summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--channels.c26
-rw-r--r--channels.h3
-rw-r--r--misc.c39
-rw-r--r--misc.h4
-rw-r--r--readconf.c22
-rw-r--r--readconf.h4
-rw-r--r--scp.15
-rw-r--r--servconf.c11
-rw-r--r--servconf.h4
-rw-r--r--sftp.15
-rw-r--r--ssh-keyscan.17
-rw-r--r--ssh-keyscan.c17
-rw-r--r--ssh.15
-rw-r--r--ssh.c3
-rw-r--r--ssh_config.57
-rw-r--r--sshconnect.c5
-rw-r--r--sshd.c9
-rw-r--r--sshd_config.57
19 files changed, 149 insertions, 40 deletions
diff --git a/ChangeLog b/ChangeLog
index 9f63b83b5..0a931a120 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,12 @@
30 Request roaming to be enabled if UseRoaming is true and the server 30 Request roaming to be enabled if UseRoaming is true and the server
31 supports it. 31 supports it.
32 ok markus@ 32 ok markus@
33 - reyk@cvs.openbsd.org 2009/10/28 16:38:18
34 [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
35 channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
36 sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
37 Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
38 ok markus@
33 39
3420091226 4020091226
35 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 41 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
diff --git a/channels.c b/channels.c
index 22e7f628b..884c14c99 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.296 2009/05/25 06:48:00 andreas Exp $ */ 1/* $OpenBSD: channels.c,v 1.297 2009/10/28 16:38:18 reyk Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -162,6 +162,9 @@ static u_int x11_fake_data_len;
162/* AF_UNSPEC or AF_INET or AF_INET6 */ 162/* AF_UNSPEC or AF_INET or AF_INET6 */
163static int IPv4or6 = AF_UNSPEC; 163static int IPv4or6 = AF_UNSPEC;
164 164
165/* Set the routing domain a.k.a. VRF */
166static int channel_rdomain = -1;
167
165/* helper */ 168/* helper */
166static void port_open_helper(Channel *c, char *rtype); 169static void port_open_helper(Channel *c, char *rtype);
167 170
@@ -2461,6 +2464,12 @@ channel_set_af(int af)
2461 IPv4or6 = af; 2464 IPv4or6 = af;
2462} 2465}
2463 2466
2467void
2468channel_set_rdomain(int rdomain)
2469{
2470 channel_rdomain = rdomain;
2471}
2472
2464static int 2473static int
2465channel_setup_fwd_listener(int type, const char *listen_addr, 2474channel_setup_fwd_listener(int type, const char *listen_addr,
2466 u_short listen_port, int *allocated_listen_port, 2475 u_short listen_port, int *allocated_listen_port,
@@ -2569,7 +2578,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
2569 continue; 2578 continue;
2570 } 2579 }
2571 /* Create a port to listen for the host. */ 2580 /* Create a port to listen for the host. */
2572 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2581 sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
2582 ai->ai_protocol, channel_rdomain);
2573 if (sock < 0) { 2583 if (sock < 0) {
2574 /* this is no error since kernel may not support ipv6 */ 2584 /* this is no error since kernel may not support ipv6 */
2575 verbose("socket: %.100s", strerror(errno)); 2585 verbose("socket: %.100s", strerror(errno));
@@ -2910,8 +2920,9 @@ connect_next(struct channel_connect *cctx)
2910 error("connect_next: getnameinfo failed"); 2920 error("connect_next: getnameinfo failed");
2911 continue; 2921 continue;
2912 } 2922 }
2913 if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, 2923 if ((sock = socket_rdomain(cctx->ai->ai_family,
2914 cctx->ai->ai_protocol)) == -1) { 2924 cctx->ai->ai_socktype, cctx->ai->ai_protocol,
2925 channel_rdomain)) == -1) {
2915 if (cctx->ai->ai_next == NULL) 2926 if (cctx->ai->ai_next == NULL)
2916 error("socket: %.100s", strerror(errno)); 2927 error("socket: %.100s", strerror(errno));
