summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2016-04-08 21:14:13 +1000
committerDarren Tucker <dtucker@zip.com.au>2016-04-08 21:21:27 +1000
commit5f41f030e2feb5295657285aa8c6602c7810bc4b (patch)
tree734cac54186b893082a675a1b8a13db410cd8f33
parent34a01b2cf737d946ddb140618e28c3048ab7a229 (diff)
Remove NO_IPPORT_RESERVED_CONCEPT
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have the same effect without causing problems syncing patches with OpenBSD. Resync the two affected functions with OpenBSD. ok djm, sanity checked by Corinna.
Diffstat
-rw-r--r--configure.ac5
-rw-r--r--readconf.c4
-rw-r--r--serverloop.c9
3 files changed, 6 insertions, 12 deletions
diff --git a/configure.ac b/configure.ac
index f9fb48d12..dde3c4589 100644
--- a/configure.ac
+++ b/configure.ac
@@ -586,9 +586,8 @@ case "$host" in
586 [Define if you want to disable shadow passwords]) 586 [Define if you want to disable shadow passwords])
587 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 587 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
588 [Define if X11 doesn't support AF_UNIX sockets on that system]) 588 [Define if X11 doesn't support AF_UNIX sockets on that system])
589 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 589 AC_DEFINE([IPPORT_RESERVED], [0],
590 [Define if the concept of ports only accessible to 590 [Cygwin has no notion of ports only accessible to superusers])
591 superusers isn't known])
592 AC_DEFINE([DISABLE_FD_PASSING], [1], 591 AC_DEFINE([DISABLE_FD_PASSING], [1],
593 [Define if your platform needs to skip post auth 592 [Define if your platform needs to skip post auth
594 file descriptor passing]) 593 file descriptor passing])
diff --git a/readconf.c b/readconf.c
index c692f7dd2..d63e5961d 100644
--- a/readconf.c
+++ b/readconf.c
@@ -294,14 +294,12 @@ void
294add_local_forward(Options *options, const struct Forward *newfwd) 294add_local_forward(Options *options, const struct Forward *newfwd)
295{ 295{
296 struct Forward *fwd; 296 struct Forward *fwd;
297 int i;
298#ifndef NO_IPPORT_RESERVED_CONCEPT
299 extern uid_t original_real_uid; 297 extern uid_t original_real_uid;
298 int i;
300 299
301 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && 300 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
302 newfwd->listen_path == NULL) 301 newfwd->listen_path == NULL)
303 fatal("Privileged ports can only be forwarded by root."); 302 fatal("Privileged ports can only be forwarded by root.");
304#endif
305 /* Don't add duplicates */ 303 /* Don't add duplicates */
306 for (i = 0; i < options->num_local_forwards; i++) { 304 for (i = 0; i < options->num_local_forwards; i++) {
307 if (forward_equals(newfwd, options->local_forwards + i)) 305 if (forward_equals(newfwd, options->local_forwards + i))
diff --git a/serverloop.c b/serverloop.c
index f9e3e5d14..3563e5d42 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1243,12 +1243,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1243 /* check permissions */ 1243 /* check permissions */
1244 if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || 1244 if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
1245 no_port_forwarding_flag || 1245 no_port_forwarding_flag ||
1246 (!want_reply && fwd.listen_port == 0) 1246 (!want_reply && fwd.listen_port == 0) ||
1247#ifndef NO_IPPORT_RESERVED_CONCEPT 1247 (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
1248 || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && 1248 pw->pw_uid != 0)) {
1249 pw->pw_uid != 0)
1250#endif
1251 ) {
1252 success = 0; 1249 success = 0;
1253 packet_send_debug("Server has disabled port forwarding."); 1250 packet_send_debug("Server has disabled port forwarding.");
1254 } else { 1251 } else {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:57:34 +0000