summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2010-01-10 10:31:12 +1100
committerDarren Tucker <dtucker@zip.com.au>2010-01-10 10:31:12 +1100
commit7bd98e7f74ebd8bd32157b607acedcb68201b7de (patch)
treeb62a62fcc4def0b22e48f6dde5e414a77e4d2244
parent8c65f646a93ed2f61da65ba0ecf65a99bd585b79 (diff)
- dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
-rw-r--r--ChangeLog13
-rw-r--r--channels.c26
-rw-r--r--channels.h3
-rw-r--r--misc.c51
-rw-r--r--misc.h5
-rw-r--r--readconf.c22
-rw-r--r--readconf.h4
-rw-r--r--scp.15
-rw-r--r--servconf.c20
-rw-r--r--servconf.h4
-rw-r--r--sftp.15
-rw-r--r--ssh-keyscan.17
-rw-r--r--ssh-keyscan.c19
-rw-r--r--ssh.15
-rw-r--r--ssh.c3
-rw-r--r--ssh_config.57
-rw-r--r--sshconnect.c5
-rw-r--r--sshd.c9
-rw-r--r--sshd_config.57
19 files changed, 53 insertions, 167 deletions
diff --git a/ChangeLog b/ChangeLog
index e38cd510..ca189f94 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,19 @@
20091210
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
Remove hacks add for RoutingDomain in preparation for its removal.
+ - dtucker@cvs.openbsd.org 2010/01/09 23:04:13
+ [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
+ ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
+ readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
+ Remove RoutingDomain from ssh since it's now not needed. It can be
+ replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
+ also ensures that trafic such as DNS lookups stays withing the specified
+ routingdomain. For example (from reyk):
+ # route -T 2 exec /usr/sbin/sshd
+ or inherited from the parent process
+ $ route -T 2 exec sh
+ $ ssh 10.1.2.3
+ ok deraadt@ markus@ stevesk@ reyk@
20091209
- (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't
diff --git a/channels.c b/channels.c
index 94939239..87dbe96d 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.299 2009/11/11 21:37:03 markus Exp $ */
+/* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -163,9 +163,6 @@ static u_int x11_fake_data_len;
/* AF_UNSPEC or AF_INET or AF_INET6 */
static int IPv4or6 = AF_UNSPEC;
-/* Set the routing domain a.k.a. VRF */
-static int channel_rdomain = -1;
-
/* helper */
static void port_open_helper(Channel *c, char *rtype);
@@ -2466,12 +2463,6 @@ channel_set_af(int af)
IPv4or6 = af;
}
-void
-channel_set_rdomain(int rdomain)
-{
- channel_rdomain = rdomain;
-}
-
static int
channel_setup_fwd_listener(int type, const char *listen_addr,
u_short listen_port, int *allocated_listen_port,
@@ -2580,8 +2571,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
continue;
}
/* Create a port to listen for the host. */
- sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
- ai->ai_protocol, channel_rdomain);
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
/* this is no error since kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
@@ -2922,9 +2912,8 @@ connect_next(struct channel_connect *cctx)
error("connect_next: getnameinfo failed");
continue;
}
- if ((sock = socket_rdomain(cctx->ai->ai_family,
- cctx->ai->ai_socktype, cctx->ai->ai_protocol,
- channel_rdomain)) == -1) {
+ if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
+ cctx->ai->ai_protocol)) == -1) {
if (cctx->ai->ai_next == NULL)
error("socket: %.100s", strerror(errno));
else
@@ -3110,8 +3099,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
- sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
- ai->ai_protocol, channel_rdomain);
+ sock = socket(ai->ai_family, ai->ai_socktype,
+ ai->ai_protocol);
if (sock < 0) {
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
error("socket: %.100s", strerror(errno));
@@ -3286,8 +3275,7 @@ x11_connect_display(void)
}
for (ai = aitop; ai; ai = ai->ai_next) {
/* Create a socket. */
- sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
- ai->ai_protocol, channel_rdomain);
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
debug2("socket: %.100s", strerror(errno));
continue;
diff --git a/channels.h b/channels.h
index 4dbeeb6e..f65a311d 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.100 2009/11/11 21:37:03 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.101 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -235,7 +235,6 @@ int channel_find_open(void);
