Darren Tucker
2016-04-08 04:42:18 UTC
Hi.
I while syncing an OpenBSD diff I got tripped up by
NO_IPPORT_RESERVED_CONCEPT which is in Portable and not OpenBSD so the
diff failed to apply.
This diff replaces that #define by defining IPPORT_RESERVED=0, which
should have the same effect (since it's always compared to unsigfned 16bit
port numbers) but without a difference in the code. I vaguely recall
suggesting this once before, although if I did I didn't follow through.
Corinna: does this seem reasonable?
Thanks.
diff --git a/configure.ac b/configure.ac
index f9fb48d..dde3c45 100644
--- a/configure.ac
+++ b/configure.ac
@@ -586,9 +586,8 @@ case "$host" in
[Define if you want to disable shadow passwords])
AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
[Define if X11 doesn't support AF_UNIX sockets on that system])
- AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
- [Define if the concept of ports only accessible to
- superusers isn't known])
+ AC_DEFINE([IPPORT_RESERVED], [0],
+ [Cygwin has no notion of ports only accessible to superusers])
AC_DEFINE([DISABLE_FD_PASSING], [1],
[Define if your platform needs to skip post auth
file descriptor passing])
diff --git a/readconf.c b/readconf.c
index c692f7d..d63e596 100644
--- a/readconf.c
+++ b/readconf.c
@@ -294,14 +294,12 @@ void
add_local_forward(Options *options, const struct Forward *newfwd)
{
struct Forward *fwd;
- int i;
-#ifndef NO_IPPORT_RESERVED_CONCEPT
extern uid_t original_real_uid;
+ int i;
if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
newfwd->listen_path == NULL)
fatal("Privileged ports can only be forwarded by root.");
-#endif
/* Don't add duplicates */
for (i = 0; i < options->num_local_forwards; i++) {
if (forward_equals(newfwd, options->local_forwards + i))
diff --git a/serverloop.c b/serverloop.c
index f9e3e5d..3563e5d 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1243,12 +1243,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
- (!want_reply && fwd.listen_port == 0)
-#ifndef NO_IPPORT_RESERVED_CONCEPT
- || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
- pw->pw_uid != 0)
-#endif
- ) {
+ (!want_reply && fwd.listen_port == 0) ||
+ (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
+ pw->pw_uid != 0)) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
I while syncing an OpenBSD diff I got tripped up by
NO_IPPORT_RESERVED_CONCEPT which is in Portable and not OpenBSD so the
diff failed to apply.
This diff replaces that #define by defining IPPORT_RESERVED=0, which
should have the same effect (since it's always compared to unsigfned 16bit
port numbers) but without a difference in the code. I vaguely recall
suggesting this once before, although if I did I didn't follow through.
Corinna: does this seem reasonable?
Thanks.
diff --git a/configure.ac b/configure.ac
index f9fb48d..dde3c45 100644
--- a/configure.ac
+++ b/configure.ac
@@ -586,9 +586,8 @@ case "$host" in
[Define if you want to disable shadow passwords])
AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
[Define if X11 doesn't support AF_UNIX sockets on that system])
- AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
- [Define if the concept of ports only accessible to
- superusers isn't known])
+ AC_DEFINE([IPPORT_RESERVED], [0],
+ [Cygwin has no notion of ports only accessible to superusers])
AC_DEFINE([DISABLE_FD_PASSING], [1],
[Define if your platform needs to skip post auth
file descriptor passing])
diff --git a/readconf.c b/readconf.c
index c692f7d..d63e596 100644
--- a/readconf.c
+++ b/readconf.c
@@ -294,14 +294,12 @@ void
add_local_forward(Options *options, const struct Forward *newfwd)
{
struct Forward *fwd;
- int i;
-#ifndef NO_IPPORT_RESERVED_CONCEPT
extern uid_t original_real_uid;
+ int i;
if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
newfwd->listen_path == NULL)
fatal("Privileged ports can only be forwarded by root.");
-#endif
/* Don't add duplicates */
for (i = 0; i < options->num_local_forwards; i++) {
if (forward_equals(newfwd, options->local_forwards + i))
diff --git a/serverloop.c b/serverloop.c
index f9e3e5d..3563e5d 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1243,12 +1243,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
- (!want_reply && fwd.listen_port == 0)
-#ifndef NO_IPPORT_RESERVED_CONCEPT
- || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
- pw->pw_uid != 0)
-#endif
- ) {
+ (!want_reply && fwd.listen_port == 0) ||
+ (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
+ pw->pw_uid != 0)) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.