search for: so_peercr

Displaying 20 results from an estimated 48 matches for "so_peercr".

Did you mean: so_peercred
2020 Oct 03
0
[PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
.../public.c @@ -47,6 +47,7 @@ #include <limits.h> #include <errno.h> #include <signal.h> +#include <sys/types.h> #ifdef HAVE_TERMIOS_H #include <termios.h> @@ -801,6 +802,113 @@ nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen) return 0; } +#ifdef SO_PEERCRED + +static int +get_peercred (int s, int *pid, int *uid, int *gid) +{ + struct ucred ucred; + socklen_t n = sizeof ucred; + + if (getsockopt (s, SOL_SOCKET, SO_PEERCRED, &ucred, &n) == -1) { + nbdkit_error ("getsockopt: SO_PEERCRED: %m"); + return -1; + } + + if (pid &...
2020 Oct 05
0
Re: [PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
On Mon, Oct 05, 2020 at 08:21:50AM -0500, Eric Blake wrote: > On 10/3/20 1:50 PM, Richard W.M. Jones wrote: > > New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be > > used on Linux (only) to read the peer PID, UID and GID from clients > > connected over a Unix domain socket. This can be used in the > > preconnect phase to add additional filtering.
2020 Oct 05
3
Re: [PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
...t;nbdkit_error> is > +called and this call returns C<-1>. > + > =head1 DEBUGGING > > +static int > +get_peercred (int s, int *pid, int *uid, int *gid) > +{ > + struct ucred ucred; > + socklen_t n = sizeof ucred; > + > + if (getsockopt (s, SOL_SOCKET, SO_PEERCRED, &ucred, &n) == -1) { > + nbdkit_error ("getsockopt: SO_PEERCRED: %m"); > + return -1; > + } > + > + if (pid && ucred.pid >= 1) { > + if (ucred.pid <= INT_MAX) > + *pid = ucred.pid; > + else > + nbdkit_error (&quot...
2020 Oct 05
1
Re: [PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
On Mon, Oct 05, 2020 at 02:38:37PM +0100, Daniel P. Berrangé wrote: > On Mon, Oct 05, 2020 at 08:21:50AM -0500, Eric Blake wrote: > > On 10/3/20 1:50 PM, Richard W.M. Jones wrote: > > > New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be > > > used on Linux (only) to read the peer PID, UID and GID from clients > > > connected over a Unix domain
2003 Jan 09
1
[Bug 421] compile error on Debian slink
http://bugzilla.mindrot.org/show_bug.cgi?id=421 ------- Additional Comments From carl at chage.com 2003-01-10 05:38 ------- I noticed the same problem with a compile error where ucred is undefined in SUSE Linux 6.1. The problem is the test for SO_PEERCRED-- the feature is not available even though the define is present. In my linux/socket.h there is a "#define SCM_CREDENTIALS" next to the ucred definition, so the change from #if defined(SO_PEERCRED) to #if defined(SO_PEERCRED) && defined(SCM_CREDENTIALS) solves the compile pr...
2006 Sep 25
1
[PATCH] implementation of getpeereid() for Solaris
hi, Solaris doesn't have getpeereid() or SO_PEERCRED. However, getpeerucred() is perfectly usable for that; and it's in Solaris 10 and OpenSolaris. So, ssh-agent(1) security there so far depends only on permissions of the socket directory and with this patch it checks peer's credentials, too. I patched following files using a snapshot f...
2007 Aug 21
1
ssh-agent security
...-agent.c 2007-08-20 19:56:38.000000000 -0400 @@ -134,6 +134,9 @@ /* Default lifetime (0 == forever) */ static int lifetime = 0; +static int run_inform = 0; +char inform_cmd[MAXPATHLEN]; + static void close_socket(SocketEntry *e) { @@ -247,6 +250,28 @@ MD5_CTX md; Key *key; +#if defined(SO_PEERCRED) + if (AUTH_CONNECTION == e->type) { + struct ucred cred; + socklen_t len = sizeof(cred); + char inform_cmdline[MAXPATHLEN]; + + if (run_inform && getsockopt(e->fd, SOL_SOCKET, SO_PEERCRED, &cred, &len) >= 0) { + int ret; + + snprintf(inform_cmdline, sizeof inform...
2010 Jun 04
2
[Bug 1775] New: RFE: Would like to use 'abstract' unix sockets for ControlPath
https://bugzilla.mindrot.org/show_bug.cgi?id=1775 Summary: RFE: Would like to use 'abstract' unix sockets for ControlPath Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:
2019 Mar 01
4
Obtaining the PID of a domain's QEMU process from C
Hello all, I'm currently writing a C program that uses the libvirt API and I need a way to obtain the pid of a given domain's QEMU process. Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get the pid of clients that connect to it, and I would like to use that pid to look up the domain in libvirt to determine the proper domain ID to return to the client. As far as I can tell, libvirt doesn't expose this information in an easy to access manner. Of course it is possible t...
