diff options
author | Darren Tucker <dtucker@zip.com.au> | 2010-01-10 10:31:12 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2010-01-10 10:31:12 +1100 |
commit | 7bd98e7f74ebd8bd32157b607acedcb68201b7de (patch) | |
tree | b62a62fcc4def0b22e48f6dde5e414a77e4d2244 /servconf.c | |
parent | 8c65f646a93ed2f61da65ba0ecf65a99bd585b79 (diff) |
- dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
Remove RoutingDomain from ssh since it's now not needed. It can be
replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
also ensures that trafic such as DNS lookups stays withing the specified
routingdomain. For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/servconf.c b/servconf.c index 2cdc480e6..fc3e479bd 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.199 2009/12/29 16:38:41 stevesk Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.200 2010/01/09 23:04:13 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -128,7 +128,6 @@ initialize_server_options(ServerOptions *options) | |||
128 | options->adm_forced_command = NULL; | 128 | options->adm_forced_command = NULL; |
129 | options->chroot_directory = NULL; | 129 | options->chroot_directory = NULL; |
130 | options->zero_knowledge_password_authentication = -1; | 130 | options->zero_knowledge_password_authentication = -1; |
131 | options->rdomain = -1; | ||
132 | } | 131 | } |
133 | 132 | ||
134 | void | 133 | void |
@@ -305,7 +304,7 @@ typedef enum { | |||
305 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 304 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
306 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 305 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, |
307 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 306 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
308 | sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain, | 307 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
309 | sZeroKnowledgePasswordAuthentication, | 308 | sZeroKnowledgePasswordAuthentication, |
310 | sDeprecated, sUnsupported | 309 | sDeprecated, sUnsupported |
311 | } ServerOpCodes; | 310 | } ServerOpCodes; |
@@ -424,7 +423,6 @@ static struct { | |||
424 | { "match", sMatch, SSHCFG_ALL }, | 423 | { "match", sMatch, SSHCFG_ALL }, |
425 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 424 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
426 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 425 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
427 | { "routingdomain", sRDomain, SSHCFG_GLOBAL }, | ||
428 | { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, | 426 | { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, |
429 | { NULL, sBadOption, 0 } | 427 | { NULL, sBadOption, 0 } |
430 | }; | 428 | }; |
@@ -1296,19 +1294,6 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1296 | *charptr = xstrdup(arg); | 1294 | *charptr = xstrdup(arg); |
1297 | break; | 1295 | break; |
1298 | 1296 | ||
1299 | case sRDomain: | ||
1300 | intptr = &options->rdomain; | ||
1301 | arg = strdelim(&cp); | ||
1302 | if (!arg || *arg == '\0') | ||
1303 | fatal("%s line %d: missing rdomain value.", | ||
1304 | filename, linenum); | ||
1305 | if ((value = a2rdomain(arg)) == -1) | ||
1306 | fatal("%s line %d: invalid rdomain value.", | ||
1307 | filename, linenum); | ||
1308 | if (*intptr == -1) | ||
1309 | *intptr = value; | ||
1310 | break; | ||
1311 | |||
1312 | case sDeprecated: | 1297 | case sDeprecated: |
1313 | logit("%s line %d: Deprecated option %s", | 1298 | logit("%s line %d: Deprecated option %s", |
1314 | filename, linenum, arg); | 1299 | filename, linenum, arg); |
@@ -1585,7 +1570,6 @@ dump_config(ServerOptions *o) | |||
1585 | dump_cfg_int(sMaxSessions, o->max_sessions); | 1570 | dump_cfg_int(sMaxSessions, o->max_sessions); |
1586 | dump_cfg_int(sClientAliveInterval, o->client_alive_interval); | 1571 | dump_cfg_int(sClientAliveInterval, o->client_alive_interval); |
1587 | dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); | 1572 | dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); |
1588 | dump_cfg_int(sRDomain, o->rdomain); | ||
1589 | 1573 | ||
1590 | /* formatted integer arguments */ | 1574 | /* formatted integer arguments */ |
1591 | dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); | 1575 | dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); |