Attachment #3076 for bug #2784




	return 0;
}

/* Get/set routing domain */
char *
get_rdomain(int fd)
{
	int rtable;
	char *ret;
	socklen_t len = sizeof(rtable);

	if (getsockopt(fd, SOL_SOCKET, SO_RTABLE, &rtable, &len) == -1) {
		error("Failed to get routing domain for fd %d: %s",
		    fd, strerror(errno));
		return NULL;
	}
	xasprintf(&ret, "%d", rtable);
	return ret;
}

int
set_rdomain(int fd, const char *name)
{

Lines 49-54 int set_nonblock(int); Link Here

(-)a/misc.h (+1 lines)
49	int unset_nonblock(int);	49	int unset_nonblock(int);
50	void set_nodelay(int);	50	void set_nodelay(int);
51	int set_reuseaddr(int);	51	int set_reuseaddr(int);
		52	char *get_rdomain(int);
52	int set_rdomain(int, const char *);	53	int set_rdomain(int, const char *);
53	int a2port(const char *);	54	int a2port(const char *);
54	int a2tun(const char , int );	55	int a2tun(const char , int );




	return ssh->local_port;
}

/* Returns the routing domain of the input socket, or NULL if unavailable */
const char *
ssh_packet_rdomain_in(struct ssh *ssh)
{
	if (ssh->rdomain_in != NULL)
		return ssh->rdomain_in;
	if (!ssh_packet_connection_is_on_socket(ssh))
		return NULL;
	ssh->rdomain_in = get_rdomain(ssh->state->connection_in);
	return ssh->rdomain_in;
}

/* Closes the connection and clears and frees internal data structures. */

static void

Lines 47-52 struct ssh { Link Here

(-)a/packet.h (+2 lines)
47	int remote_port;	47	int remote_port;
48	char *local_ipaddr;	48	char *local_ipaddr;
49	int local_port;	49	int local_port;
		50	char *rdomain_in;
50		51
51	/* Optional preamble for log messages (e.g. username) */	52	/* Optional preamble for log messages (e.g. username) */
52	char *log_preamble;	53	char *log_preamble;
Lines 148-153 const char ssh_remote_ipaddr(struct ssh ); Link Here
148	int ssh_remote_port(struct ssh *);	149	int ssh_remote_port(struct ssh *);
149	const char ssh_local_ipaddr(struct ssh );	150	const char ssh_local_ipaddr(struct ssh );
150	int ssh_local_port(struct ssh *);	151	int ssh_local_port(struct ssh *);
		152	const char ssh_packet_rdomain_in(struct ssh );
151		153
152	void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t);	154	void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t);
153	time_t ssh_packet_get_rekey_timeout(struct ssh *);	155	time_t ssh_packet_get_rekey_timeout(struct ssh *);




	options->listen_addrs = NULL;
	options->num_listen_addrs = 0;
	options->address_family = -1;
	options->routing_domain = NULL;
	options->num_host_key_files = 0;
	options->num_host_cert_files = 0;
	options->host_key_agent = NULL;

	CLEAR_ON_NONE(options->authorized_principals_file);
	CLEAR_ON_NONE(options->adm_forced_command);
	CLEAR_ON_NONE(options->chroot_directory);
	CLEAR_ON_NONE(options->routing_domain);
	for (i = 0; i < options->num_host_key_files; i++)
		CLEAR_ON_NONE(options->host_key_files[i]);
	for (i = 0; i < options->num_host_cert_files; i++)

	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
	sStreamLocalBindMask, sStreamLocalBindUnlink,
	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
	sExposeAuthInfo, sRDomain,
	sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;


	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
	{ "rdomain", sRDomain, SSHCFG_ALL },
	{ NULL, sBadOption, 0 }
};


		intptr = &options->expose_userauth_info;
		goto parse_flag;

	case sRDomain:
		charptr = &options->routing_domain;
		arg = strdelim(&cp);
		if (!arg || *arg == '\0')
			fatal("%.200s line %d: Missing argument.",
			    filename, linenum);
		if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
		    !valid_rdomain(arg))
			fatal("%s line %d: bad routing domain",
			    filename, linenum);
		if (*activep && *charptr == NULL)
			*charptr = xstrdup(arg);

	case sDeprecated:
	case sIgnore:
	case sUnsupported:

	    o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
	    o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
	dump_cfg_string(sRDomain, o->routing_domain);

