Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED.

Submitted upstream, no reaction.

Submitted by:	delphij@
MFC after:	2 weeks
This commit is contained in:
Dag-Erling Smørgrav 2008-08-20 10:40:07 +00:00
parent 6d59b309bb
commit 03f6c5cd93

View File

@ -18,6 +18,7 @@ __RCSID("$FreeBSD$");
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/sysctl.h>
#include <netinet/in.h> #include <netinet/in.h>
@ -245,7 +246,19 @@ add_local_forward(Options *options, const Forward *newfwd)
Forward *fwd; Forward *fwd;
#ifndef NO_IPPORT_RESERVED_CONCEPT #ifndef NO_IPPORT_RESERVED_CONCEPT
extern uid_t original_real_uid; extern uid_t original_real_uid;
if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) int ipport_reserved;
#ifdef __FreeBSD__
size_t len_ipport_reserved = sizeof(ipport_reserved);
if (sysctlbyname("net.inet.ip.portrange.reservedhigh",
&ipport_reserved, &len_ipport_reserved, NULL, 0) != 0)
ipport_reserved = IPPORT_RESERVED;
else
ipport_reserved++;
#else
ipport_reserved = IPPORT_RESERVED;
#endif
if (newfwd->listen_port < ipport_reserved && original_real_uid != 0)
fatal("Privileged ports can only be forwarded by root."); fatal("Privileged ports can only be forwarded by root.");
#endif #endif
if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)