From 16d64584d67d5f72f2182497a7e45825bb05ab89 Mon Sep 17 00:00:00 2001 From: dtucker Date: Sat, 9 Jan 2010 23:31:12 +0000 Subject: [PATCH] - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@ --- ChangeLog | 13 +++++++++++++ channels.c | 26 +++++++------------------- channels.h | 3 +-- misc.c | 51 +-------------------------------------------------- misc.h | 5 +---- readconf.c | 22 +++------------------- readconf.h | 4 +--- scp.1 | 3 +-- servconf.c | 20 ++------------------ servconf.h | 4 +--- sftp.1 | 3 +-- ssh-keyscan.1 | 5 +---- ssh-keyscan.c | 19 ++++--------------- ssh.1 | 3 +-- ssh.c | 3 +-- ssh_config.5 | 5 +---- sshconnect.c | 5 ++--- sshd.c | 9 ++++----- sshd_config.5 | 5 +---- 19 files changed, 47 insertions(+), 161 deletions(-) diff --git a/ChangeLog b/ChangeLog index e38cd510..ca189f94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,19 @@ 20091210 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Remove hacks add for RoutingDomain in preparation for its removal. + - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 + [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h + ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c + readconf.h scp.1 sftp.1 ssh_config.5 misc.h] + Remove RoutingDomain from ssh since it's now not needed. It can be + replaced with "route exec" or "nc -V" as a proxycommand. "route exec" + also ensures that trafic such as DNS lookups stays withing the specified + routingdomain. For example (from reyk): + # route -T 2 exec /usr/sbin/sshd + or inherited from the parent process + $ route -T 2 exec sh + $ ssh 10.1.2.3 + ok deraadt@ markus@ stevesk@ reyk@ 20091209 - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't diff --git a/channels.c b/channels.c index 94939239..87dbe96d 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.299 2009/11/11 21:37:03 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -163,9 +163,6 @@ static u_int x11_fake_data_len; /* AF_UNSPEC or AF_INET or AF_INET6 */ static int IPv4or6 = AF_UNSPEC; -/* Set the routing domain a.k.a. VRF */ -static int channel_rdomain = -1; - /* helper */ static void port_open_helper(Channel *c, char *rtype); @@ -2466,12 +2463,6 @@ channel_set_af(int af) IPv4or6 = af; } -void -channel_set_rdomain(int rdomain) -{ - channel_rdomain = rdomain; -} - static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, int *allocated_listen_port, @@ -2580,8 +2571,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, continue; } /* Create a port to listen for the host. */ - sock = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, channel_rdomain); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { /* this is no error since kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); @@ -2922,9 +2912,8 @@ connect_next(struct channel_connect *cctx) error("connect_next: getnameinfo failed"); continue; } - if ((sock = socket_rdomain(cctx->ai->ai_family, - cctx->ai->ai_socktype, cctx->ai->ai_protocol, - channel_rdomain)) == -1) { + if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, + cctx->ai->ai_protocol)) == -1) { if (cctx->ai->ai_next == NULL) error("socket: %.100s", strerror(errno)); else @@ -3110,8 +3099,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; - sock = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, channel_rdomain); + sock = socket(ai->ai_family, ai->ai_socktype, + ai->ai_protocol); if (sock < 0) { if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { error("socket: %.100s", strerror(errno)); @@ -3286,8 +3275,7 @@ x11_connect_display(void) } for (ai = aitop; ai; ai = ai->ai_next) { /* Create a socket. */ - sock = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, channel_rdomain); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { debug2("socket: %.100s", strerror(errno)); continue; diff --git a/channels.h b/channels.h index 4dbeeb6e..f65a311d 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.100 2009/11/11 21:37:03 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.101 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -235,7 +235,6 @@ int channel_find_open(void); /* tcp forwarding */ void channel_set_af(int af); -void channel_set_rdomain(int); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); diff --git a/misc.c b/misc.c index 550b03ca..e1f72312 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.75 2010/01/09 23:04:13 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -151,43 +151,6 @@ set_nodelay(int fd) error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); } -/* open a socket in the specified routing domain */ -int -socket_rdomain(int domain, int type, int protocol, int rdomain) -{ - int sock, ipproto = IPPROTO_IP; - - if ((sock = socket(domain, type, protocol)) == -1) - return (-1); - - if (rdomain == -1) - return (sock); - - switch (domain) { - case AF_INET6: - ipproto = IPPROTO_IPV6; - /* FALLTHROUGH */ - case AF_INET: - debug2("socket %d af %d setting rdomain %d", - sock, domain, rdomain); - if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain, - sizeof(rdomain)) == -1) { - debug("setsockopt SO_RDOMAIN: %.100s", - strerror(errno)); - close(sock); - return (-1); - } - break; - default: - debug("socket %d af %d does not support rdomain %d", - sock, domain, rdomain); - close(sock); - return (-1); - } - - return (sock); -} - /* Characters considered whitespace in strsep calls. */ #define WHITESPACE " \t\r\n" #define QUOTE "\"" @@ -273,18 +236,6 @@ a2port(const char *s) return (int)port; } -int -a2rdomain(const char *s) -{ - long long rdomain; - const char *errstr; - - rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr); - if (errstr != NULL) - return -1; - return (int)rdomain; -} - int a2tun(const char *s, int *remote) { diff --git a/misc.h b/misc.h index 1e859e25..32073acd 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */ +/* $OpenBSD: misc.h,v 1.41 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -23,7 +23,6 @@ int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); -int a2rdomain(const char *); int a2tun(const char *, int *); char *put_host_port(const char *, u_short); char *hpdelim(char **); @@ -55,8 +54,6 @@ void freeargs(arglist *); int tun_open(int, int); -int socket_rdomain(int, int, int, int); - /* Common definitions for ssh tunnel device forwarding */ #define SSH_TUNMODE_NO 0x00 #define SSH_TUNMODE_POINTOPOINT 0x01 diff --git a/readconf.c b/readconf.c index 40fe8f69..d424c169 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.181 2009/12/29 16:38:41 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.182 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -130,8 +130,8 @@ typedef enum { oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, - oVisualHostKey, oUseRoaming, oRDomain, - oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported + oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, + oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -229,7 +229,6 @@ static struct { { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, { "useroaming", oUseRoaming }, - { "routingdomain", oRDomain }, #ifdef JPAKE { "zeroknowledgepasswordauthentication", oZeroKnowledgePasswordAuthentication }, @@ -920,19 +919,6 @@ parse_int: intptr = &options->use_roaming; goto parse_flag; - case oRDomain: - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", - filename, linenum); - value = a2rdomain(arg); - if (value == -1) - fatal("%.200s line %d: Bad rdomain.", - filename, linenum); - if (*activep) - options->rdomain = value; - break; - case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -1083,7 +1069,6 @@ initialize_options(Options * options) options->local_command = NULL; options->permit_local_command = -1; options->use_roaming = -1; - options->rdomain = -1; options->visual_host_key = -1; options->zero_knowledge_password_authentication = -1; } @@ -1232,7 +1217,6 @@ fill_default_options(Options * options) /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ - /* options->rdomain should not be set by default */ } /* diff --git a/readconf.h b/readconf.h index 6edc2eed..f7c0b9c6 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.80 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: readconf.h,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -125,8 +125,6 @@ typedef struct { int use_roaming; - int rdomain; /* routing domain a.k.a. VRF */ - } Options; #define SSHCTL_MASTER_NO 0 diff --git a/scp.1 b/scp.1 index 94863516..b931d0f8 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.48 2009/12/29 16:38:41 stevesk Exp $ +.\" $OpenBSD: scp.1,v 1.49 2010/01/09 23:04:13 dtucker Exp $ .\" .Dd $Mdocdate$ .Dt SCP 1 @@ -160,7 +160,6 @@ For full details of the options listed below, and their possible values, see .It PubkeyAuthentication .It RekeyLimit .It RhostsRSAAuthentication -.It RoutingDomain .It RSAAuthentication .It SendEnv .It ServerAliveInterval diff --git a/servconf.c b/servconf.c index 2cdc480e..fc3e479b 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.199 2009/12/29 16:38:41 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.200 2010/01/09 23:04:13 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -128,7 +128,6 @@ initialize_server_options(ServerOptions *options) options->adm_forced_command = NULL; options->chroot_directory = NULL; options->zero_knowledge_password_authentication = -1; - options->rdomain = -1; } void @@ -305,7 +304,7 @@ typedef enum { sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain, + sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sDeprecated, sUnsupported } ServerOpCodes; @@ -424,7 +423,6 @@ static struct { { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, - { "routingdomain", sRDomain, SSHCFG_GLOBAL }, { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1296,19 +1294,6 @@ process_server_config_line(ServerOptions *options, char *line, *charptr = xstrdup(arg); break; - case sRDomain: - intptr = &options->rdomain; - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing rdomain value.", - filename, linenum); - if ((value = a2rdomain(arg)) == -1) - fatal("%s line %d: invalid rdomain value.", - filename, linenum); - if (*intptr == -1) - *intptr = value; - break; - case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1585,7 +1570,6 @@ dump_config(ServerOptions *o) dump_cfg_int(sMaxSessions, o->max_sessions); dump_cfg_int(sClientAliveInterval, o->client_alive_interval); dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); - dump_cfg_int(sRDomain, o->rdomain); /* formatted integer arguments */ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); diff --git a/servconf.h b/servconf.h index 19c7ae60..25a3f1b2 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.88 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: servconf.h,v 1.89 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -150,8 +150,6 @@ typedef struct { int num_permitted_opens; - int rdomain; - char *chroot_directory; } ServerOptions; diff --git a/sftp.1 b/sftp.1 index b88a9cdc..7b0f688e 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.79 2009/12/29 16:38:41 stevesk Exp $ +.