2917 else 2928 else
@@ -3097,8 +3108,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
3097 for (ai = aitop; ai; ai = ai->ai_next) { 3108 for (ai = aitop; ai; ai = ai->ai_next) {
3098 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 3109 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
3099 continue; 3110 continue;
3100 sock = socket(ai->ai_family, ai->ai_socktype, 3111 sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
3101 ai->ai_protocol); 3112 ai->ai_protocol, channel_rdomain);
3102 if (sock < 0) { 3113 if (sock < 0) {
3103 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { 3114 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
3104 error("socket: %.100s", strerror(errno)); 3115 error("socket: %.100s", strerror(errno));
@@ -3273,7 +3284,8 @@ x11_connect_display(void)
3273 } 3284 }
3274 for (ai = aitop; ai; ai = ai->ai_next) { 3285 for (ai = aitop; ai; ai = ai->ai_next) {
3275 /* Create a socket. */ 3286 /* Create a socket. */
3276 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 3287 sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
3288 ai->ai_protocol, channel_rdomain);
3277 if (sock < 0) { 3289 if (sock < 0) {
3278 debug2("socket: %.100s", strerror(errno)); 3290 debug2("socket: %.100s", strerror(errno));
3279 continue; 3291 continue;
diff --git a/channels.h b/channels.h
index 1488ed7e5..b0f5dc321 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.h,v 1.98 2009/02/12 03:00:56 djm Exp $ */ 1/* $OpenBSD: channels.h,v 1.99 2009/10/28 16:38:18 reyk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -231,6 +231,7 @@ int channel_find_open(void);
231 231
232/* tcp forwarding */ 232/* tcp forwarding */
233void channel_set_af(int af); 233void channel_set_af(int af);
234void channel_set_rdomain(int);
234void channel_permit_all_opens(void); 235void channel_permit_all_opens(void);
235void channel_add_permitted_opens(char *, int); 236void channel_add_permitted_opens(char *, int);
236int channel_add_adm_permitted_opens(char *, int); 237int channel_add_adm_permitted_opens(char *, int);
diff --git a/misc.c b/misc.c
index 4dc152310..f0f1fd841 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.71 2009/02/21 19:32:04 tobias Exp $ */ 1/* $OpenBSD: misc.c,v 1.72 2009/10/28 16:38:18 reyk Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -151,6 +151,43 @@ set_nodelay(int fd)
151 error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); 151 error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
152} 152}
153 153
154/* open a socket in the specified routing domain */
155int
156socket_rdomain(int domain, int type, int protocol, int rdomain)
157{
158 int sock, ipproto = IPPROTO_IP;
159
160 if ((sock = socket(domain, type, protocol)) == -1)
161 return (-1);
162
163 if (rdomain == -1)
164 return (sock);
165
166 switch (domain) {
167 case AF_INET6:
168 ipproto = IPPROTO_IPV6;
169 /* FALLTHROUGH */
170 case AF_INET:
171 debug2("socket %d af %d setting rdomain %d",
172 sock, domain, rdomain);
173 if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain,
174 sizeof(rdomain)) == -1) {
175 debug("setsockopt SO_RDOMAIN: %.100s",
176 strerror(errno));
177 close(sock);
178 return (-1);
179 }
180 break;
181 default:
182 debug("socket %d af %d does not support rdomain %d",
183 sock, domain, rdomain);
184 close(sock);
185 return (-1);
186 }
187
188 return (sock);
189}
190
154/* Characters considered whitespace in strsep calls. */ 191/* Characters considered whitespace in strsep calls. */
155#define WHITESPACE " \t\r\n" 192#define WHITESPACE " \t\r\n"
156#define QUOTE "\"" 193#define QUOTE "\""