	/* string arguments requiring a lookup */
	dump_cfg_string(sLogLevel, log_level_name(o->log_level));




	return;
}

/* Set the routing domain for this process */
static void
set_process_rdomain(struct ssh *ssh, const char *name)
{
	int rtable, ortable = getrtable();
	const char *errstr;

	if (name == NULL)
		return; /* default */

	if (strcmp(name, "%D") == 0) {
		/* "expands" to routing domain of connection */
		if ((name = ssh_packet_rdomain_in(ssh)) == NULL)
			return;
	}

	rtable = (int)strtonum(name, 0, 255, &errstr);
	if (errstr != NULL) /* Shouldn't happen */
		fatal("Invalid routing domain \"%s\": %s", name, errstr);
	if (rtable != ortable && setrtable(rtable) != 0)
		fatal("Unable to set routing domain %d: %s",
		    rtable, strerror(errno));
	debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable);
}

/*
 * Main program for the daemon.
 */

		startup_pipe = -1;
	}

	if (options.routing_domain != NULL)
		set_process_rdomain(ssh, options.routing_domain);

	/*
	 * In privilege separation, we fork another child and prepare
	 * file descriptor passing.

Lines 1119-1124 Available keywords are Link Here

(-)a/sshd_config.5 (-1 / +15 lines)
1119	.Cm PubkeyAuthentication ,	1119	.Cm PubkeyAuthentication ,
1120	.Cm RekeyLimit ,	1120	.Cm RekeyLimit ,
1121	.Cm RevokedKeys ,	1121	.Cm RevokedKeys ,
		1122	.Cm RDomain ,
1122	.Cm StreamLocalBindMask ,	1123	.Cm StreamLocalBindMask ,
1123	.Cm StreamLocalBindUnlink ,	1124	.Cm StreamLocalBindUnlink ,
1124	.Cm TrustedUserCAKeys ,	1125	.Cm TrustedUserCAKeys ,
Lines 1379-1384 an OpenSSH Key Revocation List (KRL) as generated by Link Here
1379	.Xr ssh-keygen 1 .	1380	.Xr ssh-keygen 1 .
1380	For more information on KRLs, see the KEY REVOCATION LISTS section in	1381	For more information on KRLs, see the KEY REVOCATION LISTS section in
1381	.Xr ssh-keygen 1 .	1382	.Xr ssh-keygen 1 .
		1383	.It Cm RDomain
		1384	Specifies an explicit routing domain that is applied after authentication
		1385	has completed.
		1386	The user session, as well and any forwarded or listening IP sockets will
		1387	be bound to this
		1388	.Xr rdomain 4 .
		1389	If the routing domain is set to
		1390	.Cm \&%D ,
		1391	then the domain in which the incoming connection was recieved will be applied.
1382	.It Cm StreamLocalBindMask	1392	.It Cm StreamLocalBindMask
1383	Sets the octal file creation mode mask	1393	Sets the octal file creation mode mask
1384	.Pq umask	1394	.Pq umask
Lines 1620-1625 which are expanded at runtime: Link Here
1620	.It %%	1630	.It %%
1621	A literal	1631	A literal
1622	.Sq % .	1632	.Sq % .
		1633	.It \&%D
		1634	The routing domain in which the incoming connection was received.
1623	.It %F	1635	.It %F
1624	The fingerprint of the CA key.	1636	The fingerprint of the CA key.
1625	.It %f	1637	.It %f
Lines 1656-1661 accepts the tokens %%, %h, and %u. Link Here
1656	.Pp	1668	.Pp
1657	.Cm ChrootDirectory	1669	.Cm ChrootDirectory
1658	accepts the tokens %%, %h, and %u.	1670	accepts the tokens %%, %h, and %u.
		1671	.Pp
		1672	.Cm RoutingDomain
		1673	accepts the token %D.
1659	.Sh FILES	1674	.Sh FILES
1660	.Bl -tag -width Ds	1675	.Bl -tag -width Ds
1661	.It Pa /etc/ssh/sshd_config	1676	.It Pa /etc/ssh/sshd_config
1662	-

