diff options
-rw-r--r-- | readconf.c | 12 | ||||
-rw-r--r-- | readconf.h | 3 | ||||
-rw-r--r-- | scp.1 | 5 | ||||
-rw-r--r-- | sftp.1 | 5 | ||||
-rw-r--r-- | ssh.1 | 5 | ||||
-rw-r--r-- | ssh.c | 10 | ||||
-rw-r--r-- | ssh_config.5 | 23 | ||||
-rw-r--r-- | sshconnect.c | 24 | ||||
-rw-r--r-- | sshconnect.h | 4 |
9 files changed, 25 insertions, 66 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.293 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.294 2018/07/19 10:28:47 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -190,6 +190,7 @@ static struct { { "userknownhostsfile2", oDeprecated }, { "useroaming", oDeprecated }, { "usersh", oDeprecated }, + { "useprivilegedport", oDeprecated }, /* Unsupported options */ { "afstokenpassing", oUnsupported }, @@ -222,7 +223,6 @@ static struct { { "exitonforwardfailure", oExitOnForwardFailure }, { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, - { "useprivilegedport", oUsePrivilegedPort }, { "passwordauthentication", oPasswordAuthentication }, { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, { "kbdinteractivedevices", oKbdInteractiveDevices }, @@ -949,10 +949,6 @@ parse_time: intptr = &options->exit_on_forward_failure; goto parse_flag; - case oUsePrivilegedPort: - intptr = &options->use_privileged_port; - goto parse_flag; - case oPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; @@ -1822,7 +1818,6 @@ initialize_options(Options * options) options->fwd_opts.gateway_ports = -1; options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; options->fwd_opts.streamlocal_bind_unlink = -1; - options->use_privileged_port = -1; options->pubkey_authentication = -1; options->challenge_response_authentication = -1; options->gss_authentication = -1; @@ -1964,8 +1959,6 @@ fill_default_options(Options * options) options->fwd_opts.streamlocal_bind_mask = 0177; if (options->fwd_opts.streamlocal_bind_unlink == -1) options->fwd_opts.streamlocal_bind_unlink = 0; - if (options->use_privileged_port == -1) - options->use_privileged_port = 0; if (options->pubkey_authentication == -1) options->pubkey_authentication = 1; if (options->challenge_response_authentication == -1) @@ -2599,7 +2592,6 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); dump_cfg_fmtint(oTunnel, o->tun_open); - dump_cfg_fmtint(oUsePrivilegedPort, o->use_privileged_port); dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.126 2018/06/09 03:01:12 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.127 2018/07/19 10:28:47 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -35,7 +35,6 @@ typedef struct { int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ char *xauth_location; /* Location for xauth program */ struct ForwardOptions fwd_opts; /* forwarding options */ - int use_privileged_port; /* Don't use privileged port if false. */ int pubkey_authentication; /* Try ssh2 pubkey authentication. */ int hostbased_authentication; /* ssh2's rhosts_rsa */ int challenge_response_authentication; @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.79 2018/06/09 06:36:31 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.80 2018/07/19 10:28:47 dtucker Exp $ .\" -.Dd $Mdocdate: June 9 2018 $ +.Dd $Mdocdate: July 19 2018 $ .Dt SCP 1 .Os .Sh NAME @@ -177,7 +177,6 @@ For full details of the options listed below, and their possible values, see .It StrictHostKeyChecking .It TCPKeepAlive .It UpdateHostKeys -.It UsePrivilegedPort .It User .It UserKnownHostsFile .It VerifyHostKeyDNS @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.116 2018/06/09 06:36:31 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.117 2018/07/19 10:28:47 dtucker Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 9 2018 $ +.Dd $Mdocdate: July 19 2018 $ .Dt SFTP 1 .Os .Sh NAME @@ -247,7 +247,6 @@ For full details of the options listed below, and their possible values, see .It StrictHostKeyChecking .It TCPKeepAlive .It UpdateHostKeys -.It UsePrivilegedPort .It User .It UserKnownHostsFile .It VerifyHostKeyDNS @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.395 2018/06/09 06:36:31 jmc Exp $ -.Dd $Mdocdate: June 9 2018 $ +.\" $OpenBSD: ssh.1,v 1.396 2018/07/19 10:28:47 dtucker Exp $ +.Dd $Mdocdate: July 19 2018 $ .Dt SSH 1 .Os .Sh NAME @@ -535,7 +535,6 @@ For full details of the options listed below, and their possible values, see .It Tunnel .It TunnelDevice .It UpdateHostKeys -.It UsePrivilegedPort .It User .It UserKnownHostsFile .It VerifyHostKeyDNS @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.487 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.488 2018/07/19 10:28:47 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -733,7 +733,6 @@ main(int ac, char **av) fatal("Invalid multiplex command."); break; case 'P': /* deprecated */ - options.use_privileged_port = 0; break; case 'Q': cp = NULL; @@ -1236,10 +1235,6 @@ main(int ac, char **av) } if (options.connection_attempts <= 0) fatal("Invalid number of ConnectionAttempts"); -#ifndef HAVE_CYGWIN - if (original_effective_uid != 0) - options.use_privileged_port = 0; -#endif if (sshbuf_len(command) != 0 && options.remote_command != NULL) fatal("Cannot execute command-line and remote command."); @@ -1376,8 +1371,7 @@ main(int ac, char **av) /* Open a connection to the remote host. */ if (ssh_connect(ssh, host, addrs, &hostaddr, options.port, options.address_family, options.connection_attempts, - &timeout_ms, options.tcp_keep_alive, - options.use_privileged_port) != 0) + &timeout_ms, options.tcp_keep_alive) != 0) exit(255); if (addrs != NULL) diff --git a/ssh_config.5 b/ssh_config.5 index df94d60d..0e5bb907 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.279 2018/07/04 13:49:31 djm Exp $ -.Dd $Mdocdate: July 4 2018 $ +.