diff --git a/misc.h b/misc.h
index e26b0aaff..87b7f0edf 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.h,v 1.38 2008/06/12 20:38:28 dtucker Exp $ */ 1/* $OpenBSD: misc.h,v 1.39 2009/10/28 16:38:18 reyk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -54,6 +54,8 @@ void freeargs(arglist *);
54 54
55int tun_open(int, int); 55int tun_open(int, int);
56 56
57int socket_rdomain(int, int, int, int);
58
57/* Common definitions for ssh tunnel device forwarding */ 59/* Common definitions for ssh tunnel device forwarding */
58#define SSH_TUNMODE_NO 0x00 60#define SSH_TUNMODE_NO 0x00
59#define SSH_TUNMODE_POINTOPOINT 0x01 61#define SSH_TUNMODE_POINTOPOINT 0x01
diff --git a/readconf.c b/readconf.c
index 4a16974b8..6b2e3b21d 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.178 2009/10/08 14:03:41 markus Exp $ */ 1/* $OpenBSD: readconf.c,v 1.179 2009/10/28 16:38:18 reyk Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -130,8 +130,8 @@ typedef enum {
130 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 130 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
131 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 131 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
132 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 132 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
133 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, 133 oVisualHostKey, oUseRoaming, oRDomain,
134 oDeprecated, oUnsupported 134 oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported
135} OpCodes; 135} OpCodes;
136 136
137/* Textual representations of the tokens. */ 137/* Textual representations of the tokens. */
@@ -229,6 +229,7 @@ static struct {
229 { "permitlocalcommand", oPermitLocalCommand }, 229 { "permitlocalcommand", oPermitLocalCommand },
230 { "visualhostkey", oVisualHostKey }, 230 { "visualhostkey", oVisualHostKey },
231 { "useroaming", oUseRoaming }, 231 { "useroaming", oUseRoaming },
232 { "rdomain", oRDomain },
232#ifdef JPAKE 233#ifdef JPAKE
233 { "zeroknowledgepasswordauthentication", 234 { "zeroknowledgepasswordauthentication",
234 oZeroKnowledgePasswordAuthentication }, 235 oZeroKnowledgePasswordAuthentication },
@@ -919,6 +920,19 @@ parse_int:
919 intptr = &options->use_roaming; 920 intptr = &options->use_roaming;
920 goto parse_flag; 921 goto parse_flag;
921 922
923 case oRDomain:
924 arg = strdelim(&s);
925 if (!arg || *arg == '\0')
926 fatal("%.200s line %d: Missing argument.",
927 filename, linenum);
928 value = a2port(arg);
929 if (value == -1)
930 fatal("%.200s line %d: Bad rdomain.",
931 filename, linenum);
932 if (*activep)
933 options->rdomain = value;
934 break;
935
922 case oDeprecated: 936 case oDeprecated:
923 debug("%s line %d: Deprecated option \"%s\"", 937 debug("%s line %d: Deprecated option \"%s\"",
924 filename, linenum, keyword); 938 filename, linenum, keyword);
@@ -1069,6 +1083,7 @@ initialize_options(Options * options)
1069 options->local_command = NULL; 1083 options->local_command = NULL;
1070 options->permit_local_command = -1; 1084 options->permit_local_command = -1;
1071 options->use_roaming = -1; 1085 options->use_roaming = -1;
1086 options->rdomain = -1;
1072 options->visual_host_key = -1; 1087 options->visual_host_key = -1;
1073 options->zero_knowledge_password_authentication = -1; 1088 options->zero_knowledge_password_authentication = -1;
1074} 1089}
@@ -1217,6 +1232,7 @@ fill_default_options(Options * options)
1217 /* options->hostname will be set in the main program if appropriate */ 1232 /* options->hostname will be set in the main program if appropriate */
