search for: getpeereid

hi, Solaris doesn't have getpeereid() or SO_PEERCRED. However, getpeerucred() is perfectly usable for that; and it's in Solaris 10 and OpenSolaris. So, ssh-agent(1) security there so far depends only on permissions of the socket directory and with this patch it checks peer's credentials, too. I patched following files usi...

On SPARC Solaris 10, using Solaris' native OpenSSL and Solaris Studio 12.2, I got the following errors: run test agent-getpeereid.sh ... ssh-add did not fail for nobody: 1 < 2 failed disallow agent attach from other uid gmake[1]: *** [t-exec] Error 1 gmake[1]: Leaving directory `/scratch/wieland/src/openssh/openssh-SNAP-20180817/regress' gmake: *** [tests] Error 2 -- Jeff Wieland, UNIX/Network Systems Administrator P...

http://bugzilla.mindrot.org/show_bug.cgi?id=421 ------- Additional Comments From mouring at eviladmin.org 2002-10-25 14:03 ------- [.. Important part from URL..] gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. - I/usr/local/ssl/include -DHAVE_CONFIG_H -c bsd-getpeereid.c bsd-getpeereid.c: In function `getpeereid': bsd-getpeereid.c:35: storage size of `cred' isn't known bsd-getpeereid.c:35: warning: unused variable `cred' make[1]: *** [bsd-getpeereid.o] Error 1 I dealt with this recently on an old Redhat 6.2 Alpha box. Your glibc is out of date....

https://bugzilla.mindrot.org/show_bug.cgi?id=2654 Bug ID: 2654 Summary: regress/agent-getpeereid.sh uses wrong ssh-add program Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Regression tests Assignee: unassigned-bugs at...

Hi, I've just implemented getpeereid in Cygwin and I found that there's something I don't understand. In ssh-agent.c and in clientloop.c, getpeereid is used to ask for the effective uid of the peer side of the connected socket. So far so good, but why does the test look like this: if ((euid != 0) && (getuid() != e...

...Machine my ssh client works. If i transfer the bynaries to another Machine ( same openssl Version ) then i have the following Error: # ssh exec(): 0509-036 Cannot load program ssh because of the following errors: 0509-130 Symbol resolution failed for ssh because: 0509-136 Symbol getpeereid (number 34) is not exported from dependent module /usr/lib/libc.a(shr.o). 0509-192 Examine .loader section symbols with the 'dump -Tv' command. Can anybody help me ? Kind Regards Reto -----------------------------------------------------------...

...--with-ipaddr-display If can work with the Server Side and scp and sftp The ssh Client has some Problems to run in my Environment. # ssh exec(): 0509-036 Cannot load program ssh because of the following errors: 0509-130 Symbol resolution failed for ssh because: 0509-136 Symbol getpeereid (number 34) is not exported from dependent module /usr/lib/libc.a(shr.o). 0509-192 Examine .loader section symbols with the 'dump -Tv' command. # which ssh /usr/sbin/ssh # ls -la /usr/sbin/ssh lrwxrwxrwx 1 root system 16 Feb 24 18...

Hi Darren Thanks for your fast reply thats the rease wy it doesn't work.... I have ML4 on my Developement Machine and ML3 on the Quality System...;-> Thanks from Switzerland

...%s to %s", from, to); should be harmless: the input strings are limited to 20 bytes by being formatted as ISO8601 timestamps. Will revisit after release. > channels.c: In function 'channel_post_mux_listener': > channels.c:2314:6: warning: implicit declaration of function 'getpeereid'; did you mean 'getpcred'? [-Wimplicit-function-declaratio ] Does AIX7 have getpeereid? If not, the prototype should come from openbsd-compat.h, if so maybe we need to add a header? > hostfile.c: In function 'host_hash': > hostfile.c:151:44: warning: '%s' direct...

...e > POSIX > ACLs. > > Can I suggest you forget UX if you want a DC and use Linux instead. BTW, I've looked back at the original logs. The issue is this: single_terminate: reason[socket_get_remote_addr() failed] The reason is that we require 'credentials passing' via the getpeereid() call or SO_PEERCRED, a feature not in posix but available one way or the other on multiple unix-like systems, which allows one end of the pipe to know the UID and GID of the other end.   We don't have an implementation of this for HP-UX, so the AD DC won't run. I'm sorry the build d...

