tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-26 23:34:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2013/09/19 01:26:29

Browse Source 
[sshconnect.c]
     bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
     swp AT swp.pp.ru; ok dtucker@
This commit is contained in:
Darren Tucker 2013-10-10 10:28:07 +11:00
parent 71152bc991
commit e6e52f8c5d
2 changed files with 30 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -17,6 +17,10 @@
bz#1297 - tell the client (via packet_send_debug) when their preferred bz#1297 - tell the client (via packet_send_debug) when their preferred
listen address has been overridden by the server's GatewayPorts; listen address has been overridden by the server's GatewayPorts;
ok dtucker@ ok dtucker@
- djm@cvs.openbsd.org 2013/09/19 01:26:29
[sshconnect.c]
bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
swp AT swp.pp.ru; ok dtucker@
20131009 20131009
- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull

43
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.239 2013/08/20 00:11:38 djm Exp $ */ /* $OpenBSD: sshconnect.c,v 1.240 2013/09/19 01:26:29 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -282,34 +282,18 @@ ssh_kill_proxy_command(void)
static int static int
ssh_create_socket(int privileged, struct addrinfo *ai) ssh_create_socket(int privileged, struct addrinfo *ai)
{ {
int sock, gaierr; int sock, r, gaierr;
struct addrinfo hints, *res; struct addrinfo hints, *res;
/*
* If we are running as root and want to connect to a privileged
* port, bind our own socket to a privileged port.
*/
if (privileged) {
int p = IPPORT_RESERVED - 1;
PRIV_START;
sock = rresvport_af(&p, ai->ai_family);
PRIV_END;
if (sock < 0)
error("rresvport: af=%d %.100s", ai->ai_family,
strerror(errno));
else
debug("Allocated local port %d.", p);
return sock;
}
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) { if (sock < 0) {
error("socket: %.100s", strerror(errno)); error("socket: %s", strerror(errno));
return -1; return -1;
} }
fcntl(sock, F_SETFD, FD_CLOEXEC); fcntl(sock, F_SETFD, FD_CLOEXEC);
/* Bind the socket to an alternative local IP address */ /* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL) if (options.bind_address == NULL && !privileged)
return sock; return sock;
memset(&hints, 0, sizeof(hints)); memset(&hints, 0, sizeof(hints));
@ -324,12 +308,29 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
close(sock); close(sock);
return -1; return -1;
} }
/*
* If we are running as root and want to connect to a privileged
* port, bind our own socket to a privileged port.
*/
if (privileged) {
PRIV_START;
r = bindresvport_sa(sock, res->ai_addr);
PRIV_END;
if (r < 0) {
error("bindresvport_sa: af=%d %s", ai->ai_family,
strerror(errno));
goto fail;
}
} else {
if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
error("bind: %s: %s", options.bind_address, strerror(errno)); error("bind: %s: %s", options.bind_address,
strerror(errno));
fail:
close(sock); close(sock);
freeaddrinfo(res); freeaddrinfo(res);
return -1; return -1;
} }
}
freeaddrinfo(res); freeaddrinfo(res);
return sock; return sock;
} }