diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-11-30 03:00:05 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-11-30 19:44:01 +1100 |
| commit | 7844f357cdd90530eec81340847783f1f1da010b (patch) | |
| tree | a31f2189df130942f72eb0ea936fbbe9a70f0f65 /session.c | |
| parent | fd6dcef2030d23c43f986d26979f84619c10589d (diff) | |
upstream commit
Add a sshd_config DisableForwaring option that disables
X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future.
This, like the 'restrict' authorized_keys flag, is intended to be a
simple and future-proof way of restricting an account. Suggested as
a complement to 'restrict' by Jann Horn; ok markus@
Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 4 |
1 files changed, 2 insertions, 2 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.c,v 1.285 2016/08/23 16:21:45 otto Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.286 2016/11/30 03:00:05 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -257,7 +257,7 @@ do_authenticated(Authctxt *authctxt) | |||
| 257 | 257 | ||
| 258 | /* setup the channel layer */ | 258 | /* setup the channel layer */ |
| 259 | /* XXX - streamlocal? */ | 259 | /* XXX - streamlocal? */ |
| 260 | if (no_port_forwarding_flag || | 260 | if (no_port_forwarding_flag || options.disable_forwarding || |
| 261 | (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) | 261 | (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
| 262 | channel_disable_adm_local_opens(); | 262 | channel_disable_adm_local_opens(); |
| 263 | else | 263 | else |