- (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
Patch by Jan.Pechanec at Sun.
diff --git a/ChangeLog b/ChangeLog
index 880d2cc..2120e70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,9 @@
- sort FILES
- +.Xr ssh-keyscan 1 ,
from Igor Sobrado
+ - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
+ getpeerucred to implement getpeereid (currently only Solaris 10 and up).
+ Patch by Jan.Pechanec at Sun.
20070313
- (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
@@ -2858,4 +2861,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4645 2007/03/21 09:46:54 dtucker Exp $
+$Id: ChangeLog,v 1.4646 2007/03/21 10:39:57 dtucker Exp $
diff --git a/configure.ac b/configure.ac
index a2b2363..f155ada 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.372 2007/03/05 00:51:27 djm Exp $
+# $Id: configure.ac,v 1.373 2007/03/21 10:39:57 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.372 $)
+AC_REVISION($Revision: 1.373 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
@@ -1241,6 +1241,7 @@
getnameinfo \
getopt \
getpeereid \
+ getpeerucred \
_getpty \
getrlimit \
getttyent \
@@ -1489,7 +1490,7 @@
# Check for missing getpeereid (or equiv) support
NO_PEERCHECK=""
-if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
AC_TRY_COMPILE(
[#include <sys/types.h>
@@ -4030,12 +4031,12 @@
fi
if test ! -z "$NO_PEERCHECK" ; then
- echo "WARNING: the operating system that you are using does not "
- echo "appear to support either the getpeereid() API nor the "
- echo "SO_PEERCRED getsockopt() option. These facilities are used to "
- echo "enforce security checks to prevent unauthorised connections to "
- echo "ssh-agent. Their absence increases the risk that a malicious "
- echo "user can connect to your agent. "
+ echo "WARNING: the operating system that you are using does not"
+ echo "appear to support getpeereid(), getpeerucred() or the"
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to"
+ echo "enforce security checks to prevent unauthorised connections to"
+ echo "ssh-agent. Their absence increases the risk that a malicious"
+ echo "user can connect to your agent."
echo ""
fi
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c
index bdae8b6..5f7e677 100644
--- a/openbsd-compat/bsd-getpeereid.c
+++ b/openbsd-compat/bsd-getpeereid.c
@@ -37,6 +37,28 @@
return (0);
}
+#elif defined(HAVE_GETPEERUCRED)
+
+#ifdef HAVE_UCRED_H
+# include <ucred.h>
+#endif
+
+int
+getpeereid(int s, uid_t *euid, gid_t *gid)
+{
+ ucred_t *ucred = NULL;
+
+ if (getpeerucred(s, &ucred) == -1)
+ return (-1);
+ if ((*euid = ucred_geteuid(ucred)) == -1)
+ return (-1);
+ if ((*gid = ucred_getrgid(ucred)) == -1)
+ return (-1);
+
+ ucred_free(ucred);
+
+ return (0);
+}
#else
int
getpeereid(int s, uid_t *euid, gid_t *gid)