]> andersk Git - gssapi-openssh.git/blobdiff - openssh/ssh-agent.c
andersk / gssapi-openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
merged OpenSSH 3.5p1 to trunk
[gssapi-openssh.git] / openssh / ssh-agent.c
diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c
index ac16bae40aa59307d76a0a0b4600fb6f6d02c19f..cca720ee2717a03606a7884cf2c33d16fab7472a 100644 (file)
--- a/openssh/ssh-agent.c
+++ b/openssh/ssh-agent.c
@@ -34,8 +34,8 @@
  */
 
 #include "includes.h"
-#include "openbsd-compat/fake-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $");
+#include "openbsd-compat/sys-queue.h"
+RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -106,6 +106,17 @@ extern char *__progname;
 char *__progname;
 #endif
 
+static void
+close_socket(SocketEntry *e)
+{
+       close(e->fd);
+       e->fd = -1;
+       e->type = AUTH_UNUSED;
+       buffer_free(&e->input);
+       buffer_free(&e->output);
+       buffer_free(&e->request);
+}
+
 static void
 idtab_init(void)
 {
@@ -617,13 +628,7 @@ process_message(SocketEntry *e)
        cp = buffer_ptr(&e->input);
        msg_len = GET_32BIT(cp);
        if (msg_len > 256 * 1024) {
-               shutdown(e->fd, SHUT_RDWR);
-               close(e->fd);
-               e->fd = -1;
-               e->type = AUTH_UNUSED;
-               buffer_free(&e->input);
-               buffer_free(&e->output);
-               buffer_free(&e->request);
+               close_socket(e);
                return;
        }
        if (buffer_len(&e->input) < msg_len + 4)
@@ -805,6 +810,8 @@ after_select(fd_set *readset, fd_set *writeset)
        char buf[1024];
        int len, sock;
        u_int i;
+       uid_t euid;
+       gid_t egid;
 
        for (i = 0; i < sockets_alloc; i++)
                switch (sockets[i].type) {
@@ -820,6 +827,19 @@ after_select(fd_set *readset, fd_set *writeset)
                                            strerror(errno));
                                        break;
                                }
+                               if (getpeereid(sock, &euid, &egid) < 0) {
+                                       error("getpeereid %d failed: %s",
+                                           sock, strerror(errno));
+                                       close(sock);
+                                       break;
+                               }
+                               if ((euid != 0) && (getuid() != euid)) {
+                                       error("uid mismatch: "
+                                           "peer euid %u != uid %u",
+                                           (u_int) euid, (u_int) getuid());
+                                       close(sock);
+                                       break;
+                               }
                                new_socket(AUTH_CONNECTION, sock);
                        }
                        break;
@@ -836,13 +856,7 @@ after_select(fd_set *readset, fd_set *writeset)
                                        break;
                                } while (1);
                                if (len <= 0) {
-                                       shutdown(sockets[i].fd, SHUT_RDWR);
-                                       close(sockets[i].fd);
-                                       sockets[i].fd = -1;
-                                       sockets[i].type = AUTH_UNUSED;
-                                       buffer_free(&sockets[i].input);
-                                       buffer_free(&sockets[i].output);
-                                       buffer_free(&sockets[i].request);
+                                       close_socket(&sockets[i]);
                                        break;
                                }
                                buffer_consume(&sockets[i].output, len);
@@ -856,13 +870,7 @@ after_select(fd_set *readset, fd_set *writeset)
                                        break;
                                } while (1);
                                if (len <= 0) {
-                                       shutdown(sockets[i].fd, SHUT_RDWR);
-                                       close(sockets[i].fd);
-                                       sockets[i].fd = -1;
-                                       sockets[i].type = AUTH_UNUSED;
-                                       buffer_free(&sockets[i].input);
-                                       buffer_free(&sockets[i].output);
-                                       buffer_free(&sockets[i].request);
+                                       close_socket(&sockets[i]);
                                        break;
                                }
                                buffer_append(&sockets[i].input, buf, len);
@@ -943,6 +951,10 @@ main(int ac, char **av)
        pid_t pid;
        char pidstrbuf[1 + 3 * sizeof pid];
 
+       /* drop */
+       setegid(getgid());
+       setgid(getgid());
+
        SSLeay_add_all_algorithms();
 
        __progname = get_progname(av[0]);
@@ -1052,7 +1064,7 @@ main(int ac, char **av)
 #ifdef HAVE_CYGWIN
        umask(prev_mask);
 #endif
-       if (listen(sock, 5) < 0) {
+       if (listen(sock, 128) < 0) {
                perror("listen");
                cleanup_exit(1);
        }
git-cvsimport mirror of GSI OpenSSH
This page took 0.15961 seconds and 4 git commands to generate.