1218 /* options->host_key_alias should not be set by default */ 1233 /* options->host_key_alias should not be set by default */
1219 /* options->preferred_authentications will be set in ssh */ 1234 /* options->preferred_authentications will be set in ssh */
1235 /* options->rdomain should not be set by default */
1220} 1236}
1221 1237
1222/* 1238/*
diff --git a/readconf.h b/readconf.h
index 2ebfebe94..6edc2eeda 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.79 2009/06/27 09:35:06 andreas Exp $ */ 1/* $OpenBSD: readconf.h,v 1.80 2009/10/28 16:38:18 reyk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -125,6 +125,8 @@ typedef struct {
125 125
126 int use_roaming; 126 int use_roaming;
127 127
128 int rdomain; /* routing domain a.k.a. VRF */
129
128} Options; 130} Options;
129 131
130#define SSHCTL_MASTER_NO 0 132#define SSHCTL_MASTER_NO 0
diff --git a/scp.1 b/scp.1
index 5033d84f2..b9245ea53 100644
--- a/scp.1
+++ b/scp.1
@@ -9,9 +9,9 @@
9.\" 9.\"
10.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" Created: Sun May 7 00:14:37 1995 ylo
11.\" 11.\"
12.\" $OpenBSD: scp.1,v 1.46 2008/07/12 05:33:41 djm Exp $ 12.\" $OpenBSD: scp.1,v 1.47 2009/10/28 16:38:18 reyk Exp $
13.\" 13.\"
14.Dd $Mdocdate: July 12 2008 $ 14.Dd $Mdocdate: October 28 2009 $
15.Dt SCP 1 15.Dt SCP 1
16.Os 16.Os
17.Sh NAME 17.Sh NAME
@@ -158,6 +158,7 @@ For full details of the options listed below, and their possible values, see
158.It Protocol 158.It Protocol
159.It ProxyCommand 159.It ProxyCommand
160.It PubkeyAuthentication 160.It PubkeyAuthentication
161.It RDomain
161.It RekeyLimit 162.It RekeyLimit
162.It RhostsRSAAuthentication 163.It RhostsRSAAuthentication
163.It RSAAuthentication 164.It RSAAuthentication
diff --git a/servconf.c b/servconf.c
index c2e5cc6f4..729f23bad 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.c,v 1.196 2009/10/08 14:03:41 markus Exp $ */ 1/* $OpenBSD: servconf.c,v 1.197 2009/10/28 16:38:18 reyk Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -128,6 +128,7 @@ initialize_server_options(ServerOptions *options)
128 options->adm_forced_command = NULL; 128 options->adm_forced_command = NULL;
129 options->chroot_directory = NULL; 129 options->chroot_directory = NULL;
130 options->zero_knowledge_password_authentication = -1; 130 options->zero_knowledge_password_authentication = -1;
131 options->rdomain = -1;
131} 132}
132 133
133void 134void
@@ -304,7 +305,7 @@ typedef enum {
304 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 305 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
305 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, 306 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
306 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 307 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
307 sUsePrivilegeSeparation, sAllowAgentForwarding, 308 sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain,
308 sZeroKnowledgePasswordAuthentication, 309 sZeroKnowledgePasswordAuthentication,
309 sDeprecated, sUnsupported 310 sDeprecated, sUnsupported
310} ServerOpCodes; 311} ServerOpCodes;
@@ -423,6 +424,7 @@ static struct {
423 { "match", sMatch, SSHCFG_ALL }, 424 { "match", sMatch, SSHCFG_ALL },
424 { "permitopen", sPermitOpen, SSHCFG_ALL }, 425 { "permitopen", sPermitOpen, SSHCFG_ALL },
425 { "forcecommand", sForceCommand, SSHCFG_ALL }, 426 { "forcecommand", sForceCommand, SSHCFG_ALL },
427 { "rdomain", sRDomain, SSHCFG_GLOBAL },
426 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 428 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
427 { NULL, sBadOption, 0 } 429 { NULL, sBadOption, 0 }
428}; 430};
@@ -1294,6 +1296,10 @@ process_server_config_line(ServerOptions *options, char *line,