\" $OpenBSD: ssh_config.5,v 1.280 2018/07/19 10:28:47 dtucker Exp $ +.Dd $Mdocdate: July 19 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -258,17 +258,9 @@ or Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address. -Note that this option does not work if -.Cm UsePrivilegedPort -is set to -.Cm yes . .It Cm BindInterface Use the address of the specified interface on the local machine as the source address of the connection. -Note that this option does not work if -.Cm UsePrivilegedPort -is set to -.Cm yes . .It Cm CanonicalDomains When .Cm CanonicalizeHostname @@ -1603,17 +1595,6 @@ Presently, only from OpenSSH 6.8 and greater support the .Qq hostkeys@openssh.com protocol extension used to inform the client of all the server's hostkeys. -.It Cm UsePrivilegedPort -Specifies whether to use a privileged port for outgoing connections. -The argument must be -.Cm yes -or -.Cm no -(the default). -If set to -.Cm yes , -.Xr ssh 1 -must be setuid root. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. diff --git a/sshconnect.c b/sshconnect.c index 9fa95e1e..3f45e0ba 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.301 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.302 2018/07/19 10:28:47 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -330,10 +330,10 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, #endif /* - * Creates a (possibly privileged) socket for use as the ssh connection. + * Creates a ocket for use as the ssh connection. */ static int -ssh_create_socket(int privileged, struct addrinfo *ai) +ssh_create_socket(struct addrinfo *ai) { int sock, r; struct sockaddr_storage bindaddr; @@ -352,8 +352,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai) fcntl(sock, F_SETFD, FD_CLOEXEC); /* Bind the socket to an alternative local IP address */ - if (options.bind_address == NULL && options.bind_interface == NULL && - !privileged) + if (options.bind_address == NULL && options.bind_interface == NULL) return sock; if (options.bind_address != NULL) { @@ -492,9 +491,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, /* * Opens a TCP/IP connection to the remote server on the given host. * The address of the remote host will be returned in hostaddr. - * If port is 0, the default port will be used. If needpriv is true, - * a privileged port will be allocated to make the connection. - * This requires super-user privileges if needpriv is true. + * If port is 0, the default port will be used. * Connection_attempts specifies the maximum number of tries (one per * second). If proxy_command is non-NULL, it specifies the command (with %h * and %p substituted for host and port, respectively) to use to contact @@ -503,14 +500,14 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, static int ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, struct sockaddr_storage *hostaddr, u_short port, int family, - int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) + int connection_attempts, int *timeout_ms, int want_keepalive) { int on = 1; int oerrno, sock = -1, attempt; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo *ai; - debug2("%s: needpriv %d", __func__, needpriv); + debug2("%s", __func__); memset(ntop, 0, sizeof(ntop)); memset(strport, 0, sizeof(strport)); @@ -542,7 +539,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, host, ntop, strport); /* Create a socket for connecting. */ - sock = ssh_create_socket(needpriv, ai); + sock = ssh_create_socket(ai); if (sock < 0) { /* Any error is already output */ errno = 0; @@ -592,12 +589,11 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, int ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port, int family, - int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) + int connection_attempts, int *timeout_ms, int want_keepalive) { if (options.proxy_command == NULL) { return ssh_connect_direct(ssh, host, addrs, hostaddr, port, - family, connection_attempts, timeout_ms, want_keepalive, - needpriv); + family, connection_attempts, timeout_ms, want_keepalive); } else if (strcmp(options.proxy_command, "-") == 0) { if ((ssh_packet_set_connection(ssh, STDIN_FILENO, STDOUT_FILENO)) == NULL) diff --git a/sshconnect.h b/sshconnect.h index 05a1fb32..890d8573 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.34 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.35 2018/07/19 10:28:47 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -34,7 +34,7 @@ struct addrinfo; struct ssh; int ssh_connect(struct ssh *, const char *, struct addrinfo *, - struct sockaddr_storage *, u_short, int, int, int *, int, int); + struct sockaddr_storage *, u_short, int, int, int *, int); void ssh_kill_proxy_command(void); void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short, |