/* tcp forwarding */
void channel_set_af(int af);
-void channel_set_rdomain(int);
void channel_permit_all_opens(void);
void channel_add_permitted_opens(char *, int);
int channel_add_adm_permitted_opens(char *, int);
diff --git a/misc.c b/misc.c
index 550b03ca..e1f72312 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: misc.c,v 1.75 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -151,43 +151,6 @@ set_nodelay(int fd)
error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}
-/* open a socket in the specified routing domain */
-int
-socket_rdomain(int domain, int type, int protocol, int rdomain)
-{
- int sock, ipproto = IPPROTO_IP;
-
- if ((sock = socket(domain, type, protocol)) == -1)
- return (-1);
-
- if (rdomain == -1)
- return (sock);
-
- switch (domain) {
- case AF_INET6:
- ipproto = IPPROTO_IPV6;
- /* FALLTHROUGH */
- case AF_INET:
- debug2("socket %d af %d setting rdomain %d",
- sock, domain, rdomain);
- if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain,
- sizeof(rdomain)) == -1) {
- debug("setsockopt SO_RDOMAIN: %.100s",
- strerror(errno));
- close(sock);
- return (-1);
- }
- break;
- default:
- debug("socket %d af %d does not support rdomain %d",
- sock, domain, rdomain);
- close(sock);
- return (-1);
- }
-
- return (sock);
-}
-
/* Characters considered whitespace in strsep calls. */
#define WHITESPACE " \t\r\n"
#define QUOTE "\""
@@ -274,18 +237,6 @@ a2port(const char *s)
}
int
-a2rdomain(const char *s)
-{
- long long rdomain;
- const char *errstr;
-
- rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr);
- if (errstr != NULL)
- return -1;
- return (int)rdomain;
-}
-
-int
a2tun(const char *s, int *remote)
{
const char *errstr = NULL;
diff --git a/misc.h b/misc.h
index 1e859e25..32073acd 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: misc.h,v 1.41 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -23,7 +23,6 @@ int set_nonblock(int);
int unset_nonblock(int);
void set_nodelay(int);
int a2port(const char *);
-int a2rdomain(const char *);
int a2tun(const char *, int *);
char *put_host_port(const char *, u_short);
char *hpdelim(char **);
@@ -55,8 +54,6 @@ void freeargs(arglist *);
int tun_open(int, int);
-int socket_rdomain(int, int, int, int);
-
/* Common definitions for ssh tunnel device forwarding */
#define SSH_TUNMODE_NO 0x00
#define SSH_TUNMODE_POINTOPOINT 0x01
diff --git a/readconf.c b/readconf.c
index 40fe8f69..d424c169 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.181 2009/12/29 16:38:41 stevesk Exp $ */
+/* $OpenBSD: readconf.c,v 1.182 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -130,8 +130,8 @@ typedef enum {
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
- oVisualHostKey, oUseRoaming, oRDomain,
- oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported
+ oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
+ oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
@@ -229,7 +229,6 @@ static struct {
{ "permitlocalcommand", oPermitLocalCommand },
{ "visualhostkey", oVisualHostKey },
{ "useroaming", oUseRoaming },
- { "routingdomain", oRDomain },
#ifdef JPAKE
{ "zeroknowledgepasswordauthentication",
oZeroKnowledgePasswordAuthentication },
@@ -920,19 +919,6 @@ parse_int:
intptr = &options->use_roaming;
goto parse_flag;
- case oRDomain:
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.",
- filename, linenum);
- value = a2rdomain(arg);
- if (value == -1)
- fatal("%.200s line %d: Bad rdomain.",
- filename, linenum);
- if (*activep)
- options->rdomain = value;
- break;
-
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@@ -1083,7 +1069,6 @@ initialize_options(Options * options)
options->local_command = NULL;
options->permit_local_command = -1;
options->use_roaming = -1;
- options->rdomain = -1;
options->visual_host_key = -1;
options->zero_knowledge_password_authentication = -1;
}
@@ -1232,7 +1217,6 @@ fill_default_options(Options * options)
/* options->hostname will be set in the main program if appropriate */
/* options->host_key_alias should not be set by default */
/* options->preferred_authentications will be set in ssh */
- /* options->rdomain should not be set by default */
}
/*
diff --git a/readconf.h b/readconf.h
index 6edc2eed..f7c0b9c6 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.80 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: readconf.h,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -125,8 +125,6 @@ typedef struct {
int use_roaming;
- int rdomain; /* routing domain a.k.a. VRF */
-
} Options;
#define SSHCTL_MASTER_NO 0
diff --git a/scp.1 b/scp.1
index 1d1cad0b..74ee5db1 100644
--- a/scp.1
+++ b/scp.1
@@ -9,9 +9,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.48 2009/12/29 16:38:41 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.49 2010/01/09 23:04:13 dtucker Exp $
.\"
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
.Dt SCP 1
.Os
.Sh NAME
@@ -160,7 +160,6 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAuthentication
.It RekeyLimit
.It RhostsRSAAuthentication
-.It RoutingDomain
.It RSAAuthentication
.It SendEnv
.It ServerAliveInterval
diff --git a/servconf.c b/servconf.c
index 2cdc480e..fc3e479b 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.199 2009/12/29 16:38:41 stevesk Exp $ */
+/* $OpenBSD: servconf.c,v 1.200 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -128,7 +128,6 @@ initialize_server_options(ServerOptions *options)
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
options->zero_knowledge_password_authentication = -1;
- options->rdomain = -1;
}
void
@@ -305,7 +304,7 @@ typedef enum {
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -424,7 +423,6 @@ static struct {
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
- { "routingdomain", sRDomain, SSHCFG_GLOBAL },
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -1296,19 +1294,6 @@ process_server_config_line(ServerOptions *options, char *line,
*charptr = xstrdup(arg);
break;
- case sRDomain:
- intptr = &options->rdomain;
- arg = strdelim(&cp);
- if (!arg || *arg == '\0')
- fatal("%s line %d: missing rdomain value.",
- filename, linenum);
- if ((value = a2rdomain(arg)) == -1)
- fatal("%s line %d: invalid rdomain value.",
- filename, linenum);
- if (*intptr == -1)
- *intptr = value;
- break;
-
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
@@ -1585,7 +1570,6 @@ dump_config(ServerOptions *o)
dump_cfg_int(sMaxSessions, o->max_sessions);
dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
- dump_cfg_int(sRDomain, o->rdomain);
/* formatted integer arguments */
dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
diff --git a/servconf.h b/servconf.h
index 19c7ae60..25a3f1b2 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.88 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: servconf.h,v 1.89 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -150,8 +150,6 @@ typedef struct {
int num_permitted_opens;
- int rdomain;
-
char *chroot_directory;
} ServerOptions;
diff --git a/sftp.1 b/sftp.1
index 81d87680..3ec7a023 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.79 2009/12/29 16:38:41 stevesk Exp $
+.\" $OpenBSD: sftp.1,v 1.80 2010/01/09 23:04:13 dtucker Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
.Dt SFTP 1
.Os
.Sh NAME
@@ -209,7 +209,6 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAuthentication
.It RekeyLimit
.It RhostsRSAAuthentication
-.It RoutingDomain
.It RSAAuthentication
.It SendEnv
.It ServerAliveInterval
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index c9fb597e..78255ff7 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.28 2010/01/09 23:04:13 dtucker Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd $Mdocdate: October 28 2009 $
+.Dd $Mdocdate: January 9 2010 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@@ -20,7 +20,6 @@
.Op Fl p Ar port
.Op Fl T Ar timeout
.Op Fl t Ar type
-.Op Fl V Ar rdomain
.Op Ar host | addrlist namelist
.Ar ...
.Ek
@@ -96,8 +95,6 @@ for protocol version 2.
Multiple values may be specified by separating them with commas.
The default is
.Dq rsa .
-.It Fl V Ar rdomain
-Set the routing domain.
.It Fl v
Verbose mode.
