diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-10-10 10:28:07 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-10-10 10:28:07 +1100 |
commit | e6e52f8c5dc89a6767702e65bb595aaf7bc8991c (patch) | |
tree | a703891f9e48987188df58f196b8727fe2cb6ccd /sshconnect.c | |
parent | 71152bc9911bc34a98810b2398dac20df3fe8de3 (diff) |
- djm@cvs.openbsd.org 2013/09/19 01:26:29
[sshconnect.c]
bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
swp AT swp.pp.ru; ok dtucker@
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 51 |
1 files changed, 26 insertions, 25 deletions
diff --git a/sshconnect.c b/sshconnect.c index 76bb5cdac..aee38198b 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.239 2013/08/20 00:11:38 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.240 2013/09/19 01:26:29 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -282,34 +282,18 @@ ssh_kill_proxy_command(void) | |||
282 | static int | 282 | static int |
283 | ssh_create_socket(int privileged, struct addrinfo *ai) | 283 | ssh_create_socket(int privileged, struct addrinfo *ai) |
284 | { | 284 | { |
285 | int sock, gaierr; | 285 | int sock, r, gaierr; |
286 | struct addrinfo hints, *res; | 286 | struct addrinfo hints, *res; |
287 | 287 | ||
288 | /* | ||
289 | * If we are running as root and want to connect to a privileged | ||
290 | * port, bind our own socket to a privileged port. | ||
291 | */ | ||
292 | if (privileged) { | ||
293 | int p = IPPORT_RESERVED - 1; | ||
294 | PRIV_START; | ||
295 | sock = rresvport_af(&p, ai->ai_family); | ||
296 | PRIV_END; | ||
297 | if (sock < 0) | ||
298 | error("rresvport: af=%d %.100s", ai->ai_family, | ||
299 | strerror(errno)); | ||
300 | else | ||
301 | debug("Allocated local port %d.", p); | ||
302 | return sock; | ||
303 | } | ||
304 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); | 288 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); |
305 | if (sock < 0) { | 289 | if (sock < 0) { |
306 | error("socket: %.100s", strerror(errno)); | 290 | error("socket: %s", strerror(errno)); |
307 | return -1; | 291 | return -1; |
308 | } | 292 | } |
309 | fcntl(sock, F_SETFD, FD_CLOEXEC); | 293 | fcntl(sock, F_SETFD, FD_CLOEXEC); |
310 | 294 | ||
311 | /* Bind the socket to an alternative local IP address */ | 295 | /* Bind the socket to an alternative local IP address */ |
312 | if (options.bind_address == NULL) | 296 | if (options.bind_address == NULL && !privileged) |
313 | return sock; | 297 | return sock; |
314 | 298 | ||
315 | memset(&hints, 0, sizeof(hints)); | 299 | memset(&hints, 0, sizeof(hints)); |
@@ -324,11 +308,28 @@ ssh_create_socket(int privileged, struct addrinfo *ai) | |||
324 | close(sock); | 308 | close(sock); |
325 | return -1; | 309 | return -1; |
326 | } | 310 | } |
327 | if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { | 311 | /* |
328 | error("bind: %s: %s", options.bind_address, strerror(errno)); | 312 | * If we are running as root and want to connect to a privileged |
329 | close(sock); | 313 | * port, bind our own socket to a privileged port. |
330 | freeaddrinfo(res); | 314 | */ |
331 | return -1; | 315 | if (privileged) { |
316 | PRIV_START; | ||
317 | r = bindresvport_sa(sock, res->ai_addr); | ||
318 | PRIV_END; | ||
319 | if (r < 0) { | ||
320 | error("bindresvport_sa: af=%d %s", ai->ai_family, | ||
321 | strerror(errno)); | ||
322 | goto fail; | ||
323 | } | ||
324 | } else { | ||
325 | if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { | ||
326 | error("bind: %s: %s", options.bind_address, | ||
327 | strerror(errno)); | ||
328 | fail: | ||
329 | close(sock); | ||
330 | freeaddrinfo(res); | ||
331 | return -1; | ||
332 | } | ||
332 | } | 333 | } |
333 | freeaddrinfo(res); | 334 | freeaddrinfo(res); |
334 | return sock; | 335 | return sock; |