2017 Jun 15
2
Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
...s. > > Can I suggest you forget UX if you want a DC and use Linux instead. BTW, I've looked back at the original logs. The issue is this: single_terminate: reason[socket_get_remote_addr() failed] The reason is that we require 'credentials passing' via the getpeereid() call or SO_PEERCRED, a feature not in posix but available one way or the other on multiple unix-like systems, which allows one end of the pipe to know the UID and GID of the other end.   We don't have an implementation of this for HP-UX, so the AD DC won't run. I'm sorry the build doesn't fail earl...
2020 Oct 05
4
[PATCH nbdkit v3 0/4] ip: Add filtering by process ID, user ID and group ID.
v2 was here: https://www.redhat.com/archives/libguestfs/2020-October/msg00019.html v3: * defence -> defense * Use int64_t instead of int. This compiles on Windows. * Add GC wrappers to OCaml bindings. * New FreeBSD patch. * Removed "pid:" example from the ip filter manual, and added a warning beside the pid documentation. Rich.
2016 Jan 03
8
User id for the forwarder ports
Hi, Question: Can a TCP server (running on the same host as the OpenSSH server) know the user id/name of a user forwarding an TCP port ? I.e. if someone on some client machine does ssh -L9999:localhost:9999 someuser at somehost nc localhost 9999 and a service accepts the connection on port localhost:9999 on somehost, can it somehow safely read out the user name "someuser"? Long
2002 Oct 25
2
[Bug 421] compile error on Debian slink
...] Error 1 I dealt with this recently on an old Redhat 6.2 Alpha box. Your glibc is out of date. You more than likely have 2.0. Which does not include the correct headers from kernel space (back when /usr/includes/linux/ was linked to /usr/src/linux/include/). The hack is to just do a #undef SO_PEERCRED at the top of the bsd-getpeereid.c file. As for a better solution. I'm not sure. I don't want to include <linux/*> stuff. That I think is the wrong solution. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2004 Jun 04
1
sharing a private key with other local users of the same group
Hello, we're using the portable OpenSSH (3.8.1p1) with Linux, HP-UX and Solaris. After starting the ssh-agent and adding a private key, I changed the permissions of the socket to 0770, so other users of the same group have access to it. With HP-UX and Solaris this works fine, although with Linux and older OpenSSH versions (3.4p1/SuSE8.1,3.1p1/RedHat7.2). With 3.8.1p1 and Linux
2019 Mar 11
2
Re: Obtaining the PID of a domain's QEMU process from C
...9 2:31 AM, Shawn Anastasio wrote: > > Hello all, > > > > I'm currently writing a C program that uses the libvirt API and I need a > > way to obtain the pid of a given domain's QEMU process. > > > > Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get > > the pid of clients that connect to it, and I would like to use that pid > > to look up the domain in libvirt to determine the proper domain ID to > > return to the client. > > > > As far as I can tell, libvirt doesn't expose this information in an easy...
2017 Sep 06
0
Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
Hi Andrew, I have checked for the reason of below error single_terminate: reason[socket_get_remote_addr() failed] As mentioned by you earlier that it requires "credentials passing via the getpeereid() call or SO_PEERCRED" On investigating it further i found below condition that fails File :- lib/tsocket/tsocket_bsd.c Function int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx, const struct sockaddr *sa, size_t sa_socklen, struct tsocket_address **_addr, const char *location)...
2019 Mar 11
2
Re: Obtaining the PID of a domain's QEMU process from C
...l, > > > > > > > > I'm currently writing a C program that uses the libvirt API and I need a > > > > way to obtain the pid of a given domain's QEMU process. > > > > > > > > Specifically, I'm writing an ivshmem server that uses SO_PEERCRED to get > > > > the pid of clients that connect to it, and I would like to use that pid > > > > to look up the domain in libvirt to determine the proper domain ID to > > > > return to the client. > > > > > > > > As far as I can tell, lib...
2020 Oct 03
2
[PATCH nbdkit 0/2] ip: Add filtering by process ID, user ID and group ID.
These two commits add new APIs and enhance nbdkit-ip-filter to allow filtering of Unix domain sockets by the client's PID, UID or GID. eg: nbdkit -U sock --filter=ip ... allow=uid:`id -u` deny=all Rich.
2020 Oct 03
7
[PATCH nbdkit v2 0/3] ip: Add filtering by process ID, user ID and group ID.
This is just a simple update to: https://www.redhat.com/archives/libguestfs/2020-October/msg00015.html rebased on top of current nbdkit master because I pushed a few simple refactorings. Rich.
2020 May 19
3
Detecting forwarded agent connections
...rding -- the first one seems to always be for the client itself (even with public key auth disabled), and then subsequent connections are made 1:1 with remote client connections that are being forwarded. My agent implementation already knows how to look up the PID of the connected process (via SO_PEERCRED, getpeerucred, etc) and find its executable name and basic info (via procfs, kvm_getprocs etc) on the handful of OS that I care about, so this is what I'm thinking of doing: 1. Track connections per process by pid + process start time (so if the PID is re-used, the start time should be...