* New upstream release (http://www.openssh.com/txt/release-6.1).

  - Enable pre-auth sandboxing by default for new installs.
  - Allow "PermitOpen none" to refuse all port-forwarding requests
    (closes: #543683).

1 files changed, 6 insertions, 4 deletions

diff --git a/auth.c b/auth.c
index 3e8fe57b2..2216dcddd 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.94 2011/05/23 03:33:38 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.96 2012/05/13 01:42:32 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -358,7 +358,8 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
 char *
 authorized_principals_file(struct passwd *pw)
 {
-        if (options.authorized_principals_file == NULL)
+        if (options.authorized_principals_file == NULL ||
+            strcasecmp(options.authorized_principals_file, "none") == 0)
                 return NULL;
         return expand_authorized_keys(options.authorized_principals_file, pw);
 }
@@ -542,9 +543,10 @@ getpwnamallow(const char *user)
 #endif
 #endif
         struct passwd *pw;
+        struct connection_info *ci = get_connection_info(1, options.use_dns);
 
-        parse_server_match_config(&options, user,
-            get_canonical_hostname(options.use_dns), get_remote_ipaddr());
+        ci->user = user;
+        parse_server_match_config(&options, ci);
 
 #if defined(_AIX) && defined(HAVE_SETAUTHDB)
         aix_setauthdb(user);