[PATCH]: Remove HAVE_CYGWIN in favor of NO_IPPORT_RESERVED_CONCEPT
Corinna Vinschen
vinschen at redhat.com
Tue Jul 9 23:00:48 EST 2002
Hi,
may I ask what's about this one? As I said, if it's unacceptable
to use something like NO_IPPORT_RESERVED_CONCEPT, we need at least
a HAVE_CYGWIN in serverloop.c which is currently missing.
Corinna
On Thu, Jul 04, 2002 at 11:27:10AM +0200, Corinna Vinschen wrote:
> Hi,
>
> I've sent that patch once already but it seems more or less forgotten
> in the tumultuous days of the latest vulnerability.
>
> It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined
> on platforms not supporting the concept of "privileged" ports only
> accessible by privileged users but which allow everyone to use these
> ports.
>
> This patch removes some Cygwin dependencies from the code.
>
> Otherwise, if this patch isn't applied, we definitely need another
> #ifndef HAVE_CYGWIN in serverloop.c otherwise serverside port forwarding
> for reserverd ports doesn't work in Cygwin's 3.4 version. The official
> Cygwin release of 3.4 contains that additional HAVE_CYGWIN patch so far.
>
> Corinna
>
>
> Index: acconfig.h
> ===================================================================
> RCS file: /cvs/openssh_cvs/acconfig.h,v
> retrieving revision 1.141
> diff -u -p -r1.141 acconfig.h
> --- acconfig.h 25 Jun 2002 22:35:16 -0000 1.141
> +++ acconfig.h 4 Jul 2002 09:13:29 -0000
> @@ -310,6 +310,9 @@
> /* Define if X11 doesn't support AF_UNIX sockets on that system */
> #undef NO_X11_UNIX_SOCKETS
>
> +/* Define if the concept of ports only accessible to superusers isn't known */
> +#undef NO_IPPORT_RESERVED_CONCEPT
> +
> /* Needed for SCO and NeXT */
> #undef BROKEN_SAVED_UIDS
>
> Index: configure.ac
> ===================================================================
> RCS file: /cvs/openssh_cvs/configure.ac,v
> retrieving revision 1.73
> diff -u -p -r1.73 configure.ac
> --- configure.ac 28 Jun 2002 00:37:33 -0000 1.73
> +++ configure.ac 4 Jul 2002 09:13:30 -0000
> @@ -86,6 +86,7 @@ case "$host" in
> AC_DEFINE(IPV4_DEFAULT)
> AC_DEFINE(IP_TOS_IS_BROKEN)
> AC_DEFINE(NO_X11_UNIX_SOCKETS)
> + AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
> AC_DEFINE(BROKEN_FD_PASSING)
> AC_DEFINE(SETGROUPS_NOOP)
> ;;
> Index: readconf.c
> ===================================================================
> RCS file: /cvs/openssh_cvs/readconf.c,v
> retrieving revision 1.75
> diff -u -p -r1.75 readconf.c
> --- readconf.c 21 Jun 2002 00:41:52 -0000 1.75
> +++ readconf.c 4 Jul 2002 09:13:31 -0000
> @@ -199,7 +199,7 @@ add_local_forward(Options *options, u_sh
> u_short host_port)
> {
> Forward *fwd;
> -#ifndef HAVE_CYGWIN
> +#ifndef NO_IPPORT_RESERVED_CONCEPT
> extern uid_t original_real_uid;
> if (port < IPPORT_RESERVED && original_real_uid != 0)
> fatal("Privileged ports can only be forwarded by root.");
> Index: serverloop.c
> ===================================================================
> RCS file: /cvs/openssh_cvs/serverloop.c,v
> retrieving revision 1.102
> diff -u -p -r1.102 serverloop.c
> --- serverloop.c 25 Jun 2002 23:17:37 -0000 1.102
> +++ serverloop.c 4 Jul 2002 09:13:34 -0000
> @@ -972,8 +972,11 @@ server_input_global_request(int type, u_
>
> /* check permissions */
> if (!options.allow_tcp_forwarding ||
> - no_port_forwarding_flag ||
> - (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) {
> + no_port_forwarding_flag
> +#ifndef NO_IPPORT_RESERVED_CONCEPT
> + || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
> +#endif
> + ) {
> success = 0;
> packet_send_debug("Server has disabled port forwarding.");
> } else {
>
> --
> Corinna Vinschen
> Cygwin Developer
> Red Hat, Inc.
> mailto:vinschen at redhat.com
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
More information about the openssh-unix-dev
mailing list