1294 *charptr = xstrdup(arg); 1296 *charptr = xstrdup(arg);
1295 break; 1297 break;
1296 1298
1299 case sRDomain:
1300 intptr = &options->rdomain;
1301 goto parse_int;
1302
1297 case sDeprecated: 1303 case sDeprecated:
1298 logit("%s line %d: Deprecated option %s", 1304 logit("%s line %d: Deprecated option %s",
1299 filename, linenum, arg); 1305 filename, linenum, arg);
@@ -1570,6 +1576,7 @@ dump_config(ServerOptions *o)
1570 dump_cfg_int(sMaxSessions, o->max_sessions); 1576 dump_cfg_int(sMaxSessions, o->max_sessions);
1571 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 1577 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
1572 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 1578 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
1579 dump_cfg_int(sRDomain, o->rdomain);
1573 1580
1574 /* formatted integer arguments */ 1581 /* formatted integer arguments */
1575 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 1582 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
diff --git a/servconf.h b/servconf.h
index b3ac7da4b..19c7ae609 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.87 2009/01/22 10:02:34 djm Exp $ */ 1/* $OpenBSD: servconf.h,v 1.88 2009/10/28 16:38:18 reyk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -150,6 +150,8 @@ typedef struct {
150 150
151 int num_permitted_opens; 151 int num_permitted_opens;
152 152
153 int rdomain;
154
153 char *chroot_directory; 155 char *chroot_directory;
154} ServerOptions; 156} ServerOptions;
155 157
diff --git a/sftp.1 b/sftp.1
index d1db0d6dd..b912d24e3 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.76 2009/08/19 04:56:03 jmc Exp $ 1.\" $OpenBSD: sftp.1,v 1.77 2009/10/28 16:38:18 reyk Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -22,7 +22,7 @@
22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24.\" 24.\"
25.Dd $Mdocdate: August 19 2009 $ 25.Dd $Mdocdate: October 28 2009 $
26.Dt SFTP 1 26.Dt SFTP 1
27.Os 27.Os
28.Sh NAME 28.Sh NAME
@@ -209,6 +209,7 @@ For full details of the options listed below, and their possible values, see
209.It PubkeyAuthentication 209.It PubkeyAuthentication
210.It RekeyLimit 210.It RekeyLimit
211.It RhostsRSAAuthentication 211.It RhostsRSAAuthentication
212.It RDomain
212.It RSAAuthentication 213.It RSAAuthentication
213.It SendEnv 214.It SendEnv
214.It ServerAliveInterval 215.It ServerAliveInterval
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 4a5864566..c9fb597ed 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keyscan.1,v 1.26 2008/12/29 01:12:36 stevesk Exp $ 1.\" $OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $
2.\" 2.\"
3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4.\" 4.\"
@@ -6,7 +6,7 @@
6.\" permitted provided that due credit is given to the author and the 6.\" permitted provided that due credit is given to the author and the
7.\" OpenBSD project by leaving this copyright notice intact. 7.\" OpenBSD project by leaving this copyright notice intact.
8.\" 8.\"
9.Dd $Mdocdate: December 29 2008 $ 9.Dd $Mdocdate: October 28 2009 $
10.Dt SSH-KEYSCAN 1 10.Dt SSH-KEYSCAN 1
11.Os 11.Os
12.Sh NAME 12.Sh NAME
@@ -20,6 +20,7 @@
20.Op Fl p Ar port 20.Op Fl p Ar port
21.Op Fl T Ar timeout 21.Op Fl T Ar timeout
22.Op Fl t Ar type 22.Op Fl t Ar type
23.Op Fl V Ar rdomain
23.Op Ar host | addrlist namelist 24.Op Ar host | addrlist namelist
24.Ar ... 25.Ar ...
25.Ek 26.Ek
@@ -95,6 +96,8 @@ for protocol version 2.
95Multiple values may be specified by separating them with commas. 96Multiple values may be specified by separating them with commas.
96The default is 97The default is
97.Dq rsa . 98.Dq rsa .
