-/* $OpenBSD: channels.c,v 1.350 2016/03/07 19:02:43 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.351 2016/07/19 11:38:53 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
/* special-case port number meaning allow any port */
#define FWD_PERMIT_ANY_PORT 0
+/* special-case wildcard meaning allow any host */
+#define FWD_PERMIT_ANY_HOST "*"
+
/*
* If this is true, all opens are permitted. This is the case on the server
* on which we have to trust the client anyway, and the user could do
if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT &&
allowed_open->port_to_connect != requestedport)
return 0;
- if (strcmp(allowed_open->host_to_connect, requestedhost) != 0)
+ if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 &&
+ strcmp(allowed_open->host_to_connect, requestedhost) != 0)
return 0;
return 1;
}
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.225 2016/06/17 06:33:30 jmc Exp $
-.Dd $Mdocdate: June 17 2016 $
+.\" $OpenBSD: sshd_config.5,v 1.226 2016/07/19 11:38:53 dtucker Exp $
+.Dd $Mdocdate: July 19 2016 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
An argument of
.Dq none
can be used to prohibit all forwarding requests.
+Wildcard
+.Dq *
+can be used for host or port to allow all hosts or port respectively.
By default all port forwarding requests are permitted.
.It Cm PermitRootLogin
Specifies whether root can log in using
projects / openbsd / commitdiff