RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-03-25 04:36:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2010/01/09 23:04:13

Browse Source 
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
     Remove RoutingDomain from ssh since it's now not needed.  It can be
     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
     also ensures that trafic such as DNS lookups stays withing the specified
     routingdomain.  For example (from reyk):
     # route -T 2 exec /usr/sbin/sshd
     or inherited from the parent process
     $ route -T 2 exec sh
     $ ssh 10.1.2.3
     ok deraadt@ markus@ stevesk@ reyk@
This commit is contained in:
Darren Tucker 2010-01-10 10:31:12 +11:00
parent 8c65f646a9
commit 7bd98e7f74
19 changed files with 53 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ChangeLog
View File

@ -1,6 +1,19 @@
20091210
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
Remove hacks add for RoutingDomain in preparation for its removal.
- dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
Remove RoutingDomain from ssh since it's now not needed. It can be
replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
also ensures that trafic such as DNS lookups stays withing the specified
routingdomain. For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
20091209
- (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't

26
channels.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.299 2009/11/11 21:37:03 markus Exp $ */
/* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -163,9 +163,6 @@ static u_int x11_fake_data_len;
/* AF_UNSPEC or AF_INET or AF_INET6 */
static int IPv4or6 = AF_UNSPEC;
/* Set the routing domain a.k.a. VRF */
static int channel_rdomain = -1;
/* helper */
static void port_open_helper(Channel *c, char *rtype);
@ -2466,12 +2463,6 @@ channel_set_af(int af)
IPv4or6 = af;
}
void
channel_set_rdomain(int rdomain)
{
channel_rdomain = rdomain;
}
static int
channel_setup_fwd_listener(int type, const char *listen_addr,
u_short listen_port, int *allocated_listen_port,
@ -2580,8 +2571,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
continue;
}
/* Create a port to listen for the host. */
sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
ai->ai_protocol, channel_rdomain);
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
/* this is no error since kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
@ -2922,9 +2912,8 @@ connect_next(struct channel_connect *cctx)
error("connect_next: getnameinfo failed");
continue;
}
if ((sock = socket_rdomain(cctx->ai->ai_family,
cctx->ai->ai_socktype, cctx->ai->ai_protocol,
channel_rdomain)) == -1) {
if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
cctx->ai->ai_protocol)) == -1) {
if (cctx->ai->ai_next == NULL)
error("socket: %.100s", strerror(errno));
else
@ -3110,8 +3099,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
ai->ai_protocol, channel_rdomain);
sock = socket(ai->ai_family, ai->ai_socktype,
ai->ai_protocol);
if (sock < 0) {
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
error("socket: %.100s", strerror(errno));
@ -3286,8 +3275,7 @@ x11_connect_display(void)
}
for (ai = aitop; ai; ai = ai->ai_next) {
/* Create a socket. */
sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
ai->ai_protocol, channel_rdomain);
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
debug2("socket: %.100s", strerror(errno));
continue;

3
channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.100 2009/11/11 21:37:03 markus Exp $ */
/* $OpenBSD: channels.h,v 1.101 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -235,7 +235,6 @@ int channel_find_open(void);
/* tcp forwarding */
void channel_set_af(int af);
void channel_set_rdomain(int);
void channel_permit_all_opens(void);
void channel_add_permitted_opens(char *, int);
int channel_add_adm_permitted_opens(char *, int);

51
misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */
/* $OpenBSD: misc.c,v 1.75 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@ -151,43 +151,6 @@ set_nodelay(int fd)
error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}
/* open a socket in the specified routing domain */
int
socket_rdomain(int domain, int type, int protocol, int rdomain)
{
int sock, ipproto = IPPROTO_IP;
if ((sock = socket(domain, type, protocol)) == -1)
return (-1);
if (rdomain == -1)
return (sock);
switch (domain) {
case AF_INET6:
ipproto = IPPROTO_IPV6;
/* FALLTHROUGH */
case AF_INET:
debug2("socket %d af %d setting rdomain %d",
sock, domain, rdomain);
if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain,
sizeof(rdomain)) == -1) {
debug("setsockopt SO_RDOMAIN: %.100s",
strerror(errno));
close(sock);
return (-1);
}
break;
default:
debug("socket %d af %d does not support rdomain %d",
sock, domain, rdomain);
close(sock);
return (-1);
}
return (sock);
}
/* Characters considered whitespace in strsep calls. */
#define WHITESPACE " \t\r\n"
#define QUOTE "\""
@ -273,18 +236,6 @@ a2port(const char *s)
return (int)port;
}
int
a2rdomain(const char *s)
{
long long rdomain;
const char *errstr;
rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr);
if (errstr != NULL)
return -1;
return (int)rdomain;
}
int
a2tun(const char *s, int *remote)
{