Causes
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index faeb9e13..7afe446a 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -68,9 +68,6 @@ int timeout = 5;
int maxfd;
#define MAXCON (maxfd - 10)
-/* The default routing domain */
-int scan_rdomain = -1;
-
extern char *__progname;
fd_set *read_wait;
size_t read_wait_nfdset;
@@ -415,8 +412,7 @@ tcpconnect(char *host)
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
for (ai = aitop; ai; ai = ai->ai_next) {
- s = socket_rdomain(ai->ai_family, ai->ai_socktype,
- ai->ai_protocol, scan_rdomain);
+ s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (s < 0) {
error("socket: %s", strerror(errno));
continue;
@@ -719,7 +715,7 @@ usage(void)
{
fprintf(stderr,
"usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
- "\t\t [-V rdomain] [host | addrlist namelist] ...\n",
+ "\t\t [host | addrlist namelist] ...\n",
__progname);
exit(1);
}
@@ -745,7 +741,7 @@ main(int argc, char **argv)
if (argc <= 1)
usage();
- while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) {
+ while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) {
switch (opt) {
case 'H':
hash_hosts = 1;
@@ -806,13 +802,6 @@ main(int argc, char **argv)
case '6':
IPv4or6 = AF_INET6;
break;
- case 'V':
- scan_rdomain = a2rdomain(optarg);
- if (scan_rdomain == -1) {
- fprintf(stderr, "Bad rdomain '%s'\n", optarg);
- exit(1);
- }
- break;
case '?':
default:
usage();
diff --git a/ssh.1 b/ssh.1
index 2f6ef5ff..8b228fcd 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.288 2009/12/29 16:38:41 stevesk Exp $
-.Dd $Mdocdate: December 29 2009 $
+.\" $OpenBSD: ssh.1,v 1.289 2010/01/09 23:04:13 dtucker Exp $
+.Dd $Mdocdate: January 9 2010 $
.Dt SSH 1
.Os
.Sh NAME
@@ -478,7 +478,6 @@ For full details of the options listed below, and their possible values, see
.It RekeyLimit
.It RemoteForward
.It RhostsRSAAuthentication
-.It RoutingDomain
.It RSAAuthentication
.It SendEnv
.It ServerAliveInterval
diff --git a/ssh.c b/ssh.c
index 6abf31b5..ee30e2b2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.329 2009/12/20 07:28:36 guenther Exp $ */
+/* $OpenBSD: ssh.c,v 1.330 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -630,7 +630,6 @@ main(int ac, char **av)
fill_default_options(&options);
channel_set_af(options.address_family);
- channel_set_rdomain(options.rdomain);
/* reinit */
log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
diff --git a/ssh_config.5 b/ssh_config.5
index 3ffc469c..01f5f430 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.125 2009/12/29 18:03:32 jmc Exp $
-.Dd $Mdocdate: December 29 2009 $
+.\" $OpenBSD: ssh_config.5,v 1.126 2010/01/09 23:04:13 dtucker Exp $
+.Dd $Mdocdate: January 9 2010 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -857,9 +857,6 @@ The default is
This option applies to protocol version 1 only and requires
.Xr ssh 1
to be setuid root.
-.It Cm RoutingDomain
-Set the routing domain number.
-The default routing domain is set by the system.
.It Cm RSAAuthentication
Specifies whether to try RSA authentication.
The argument to this keyword must be
diff --git a/sshconnect.c b/sshconnect.c
index 3c8308ff..5cfc3c16 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.217 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -191,8 +191,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
debug("Allocated local port %d.", p);
return sock;
}
- sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
- options.rdomain);
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
error("socket: %.100s", strerror(errno));
return -1;
diff --git a/sshd.c b/sshd.c
index bdaf1574..4e34f243 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.369 2010/01/09 11:17:56 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.370 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -961,8 +961,8 @@ server_listen(void)
continue;
}
/* Create socket for listening. */
- listen_sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
- ai->ai_protocol, options.rdomain);
+ listen_sock = socket(ai->ai_family, ai->ai_socktype,
+ ai->ai_protocol);
if (listen_sock < 0) {
/* kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
@@ -1470,9 +1470,8 @@ main(int ac, char **av)
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
- /* set default channel AF and routing domain */
+ /* set default channel AF */
channel_set_af(options.address_family);
- channel_set_rdomain(options.rdomain);
/* Check that there are no remaining arguments. */
if (optind < ac) {
diff --git a/sshd_config.5 b/sshd_config.5
index a3326447..bf3319c4 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.115 2009/12/29 18:03:32 jmc Exp $
-.Dd $Mdocdate: December 29 2009 $
+.\" $OpenBSD: sshd_config.5,v 1.116 2010/01/09 23:04:13 dtucker Exp $
+.Dd $Mdocdate: January 9 2010 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -812,9 +812,6 @@ with successful RSA host authentication is allowed.
The default is
.Dq no .
This option applies to protocol version 1 only.
-.It Cm RoutingDomain
-Set the routing domain number.
-The default routing domain is set by the system.
.It Cm RSAAuthentication
Specifies whether pure RSA authentication is allowed.
The default is