replace Cygwin NO_IPPORT_RESERVED_CONCEPT

Darren Tucker dtucker at zip.com.au
Fri Apr 8 14:42:18 AEST 2016


Hi.

I while syncing an OpenBSD diff I got tripped up by
NO_IPPORT_RESERVED_CONCEPT which is in Portable and not OpenBSD so the
diff failed to apply.

This diff replaces that #define by defining IPPORT_RESERVED=0, which
should have the same effect (since it's always compared to unsigfned 16bit
port numbers) but without a difference in the code.  I vaguely recall
suggesting this once before, although if I did I didn't follow through.

Corinna: does this seem reasonable?

Thanks.

diff --git a/configure.ac b/configure.ac
index f9fb48d..dde3c45 100644
--- a/configure.ac
+++ b/configure.ac
@@ -586,9 +586,8 @@ case "$host" in
 		[Define if you want to disable shadow passwords])
 	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
 		[Define if X11 doesn't support AF_UNIX sockets on that system])
-	AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
-		[Define if the concept of ports only accessible to
-		superusers isn't known])
+	AC_DEFINE([IPPORT_RESERVED], [0],
+		[Cygwin has no notion of ports only accessible to superusers])
 	AC_DEFINE([DISABLE_FD_PASSING], [1],
 		[Define if your platform needs to skip post auth
 		file descriptor passing])
diff --git a/readconf.c b/readconf.c
index c692f7d..d63e596 100644
--- a/readconf.c
+++ b/readconf.c
@@ -294,14 +294,12 @@ void
 add_local_forward(Options *options, const struct Forward *newfwd)
 {
 	struct Forward *fwd;
-	int i;
-#ifndef NO_IPPORT_RESERVED_CONCEPT
 	extern uid_t original_real_uid;
+	int i;
 
 	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
 	    newfwd->listen_path == NULL)
 		fatal("Privileged ports can only be forwarded by root.");
-#endif
 	/* Don't add duplicates */
 	for (i = 0; i < options->num_local_forwards; i++) {
 		if (forward_equals(newfwd, options->local_forwards + i))
diff --git a/serverloop.c b/serverloop.c
index f9e3e5d..3563e5d 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1243,12 +1243,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 		/* check permissions */
 		if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
 		    no_port_forwarding_flag ||
-		    (!want_reply && fwd.listen_port == 0)
-#ifndef NO_IPPORT_RESERVED_CONCEPT
-		    || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
-		    pw->pw_uid != 0)
-#endif
-		    ) {
+		    (!want_reply && fwd.listen_port == 0) ||
+		    (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
+		    pw->pw_uid != 0)) {
 			success = 0;
 			packet_send_debug("Server has disabled port forwarding.");
 		} else {
-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list