99.It Fl V Ar rdomain
100Set the routing domain.
98.It Fl v 101.It Fl v
99Verbose mode. 102Verbose mode.
100Causes 103Causes
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 9a91be499..f30e85045 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.78 2009/01/22 10:02:34 djm Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.79 2009/10/28 16:38:18 reyk Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -68,6 +68,9 @@ int timeout = 5;
68int maxfd; 68int maxfd;
69#define MAXCON (maxfd - 10) 69#define MAXCON (maxfd - 10)
70 70
71/* The default routing domain */
72int scan_rdomain = -1;
73
71extern char *__progname; 74extern char *__progname;
72fd_set *read_wait; 75fd_set *read_wait;
73size_t read_wait_nfdset; 76size_t read_wait_nfdset;
@@ -412,7 +415,8 @@ tcpconnect(char *host)
412 if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) 415 if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
413 fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr)); 416 fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
414 for (ai = aitop; ai; ai = ai->ai_next) { 417 for (ai = aitop; ai; ai = ai->ai_next) {
415 s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 418 s = socket_rdomain(ai->ai_family, ai->ai_socktype,
419 ai->ai_protocol, scan_rdomain);
416 if (s < 0) { 420 if (s < 0) {
417 error("socket: %s", strerror(errno)); 421 error("socket: %s", strerror(errno));
418 continue; 422 continue;
@@ -715,7 +719,7 @@ usage(void)
715{ 719{
716 fprintf(stderr, 720 fprintf(stderr,
717 "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" 721 "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
718 "\t\t [host | addrlist namelist] ...\n", 722 "\t\t [-V rdomain] [host | addrlist namelist] ...\n",
719 __progname); 723 __progname);
720 exit(1); 724 exit(1);
721} 725}
@@ -741,7 +745,7 @@ main(int argc, char **argv)
741 if (argc <= 1) 745 if (argc <= 1)
742 usage(); 746 usage();
743 747
744 while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { 748 while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) {
745 switch (opt) { 749 switch (opt) {
746 case 'H': 750 case 'H':
747 hash_hosts = 1; 751 hash_hosts = 1;
@@ -802,6 +806,11 @@ main(int argc, char **argv)
802 case '6': 806 case '6':
803 IPv4or6 = AF_INET6; 807 IPv4or6 = AF_INET6;
804 break; 808 break;
809 case 'V':
810 scan_rdomain = a2port(optarg);
811 if (scan_rdomain < 0)
812 scan_rdomain = -1;
813 break;
805 case '?': 814 case '?':
806 default: 815 default:
807 usage(); 816 usage();
diff --git a/ssh.1 b/ssh.1
index 7e7f64e46..8277d0fdf 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.286 2009/10/22 15:02:12 sobrado Exp $ 37.\" $OpenBSD: ssh.1,v 1.287 2009/10/28 16:38:18 reyk Exp $
38.Dd $Mdocdate: October 22 2009 $ 38.Dd $Mdocdate: October 28 2009 $
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -475,6 +475,7 @@ For full details of the options listed below, and their possible values, see
475.It Protocol 475.It Protocol
476.It ProxyCommand 476.It ProxyCommand
477.It PubkeyAuthentication 477.It PubkeyAuthentication
478.It RDomain
478.It RekeyLimit 479.It RekeyLimit
479.It RemoteForward 480.It RemoteForward
480.It RhostsRSAAuthentication 481.It RhostsRSAAuthentication
diff --git a/ssh.c b/ssh.c
index 5353e235c..90dbc69e9 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.327 2009/10/24 11:23:42 andreas Exp $ */ 1/* $OpenBSD: ssh.c,v 1.328 2009/10/28 16:38:18 reyk Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -630,6 +630,7 @@ main(int ac, char **av)
630 fill_default_options(&options); 630 fill_default_options(&options);
631 631
632 channel_set_af(options.address_family); 632 channel_set_af(options.address_family);
633 channel_set_rdomain(options.rdomain);
633 634
634 /* reinit */ 635 /* reinit */
635 log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); 636 log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
diff --git a/ssh_config.5 b/ssh_config.5
index 89f3896e6..fde899477 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.121 2009/10/08 20:42:13 jmc Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.122 2009/10/28 16:38:18 reyk Exp $
38.Dd $Mdocdate: October 8 2009 $ 38.Dd $Mdocdate: October 28 2009 $
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -782,6 +782,9 @@ or
782The default is 782The default is
783.Dq yes . 783.Dq yes .
