Attachment #3071 for bug #2784




	options->listen_addrs = NULL;
	options->num_listen_addrs = 0;
	options->address_family = -1;
	options->routing_domain = NULL;
	options->num_host_key_files = 0;
	options->num_host_cert_files = 0;
	options->host_key_agent = NULL;

	CLEAR_ON_NONE(options->authorized_principals_file);
	CLEAR_ON_NONE(options->adm_forced_command);
	CLEAR_ON_NONE(options->chroot_directory);
	CLEAR_ON_NONE(options->routing_domain);
	for (i = 0; i < options->num_host_key_files; i++)
		CLEAR_ON_NONE(options->host_key_files[i]);
	for (i = 0; i < options->num_host_cert_files; i++)

	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
	sStreamLocalBindMask, sStreamLocalBindUnlink,
	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
	sExposeAuthInfo, sRoutingDomain,
	sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;


	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
	{ "routingdomain", sRoutingDomain, SSHCFG_ALL },
	{ NULL, sBadOption, 0 }
};


		intptr = &options->expose_userauth_info;
		goto parse_flag;

	case sRoutingDomain:
		charptr = &options->routing_domain;
		arg = strdelim(&cp);
		if (!arg || *arg == '\0')
			fatal("%.200s line %d: Missing argument.",
			    filename, linenum);
		if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") == 0 &&
		    !valid_rdomain(arg))
			fatal("%s line %d: bad routing domain",
			    filename, linenum);
		if (*activep && *charptr == NULL)
			*charptr = xstrdup(arg);

	case sDeprecated:
	case sIgnore:
	case sUnsupported:

	    o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
	    o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
	dump_cfg_string(sRoutingDomain, o->routing_domain);

	/* string arguments requiring a lookup */
	dump_cfg_string(sLogLevel, log_level_name(o->log_level));




	return;
}

/* Set the routing domain for this process */
static void
set_process_rdomain(struct ssh *ssh, const char *name)
{
	int rtable, ortable = getrtable();
	const char *errstr;

	if (name == NULL)
		return; /* default */

	if (strcmp(name, "%D") == 0) {
		/* "expands" to routing domain of connection */
		if ((name = ssh_packet_rdomain_in(ssh)) == NULL)
			return;
	}

	rtable = (int)strtonum(name, 0, 255, &errstr);
	if (errstr != NULL) /* Shouldn't happen */
		fatal("Invalid routing domain \"%s\": %s", name, errstr);
	if (rtable != ortable && setrtable(rtable) != 0)
		fatal("Unable to set routing domain %d: %s",
		    rtable, strerror(errno));
	debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable);
}

/*
 * Main program for the daemon.
 */

		startup_pipe = -1;
	}

	if (options.routing_domain != NULL)
		set_process_rdomain(ssh, options.routing_domain);

	/*
	 * In privilege separation, we fork another child and prepare
	 * file descriptor passing.
- 

Return to bug 2784

Lines 1292-1297 check_ip_options(struct ssh *ssh) Link Here

(-)a/sshd.c (-1 / +28 lines)
1292	return;	1292	return;
1293	}	1293	}
1294		1294
		1295	/* Set the routing domain for this process */
		1296	static void
		1297	set_process_rdomain(struct ssh ssh, const char name)
		1298	{
		1299	int rtable, ortable = getrtable();
		1300	const char *errstr;
		1301
		1302	if (name == NULL)
		1303	return; /* default */
		1304
		1305	if (strcmp(name, "%D") == 0) {
		1306	/* "expands" to routing domain of connection */
		1307	if ((name = ssh_packet_rdomain_in(ssh)) == NULL)
		1308	return;
		1309	}
		1310
		1311	rtable = (int)strtonum(name, 0, 255, &errstr);
		1312	if (errstr != NULL) /* Shouldn't happen */
		1313	fatal("Invalid routing domain \"%s\": %s", name, errstr);
		1314	if (rtable != ortable && setrtable(rtable) != 0)
		1315	fatal("Unable to set routing domain %d: %s",
		1316	rtable, strerror(errno));
		1317	debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable);
		1318	}
		1319
1295	/*	1320	/*
1296	* Main program for the daemon.	1321	* Main program for the daemon.
1297	*/	1322	*/
Lines 1910-1915 main(int ac, char **av) Link Here
1910	startup_pipe = -1;	1935	startup_pipe = -1;
1911	}	1936	}
1912		1937
		1938	if (options.routing_domain != NULL)
		1939	set_process_rdomain(ssh, options.routing_domain);
		1940
1913	/*	1941	/*
1914	* In privilege separation, we fork another child and prepare	1942	* In privilege separation, we fork another child and prepare
1915	* file descriptor passing.	1943	* file descriptor passing.
1916	-

