From 18bfb4dd4812ab1e30bb4b2ecb6674ea2d368322 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 22 Jun 2004 10:47:16 +0000
Subject: [PATCH] - Port restriction code back in - Remove bad strerror()
 logging

--HG--
extra : convert_revision : 8ad0c90d041d667876641822a5d870e2e73059c6
---
 common-session.c | 2 ++
 session.h        | 5 ++++-
 svr-auth.c       | 4 ++++
 svr-session.c    | 6 ------
 tcpfwd-remote.c  | 5 +----
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/common-session.c b/common-session.c
index fce301a..71e9e68 100644
--- a/common-session.c
+++ b/common-session.c
@@ -108,6 +108,8 @@ void common_session_init(int sock, runopts *opts) {
 
 	ses.chantypes = NULL;
 
+	ses.allowprivport = 0;
+
 
 	TRACE(("leave session_init"));
 }
diff --git a/session.h b/session.h
index 0cb2eaa..64de282 100644
--- a/session.h
+++ b/session.h
@@ -138,10 +138,13 @@ struct sshsession {
 
 	
 	/* TCP forwarding - where manage listeners */
-#ifndef DISABLE_REMOTETCPFWD
+#ifdef USING_LISTENERS
 	struct Listener ** listeners;
 	unsigned int listensize;
+	/* Whether to allow binding to privileged ports (<1024). This doesn't
+	 * really belong here, but nowhere else fits nicely */
 #endif
+	int allowprivport;
 
 };
 
diff --git a/svr-auth.c b/svr-auth.c
index f6adb05..02c16e2 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -341,6 +341,10 @@ void send_msg_userauth_success() {
 
 	svr_ses.authstate.authdone = 1;
 
+	if (svr_ses.authstate.pw->pw_uid == 0) {
+		ses.allowprivport = 1;
+	}
+
 	/* Remove from the list of pre-auth sockets. Should be m_close(), since if
 	 * we fail, we might end up leaking connection slots, and disallow new
 	 * logins - a nasty situation. */							
diff --git a/svr-session.c b/svr-session.c
index 2a97f94..4310e2b 100644
--- a/svr-session.c
+++ b/svr-session.c
@@ -183,12 +183,6 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 				"exit before auth: %s", format);
 	}
 
-	if (errno != 0) {
-		/* XXX - is this valid? */
-		snprintf(fmtbuf, sizeof(fmtbuf), "%s [%d %s]", fmtbuf, 
-				errno, strerror(errno));
-	}
-
 	_dropbear_log(LOG_INFO, fmtbuf, param);
 
 	/* must be after we've done with username etc */
diff --git a/tcpfwd-remote.c b/tcpfwd-remote.c
index 880044f..16b1105 100644
--- a/tcpfwd-remote.c
+++ b/tcpfwd-remote.c
@@ -208,13 +208,10 @@ static int remotetcpreq() {
 		goto out;
 	}
 
-	/* XXX matt - server change
-	if (ses.authstate.pw->pw_uid != 0
-			&& port < IPPORT_RESERVED) {
+	if (!ses.allowprivport && port < IPPORT_RESERVED) {
 		TRACE(("can't assign port < 1024 for non-root"));
 		goto out;
 	}
-	*/
 
 	ret = listen_tcpfwd(bindaddr, port);