diff options
| -rw-r--r-- | configure.ac | 5 | ||||
| -rw-r--r-- | readconf.c | 4 | ||||
| -rw-r--r-- | serverloop.c | 9 |
3 files changed, 6 insertions, 12 deletions
diff --git a/configure.ac b/configure.ac index f9fb48d12..dde3c4589 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -586,9 +586,8 @@ case "$host" in | |||
| 586 | [Define if you want to disable shadow passwords]) | 586 | [Define if you want to disable shadow passwords]) |
| 587 | AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], | 587 | AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], |
| 588 | [Define if X11 doesn't support AF_UNIX sockets on that system]) | 588 | [Define if X11 doesn't support AF_UNIX sockets on that system]) |
| 589 | AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], | 589 | AC_DEFINE([IPPORT_RESERVED], [0], |
| 590 | [Define if the concept of ports only accessible to | 590 | [Cygwin has no notion of ports only accessible to superusers]) |
| 591 | superusers isn't known]) | ||
| 592 | AC_DEFINE([DISABLE_FD_PASSING], [1], | 591 | AC_DEFINE([DISABLE_FD_PASSING], [1], |
| 593 | [Define if your platform needs to skip post auth | 592 | [Define if your platform needs to skip post auth |
| 594 | file descriptor passing]) | 593 | file descriptor passing]) |
diff --git a/readconf.c b/readconf.c index c692f7dd2..d63e5961d 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -294,14 +294,12 @@ void | |||
| 294 | add_local_forward(Options *options, const struct Forward *newfwd) | 294 | add_local_forward(Options *options, const struct Forward *newfwd) |
| 295 | { | 295 | { |
| 296 | struct Forward *fwd; | 296 | struct Forward *fwd; |
| 297 | int i; | ||
| 298 | #ifndef NO_IPPORT_RESERVED_CONCEPT | ||
| 299 | extern uid_t original_real_uid; | 297 | extern uid_t original_real_uid; |
| 298 | int i; | ||
| 300 | 299 | ||
| 301 | if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && | 300 | if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && |
| 302 | newfwd->listen_path == NULL) | 301 | newfwd->listen_path == NULL) |
| 303 | fatal("Privileged ports can only be forwarded by root."); | 302 | fatal("Privileged ports can only be forwarded by root."); |
| 304 | #endif | ||
| 305 | /* Don't add duplicates */ | 303 | /* Don't add duplicates */ |
| 306 | for (i = 0; i < options->num_local_forwards; i++) { | 304 | for (i = 0; i < options->num_local_forwards; i++) { |
| 307 | if (forward_equals(newfwd, options->local_forwards + i)) | 305 | if (forward_equals(newfwd, options->local_forwards + i)) |
diff --git a/serverloop.c b/serverloop.c index f9e3e5d14..3563e5d42 100644 --- a/serverloop.c +++ b/serverloop.c | |||
| @@ -1243,12 +1243,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
| 1243 | /* check permissions */ | 1243 | /* check permissions */ |
| 1244 | if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || | 1244 | if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || |
| 1245 | no_port_forwarding_flag || | 1245 | no_port_forwarding_flag || |
| 1246 | (!want_reply && fwd.listen_port == 0) | 1246 | (!want_reply && fwd.listen_port == 0) || |
| 1247 | #ifndef NO_IPPORT_RESERVED_CONCEPT | 1247 | (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && |
| 1248 | || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && | 1248 | pw->pw_uid != 0)) { |
| 1249 | pw->pw_uid != 0) | ||
| 1250 | #endif | ||
| 1251 | ) { | ||
| 1252 | success = 0; | 1249 | success = 0; |
| 1253 | packet_send_debug("Server has disabled port forwarding."); | 1250 | packet_send_debug("Server has disabled port forwarding."); |
| 1254 | } else { | 1251 | } else { |