[openssh-commits] [openssh] 02/06: upstream commit

Fri Jul 22 13:36:45 AEST 2016

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Jul 19 11:38:53 2016 +0000

    upstream commit
    
    Allow wildcard for PermitOpen hosts as well as ports.
    bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com.  ok
    markus@
    
    Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
---
 channels.c    | 8 ++++++--
 sshd_config.5 | 7 +++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/channels.c b/channels.c
index 7ee1f98..9f9e972 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.350 2016/03/07 19:02:43 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.351 2016/07/19 11:38:53 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -138,6 +138,9 @@ static int num_adm_permitted_opens = 0;
 /* special-case port number meaning allow any port */
 #define FWD_PERMIT_ANY_PORT	0
 
+/* special-case wildcard meaning allow any host */
+#define FWD_PERMIT_ANY_HOST	"*"
+
 /*
  * If this is true, all opens are permitted.  This is the case on the server
  * on which we have to trust the client anyway, and the user could do
@@ -3298,7 +3301,8 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost,
 	if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT &&
 	    allowed_open->port_to_connect != requestedport)
 		return 0;
-	if (strcmp(allowed_open->host_to_connect, requestedhost) != 0)
+	if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 &&
+	    strcmp(allowed_open->host_to_connect, requestedhost) != 0)
 		return 0;
 	return 1;
 }
diff --git a/sshd_config.5 b/sshd_config.5
index babe2ae..877eb92 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.225 2016/06/17 06:33:30 jmc Exp $
-.Dd $Mdocdate: June 17 2016 $
+.\" $OpenBSD: sshd_config.5,v 1.226 2016/07/19 11:38:53 dtucker Exp $
+.Dd $Mdocdate: July 19 2016 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1215,6 +1215,9 @@ can be used to remove all restrictions and permit any forwarding requests.
 An argument of
 .Dq none
 can be used to prohibit all forwarding requests.
+Wildcard
+.Dq *
+can be used for host or port to allow all hosts or port respectively.
 By default all port forwarding requests are permitted.
 .It Cm PermitRootLogin
 Specifies whether root can log in using

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
