Bugzilla – Attachment 3071 Details for
Bug 2784
Add native support for routing domains / VRF
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add RoutingDomain option
0002-routingdomain.patch (text/plain), 4.74 KB, created by
Damien Miller
on 2017-10-21 15:32:06 AEDT
(
hide
)
Description:
Add RoutingDomain option
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2017-10-21 15:32:06 AEDT
Size:
4.74 KB
patch
obsolete
>From da084dcc02979664de7cf1da263901fa1e0927e3 Mon Sep 17 00:00:00 2001 >From: Damien Miller <djm@mindrot.org> >Date: Fri, 20 Oct 2017 15:40:17 +1100 >Subject: [PATCH 2/3] routingdomain > >--- > servconf.c | 19 ++++++++++++++++++- > servconf.h | 3 +++ > sshd.c | 28 ++++++++++++++++++++++++++++ > 3 files changed, 49 insertions(+), 1 deletion(-) > >diff --git a/servconf.c b/servconf.c >index db364b4..57f08ba 100644 >--- a/servconf.c >+++ b/servconf.c >@@ -77,6 +77,7 @@ initialize_server_options(ServerOptions *options) > options->listen_addrs = NULL; > options->num_listen_addrs = 0; > options->address_family = -1; >+ options->routing_domain = NULL; > options->num_host_key_files = 0; > options->num_host_cert_files = 0; > options->host_key_agent = NULL; >@@ -385,6 +386,7 @@ fill_default_server_options(ServerOptions *options) > CLEAR_ON_NONE(options->authorized_principals_file); > CLEAR_ON_NONE(options->adm_forced_command); > CLEAR_ON_NONE(options->chroot_directory); >+ CLEAR_ON_NONE(options->routing_domain); > for (i = 0; i < options->num_host_key_files; i++) > CLEAR_ON_NONE(options->host_key_files[i]); > for (i = 0; i < options->num_host_cert_files; i++) >@@ -435,7 +437,7 @@ typedef enum { > sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, > sStreamLocalBindMask, sStreamLocalBindUnlink, > sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, >- sExposeAuthInfo, >+ sExposeAuthInfo, sRoutingDomain, > sDeprecated, sIgnore, sUnsupported > } ServerOpCodes; > >@@ -564,6 +566,7 @@ static struct { > { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, > { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, > { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, >+ { "routingdomain", sRoutingDomain, SSHCFG_ALL }, > { NULL, sBadOption, 0 } > }; > >@@ -1928,6 +1931,19 @@ process_server_config_line(ServerOptions *options, char *line, > intptr = &options->expose_userauth_info; > goto parse_flag; > >+ case sRoutingDomain: >+ charptr = &options->routing_domain; >+ arg = strdelim(&cp); >+ if (!arg || *arg == '\0') >+ fatal("%.200s line %d: Missing argument.", >+ filename, linenum); >+ if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") == 0 && >+ !valid_rdomain(arg)) >+ fatal("%s line %d: bad routing domain", >+ filename, linenum); >+ if (*activep && *charptr == NULL) >+ *charptr = xstrdup(arg); >+ > case sDeprecated: > case sIgnore: > case sUnsupported: >@@ -2410,6 +2426,7 @@ dump_config(ServerOptions *o) > o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); > dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? > o->pubkey_key_types : KEX_DEFAULT_PK_ALG); >+ dump_cfg_string(sRoutingDomain, o->routing_domain); > > /* string arguments requiring a lookup */ > dump_cfg_string(sLogLevel, log_level_name(o->log_level)); >diff --git a/servconf.h b/servconf.h >index cd8a097..8fc816f 100644 >--- a/servconf.h >+++ b/servconf.h >@@ -78,6 +78,8 @@ typedef struct { > u_int num_listen_addrs; > int address_family; /* Address family used by the server. */ > >+ char *routing_domain; /* Bind session to routing domain */ >+ > char **host_key_files; /* Files containing host keys. */ > u_int num_host_key_files; /* Number of files for host keys. */ > char **host_cert_files; /* Files containing host certs. */ >@@ -237,6 +239,7 @@ struct connection_info { > M_CP_STROPT(authorized_principals_command_user); \ > M_CP_STROPT(hostbased_key_types); \ > M_CP_STROPT(pubkey_key_types); \ >+ M_CP_STROPT(routing_domain); \ > M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ > M_CP_STRARRAYOPT(allow_users, num_allow_users); \ > M_CP_STRARRAYOPT(deny_users, num_deny_users); \ >diff --git a/sshd.c b/sshd.c >index cc77a1a..e417e2c 100644 >--- a/sshd.c >+++ b/sshd.c >@@ -1292,6 +1292,31 @@ check_ip_options(struct ssh *ssh) > return; > } > >+/* Set the routing domain for this process */ >+static void >+set_process_rdomain(struct ssh *ssh, const char *name) >+{ >+ int rtable, ortable = getrtable(); >+ const char *errstr; >+ >+ if (name == NULL) >+ return; /* default */ >+ >+ if (strcmp(name, "%D") == 0) { >+ /* "expands" to routing domain of connection */ >+ if ((name = ssh_packet_rdomain_in(ssh)) == NULL) >+ return; >+ } >+ >+ rtable = (int)strtonum(name, 0, 255, &errstr); >+ if (errstr != NULL) /* Shouldn't happen */ >+ fatal("Invalid routing domain \"%s\": %s", name, errstr); >+ if (rtable != ortable && setrtable(rtable) != 0) >+ fatal("Unable to set routing domain %d: %s", >+ rtable, strerror(errno)); >+ debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable); >+} >+ > /* > * Main program for the daemon. > */ >@@ -1910,6 +1935,9 @@ main(int ac, char **av) > startup_pipe = -1; > } > >+ if (options.routing_domain != NULL) >+ set_process_rdomain(ssh, options.routing_domain); >+ > /* > * In privilege separation, we fork another child and prepare > * file descriptor passing. >-- >2.14.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3071">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2784
:
3061
|
3064
|
3070
|
3071
|
3072
|
3075
|
3076
|
3077
|
3078
|
3079
|
3080
|
3081
|
3082