From 3ee5f5a21bfd200bb157c84b2acfda85c4fc7a2d Mon Sep 17 00:00:00 2001
From: Shawn Carey <shawn.carey@netfoundry.io>
Date: Wed, 25 Sep 2024 14:21:32 -0400
Subject: [PATCH] support using "*" in host.v1/host.v2 `allowedAddresses` to
 indicate acceptance of any hostname

---
 tunnel/entities/service.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tunnel/entities/service.go b/tunnel/entities/service.go
index 333712641..9fc62ae0f 100644
--- a/tunnel/entities/service.go
+++ b/tunnel/entities/service.go
@@ -153,12 +153,12 @@ type domainAddress struct {
 func (self *domainAddress) Allows(addr interface{}) bool {
 	host, ok := addr.(string)
 	host = strings.ToLower(host)
-	return ok && (strings.HasSuffix(host, self.domain[1:]) || host == self.domain[2:])
+	return ok && (self.domain == "*" || (strings.HasSuffix(host, self.domain[1:]) || host == self.domain[2:]))
 }
 
 func makeAllowedAddress(addr string) (allowedAddress, error) {
 	if addr[0] == '*' {
-		if len(addr) < 3 || addr[1] != '.' {
+		if len(addr) != 1 && (len(addr) < 3 || addr[1] != '.') {
 			return nil, errors.Errorf("invalid domain[%s]", addr)
 		}
 		return &domainAddress{domain: strings.ToLower(addr)}, nil