From 7bb8b49596156b85df403d09c2195e2533ec372c Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 17 Mar 2001 00:47:54 +0000 Subject: - markus@cvs.openbsd.org 2001/03/16 19:06:30 [auth-options.c channels.c channels.h serverloop.c session.c] implement "permitopen" key option, restricts -L style forwarding to to specified host:port pairs. based on work by harlan@genua.de --- session.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index 5e6926b56..9c4828ac7 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.60 2001/03/15 22:07:08 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.61 2001/03/16 19:06:30 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -228,13 +228,6 @@ do_authenticated(struct passwd * pw) startup_pipe = -1; } - /* - * Inform the channel mechanism that we are the server side and that - * the client may request to connect to any port at all. (The user - * could do it anyway, and we wouldn\'t know what is permitted except - * by the client telling us, so we can equally well trust the client - * not to request anything bogus.) - */ if (!no_port_forwarding_flag && options.allow_tcp_forwarding) channel_permit_all_opens(); @@ -2037,6 +2030,8 @@ do_authenticated2(Authctxt *authctxt) close(startup_pipe); startup_pipe = -1; } + if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + channel_permit_all_opens(); #if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD) if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) { error("unable to get login class"); -- cgit v1.2.3