo "user can connect to your agent."
        echo ""
 fi
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c
index bdae8b637..5f7e677e5 100644
--- a/openbsd-compat/bsd-getpeereid.c
+++ b/openbsd-compat/bsd-getpeereid.c
@@ -37,6 +37,28 @@ getpeereid(int s, uid_t *euid, gid_t *gid)
        return (0);
 }
+#elif defined(HAVE_GETPEERUCRED)
+#ifdef HAVE_UCRED_H
+# include <ucred.h>
+#endif
+int
+getpeereid(int s, uid_t *euid, gid_t *gid)
+{
+        ucred_t *ucred = NULL;
+        if (getpeerucred(s, &ucred) == -1)
+                return (-1);
+        if ((*euid = ucred_geteuid(ucred)) == -1)
+                return (-1);
+        if ((*gid = ucred_getrgid(ucred)) == -1)
+                return (-1);
+        ucred_free(ucred);
+        return (0);
+}
 #else
 int
 getpeereid(int s, uid_t *euid, gid_t *gid)