#include "includes.h"
#include "openbsd-compat/fake-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.103 2002/09/10 20:24:47 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
char *__progname;
#endif
+static void
+close_socket(SocketEntry *e)
+{
+ close(e->fd);
+ e->fd = -1;
+ e->type = AUTH_UNUSED;
+ buffer_free(&e->input);
+ buffer_free(&e->output);
+ buffer_free(&e->request);
+}
+
static void
idtab_init(void)
{
cp = buffer_ptr(&e->input);
msg_len = GET_32BIT(cp);
if (msg_len > 256 * 1024) {
- shutdown(e->fd, SHUT_RDWR);
- close(e->fd);
- e->fd = -1;
- e->type = AUTH_UNUSED;
- buffer_free(&e->input);
- buffer_free(&e->output);
- buffer_free(&e->request);
+ close_socket(e);
return;
}
if (buffer_len(&e->input) < msg_len + 4)
char buf[1024];
int len, sock;
u_int i;
+ uid_t euid;
+ gid_t egid;
for (i = 0; i < sockets_alloc; i++)
switch (sockets[i].type) {
strerror(errno));
break;
}
+ if (getpeereid(sock, &euid, &egid) < 0) {
+ error("getpeereid %d failed: %s",
+ sock, strerror(errno));
+ close(sock);
+ break;
+ }
+ if (getuid() != euid) {
+ error("uid mismatch: "
+ "peer euid %d != uid %d",
+ (int) euid, (int) getuid());
+ close(sock);
+ break;
+ }
new_socket(AUTH_CONNECTION, sock);
}
break;
break;
} while (1);
if (len <= 0) {
- shutdown(sockets[i].fd, SHUT_RDWR);
- close(sockets[i].fd);
- sockets[i].fd = -1;
- sockets[i].type = AUTH_UNUSED;
- buffer_free(&sockets[i].input);
- buffer_free(&sockets[i].output);
- buffer_free(&sockets[i].request);
+ close_socket(&sockets[i]);
break;
}
buffer_consume(&sockets[i].output, len);
break;
} while (1);
if (len <= 0) {
- shutdown(sockets[i].fd, SHUT_RDWR);
- close(sockets[i].fd);
- sockets[i].fd = -1;
- sockets[i].type = AUTH_UNUSED;
- buffer_free(&sockets[i].input);
- buffer_free(&sockets[i].output);
- buffer_free(&sockets[i].request);
+ close_socket(&sockets[i]);
break;
}
buffer_append(&sockets[i].input, buf, len);
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
+ /* drop */
+ setegid(getgid());
+ setgid(getgid());
+
SSLeay_add_all_algorithms();
__progname = get_progname(av[0]);
#ifdef HAVE_CYGWIN
umask(prev_mask);
#endif
- if (listen(sock, 5) < 0) {
+ if (listen(sock, 128) < 0) {
perror("listen");
cleanup_exit(1);
}