Return to bug 2784

Lines 168-174 set_reuseaddr(int fd) Link Here

(-)a/misc.c (-1 / +17 lines)
168	return 0;	168	return 0;
169	}	169	}
170		170
171	/* Set routing table */	171	/* Get/set routing domain */
		172	char *
		173	get_rdomain(int fd)
		174	{
		175	int rtable;
		176	char *ret;
		177	socklen_t len = sizeof(rtable);
		178
		179	if (getsockopt(fd, SOL_SOCKET, SO_RTABLE, &rtable, &len) == -1) {
		180	error("Failed to get routing domain for fd %d: %s",
		181	fd, strerror(errno));
		182	return NULL;
		183	}
		184	xasprintf(&ret, "%d", rtable);
		185	return ret;
		186	}
		187
172	int	188	int
173	set_rdomain(int fd, const char *name)	189	set_rdomain(int fd, const char *name)
174	{	190	{

Lines 546-551 ssh_local_port(struct ssh *ssh) Link Here

(-)a/packet.c (+12 lines)
546	return ssh->local_port;	546	return ssh->local_port;
547	}	547	}
548		548
		549	/* Returns the routing domain of the input socket, or NULL if unavailable */
		550	const char *
		551	ssh_packet_rdomain_in(struct ssh *ssh)
		552	{
		553	if (ssh->rdomain_in != NULL)
		554	return ssh->rdomain_in;
		555	if (!ssh_packet_connection_is_on_socket(ssh))
		556	return NULL;
		557	ssh->rdomain_in = get_rdomain(ssh->state->connection_in);
		558	return ssh->rdomain_in;
		559	}
		560
549	/* Closes the connection and clears and frees internal data structures. */	561	/* Closes the connection and clears and frees internal data structures. */
550		562
551	static void	563	static void

Lines 1292-1297 check_ip_options(struct ssh *ssh) Link Here

(-)a/sshd.c (+28 lines)
1292	return;	1292	return;
1293	}	1293	}
1294		1294
		1295	/* Set the routing domain for this process */
		1296	static void
		1297	set_process_rdomain(struct ssh ssh, const char name)
		1298	{
		1299	int rtable, ortable = getrtable();
		1300	const char *errstr;
		1301
		1302	if (name == NULL)
		1303	return; /* default */
		1304
		1305	if (strcmp(name, "%D") == 0) {
		1306	/* "expands" to routing domain of connection */
		1307	if ((name = ssh_packet_rdomain_in(ssh)) == NULL)
		1308	return;
		1309	}
		1310
		1311	rtable = (int)strtonum(name, 0, 255, &errstr);
		1312	if (errstr != NULL) /* Shouldn't happen */
		1313	fatal("Invalid routing domain \"%s\": %s", name, errstr);
		1314	if (rtable != ortable && setrtable(rtable) != 0)
		1315	fatal("Unable to set routing domain %d: %s",
		1316	rtable, strerror(errno));
		1317	debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable);
		1318	}
		1319
1295	/*	1320	/*
1296	* Main program for the daemon.	1321	* Main program for the daemon.
1297	*/	1322	*/
Lines 1910-1915 main(int ac, char **av) Link Here
1910	startup_pipe = -1;	1935	startup_pipe = -1;
1911	}	1936	}
1912		1937
		1938	if (options.routing_domain != NULL)
		1939	set_process_rdomain(ssh, options.routing_domain);
		1940
1913	/*	1941	/*
1914	* In privilege separation, we fork another child and prepare	1942	* In privilege separation, we fork another child and prepare
1915	* file descriptor passing.	1943	* file descriptor passing.

