summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
Diffstat (limited to 'session.c')
-rw-r--r--session.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/session.c b/session.c
index 65bf28776..643e7fc59 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */ 1/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -273,7 +273,10 @@ do_authenticated(Authctxt *authctxt)
273 setproctitle("%s", authctxt->pw->pw_name); 273 setproctitle("%s", authctxt->pw->pw_name);
274 274
275 /* setup the channel layer */ 275 /* setup the channel layer */
276 if (!no_port_forwarding_flag && options.allow_tcp_forwarding) 276 if (no_port_forwarding_flag ||
277 (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
278 channel_disable_adm_local_opens();
279 else
277 channel_permit_all_opens(); 280 channel_permit_all_opens();
278 281
279 auth_debug_send(); 282 auth_debug_send();
@@ -383,7 +386,7 @@ do_authenticated1(Authctxt *authctxt)
383 debug("Port forwarding not permitted for this authentication."); 386 debug("Port forwarding not permitted for this authentication.");
384 break; 387 break;
385 } 388 }
386 if (!options.allow_tcp_forwarding) { 389 if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) {
387 debug("Port forwarding not permitted."); 390 debug("Port forwarding not permitted.");
388 break; 391 break;
389 } 392 }