mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-26 20:02:13 +00:00
upstream commit
Allow wildcard for PermitOpen hosts as well as ports. bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok markus@ Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
This commit is contained in:
parent
b98a2a8348
commit
d7eabc86fa
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: channels.c,v 1.350 2016/03/07 19:02:43 djm Exp $ */
|
||||
/* $OpenBSD: channels.c,v 1.351 2016/07/19 11:38:53 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -138,6 +138,9 @@ static int num_adm_permitted_opens = 0;
|
||||
/* special-case port number meaning allow any port */
|
||||
#define FWD_PERMIT_ANY_PORT 0
|
||||
|
||||
/* special-case wildcard meaning allow any host */
|
||||
#define FWD_PERMIT_ANY_HOST "*"
|
||||
|
||||
/*
|
||||
* If this is true, all opens are permitted. This is the case on the server
|
||||
* on which we have to trust the client anyway, and the user could do
|
||||
@ -3298,7 +3301,8 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost,
|
||||
if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT &&
|
||||
allowed_open->port_to_connect != requestedport)
|
||||
return 0;
|
||||
if (strcmp(allowed_open->host_to_connect, requestedhost) != 0)
|
||||
if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 &&
|
||||
strcmp(allowed_open->host_to_connect, requestedhost) != 0)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
@ -33,8 +33,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.225 2016/06/17 06:33:30 jmc Exp $
|
||||
.Dd $Mdocdate: June 17 2016 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.226 2016/07/19 11:38:53 dtucker Exp $
|
||||
.Dd $Mdocdate: July 19 2016 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -1215,6 +1215,9 @@ can be used to remove all restrictions and permit any forwarding requests.
|
||||
An argument of
|
||||
.Dq none
|
||||
can be used to prohibit all forwarding requests.
|
||||
Wildcard
|
||||
.Dq *
|
||||
can be used for host or port to allow all hosts or port respectively.
|
||||
By default all port forwarding requests are permitted.
|
||||
.It Cm PermitRootLogin
|
||||
Specifies whether root can log in using
|
||||
|
Loading…
Reference in New Issue
Block a user