Hi. I while syncing an OpenBSD diff I got tripped up by NO_IPPORT_RESERVED_CONCEPT which is in Portable and not OpenBSD so the diff failed to apply. This diff replaces that #define by defining IPPORT_RESERVED=0, which should have the same effect (since it's always compared to unsigfned 16bit port numbers) but without a difference in the code. I vaguely recall suggesting this once before, although if I did I didn't follow through. Corinna: does this seem reasonable? Thanks. diff --git a/configure.ac b/configure.ac index f9fb48d..dde3c45 100644 --- a/configure.ac +++ b/configure.ac @@ -586,9 +586,8 @@ case "$host" in [Define if you want to disable shadow passwords]) AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], [Define if X11 doesn't support AF_UNIX sockets on that system]) - AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], - [Define if the concept of ports only accessible to - superusers isn't known]) + AC_DEFINE([IPPORT_RESERVED], [0], + [Cygwin has no notion of ports only accessible to superusers]) AC_DEFINE([DISABLE_FD_PASSING], [1], [Define if your platform needs to skip post auth file descriptor passing]) diff --git a/readconf.c b/readconf.c index c692f7d..d63e596 100644 --- a/readconf.c +++ b/readconf.c @@ -294,14 +294,12 @@ void add_local_forward(Options *options, const struct Forward *newfwd) { struct Forward *fwd; - int i; -#ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; + int i; if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && newfwd->listen_path == NULL) fatal("Privileged ports can only be forwarded by root."); -#endif /* Don't add duplicates */ for (i = 0; i < options->num_local_forwards; i++) { if (forward_equals(newfwd, options->local_forwards + i)) diff --git a/serverloop.c b/serverloop.c index f9e3e5d..3563e5d 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1243,12 +1243,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || - (!want_reply && fwd.listen_port == 0) -#ifndef NO_IPPORT_RESERVED_CONCEPT - || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && - pw->pw_uid != 0) -#endif - ) { + (!want_reply && fwd.listen_port == 0) || + (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && + pw->pw_uid != 0)) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev