- (djm) Sync with OpenBSD:

[openssh.git] / session.c

diff --git a/session.c b/session.c
index 9a213923c22e95335e28cf777607b6cca580ccff..4325ed3a4764af43b17c51e0c17d1ab29eca6842 100644 (file)
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.38 2000/10/11 20:27:23 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -236,7 +236,7 @@ do_authenticated(struct passwd * pw)
         * by the client telling us, so we can equally well trust the client
         * not to request anything bogus.)
         */
-       if (!no_port_forwarding_flag)
+       if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
                channel_permit_all_opens();
 
        s = session_new();
@@ -388,6 +388,10 @@ do_authenticated(struct passwd * pw)
                                debug("Port forwarding not permitted for this authentication.");
                                break;
                        }
+                       if (!options.allow_tcp_forwarding) {
+                               debug("Port forwarding not permitted.");
+                               break;
+                       }
                        debug("Received TCP/IP port forwarding request.");
                        channel_input_port_forward_request(pw->pw_uid == 0, options.gateway_ports);
                        success = 1;