From 50a41ed079629fdcd9a1d2a781b73170422fc73a Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 16 Oct 2000 12:14:42 +1100
Subject:  - (djm) Sync with OpenBSD:    - markus@cvs.openbsd.org  2000/10/14
 04:01:15      [cipher.c]      debug3    - markus@cvs.openbsd.org  2000/10/14
 04:07:23      [scp.c]      remove spaces from arguments; from djm@mindrot.org
    - markus@cvs.openbsd.org  2000/10/14 06:09:46      [ssh.1]      Cipher is
 for SSH-1 only    - markus@cvs.openbsd.org  2000/10/14 06:12:09     
 [servconf.c servconf.h serverloop.c session.c sshd.8]     
 AllowTcpForwarding; from naddy@    - markus@cvs.openbsd.org  2000/10/14
 06:16:56      [auth2.c compat.c compat.h sshconnect2.c version.h]     
 OpenSSH_2.3; note that is is not complete, but the version number      needs
 to be changed for interoperability reasons    - markus@cvs.openbsd.org 
 2000/10/14 06:19:45      [auth-rsa.c]      do not send RSA challenge if key
 is not allowed by key-options; from      eivind@ThinkSec.com    -
 markus@cvs.openbsd.org  2000/10/15 08:14:01      [rijndael.c session.c]     
 typos; from stevesk@sweden.hp.com    - markus@cvs.openbsd.org  2000/10/15
 08:18:31      [rijndael.c]      typo  - Copy manpages back over from OpenBSD
 - too tedious to wade through diffs

---
 session.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'session.c')

diff --git a/session.c b/session.c
index 9a213923c..4325ed3a4 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.38 2000/10/11 20:27:23 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -236,7 +236,7 @@ do_authenticated(struct passwd * pw)
 	 * by the client telling us, so we can equally well trust the client
 	 * not to request anything bogus.)
 	 */
-	if (!no_port_forwarding_flag)
+	if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
 		channel_permit_all_opens();
 
 	s = session_new();
@@ -388,6 +388,10 @@ do_authenticated(struct passwd * pw)
 				debug("Port forwarding not permitted for this authentication.");
 				break;
 			}
+			if (!options.allow_tcp_forwarding) {
+				debug("Port forwarding not permitted.");
+				break;
+			}
 			debug("Received TCP/IP port forwarding request.");
 			channel_input_port_forward_request(pw->pw_uid == 0, options.gateway_ports);
 			success = 1;
-- 
cgit v1.2.3