Lines 77-82 initialize_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (-1 / +18 lines)
77	options->listen_addrs = NULL;	77	options->listen_addrs = NULL;
78	options->num_listen_addrs = 0;	78	options->num_listen_addrs = 0;
79	options->address_family = -1;	79	options->address_family = -1;
		80	options->routing_domain = NULL;
80	options->num_host_key_files = 0;	81	options->num_host_key_files = 0;
81	options->num_host_cert_files = 0;	82	options->num_host_cert_files = 0;
82	options->host_key_agent = NULL;	83	options->host_key_agent = NULL;
Lines 385-390 fill_default_server_options(ServerOptions *options) Link Here
385	CLEAR_ON_NONE(options->authorized_principals_file);	386	CLEAR_ON_NONE(options->authorized_principals_file);
386	CLEAR_ON_NONE(options->adm_forced_command);	387	CLEAR_ON_NONE(options->adm_forced_command);
387	CLEAR_ON_NONE(options->chroot_directory);	388	CLEAR_ON_NONE(options->chroot_directory);
		389	CLEAR_ON_NONE(options->routing_domain);
388	for (i = 0; i < options->num_host_key_files; i++)	390	for (i = 0; i < options->num_host_key_files; i++)
389	CLEAR_ON_NONE(options->host_key_files[i]);	391	CLEAR_ON_NONE(options->host_key_files[i]);
390	for (i = 0; i < options->num_host_cert_files; i++)	392	for (i = 0; i < options->num_host_cert_files; i++)
Lines 435-441 typedef enum { Link Here
435	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,	437	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
436	sStreamLocalBindMask, sStreamLocalBindUnlink,	438	sStreamLocalBindMask, sStreamLocalBindUnlink,
437	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,	439	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
438	sExposeAuthInfo,	440	sExposeAuthInfo, sRoutingDomain,
439	sDeprecated, sIgnore, sUnsupported	441	sDeprecated, sIgnore, sUnsupported
440	} ServerOpCodes;	442	} ServerOpCodes;
441		443
Lines 564-569 static struct { Link Here
564	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },	566	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
565	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },	567	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
566	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },	568	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
		569	{ "routingdomain", sRoutingDomain, SSHCFG_ALL },
567	{ NULL, sBadOption, 0 }	570	{ NULL, sBadOption, 0 }
568	};	571	};
569		572
Lines 1928-1933 process_server_config_line(ServerOptions options, char line, Link Here
1928	intptr = &options->expose_userauth_info;	1931	intptr = &options->expose_userauth_info;
1929	goto parse_flag;	1932	goto parse_flag;
1930		1933
		1934	case sRoutingDomain:
		1935	charptr = &options->routing_domain;
		1936	arg = strdelim(&cp);
		1937	if (!arg \|\| *arg == '\0')
		1938	fatal("%.200s line %d: Missing argument.",
		1939	filename, linenum);
		1940	if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") == 0 &&
		1941	!valid_rdomain(arg))
		1942	fatal("%s line %d: bad routing domain",
		1943	filename, linenum);
		1944	if (activep && charptr == NULL)
		1945	*charptr = xstrdup(arg);
		1946
1931	case sDeprecated:	1947	case sDeprecated:
1932	case sIgnore:	1948	case sIgnore:
1933	case sUnsupported:	1949	case sUnsupported:
Lines 2410-2415 dump_config(ServerOptions *o) Link Here
2410	o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);	2426	o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
2411	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?	2427	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2412	o->pubkey_key_types : KEX_DEFAULT_PK_ALG);	2428	o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
		2429	dump_cfg_string(sRoutingDomain, o->routing_domain);
2413		2430
2414	/* string arguments requiring a lookup */	2431	/* string arguments requiring a lookup */
2415	dump_cfg_string(sLogLevel, log_level_name(o->log_level));	2432	dump_cfg_string(sLogLevel, log_level_name(o->log_level));

Lines 78-83 typedef struct { Link Here

(-)a/servconf.h (+3 lines)
78	u_int num_listen_addrs;	78	u_int num_listen_addrs;
79	int address_family; /* Address family used by the server. */	79	int address_family; /* Address family used by the server. */
80		80
		81	char routing_domain; / Bind session to routing domain */
		82
81	char *host_key_files; / Files containing host keys. */	83	char *host_key_files; / Files containing host keys. */
82	u_int num_host_key_files; /* Number of files for host keys. */	84	u_int num_host_key_files; /* Number of files for host keys. */
83	char *host_cert_files; / Files containing host certs. */	85	char *host_cert_files; / Files containing host certs. */
Lines 237-242 struct connection_info { Link Here
237	M_CP_STROPT(authorized_principals_command_user); \	239	M_CP_STROPT(authorized_principals_command_user); \
238	M_CP_STROPT(hostbased_key_types); \	240	M_CP_STROPT(hostbased_key_types); \
239	M_CP_STROPT(pubkey_key_types); \	241	M_CP_STROPT(pubkey_key_types); \
		242	M_CP_STROPT(routing_domain); \
240	M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \	243	M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
241	M_CP_STRARRAYOPT(allow_users, num_allow_users); \	244	M_CP_STRARRAYOPT(allow_users, num_allow_users); \
242	M_CP_STRARRAYOPT(deny_users, num_deny_users); \	245	M_CP_STRARRAYOPT(deny_users, num_deny_users); \