...xfree(cctx); } + +static int +client_control_grant(int client_fd) +{ + struct passwd *epw = 0; + struct group *egr = 0; + char euidstr[48]; /* Sufficient for 2^128 in decimal ascii */ + char egidstr[48]; /* Sufficient for 2^128 in decimal ascii */ + uid_t euid; + gid_t egid; + u_int i; + + if (getpeereid(client_fd, &euid, &egid) < 0) { + error("%s getpeereid failed: %s", __func__, strerror(errno)); + return -1; + } + + if ((euid == 0) || (getuid() == euid)) + return 1; /* Short circuit. */ + + if ((int)sizeof euidstr <= snprintf(euidstr, sizeof euidstr, "%lu", (...

...keys without actually exposing the keys. I have the idea of using ssh-agent to do this. The agent would run as a "keyholder" user, and group permissions on the UNIX-domain socket would allow read-write by both that account and the actual ssh user. Right now, ssh-agent makes a check using getpeereid(), and declines access if it fails. This is very sensible in general, but breaks this particular case. Might a patch to allow an option to ssh-agent to relax the check be accepted? (Attached is a draft patch against 5.8p2.) -- Matthew Miller mattdm at mattdm.org <http://m...

...--------------------- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## final summary of the configuration says WARNING: the operating system that you are using does not appear to support either the getpeereid() API nor the SO_PEERCRED getsockopt() option. These facilities are used to enforce security checks to prevent unauthorised connections to ssh-agent. Their absence increases the risk that a malicious user can connect to your agent. ------- You are receiving this mail because: ------- You are...

...------------------------------------ ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## and also following info: WARNING: the operating system that you are using does not appear to support either the getpeereid() API nor the SO_PEERCRED getsockopt() option. These facilities are used to enforce security checks to prevent unauthorised connections to ssh-agent. Their absence increases the risk that a malicious user can connect to your agent. I use: System Solaris 9/SPARC gcc - 3.3.2 autoconf - 2.59 automak...

...the reasons: General: grep -q -> grep >/dev/null echo -n -> echon Use $EXEEXT where /bin/ls is used as a data file. top-level Makefile: Hooks to run from top-level make. Makefile: HP-UX, AIX don't have /dev/stdin or /dev/stdout. General replacement for BSD make specific stuff. agent-getpeereid.sh HP-UX doesn't have getpeereid(). Skip if HAVE_GETPEEREID is not defined. agent-ptrace.sh: Doesn't work on some platforms. Skip those. reconfigure.sh: sshd is not always in /usr/sbin. rekey.sh: HP-UX does not have /dev/zero. The sparse file will take less disk space too. sftp-cmds.s...

Hi all, currently I am considering writing a patch for OpenSSH that will allow portforwarding using the control_master unix domain socket. The idea is to introduce an extra SSHMUX command, SSHMUX_COMMAND_SOCKS, which will then pass control to the normal socks functions used for dynamic forwarding. The main reason for me to write this patch are: - some more control over who gets to connect to

IRIX 6.5 has the basename() function in libgen. SYNOPSIS cc [flag ...] file ... -lgen [library ...] #include <libgen.h> char *basename (char *path); -- ayamura

Hi Andrew, I have checked for the reason of below error single_terminate: reason[socket_get_remote_addr() failed] As mentioned by you earlier that it requires "credentials passing via the getpeereid() call or SO_PEERCRED" On investigating it further i found below condition that fails File :- lib/tsocket/tsocket_bsd.c Function int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx, const struct sockaddr *sa, size_t sa_socklen, struct tsocket_address **_addr, c...

...MP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog writev], +AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name getpeereid gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog writev], [], [], [#include "have.h"] ) AC_FUNC_MALLOC diff --git a/src/control.c b/src/control.c index a795843..4454126 100644 --- a/src/control.c +++ b/src/control.c @@ -191,6 +191,7...

...The following command caused the error: if [ "xconnect.sh proxy-connect.sh connect-privsep.sh proto-version.sh proto-mismatch.sh exit-status.sh envpass.sh transfer.sh banner.sh rekey.sh stderr-data.sh stderr-after-eof.sh broken-pipe.sh try-ciphers.sh yes-head.sh login-timeout.sh agent.sh agent-getpeereid.sh agent -timeout.sh agent-ptrace.sh keyscan.sh keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh sftp-chroot.sh sftp-cmds.sh sftp- badcmds.sh sftp-batch.sh sftp-glob.sh sftp-perm.sh reconfigure.sh dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh c fgparse.sh cfg...