- sort FILES
- +.Xr ssh-keyscan 1 ,
from Igor Sobrado
+ - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
+ getpeerucred to implement getpeereid (currently only Solaris 10 and up).
+ Patch by Jan.Pechanec at Sun.
20070313
- (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
getnameinfo \
getopt \
getpeereid \
+ getpeerucred \
_getpty \
getrlimit \
getttyent \
# Check for missing getpeereid (or equiv) support
NO_PEERCHECK=""
-if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
AC_TRY_COMPILE(
[#include <sys/types.h>
fi
if test ! -z "$NO_PEERCHECK" ; then
- echo "WARNING: the operating system that you are using does not "
- echo "appear to support either the getpeereid() API nor the "
- echo "SO_PEERCRED getsockopt() option. These facilities are used to "
- echo "enforce security checks to prevent unauthorised connections to "
- echo "ssh-agent. Their absence increases the risk that a malicious "
- echo "user can connect to your agent. "
+ echo "WARNING: the operating system that you are using does not"
+ echo "appear to support getpeereid(), getpeerucred() or the"
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to"
+ echo "enforce security checks to prevent unauthorised connections to"
+ echo "ssh-agent. Their absence increases the risk that a malicious"
+ echo "user can connect to your agent."
echo ""
fi
return (0);
}
+#elif defined(HAVE_GETPEERUCRED)
+
+#ifdef HAVE_UCRED_H
+# include <ucred.h>
+#endif
+
+int
+getpeereid(int s, uid_t *euid, gid_t *gid)
+{
+ ucred_t *ucred = NULL;
+
+ if (getpeerucred(s, &ucred) == -1)
+ return (-1);
+ if ((*euid = ucred_geteuid(ucred)) == -1)
+ return (-1);
+ if ((*gid = ucred_getrgid(ucred)) == -1)
+ return (-1);
+
+ ucred_free(ucred);
+
+ return (0);
+}
#else
int
getpeereid(int s, uid_t *euid, gid_t *gid)