diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-17 00:47:54 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-17 00:47:54 +0000 |
commit | 7bb8b49596156b85df403d09c2195e2533ec372c (patch) | |
tree | e6bc23a1a38a24e4bc5438695300a37a913dcb17 /session.c | |
parent | cf00df63443b40190d3f88c5f0a7e102540d0cac (diff) |
- markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
implement "permitopen" key option, restricts -L style forwarding to
to specified host:port pairs. based on work by harlan@genua.de
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 11 |
1 files changed, 3 insertions, 8 deletions
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.60 2001/03/15 22:07:08 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.61 2001/03/16 19:06:30 markus Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -228,13 +228,6 @@ do_authenticated(struct passwd * pw) | |||
228 | startup_pipe = -1; | 228 | startup_pipe = -1; |
229 | } | 229 | } |
230 | 230 | ||
231 | /* | ||
232 | * Inform the channel mechanism that we are the server side and that | ||
233 | * the client may request to connect to any port at all. (The user | ||
234 | * could do it anyway, and we wouldn\'t know what is permitted except | ||
235 | * by the client telling us, so we can equally well trust the client | ||
236 | * not to request anything bogus.) | ||
237 | */ | ||
238 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) | 231 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) |
239 | channel_permit_all_opens(); | 232 | channel_permit_all_opens(); |
240 | 233 | ||
@@ -2037,6 +2030,8 @@ do_authenticated2(Authctxt *authctxt) | |||
2037 | close(startup_pipe); | 2030 | close(startup_pipe); |
2038 | startup_pipe = -1; | 2031 | startup_pipe = -1; |
2039 | } | 2032 | } |
2033 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) | ||
2034 | channel_permit_all_opens(); | ||
2040 | #if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD) | 2035 | #if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD) |
2041 | if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) { | 2036 | if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) { |
2042 | error("unable to get login class"); | 2037 | error("unable to get login class"); |