diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-10-25 00:17:08 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-10-25 12:26:13 +1100 |
commit | 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a (patch) | |
tree | 6ff628a3a477e2e2c7c4757a74b06ab29d3430a2 /sshd.c | |
parent | acf559e1cffbd1d6167cc1742729fc381069f06b (diff) |
upstream commit
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)
ok markus@
Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 30 |
1 files changed, 29 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.494 2017/10/25 00:15:35 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.495 2017/10/25 00:17:08 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1368,6 +1368,31 @@ check_ip_options(struct ssh *ssh) #endif /* IP_OPTIONS */ } +/* Set the routing domain for this process */ +static void +set_process_rdomain(struct ssh *ssh, const char *name) +{ + int rtable, ortable = getrtable(); + const char *errstr; + + if (name == NULL) + return; /* default */ + + if (strcmp(name, "%D") == 0) { + /* "expands" to routing domain of connection */ + if ((name = ssh_packet_rdomain_in(ssh)) == NULL) + return; + } + + rtable = (int)strtonum(name, 0, 255, &errstr); + if (errstr != NULL) /* Shouldn't happen */ + fatal("Invalid routing domain \"%s\": %s", name, errstr); + if (rtable != ortable && setrtable(rtable) != 0) + fatal("Unable to set routing domain %d: %s", + rtable, strerror(errno)); + debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable); +} + /* * Main program for the daemon. */ @@ -1983,6 +2008,9 @@ main(int ac, char **av) cleanup_exit(255); } + if (options.routing_domain != NULL) + set_process_rdomain(ssh, options.routing_domain); + /* * The rest of the code depends on the fact that * ssh_remote_ipaddr() caches the remote ip, even if |