\" $OpenBSD: sftp.1,v 1.80 2010/01/09 23:04:13 dtucker Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -209,7 +209,6 @@ For full details of the options listed below, and their possible values, see .It PubkeyAuthentication .It RekeyLimit .It RhostsRSAAuthentication -.It RoutingDomain .It RSAAuthentication .It SendEnv .It ServerAliveInterval diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index d9f7bedc..01f31846 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.28 2010/01/09 23:04:13 dtucker Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -20,7 +20,6 @@ .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type -.Op Fl V Ar rdomain .Op Ar host | addrlist namelist .Ar ... .Ek @@ -96,8 +95,6 @@ for protocol version 2. Multiple values may be specified by separating them with commas. The default is .Dq rsa . -.It Fl V Ar rdomain -Set the routing domain. .It Fl v Verbose mode. Causes diff --git a/ssh-keyscan.c b/ssh-keyscan.c index faeb9e13..7afe446a 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -68,9 +68,6 @@ int timeout = 5; int maxfd; #define MAXCON (maxfd - 10) -/* The default routing domain */ -int scan_rdomain = -1; - extern char *__progname; fd_set *read_wait; size_t read_wait_nfdset; @@ -415,8 +412,7 @@ tcpconnect(char *host) if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr)); for (ai = aitop; ai; ai = ai->ai_next) { - s = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, scan_rdomain); + s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (s < 0) { error("socket: %s", strerror(errno)); continue; @@ -719,7 +715,7 @@ usage(void) { fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" - "\t\t [-V rdomain] [host | addrlist namelist] ...\n", + "\t\t [host | addrlist namelist] ...\n", __progname); exit(1); } @@ -745,7 +741,7 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) { + while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -806,13 +802,6 @@ main(int argc, char **argv) case '6': IPv4or6 = AF_INET6; break; - case 'V': - scan_rdomain = a2rdomain(optarg); - if (scan_rdomain == -1) { - fprintf(stderr, "Bad rdomain '%s'\n", optarg); - exit(1); - } - break; case '?': default: usage(); diff --git a/ssh.1 b/ssh.1 index 54e69148..c0d149de 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.288 2009/12/29 16:38:41 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.289 2010/01/09 23:04:13 dtucker Exp $ .Dd $Mdocdate$ .Dt SSH 1 .Os @@ -478,7 +478,6 @@ For full details of the options listed below, and their possible values, see .It RekeyLimit .It RemoteForward .It RhostsRSAAuthentication -.It RoutingDomain .It RSAAuthentication .It SendEnv .It ServerAliveInterval diff --git a/ssh.c b/ssh.c index 6abf31b5..ee30e2b2 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.329 2009/12/20 07:28:36 guenther Exp $ */ +/* $OpenBSD: ssh.c,v 1.330 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -630,7 +630,6 @@ main(int ac, char **av) fill_default_options(&options); channel_set_af(options.address_family); - channel_set_rdomain(options.rdomain); /* reinit */ log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); diff --git a/ssh_config.5 b/ssh_config.5 index 7c01a1a9..7d577360 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.125 2009/12/29 18:03:32 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.126 2010/01/09 23:04:13 dtucker Exp $ .Dd $Mdocdate$ .Dt SSH_CONFIG 5 .Os @@ -857,9 +857,6 @@ The default is This option applies to protocol version 1 only and requires .Xr ssh 1 to be setuid root. -.It Cm RoutingDomain -Set the routing domain number. -The default routing domain is set by the system. .It Cm RSAAuthentication Specifies whether to try RSA authentication. The argument to this keyword must be diff --git a/sshconnect.c b/sshconnect.c index 3c8308ff..5cfc3c16 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.217 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -191,8 +191,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai) debug("Allocated local port %d.", p); return sock; } - sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol, - options.rdomain); + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { error("socket: %.100s", strerror(errno)); return -1; diff --git a/sshd.c b/sshd.c index bdaf1574..4e34f243 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.369 2010/01/09 11:17:56 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.370 2010/01/09 23:04:13 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -961,8 +961,8 @@ server_listen(void) continue; } /* Create socket for listening. */ - listen_sock = socket_rdomain(ai->ai_family, ai->ai_socktype, - ai->ai_protocol, options.rdomain); + listen_sock = socket(ai->ai_family, ai->ai_socktype, + ai->ai_protocol); if (listen_sock < 0) { /* kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); @@ -1470,9 +1470,8 @@ main(int ac, char **av) if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; - /* set default channel AF and routing domain */ + /* set default channel AF */ channel_set_af(options.address_family); - channel_set_rdomain(options.rdomain); /* Check that there are no remaining arguments. */ if (optind < ac) { diff --git a/sshd_config.5 b/sshd_config.5 index b74ab5b8..1e5390a6 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.115 2009/12/29 18:03:32 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.116 2010/01/09 23:04:13 dtucker Exp $ .Dd $Mdocdate$ .Dt SSHD_CONFIG 5 .Os @@ -812,9 +812,6 @@ with successful RSA host authentication is allowed. The default is .Dq no . This option applies to protocol version 1 only. -.It Cm RoutingDomain -Set the routing domain number. -The default routing domain is set by the system. .It Cm RSAAuthentication Specifies whether pure RSA authentication is allowed. The default is -- 2.45.1