Lines 77-82 initialize_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (-1 / +18 lines)
77	options->listen_addrs = NULL;	77	options->listen_addrs = NULL;
78	options->num_listen_addrs = 0;	78	options->num_listen_addrs = 0;
79	options->address_family = -1;	79	options->address_family = -1;
		80	options->routing_domain = NULL;
80	options->num_host_key_files = 0;	81	options->num_host_key_files = 0;
81	options->num_host_cert_files = 0;	82	options->num_host_cert_files = 0;
82	options->host_key_agent = NULL;	83	options->host_key_agent = NULL;
Lines 385-390 fill_default_server_options(ServerOptions *options) Link Here
385	CLEAR_ON_NONE(options->authorized_principals_file);	386	CLEAR_ON_NONE(options->authorized_principals_file);
386	CLEAR_ON_NONE(options->adm_forced_command);	387	CLEAR_ON_NONE(options->adm_forced_command);
387	CLEAR_ON_NONE(options->chroot_directory);	388	CLEAR_ON_NONE(options->chroot_directory);
		389	CLEAR_ON_NONE(options->routing_domain);
388	for (i = 0; i < options->num_host_key_files; i++)	390	for (i = 0; i < options->num_host_key_files; i++)
389	CLEAR_ON_NONE(options->host_key_files[i]);	391	CLEAR_ON_NONE(options->host_key_files[i]);
390	for (i = 0; i < options->num_host_cert_files; i++)	392	for (i = 0; i < options->num_host_cert_files; i++)
Lines 435-441 typedef enum { Link Here
435	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,	437	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
436	sStreamLocalBindMask, sStreamLocalBindUnlink,	438	sStreamLocalBindMask, sStreamLocalBindUnlink,
437	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,	439	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
438	sExposeAuthInfo,	440	sExposeAuthInfo, sRDomain,
439	sDeprecated, sIgnore, sUnsupported	441	sDeprecated, sIgnore, sUnsupported
440	} ServerOpCodes;	442	} ServerOpCodes;
441		443
Lines 564-569 static struct { Link Here
564	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },	566	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
565	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },	567	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
566	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },	568	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
		569	{ "rdomain", sRDomain, SSHCFG_ALL },
567	{ NULL, sBadOption, 0 }	570	{ NULL, sBadOption, 0 }
568	};	571	};
569		572
Lines 1928-1933 process_server_config_line(ServerOptions options, char line, Link Here
1928	intptr = &options->expose_userauth_info;	1931	intptr = &options->expose_userauth_info;
1929	goto parse_flag;	1932	goto parse_flag;
1930		1933
		1934	case sRDomain:
		1935	charptr = &options->routing_domain;
		1936	arg = strdelim(&cp);
		1937	if (!arg \|\| *arg == '\0')
		1938	fatal("%.200s line %d: Missing argument.",
		1939	filename, linenum);
		1940	if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
		1941	!valid_rdomain(arg))
		1942	fatal("%s line %d: bad routing domain",
		1943	filename, linenum);
		1944	if (activep && charptr == NULL)
		1945	*charptr = xstrdup(arg);
		1946
1931	case sDeprecated:	1947	case sDeprecated:
1932	case sIgnore:	1948	case sIgnore:
1933	case sUnsupported:	1949	case sUnsupported:
Lines 2410-2415 dump_config(ServerOptions *o) Link Here
2410	o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);	2426	o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
2411	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?	2427	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2412	o->pubkey_key_types : KEX_DEFAULT_PK_ALG);	2428	o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
		2429	dump_cfg_string(sRDomain, o->routing_domain);
2413		2430
2414	/* string arguments requiring a lookup */	2431	/* string arguments requiring a lookup */
2415	dump_cfg_string(sLogLevel, log_level_name(o->log_level));	2432	dump_cfg_string(sLogLevel, log_level_name(o->log_level));

Lines 78-83 typedef struct { Link Here

(-)a/servconf.h (+3 lines)
78	u_int num_listen_addrs;	78	u_int num_listen_addrs;
79	int address_family; /* Address family used by the server. */	79	int address_family; /* Address family used by the server. */
80		80
		81	char routing_domain; / Bind session to routing domain */
		82
81	char *host_key_files; / Files containing host keys. */	83	char *host_key_files; / Files containing host keys. */
82	u_int num_host_key_files; /* Number of files for host keys. */	84	u_int num_host_key_files; /* Number of files for host keys. */
83	char *host_cert_files; / Files containing host certs. */	85	char *host_cert_files; / Files containing host certs. */
Lines 237-242 struct connection_info { Link Here
237	M_CP_STROPT(authorized_principals_command_user); \	239	M_CP_STROPT(authorized_principals_command_user); \
238	M_CP_STROPT(hostbased_key_types); \	240	M_CP_STROPT(hostbased_key_types); \
239	M_CP_STROPT(pubkey_key_types); \	241	M_CP_STROPT(pubkey_key_types); \
		242	M_CP_STROPT(routing_domain); \
240	M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \	243	M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
241	M_CP_STRARRAYOPT(allow_users, num_allow_users); \	244	M_CP_STRARRAYOPT(allow_users, num_allow_users); \
242	M_CP_STRARRAYOPT(deny_users, num_deny_users); \	245	M_CP_STRARRAYOPT(deny_users, num_deny_users); \