openssh unix dev - Apr 2016 - replace Cygwin NO_IPPORT_RESERVED_CONCEPT

Hi.

I while syncing an OpenBSD diff I got tripped up by
NO_IPPORT_RESERVED_CONCEPT which is in Portable and not OpenBSD so the
diff failed to apply.

This diff replaces that #define by defining IPPORT_RESERVED=0, which
should have the same effect (since it's always compared to unsigfned 16bit
port numbers) but without a difference in the code.  I vaguely recall
suggesting this once before, although if I did I didn't follow through.

Corinna: does this seem reasonable?

Thanks.

diff --git a/configure.ac b/configure.ac
index f9fb48d..dde3c45 100644
--- a/configure.ac
+++ b/configure.ac
@@ -586,9 +586,8 @@ case "$host" in
 		[Define if you want to disable shadow passwords])
 	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
 		[Define if X11 doesn't support AF_UNIX sockets on that system])
-	AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
-		[Define if the concept of ports only accessible to
-		superusers isn't known])
+	AC_DEFINE([IPPORT_RESERVED], [0],
+		[Cygwin has no notion of ports only accessible to superusers])
 	AC_DEFINE([DISABLE_FD_PASSING], [1],
 		[Define if your platform needs to skip post auth
 		file descriptor passing])
diff --git a/readconf.c b/readconf.c
index c692f7d..d63e596 100644
--- a/readconf.c
+++ b/readconf.c
@@ -294,14 +294,12 @@ void
 add_local_forward(Options *options, const struct Forward *newfwd)
 {
 	struct Forward *fwd;
-	int i;
-#ifndef NO_IPPORT_RESERVED_CONCEPT
 	extern uid_t original_real_uid;
+	int i;
 
 	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid
!= 0 &&
 	    newfwd->listen_path == NULL)
 		fatal("Privileged ports can only be forwarded by root.");
-#endif
 	/* Don't add duplicates */
 	for (i = 0; i < options->num_local_forwards; i++) {
 		if (forward_equals(newfwd, options->local_forwards + i))
diff --git a/serverloop.c b/serverloop.c
index f9e3e5d..3563e5d 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1243,12 +1243,9 @@ server_input_global_request(int type, u_int32_t seq, void
*ctxt)
 		/* check permissions */
 		if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
 		    no_port_forwarding_flag ||
-		    (!want_reply && fwd.listen_port == 0)
-#ifndef NO_IPPORT_RESERVED_CONCEPT
-		    || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED
&&
-		    pw->pw_uid != 0)
-#endif
-		    ) {
+		    (!want_reply && fwd.listen_port == 0) ||
+		    (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED
&&
+		    pw->pw_uid != 0)) {
 			success = 0;
 			packet_send_debug("Server has disabled port forwarding.");
 		} else {
-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Hi Darren,

On Apr  8 14:42, Darren Tucker wrote:
> Hi.
> 
> I while syncing an OpenBSD diff I got tripped up by
> NO_IPPORT_RESERVED_CONCEPT which is in Portable and not OpenBSD so the
> diff failed to apply.
> 
> This diff replaces that #define by defining IPPORT_RESERVED=0, which
> should have the same effect (since it's always compared to unsigfned
16bit
> port numbers) but without a difference in the code.  I vaguely recall
> suggesting this once before, although if I did I didn't follow through.
> 
> Corinna: does this seem reasonable?
Instead of this awkward #ifndef, just set the lowest non-reserved port
number to 0?  That looks pretty good to me.

Please note that we have IPPORT_RESERVED set to 1024 in our headers for
historical porting reasons.  However, it's an enum value so it can be
easily overloaded with a macro.


Thanks,
Corinna

-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160408/ca9e1a91/attachment.bin>