diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2018-07-19 10:28:47 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-19 21:44:21 +1000 |
commit | 95d41e90eafcd1286a901e8e361e4a37b98aeb52 (patch) | |
tree | 79c13c35f94c8b199b2f0fcabacd30a1474b955a /sshconnect.c | |
parent | 258dc8bb07dfb35a46e52b0822a2c5b7027df60a (diff) |
upstream: Deprecate UsePrivilegedPort now that support for running
ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages
We have not shipped ssh(1) the setuid bit since 2002. If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.
ok markus@ jmc@ djm@
OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/sshconnect.c b/sshconnect.c index 9fa95e1e3..3f45e0ba0 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.301 2018/07/18 11:34:04 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.302 2018/07/19 10:28:47 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -330,10 +330,10 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, | |||
330 | #endif | 330 | #endif |
331 | 331 | ||
332 | /* | 332 | /* |
333 | * Creates a (possibly privileged) socket for use as the ssh connection. | 333 | * Creates a ocket for use as the ssh connection. |
334 | */ | 334 | */ |
335 | static int | 335 | static int |
336 | ssh_create_socket(int privileged, struct addrinfo *ai) | 336 | ssh_create_socket(struct addrinfo *ai) |
337 | { | 337 | { |
338 | int sock, r; | 338 | int sock, r; |
339 | struct sockaddr_storage bindaddr; | 339 | struct sockaddr_storage bindaddr; |
@@ -352,8 +352,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai) | |||
352 | fcntl(sock, F_SETFD, FD_CLOEXEC); | 352 | fcntl(sock, F_SETFD, FD_CLOEXEC); |
353 | 353 | ||
354 | /* Bind the socket to an alternative local IP address */ | 354 | /* Bind the socket to an alternative local IP address */ |
355 | if (options.bind_address == NULL && options.bind_interface == NULL && | 355 | if (options.bind_address == NULL && options.bind_interface == NULL) |
356 | !privileged) | ||
357 | return sock; | 356 | return sock; |
358 | 357 | ||
359 | if (options.bind_address != NULL) { | 358 | if (options.bind_address != NULL) { |
@@ -492,9 +491,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, | |||
492 | /* | 491 | /* |
493 | * Opens a TCP/IP connection to the remote server on the given host. | 492 | * Opens a TCP/IP connection to the remote server on the given host. |
494 | * The address of the remote host will be returned in hostaddr. | 493 | * The address of the remote host will be returned in hostaddr. |
495 | * If port is 0, the default port will be used. If needpriv is true, | 494 | * If port is 0, the default port will be used. |
496 | * a privileged port will be allocated to make the connection. | ||
497 | * This requires super-user privileges if needpriv is true. | ||
498 | * Connection_attempts specifies the maximum number of tries (one per | 495 | * Connection_attempts specifies the maximum number of tries (one per |
499 | * second). If proxy_command is non-NULL, it specifies the command (with %h | 496 | * second). If proxy_command is non-NULL, it specifies the command (with %h |
500 | * and %p substituted for host and port, respectively) to use to contact | 497 | * and %p substituted for host and port, respectively) to use to contact |
@@ -503,14 +500,14 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, | |||
503 | static int | 500 | static int |
504 | ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, | 501 | ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, |
505 | struct sockaddr_storage *hostaddr, u_short port, int family, | 502 | struct sockaddr_storage *hostaddr, u_short port, int family, |
506 | int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) | 503 | int connection_attempts, int *timeout_ms, int want_keepalive) |
507 | { | 504 | { |
508 | int on = 1; | 505 | int on = 1; |
509 | int oerrno, sock = -1, attempt; | 506 | int oerrno, sock = -1, attempt; |
510 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 507 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
511 | struct addrinfo *ai; | 508 | struct addrinfo *ai; |
512 | 509 | ||
513 | debug2("%s: needpriv %d", __func__, needpriv); | 510 | debug2("%s", __func__); |
514 | memset(ntop, 0, sizeof(ntop)); | 511 | memset(ntop, 0, sizeof(ntop)); |
515 | memset(strport, 0, sizeof(strport)); | 512 | memset(strport, 0, sizeof(strport)); |
516 | 513 | ||
@@ -542,7 +539,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, | |||
542 | host, ntop, strport); | 539 | host, ntop, strport); |
543 | 540 | ||
544 | /* Create a socket for connecting. */ | 541 | /* Create a socket for connecting. */ |
545 | sock = ssh_create_socket(needpriv, ai); | 542 | sock = ssh_create_socket(ai); |
546 | if (sock < 0) { | 543 | if (sock < 0) { |
547 | /* Any error is already output */ | 544 | /* Any error is already output */ |
548 | errno = 0; | 545 | errno = 0; |
@@ -592,12 +589,11 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, | |||
592 | int | 589 | int |
593 | ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, | 590 | ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, |
594 | struct sockaddr_storage *hostaddr, u_short port, int family, | 591 | struct sockaddr_storage *hostaddr, u_short port, int family, |
595 | int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) | 592 | int connection_attempts, int *timeout_ms, int want_keepalive) |
596 | { | 593 | { |
597 | if (options.proxy_command == NULL) { | 594 | if (options.proxy_command == NULL) { |
598 | return ssh_connect_direct(ssh, host, addrs, hostaddr, port, | 595 | return ssh_connect_direct(ssh, host, addrs, hostaddr, port, |
599 | family, connection_attempts, timeout_ms, want_keepalive, | 596 | family, connection_attempts, timeout_ms, want_keepalive); |
600 | needpriv); | ||
601 | } else if (strcmp(options.proxy_command, "-") == 0) { | 597 | } else if (strcmp(options.proxy_command, "-") == 0) { |
602 | if ((ssh_packet_set_connection(ssh, | 598 | if ((ssh_packet_set_connection(ssh, |
603 | STDIN_FILENO, STDOUT_FILENO)) == NULL) | 599 | STDIN_FILENO, STDOUT_FILENO)) == NULL) |