diff options
| -rw-r--r-- | misc.c | 11 | ||||
| -rw-r--r-- | misc.h | 3 | ||||
| -rw-r--r-- | readconf.c | 5 | ||||
| -rw-r--r-- | serverloop.c | 13 |
4 files changed, 15 insertions, 17 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.130 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -1576,15 +1576,6 @@ forward_equals(const struct Forward *a, const struct Forward *b) return 1; } -/* returns 1 if bind to specified port by specified user is permitted */ -int -bind_permitted(int port, uid_t uid) -{ - if (port < IPPORT_RESERVED && uid != 0) - return 0; - return 1; -} - /* returns 1 if process is already daemonized, 0 otherwise */ int daemonized(void) @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.73 2018/06/09 03:01:12 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.74 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -31,7 +31,6 @@ struct Forward { }; int forward_equals(const struct Forward *, const struct Forward *); -int bind_permitted(int, uid_t); int daemonized(void); /* Common server and client forwarding options. */ @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.294 2018/07/19 10:28:47 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -323,9 +323,6 @@ add_local_forward(Options *options, const struct Forward *newfwd) extern uid_t original_real_uid; int i; - if (!bind_permitted(newfwd->listen_port, original_real_uid) && - newfwd->listen_path == NULL) - fatal("Privileged ports can only be forwarded by root."); /* Don't add duplicates */ for (i = 0; i < options->num_local_forwards; i++) { if (forward_equals(newfwd, options->local_forwards + i)) diff --git a/serverloop.c b/serverloop.c index cf18e387..7be83e2d 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.208 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -103,6 +103,17 @@ static void server_init_dispatch(void); /* requested tunnel forwarding interface(s), shared with session.c */ char *tun_fwd_ifnames = NULL; +/* returns 1 if bind to specified port by specified user is permitted */ +static int +bind_permitted(int port, uid_t uid) +{ + if (use_privsep) + return 1; /* allow system to decide */ + if (port < IPPORT_RESERVED && uid != 0) + return 0; + return 1; +} + /* * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated |