5 files changed, 36 insertions, 10 deletions

diff --git a/servconf.c b/servconf.c
index 51139c31c..64a865180 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.317 2017/10/25 00:19:47 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -855,6 +855,7 @@ get_connection_info(int populate, int use_dns)
         ci.address = ssh_remote_ipaddr(ssh);
         ci.laddress = ssh_local_ipaddr(ssh);
         ci.lport = ssh_local_port(ssh);
+        ci.rdomain = ssh_packet_rdomain_in(ssh);
         return &ci;
 }
 
@@ -1038,6 +1039,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
                                     ci->laddress, port, line);
                         else
                                 result = 0;
+                } else if (strcasecmp(attrib, "rdomain") == 0) {
+                        if (ci == NULL || ci->rdomain == NULL) {
+                                result = 0;
+                                continue;
+                        }
+                        if (match_pattern_list(ci->rdomain, arg, 0) != 1)
+                                result = 0;
+                        else
+                                debug("user %.100s matched 'RDomain %.100s' at "
+                                    "line %d", ci->rdomain, arg, line);
                 } else {
                         error("Unsupported Match attribute %s", attrib);
                         return -1;
@@ -2080,6 +2091,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec)
                         ci->user = xstrdup(p + 5);
                 } else if (strncmp(p, "laddr=", 6) == 0) {
                         ci->laddress = xstrdup(p + 6);
+                } else if (strncmp(p, "rdomain=", 8) == 0) {
+                        ci->rdomain = xstrdup(p + 8);
                 } else if (strncmp(p, "lport=", 6) == 0) {
                         ci->lport = a2port(p + 6);
                         if (ci->lport == -1) {
diff --git a/servconf.h b/servconf.h
index 1f042e872..37a0fb1a3 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.129 2017/10/25 00:17:08 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -218,6 +218,7 @@ struct connection_info {
         const char *address;    /* remote address */
         const char *laddress;   /* local address */
         int lport;              /* local port */
+        const char *rdomain;    /* routing domain if available */
 };
 
 
diff --git a/sshd.8 b/sshd.8
index a4201146b..c16c433ef 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.291 2017/06/24 06:28:50 jmc Exp $
-.Dd $Mdocdate: June 24 2017 $
+.\" $OpenBSD: sshd.8,v 1.292 2017/10/25 00:19:47 djm Exp $
+.Dd $Mdocdate: October 25 2017 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -109,6 +109,7 @@ The keywords are
 .Dq host ,
 .Dq laddr ,
 .Dq lport ,
+.Dq rdomain
 and
 .Dq addr .
 All are required and may be supplied in any order, either with multiple
diff --git a/sshd.c b/sshd.c
index 3ad106f72..1220309d7 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.495 2017/10/25 00:17:08 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.496 2017/10/25 00:19:47 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1404,7 +1404,7 @@ main(int ac, char **av)
         extern int optind;
         int r, opt, on = 1, already_daemon, remote_port;
         int sock_in = -1, sock_out = -1, newsock = -1;
-        const char *remote_ip;
+        const char *remote_ip, *rdomain;
         char *fp, *line, *laddr, *logfile = NULL;
         int config_s[2] = { -1 , -1 };
         u_int i, j;
@@ -2022,10 +2022,14 @@ main(int ac, char **av)
         audit_connection_from(remote_ip, remote_port);
 #endif
 
+        rdomain = ssh_packet_rdomain_in(ssh);
+
         /* Log the connection. */
         laddr = get_local_ipaddr(sock_in);
-        verbose("Connection from %s port %d on %s port %d",
-            remote_ip, remote_port, laddr,  ssh_local_port(ssh));
+        verbose("Connection from %s port %d on %s port %d%s%s",
+            remote_ip, remote_port, laddr,  ssh_local_port(ssh),
+            rdomain == NULL ? "" : " rdomain ",
+            rdomain == NULL ? "" : rdomain);
         free(laddr);
 
         /*
diff --git a/sshd_config.5 b/sshd_config.5
index c216fb75b..0b91f9f74 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.257 2017/10/25 00:17:08 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.258 2017/10/25 00:19:47 djm Exp $
 .Dd $Mdocdate: October 25 2017 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -1054,8 +1054,15 @@ The available criteria are
 .Cm Host ,
 .Cm LocalAddress ,
 .Cm LocalPort ,
+.Cm RDomain ,
 and
-.Cm Address .
+.Cm Address
+(with
+.Cm RDomain
+representing the
+.Xr rdomain 4
+on which the connection was received.)
+.Pp
 The match patterns may consist of single entries or comma-separated
 lists and may use the wildcard and negation operators described in the
 .Sx PATTERNS