Displaying 20 results from an estimated 65 matches for "getpeereid".
2006 Sep 25
1
[PATCH] implementation of getpeereid() for Solaris
hi, Solaris doesn't have getpeereid() or SO_PEERCRED. However,
getpeerucred() is perfectly usable for that; and it's in Solaris 10 and
OpenSolaris. So, ssh-agent(1) security there so far depends only on
permissions of the socket directory and with this patch it checks peer's
credentials, too. I patched following files usi...
2018 Aug 17
3
Call for testing: OpenSSH 7.8
On SPARC Solaris 10, using Solaris' native OpenSSL and Solaris
Studio 12.2, I got the following errors:
run test agent-getpeereid.sh ...
ssh-add did not fail for nobody: 1 < 2
failed disallow agent attach from other uid
gmake[1]: *** [t-exec] Error 1
gmake[1]: Leaving directory
`/scratch/wieland/src/openssh/openssh-SNAP-20180817/regress'
gmake: *** [tests] Error 2
--
Jeff Wieland, UNIX/Network Systems Administrator
P...
2002 Oct 25
2
[Bug 421] compile error on Debian slink
http://bugzilla.mindrot.org/show_bug.cgi?id=421
------- Additional Comments From mouring at eviladmin.org 2002-10-25 14:03 -------
[.. Important part from URL..]
gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -
I/usr/local/ssl/include
-DHAVE_CONFIG_H -c bsd-getpeereid.c
bsd-getpeereid.c: In function `getpeereid':
bsd-getpeereid.c:35: storage size of `cred' isn't known
bsd-getpeereid.c:35: warning: unused variable `cred'
make[1]: *** [bsd-getpeereid.o] Error 1
I dealt with this recently on an old Redhat 6.2 Alpha box. Your glibc is out
of date....
2016 Dec 27
2
[Bug 2654] New: regress/agent-getpeereid.sh uses wrong ssh-add program
https://bugzilla.mindrot.org/show_bug.cgi?id=2654
Bug ID: 2654
Summary: regress/agent-getpeereid.sh uses wrong ssh-add program
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Regression tests
Assignee: unassigned-bugs at...
2005 Feb 23
1
getpeereid
Hi,
I've just implemented getpeereid in Cygwin and I found that there's
something I don't understand.
In ssh-agent.c and in clientloop.c, getpeereid is used to ask for the
effective uid of the peer side of the connected socket. So far so good,
but why does the test look like this:
if ((euid != 0) && (getuid() != e...
2005 Feb 25
1
ssh client Symbol getpeereid (number 34) is not exported from dependent module /usr/lib/libc.a(shr.o).
...Machine my ssh client works.
If i transfer the bynaries to another Machine ( same openssl Version ) then
i have the following Error:
# ssh
exec(): 0509-036 Cannot load program ssh because of the following errors:
0509-130 Symbol resolution failed for ssh because:
0509-136 Symbol getpeereid (number 34) is not exported from
dependent module /usr/lib/libc.a(shr.o).
0509-192 Examine .loader section symbols with the
'dump -Tv' command.
Can anybody help me ?
Kind Regards
Reto
-----------------------------------------------------------...
2005 Feb 25
0
Openssh AIX 5.2 Symbol getpeereid (number 34) is not exported
...--with-ipaddr-display
If can work with the Server Side and scp and sftp
The ssh Client has some Problems to run in my Environment.
# ssh
exec(): 0509-036 Cannot load program ssh because of the following errors:
0509-130 Symbol resolution failed for ssh because:
0509-136 Symbol getpeereid (number 34) is not exported from
dependent module /usr/lib/libc.a(shr.o).
0509-192 Examine .loader section symbols with the
'dump -Tv' command.
# which ssh
/usr/sbin/ssh
# ls -la /usr/sbin/ssh
lrwxrwxrwx 1 root system 16 Feb 24 18...
2005 Feb 25
0
Antwort: Re: ssh client Symbol getpeereid (number 34) is not exported from dependent module /usr/lib/libc.a(shr.o).
Hi Darren
Thanks for your fast reply
thats the rease wy it doesn't work....
I have ML4 on my Developement Machine and ML3 on the Quality System...;->
Thanks from Switzerland
2019 Apr 01
2
Call for testing: OpenSSH 8.0 [AIX Fail]
...%s to %s", from, to);
should be harmless: the input strings are limited to 20 bytes by being
formatted as ISO8601 timestamps. Will revisit after release.
> channels.c: In function 'channel_post_mux_listener':
> channels.c:2314:6: warning: implicit declaration of function 'getpeereid'; did you mean 'getpcred'? [-Wimplicit-function-declaratio ]
Does AIX7 have getpeereid? If not, the prototype should come from
openbsd-compat.h, if so maybe we need to add a header?
> hostfile.c: In function 'host_hash':
> hostfile.c:151:44: warning: '%s' direct...
2017 Jun 15
2
Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
...e
> POSIX
> ACLs.
>
> Can I suggest you forget UX if you want a DC and use Linux instead.
BTW, I've looked back at the original logs. The issue is this:
single_terminate: reason[socket_get_remote_addr() failed]
The reason is that we require 'credentials passing' via the
getpeereid() call or SO_PEERCRED, a feature not in posix but available
one way or the other on multiple unix-like systems, which allows one
end of the pipe to know the UID and GID of the other end.
We don't have an implementation of this for HP-UX, so the AD DC won't
run.
I'm sorry the build d...
