Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a^! / . / servconf.c
commit35eb33fb957979e3fcbe6ea0eaee8bf4a217421a[log] [tgz]
authordjm@openbsd.org <djm@openbsd.org>Wed Oct 25 00:17:08 2017 +0000
committerDamien Miller <djm@mindrot.org>Wed Oct 25 12:26:13 2017 +1100
tree6ff628a3a477e2e2c7c4757a74b06ab29d3430a2
parentacf559e1cffbd1d6167cc1742729fc381069f06b [diff] [blame]
upstream commit

add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)

ok markus@

Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5

diff --git a/servconf.c b/servconf.c
index 68db047..51139c3 100644
--- a/servconf.c
+++ b/servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.315 2017/10/25 00:15:35 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -91,6 +91,7 @@
 	options->listen_addrs = NULL;
 	options->num_listen_addrs = 0;
 	options->address_family = -1;
+	options->routing_domain = NULL;
 	options->num_host_key_files = 0;
 	options->num_host_cert_files = 0;
 	options->host_key_agent = NULL;
@@ -406,6 +407,7 @@
 	CLEAR_ON_NONE(options->authorized_principals_file);
 	CLEAR_ON_NONE(options->adm_forced_command);
 	CLEAR_ON_NONE(options->chroot_directory);
+	CLEAR_ON_NONE(options->routing_domain);
 	for (i = 0; i < options->num_host_key_files; i++)
 		CLEAR_ON_NONE(options->host_key_files[i]);
 	for (i = 0; i < options->num_host_cert_files; i++)
@@ -469,7 +471,7 @@
 	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
 	sStreamLocalBindMask, sStreamLocalBindUnlink,
 	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
-	sExposeAuthInfo,
+	sExposeAuthInfo, sRDomain,
 	sDeprecated, sIgnore, sUnsupported
 } ServerOpCodes;
 
@@ -614,6 +616,7 @@
 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
 	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
+	{ "rdomain", sRDomain, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };
 
@@ -1984,6 +1987,19 @@
 		intptr = &options->expose_userauth_info;
 		goto parse_flag;
 
+	case sRDomain:
+		charptr = &options->routing_domain;
+		arg = strdelim(&cp);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.",
+			    filename, linenum);
+		if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
+		    !valid_rdomain(arg))
+			fatal("%s line %d: bad routing domain",
+			    filename, linenum);
+		if (*activep && *charptr == NULL)
+			*charptr = xstrdup(arg);
+
 	case sDeprecated:
 	case sIgnore:
 	case sUnsupported:
@@ -2473,6 +2489,7 @@
 	    o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
 	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
 	    o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
+	dump_cfg_string(sRDomain, o->routing_domain);
 
 	/* string arguments requiring a lookup */
 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));