Attachment 2834 Details for Bug 2582 – Wildcard with documentation and clean up

[patch] Wildcard with documentation and clean up

ssh_wildcard.patch (text/plain), 1.41 KB, created by Jakub Jelen on 2016-06-16 23:09:52 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Jakub Jelen

Created: 2016-06-16 23:09:52 AEST

Size: 1.41 KB

patch

obsolete

>diff --git a/channels.c b/channels.c
>index d39123f..1982f3e 100644
>--- a/channels.c
>+++ b/channels.c
>@@ -138,6 +138,9 @@ static int num_adm_permitted_opens = 0;
> /* special-case port number meaning allow any port */
> #define FWD_PERMIT_ANY_PORT	0
> 
>+/* special-case port number meaning allow any host */
>+#define FWD_PERMIT_ANY_HOST	"*"
>+
> /*
>  * If this is true, all opens are permitted.  This is the case on the server
>  * on which we have to trust the client anyway, and the user could do
>@@ -3298,7 +3301,8 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost,
> 	if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT &&
> 	    allowed_open->port_to_connect != requestedport)
> 		return 0;
>-	if (strcmp(allowed_open->host_to_connect, requestedhost) != 0)
>+	if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 &&
>+	    strcmp(allowed_open->host_to_connect, requestedhost) != 0)
> 		return 0;
> 	return 1;
> }
>diff --git a/sshd_config.5 b/sshd_config.5
>index 479fa38..faf7b83 100644
>--- a/sshd_config.5
>+++ b/sshd_config.5
>@@ -1210,6 +1210,9 @@ can be used to remove all restrictions and permit any forwarding requests.
> An argument of
> .Dq none
> can be used to prohibit all forwarding requests.
>+Wildcard
>+.Dq *
>+can be used for host, address or port to set up fine-grained access control.
> By default all port forwarding requests are permitted.
> .It Cm PermitRootLogin
> Specifies whether root can log in using

Actions: View | Diff

Attachments on bug 2582: 2826 | 2834 | 2845