5
misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */
/* $OpenBSD: misc.h,v 1.41 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -23,7 +23,6 @@ int set_nonblock(int);
int unset_nonblock(int);
void set_nodelay(int);
int a2port(const char *);
int a2rdomain(const char *);
int a2tun(const char *, int *);
char *put_host_port(const char *, u_short);
char *hpdelim(char **);
@ -55,8 +54,6 @@ void freeargs(arglist *);
int tun_open(int, int);
int socket_rdomain(int, int, int, int);
/* Common definitions for ssh tunnel device forwarding */
#define SSH_TUNMODE_NO 0x00
#define SSH_TUNMODE_POINTOPOINT 0x01

22
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.181 2009/12/29 16:38:41 stevesk Exp $ */
/* $OpenBSD: readconf.c,v 1.182 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -130,8 +130,8 @@ typedef enum {
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVisualHostKey, oUseRoaming, oRDomain,
oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
@ -229,7 +229,6 @@ static struct {
{ "permitlocalcommand", oPermitLocalCommand },
{ "visualhostkey", oVisualHostKey },
{ "useroaming", oUseRoaming },
{ "routingdomain", oRDomain },
#ifdef JPAKE
{ "zeroknowledgepasswordauthentication",
oZeroKnowledgePasswordAuthentication },
@ -920,19 +919,6 @@ parse_int:
intptr = &options->use_roaming;
goto parse_flag;
case oRDomain:
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.",
filename, linenum);
value = a2rdomain(arg);
if (value == -1)
fatal("%.200s line %d: Bad rdomain.",
filename, linenum);
if (*activep)
options->rdomain = value;
break;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@ -1083,7 +1069,6 @@ initialize_options(Options * options)
options->local_command = NULL;
options->permit_local_command = -1;
options->use_roaming = -1;
options->rdomain = -1;
options->visual_host_key = -1;
options->zero_knowledge_password_authentication = -1;
}
@ -1232,7 +1217,6 @@ fill_default_options(Options * options)
/* options->hostname will be set in the main program if appropriate */
/* options->host_key_alias should not be set by default */
/* options->preferred_authentications will be set in ssh */
/* options->rdomain should not be set by default */
}
/*

4
readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.80 2009/10/28 16:38:18 reyk Exp $ */
/* $OpenBSD: readconf.h,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -125,8 +125,6 @@ typedef struct {
int use_roaming;
int rdomain; /* routing domain a.k.a. VRF */
} Options;
#define SSHCTL_MASTER_NO 0

5
scp.1
View File

@ -9,9 +9,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.48 2009/12/29 16:38:41 stevesk Exp $
.\" $OpenBSD: scp.1,v 1.49 2010/01/09 23:04:13 dtucker Exp $
.\"
.Dd $Mdocdate: December 29 2009 $
.Dd $Mdocdate: January 9 2010 $
.Dt SCP 1
.Os
.Sh NAME
@ -160,7 +160,6 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAuthentication
.It RekeyLimit
.It RhostsRSAAuthentication
.It RoutingDomain
.It RSAAuthentication
.It SendEnv
.It ServerAliveInterval

20
servconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.199 2009/12/29 16:38:41 stevesk Exp $ */
/* $OpenBSD: servconf.c,v 1.200 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -128,7 +128,6 @@ initialize_server_options(ServerOptions *options)
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
options->zero_knowledge_password_authentication = -1;
options->rdomain = -1;
}
void
@ -305,7 +304,7 @@ typedef enum {
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication,
sDeprecated, sUnsupported
} ServerOpCodes;
@ -424,7 +423,6 @@ static struct {
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
{ "routingdomain", sRDomain, SSHCFG_GLOBAL },
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@ -1296,19 +1294,6 @@ process_server_config_line(ServerOptions *options, char *line,
*charptr = xstrdup(arg);
break;
case sRDomain:
intptr = &options->rdomain;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing rdomain value.",
filename, linenum);
if ((value = a2rdomain(arg)) == -1)
fatal("%s line %d: invalid rdomain value.",
filename, linenum);
if (*intptr == -1)
*intptr = value;
break;
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
@ -1585,7 +1570,6 @@ dump_config(ServerOptions *o)
dump_cfg_int(sMaxSessions, o->max_sessions);
dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
dump_cfg_int(sRDomain, o->rdomain);
/* formatted integer arguments */
dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);

4
servconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.88 2009/10/28 16:38:18 reyk Exp $ */
/* $OpenBSD: servconf.h,v 1.89 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -150,8 +150,6 @@ typedef struct {
int num_permitted_opens;
int rdomain;
char *chroot_directory;
} ServerOptions;

5
sftp.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp.1,v 1.79 2009/12/29 16:38:41 stevesk Exp $
.\" $OpenBSD: sftp.1,v 1.80 2010/01/09 23:04:13 dtucker Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 29 2009 $
.Dd $Mdocdate: January 9 2010 $
.Dt SFTP 1
.Os
.Sh NAME
@ -209,7 +209,6 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAuthentication
.It RekeyLimit
.It RhostsRSAAuthentication
.It RoutingDomain
.It RSAAuthentication
.It SendEnv
.It ServerAliveInterval