2006 Feb 10
0
OpenSSH ControlAllowUsers, et al Patch
...xfree(cctx);
}
+
+static int
+client_control_grant(int client_fd)
+{
+ struct passwd *epw = 0;
+ struct group *egr = 0;
+ char euidstr[48]; /* Sufficient for 2^128 in decimal ascii */
+ char egidstr[48]; /* Sufficient for 2^128 in decimal ascii */
+ uid_t euid;
+ gid_t egid;
+ u_int i;
+
+ if (getpeereid(client_fd, &euid, &egid) < 0) {
+ error("%s getpeereid failed: %s", __func__, strerror(errno));
+ return -1;
+ }
+
+ if ((euid == 0) || (getuid() == euid))
+ return 1; /* Short circuit. */
+
+ if ((int)sizeof euidstr <= snprintf(euidstr, sizeof euidstr, "%lu", (...
2011 May 18
2
Might a patch to ssh-agent to allow relaxing of peer euid check be accepted?
...keys without actually
exposing the keys. I have the idea of using ssh-agent to do this. The agent
would run as a "keyholder" user, and group permissions on the UNIX-domain
socket would allow read-write by both that account and the actual ssh user.
Right now, ssh-agent makes a check using getpeereid(), and declines access
if it fails. This is very sensible in general, but breaks this particular
case. Might a patch to allow an option to ssh-agent to relax the check be
accepted?
(Attached is a draft patch against 5.8p2.)
--
Matthew Miller mattdm at mattdm.org <http://m...
2004 Sep 16
1
[Bug 930] two configure warnings
...--------------------- ##
configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ##
configure: WARNING: ## ------------------------------------------ ##
final summary of the configuration says
WARNING: the operating system that you are using does not
appear to support either the getpeereid() API nor the
SO_PEERCRED getsockopt() option. These facilities are used to
enforce security checks to prevent unauthorised connections to
ssh-agent. Their absence increases the risk that a malicious
user can connect to your agent.
------- You are receiving this mail because: -------
You are...
2004 Sep 07
1
OpenSSH 3.9p1 - Solaris/SPARC
...------------------------------------ ##
configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ##
configure: WARNING: ## ------------------------------------------ ##
and also following info:
WARNING: the operating system that you are using does not
appear to support either the getpeereid() API nor the
SO_PEERCRED getsockopt() option. These facilities are used to
enforce security checks to prevent unauthorised connections to
ssh-agent. Their absence increases the risk that a malicious
user can connect to your agent.
I use:
System Solaris 9/SPARC
gcc - 3.3.2
autoconf - 2.59
automak...
2003 Jun 20
0
[PATCH] Regression test portabilization.
...the reasons:
General:
grep -q -> grep >/dev/null
echo -n -> echon
Use $EXEEXT where /bin/ls is used as a data file.
top-level Makefile:
Hooks to run from top-level make.
Makefile:
HP-UX, AIX don't have /dev/stdin or /dev/stdout.
General replacement for BSD make specific stuff.
agent-getpeereid.sh
HP-UX doesn't have getpeereid().
Skip if HAVE_GETPEEREID is not defined.
agent-ptrace.sh:
Doesn't work on some platforms. Skip those.
reconfigure.sh:
sshd is not always in /usr/sbin.
rekey.sh:
HP-UX does not have /dev/zero. The sparse file will take less disk space
too.
sftp-cmds.s...
2008 Jun 19
5
Portforwarding using the control master.
Hi all,
currently I am considering writing a patch for OpenSSH that will allow
portforwarding using the control_master unix domain socket. The idea is
to introduce an extra SSHMUX command, SSHMUX_COMMAND_SOCKS, which will
then pass control to the normal socks functions used for dynamic
forwarding.
The main reason for me to write this patch are:
- some more control over who gets to connect to
2003 Mar 31
2
basename() in libgen
IRIX 6.5 has the basename() function in libgen.
SYNOPSIS
cc [flag ...] file ... -lgen [library ...]
#include <libgen.h>
char *basename (char *path);
-- ayamura
2017 Sep 06
0
Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
Hi Andrew,
I have checked for the reason of below error
single_terminate: reason[socket_get_remote_addr() failed]
As mentioned by you earlier that it requires "credentials passing via
the getpeereid()
call or SO_PEERCRED"
On investigating it further i found below condition that fails
File :- lib/tsocket/tsocket_bsd.c
Function
int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
const struct sockaddr *sa,
size_t sa_socklen,
struct tsocket_address **_addr,
c...
2007 Oct 18
0
[PATCH] Use credentials and permissions on control socket where available
...MP
AC_FUNC_ALLOCA
AC_TYPE_SIGNAL
-AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog writev],
+AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name getpeereid gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog writev],
[], [], [#include "have.h"]
)
AC_FUNC_MALLOC
diff --git a/src/control.c b/src/control.c
index a795843..4454126 100644
--- a/src/control.c
+++ b/src/control.c
@@ -191,6 +191,7...
2015 May 31
2
Call for testing: OpenSSH 6.9
...The following command caused the error:
if [ "xconnect.sh proxy-connect.sh connect-privsep.sh proto-version.sh
proto-mismatch.sh exit-status.sh envpass.sh transfer.sh banner.sh
rekey.sh stderr-data.sh stderr-after-eof.sh broken-pipe.sh
try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
agent-getpeereid.sh agent
-timeout.sh agent-ptrace.sh keyscan.sh keygen-change.sh
keygen-convert.sh key-options.sh scp.sh sftp.sh sftp-chroot.sh
sftp-cmds.sh sftp-
badcmds.sh sftp-batch.sh sftp-glob.sh sftp-perm.sh reconfigure.sh
dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
c
fgparse.sh cfg...