784This option applies to protocol version 2 only. 784This option applies to protocol version 2 only.
785.It Cm RDomain
786Set the routing domain number.
787The default routing domain is set by the system.
785.It Cm RekeyLimit 788.It Cm RekeyLimit
786Specifies the maximum amount of data that may be transmitted before the 789Specifies the maximum amount of data that may be transmitted before the
787session key is renegotiated. 790session key is renegotiated.
diff --git a/sshconnect.c b/sshconnect.c
index 3e57e859d..a09026e65 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.214 2009/05/28 16:50:16 andreas Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -190,7 +190,8 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
190 debug("Allocated local port %d.", p); 190 debug("Allocated local port %d.", p);
191 return sock; 191 return sock;
192 } 192 }
193 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 193 sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
194 options.rdomain);
194 if (sock < 0) 195 if (sock < 0)
195 error("socket: %.100s", strerror(errno)); 196 error("socket: %.100s", strerror(errno));
196 197
diff --git a/sshd.c b/sshd.c
index 38aaa1820..e23d462ee 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.367 2009/05/28 16:50:16 andreas Exp $ */ 1/* $OpenBSD: sshd.c,v 1.368 2009/10/28 16:38:18 reyk Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -960,8 +960,8 @@ server_listen(void)
960 continue; 960 continue;
961 } 961 }
962 /* Create socket for listening. */ 962 /* Create socket for listening. */
963 listen_sock = socket(ai->ai_family, ai->ai_socktype, 963 listen_sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
964 ai->ai_protocol); 964 ai->ai_protocol, options.rdomain);
965 if (listen_sock < 0) { 965 if (listen_sock < 0) {
966 /* kernel may not support ipv6 */ 966 /* kernel may not support ipv6 */
967 verbose("socket: %.100s", strerror(errno)); 967 verbose("socket: %.100s", strerror(errno));
@@ -1469,8 +1469,9 @@ main(int ac, char **av)
1469 if (options.challenge_response_authentication) 1469 if (options.challenge_response_authentication)
1470 options.kbd_interactive_authentication = 1; 1470 options.kbd_interactive_authentication = 1;
1471 1471
1472 /* set default channel AF */ 1472 /* set default channel AF and routing domain */
1473 channel_set_af(options.address_family); 1473 channel_set_af(options.address_family);
1474 channel_set_rdomain(options.rdomain);
1474 1475
1475 /* Check that there are no remaining arguments. */ 1476 /* Check that there are no remaining arguments. */
1476 if (optind < ac) { 1477 if (optind < ac) {
diff --git a/sshd_config.5 b/sshd_config.5
index 4b3793d13..1a30f29c1 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.109 2009/10/08 20:42:13 jmc Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.110 2009/10/28 16:38:18 reyk Exp $
38.Dd $Mdocdate: October 8 2009 $ 38.Dd $Mdocdate: October 28 2009 $
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -812,6 +812,9 @@ with successful RSA host authentication is allowed.
812The default is 812The default is
813.Dq no . 813.Dq no .
814This option applies to protocol version 1 only. 814This option applies to protocol version 1 only.
815.It Cm RDomain
816Set the routing domain number.
817The default routing domain is set by the system.
815.It Cm RSAAuthentication 818.It Cm RSAAuthentication
816Specifies whether pure RSA authentication is allowed. 819Specifies whether pure RSA authentication is allowed.
817The default is 820The default is