summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2013-09-19 01:26:30 +0000
committerDamien Miller <djm@cvs.openbsd.org>2013-09-19 01:26:30 +0000
commit0f44bc39fdc51ca42a8330953f7d9dd20199ab55 (patch)
tree4964fbb20ed5a1db654fb427a1b3ec5352c3f31a /usr.bin/ssh
parent96f546a1ec75156e2927125e8919e5589bc4544a (diff)
bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
swp AT swp.pp.ru; ok dtucker@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/sshconnect.c51
1 files changed, 26 insertions, 25 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 3e320440260..5f18641334f 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.239 2013/08/20 00:11:38 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.240 2013/09/19 01:26:29 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -272,34 +272,18 @@ ssh_kill_proxy_command(void)
static int
ssh_create_socket(int privileged, struct addrinfo *ai)
{
- int sock, gaierr;
+ int sock, r, gaierr;
struct addrinfo hints, *res;
- /*
- * If we are running as root and want to connect to a privileged
- * port, bind our own socket to a privileged port.
- */
- if (privileged) {
- int p = IPPORT_RESERVED - 1;
- PRIV_START;
- sock = rresvport_af(&p, ai->ai_family);
- PRIV_END;
- if (sock < 0)
- error("rresvport: af=%d %.100s", ai->ai_family,
- strerror(errno));
- else
- debug("Allocated local port %d.", p);
- return sock;
- }
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
- error("socket: %.100s", strerror(errno));
+ error("socket: %s", strerror(errno));
return -1;
}
fcntl(sock, F_SETFD, FD_CLOEXEC);
/* Bind the socket to an alternative local IP address */
- if (options.bind_address == NULL)
+ if (options.bind_address == NULL && !privileged)
return sock;
memset(&hints, 0, sizeof(hints));
@@ -314,11 +298,28 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
close(sock);
return -1;
}
- if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
- error("bind: %s: %s", options.bind_address, strerror(errno));
- close(sock);
- freeaddrinfo(res);
- return -1;
+ /*
+ * If we are running as root and want to connect to a privileged
+ * port, bind our own socket to a privileged port.
+ */
+ if (privileged) {
+ PRIV_START;
+ r = bindresvport_sa(sock, res->ai_addr);
+ PRIV_END;
+ if (r < 0) {
+ error("bindresvport_sa: af=%d %s", ai->ai_family,
+ strerror(errno));
+ goto fail;
+ }
+ } else {
+ if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
+ error("bind: %s: %s", options.bind_address,
+ strerror(errno));
+ fail:
+ close(sock);
+ freeaddrinfo(res);
+ return -1;
+ }
}
freeaddrinfo(res);
return sock;