From d7eabc86fa049a12ba2c3fb198bd1d51b37f7025 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 19 Jul 2016 11:38:53 +0000 Subject: upstream commit Allow wildcard for PermitOpen hosts as well as ports. bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok markus@ Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2 --- channels.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'channels.c') diff --git a/channels.c b/channels.c index 7ee1f98d0..9f9e972f4 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.350 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.351 2016/07/19 11:38:53 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -138,6 +138,9 @@ static int num_adm_permitted_opens = 0; /* special-case port number meaning allow any port */ #define FWD_PERMIT_ANY_PORT 0 +/* special-case wildcard meaning allow any host */ +#define FWD_PERMIT_ANY_HOST "*" + /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -3298,7 +3301,8 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost, if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT && allowed_open->port_to_connect != requestedport) return 0; - if (strcmp(allowed_open->host_to_connect, requestedhost) != 0) + if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 && + strcmp(allowed_open->host_to_connect, requestedhost) != 0) return 0; return 1; } -- cgit v1.2.3