Attachment #2883 for bug #2625




	]
)

AC_ARG_WITH([capabilities],
	[  --with-capabilities     Enable Linux capabilities],
	[
	    if test "x$withval" != "xno" ; then
		AC_CHECK_DECL(CAP_NET_BIND_SERVICE, [],
		    [AC_MSG_ERROR([CAP_NET_BIND_SERVICE not found])],
		    [#include <sys/capability.h>]
		)
		AC_SEARCH_LIBS([cap_get_proc], [cap], [
			AC_DEFINE([LINUX_CAPABILITIES], [1],
			    [Define if you want to use Linux capabilties])
		], [
			AC_MSG_ERROR([libcap not found])
		])
	    fi
	]
)

# Where to place sshd.pid
piddir=/var/run
# make sure the directory exists

Lines 1247-1253 forward_equals(const struct Forward a, const struct Forward b) Link Here

(-)a/misc.c (+4 lines)
1247	int	1247	int
1248	bind_permitted(int port, uid_t uid)	1248	bind_permitted(int port, uid_t uid)
1249	{	1249	{
		1250	#ifdef LINUX_CAPABILITIES
		1251	return linux_capability_bind_permitted();
		1252	#else
1250	if (port < IPPORT_RESERVED && uid != 0)	1253	if (port < IPPORT_RESERVED && uid != 0)
1251	return 0;	1254	return 0;
1252	return 1;	1255	return 1;
		1256	#endif
1253	}	1257	}

Lines 16-27 Link Here

(-)a/openbsd-compat/port-linux.c (-3 / +22 lines)
16	*/	16	*/
17		17
18	/*	18	/*
19	* Linux-specific portability code - just SELinux support at present	19	* Linux-specific portability code.
		20	* - SELinux
		21	* - OOM killer adjustments
		22	* - Capabilities
20	*/	23	*/
21		24
22	#include "includes.h"	25	#include "includes.h"
23		26
24	#if defined(WITH_SELINUX) \|\| defined(LINUX_OOM_ADJUST)
25	#include <errno.h>	27	#include <errno.h>
26	#include <stdarg.h>	28	#include <stdarg.h>
27	#include <string.h>	29	#include <string.h>
Lines 306-309 oom_adjust_restore(void) Link Here
306	return;	308	return;
307	}	309	}
308	#endif /* LINUX_OOM_ADJUST */	310	#endif /* LINUX_OOM_ADJUST */
309	#endif /* WITH_SELINUX \|\| LINUX_OOM_ADJUST */	311
		312	#ifdef LINUX_CAPABILITIES
		313	#include <sys/capability.h>
		314
		315	int
		316	linux_capability_bind_permitted()
		317	{
		318	cap_flag_value_t e, p;
		319	cap_t caps;
		320
		321	if ((caps = cap_get_proc()) == NULL \|\|
		322	cap_get_flag(caps, CAP_NET_BIND_SERVICE, CAP_EFFECTIVE, &e) != 0 \|\|
		323	cap_get_flag(caps, CAP_NET_BIND_SERVICE, CAP_PERMITTED, &p) != 0 \|\|
		324	e != CAP_SET \|\| p != CAP_SET)
		325	return 0;
		326	return 1;
		327	}
		328	#endif /* LINUX_CAPABILITIES */

Lines 30-33 void oom_adjust_restore(void); Link Here

(-)a/openbsd-compat/port-linux.h (+4 lines)
30	void oom_adjust_setup(void);	30	void oom_adjust_setup(void);
31	#endif	31	#endif
32		32
		33	#ifdef LINUX_CAPABILITIES
		34	int linux_capability_bind_permitted(void);
		35	#endif
		36
33	#endif /* ! _PORT_LINUX_H */	37	#endif /* ! _PORT_LINUX_H */

Return to bug 2625

Lines 4699-4704 AC_ARG_WITH([bsd-auth], Link Here

(-)a/configure.ac (+18 lines)
4699	]	4699	]
4700	)	4700	)
4701		4701
		4702	AC_ARG_WITH([capabilities],
		4703	[ --with-capabilities Enable Linux capabilities],
		4704	[
		4705	if test "x$withval" != "xno" ; then
		4706	AC_CHECK_DECL(CAP_NET_BIND_SERVICE, [],
		4707	[AC_MSG_ERROR([CAP_NET_BIND_SERVICE not found])],
		4708	[#include <sys/capability.h>]
		4709	)
		4710	AC_SEARCH_LIBS([cap_get_proc], [cap], [
		4711	AC_DEFINE([LINUX_CAPABILITIES], [1],
		4712	[Define if you want to use Linux capabilties])
		4713	], [
		4714	AC_MSG_ERROR([libcap not found])
		4715	])
		4716	fi
		4717	]
		4718	)
		4719
4702	# Where to place sshd.pid	4720	# Where to place sshd.pid
4703	piddir=/var/run	4721	piddir=/var/run
4704	# make sure the directory exists	4722	# make sure the directory exists