7
ssh-keyscan.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $
.\" $OpenBSD: ssh-keyscan.1,v 1.28 2010/01/09 23:04:13 dtucker Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
.Dd $Mdocdate: October 28 2009 $
.Dd $Mdocdate: January 9 2010 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@ -20,7 +20,6 @@
.Op Fl p Ar port
.Op Fl T Ar timeout
.Op Fl t Ar type
.Op Fl V Ar rdomain
.Op Ar host | addrlist namelist
.Ar ...
.Ek
@ -96,8 +95,6 @@ for protocol version 2.
Multiple values may be specified by separating them with commas.
The default is
.Dq rsa .
.It Fl V Ar rdomain
Set the routing domain.
.It Fl v
Verbose mode.
Causes

19
ssh-keyscan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@ -68,9 +68,6 @@ int timeout = 5;
int maxfd;
#define MAXCON (maxfd - 10)
/* The default routing domain */
int scan_rdomain = -1;
extern char *__progname;
fd_set *read_wait;
size_t read_wait_nfdset;
@ -415,8 +412,7 @@ tcpconnect(char *host)
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
for (ai = aitop; ai; ai = ai->ai_next) {
s = socket_rdomain(ai->ai_family, ai->ai_socktype,
ai->ai_protocol, scan_rdomain);
s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (s < 0) {
error("socket: %s", strerror(errno));
continue;
@ -719,7 +715,7 @@ usage(void)
{
fprintf(stderr,
"usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
"\t\t [-V rdomain] [host | addrlist namelist] ...\n",
"\t\t [host | addrlist namelist] ...\n",
__progname);
exit(1);
}
@ -745,7 +741,7 @@ main(int argc, char **argv)
if (argc <= 1)
usage();
while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) {
while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) {
switch (opt) {
case 'H':
hash_hosts = 1;
@ -806,13 +802,6 @@ main(int argc, char **argv)
case '6':
IPv4or6 = AF_INET6;
break;
case 'V':
scan_rdomain = a2rdomain(optarg);
if (scan_rdomain == -1) {
fprintf(stderr, "Bad rdomain '%s'\n", optarg);
exit(1);
}
break;
case '?':
default:
usage();

5
ssh.1
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.288 2009/12/29 16:38:41 stevesk Exp $
.Dd $Mdocdate: December 29 2009 $
.\" $OpenBSD: ssh.1,v 1.289 2010/01/09 23:04:13 dtucker Exp $
.Dd $Mdocdate: January 9 2010 $
.Dt SSH 1
.Os
.Sh NAME
@ -478,7 +478,6 @@ For full details of the options listed below, and their possible values, see
.It RekeyLimit
.It RemoteForward
.It RhostsRSAAuthentication
.It RoutingDomain
.It RSAAuthentication
.It SendEnv
.It ServerAliveInterval

3
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.329 2009/12/20 07:28:36 guenther Exp $ */
/* $OpenBSD: ssh.c,v 1.330 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -630,7 +630,6 @@ main(int ac, char **av)
fill_default_options(&options);
channel_set_af(options.address_family);
channel_set_rdomain(options.rdomain);
/* reinit */
log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);

7
ssh_config.5
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.125 2009/12/29 18:03:32 jmc Exp $
.Dd $Mdocdate: December 29 2009 $
.\" $OpenBSD: ssh_config.5,v 1.126 2010/01/09 23:04:13 dtucker Exp $
.Dd $Mdocdate: January 9 2010 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -857,9 +857,6 @@ The default is
This option applies to protocol version 1 only and requires
.Xr ssh 1
to be setuid root.
.It Cm RoutingDomain
Set the routing domain number.
The default routing domain is set by the system.
.It Cm RSAAuthentication
Specifies whether to try RSA authentication.
The argument to this keyword must be

5
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
/* $OpenBSD: sshconnect.c,v 1.217 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -191,8 +191,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
debug("Allocated local port %d.", p);
return sock;
}
sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
options.rdomain);
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
error("socket: %.100s", strerror(errno));
return -1;

9
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.369 2010/01/09 11:17:56 dtucker Exp $ */
/* $OpenBSD: sshd.c,v 1.370 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -961,8 +961,8 @@ server_listen(void)
continue;
}
/* Create socket for listening. */
listen_sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
ai->ai_protocol, options.rdomain);
listen_sock = socket(ai->ai_family, ai->ai_socktype,
ai->ai_protocol);
if (listen_sock < 0) {
/* kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
@ -1470,9 +1470,8 @@ main(int ac, char **av)
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
/* set default channel AF and routing domain */
/* set default channel AF */
channel_set_af(options.address_family);
channel_set_rdomain(options.rdomain);
/* Check that there are no remaining arguments. */
if (optind < ac) {

7
sshd_config.5
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.115 2009/12/29 18:03:32 jmc Exp $
.Dd $Mdocdate: December 29 2009 $
.\" $OpenBSD: sshd_config.5,v 1.116 2010/01/09 23:04:13 dtucker Exp $
.Dd $Mdocdate: January 9 2010 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -812,9 +812,6 @@ with successful RSA host authentication is allowed.
The default is
.Dq no .
This option applies to protocol version 1 only.
.It Cm RoutingDomain
Set the routing domain number.
The default routing domain is set by the system.
.It Cm RSAAuthentication
Specifies whether pure RSA authentication is allowed.
The default is