Bugzilla – Attachment 2845 Details for
Bug 2582
[PATCH] Allow PermitOpen to use a wildcard hostname with a fixed port
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fixed copy-paste error, better wording of documentation
permitopen.patch (text/plain), 1.56 KB, created by
Jakub Jelen
on 2016-06-30 00:33:01 AEST
(
hide
)
Description:
Fixed copy-paste error, better wording of documentation
Filename:
MIME Type:
Creator:
Jakub Jelen
Created:
2016-06-30 00:33:01 AEST
Size:
1.56 KB
patch
obsolete
>commit ffc100b81d26373216aa2c644aaf0cb54765ddb9 >Author: Jakub Jelen <jjelen@redhat.com> >Date: Wed Jun 29 16:29:48 2016 +0200 > > PermitOpen all hosts wildcard > >diff --git a/channels.c b/channels.c >index 454954a..b96737b 100644 >--- a/channels.c >+++ b/channels.c >@@ -138,6 +138,9 @@ static int num_adm_permitted_opens = 0; > /* special-case port number meaning allow any port */ > #define FWD_PERMIT_ANY_PORT 0 > >+/* special-case wildcard meaning allow any host */ >+#define FWD_PERMIT_ANY_HOST "*" >+ > /* > * If this is true, all opens are permitted. This is the case on the server > * on which we have to trust the client anyway, and the user could do >@@ -3298,7 +3301,8 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost, > if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT && > allowed_open->port_to_connect != requestedport) > return 0; >- if (strcmp(allowed_open->host_to_connect, requestedhost) != 0) >+ if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 && >+ strcmp(allowed_open->host_to_connect, requestedhost) != 0) > return 0; > return 1; > } >diff --git a/sshd_config.5 b/sshd_config.5 >index 6a5a8a7..2f7b692 100644 >--- a/sshd_config.5 >+++ b/sshd_config.5 >@@ -1216,6 +1216,9 @@ can be used to remove all restrictions and permit any forwarding requests. > An argument of > .Dq none > can be used to prohibit all forwarding requests. >+Wildcard >+.Dq * >+can be used for host or port to allow all hosts or port respectively. > By default all port forwarding requests are permitted. > .It Cm PermitRootLogin > Specifies whether root can log in using
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2845">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2582
:
2826
|
2834
| 2845