diff svr-tcpfwd.c @ 475:52a644e7b8e1 pubkey-options

* Patch from Frédéric Moulins adding options to authorized_keys. Needs review.
author Matt Johnston <matt@ucc.asn.au>
date Mon, 08 Sep 2008 15:14:02 +0000
parents b895f91c2ee6
children 69e98c45db7c
line wrap: on
line diff
--- a/svr-tcpfwd.c	Sat Jul 12 17:00:30 2008 +0000
+++ b/svr-tcpfwd.c	Mon Sep 08 15:14:02 2008 +0000
@@ -32,6 +32,7 @@
 #include "packet.h"
 #include "listener.h"
 #include "runopts.h"
+#include "auth.h"
 
 #ifdef ENABLE_SVR_REMOTETCPFWD
 
@@ -72,7 +73,7 @@
 
 	TRACE(("enter recv_msg_global_request_remotetcp"))
 
-	if (svr_opts.noremotetcp) {
+	if (svr_opts.noremotetcp || !svr_pubkey_allows_tcpfwd()) {
 		TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled"))
 		goto out;
 	}
@@ -236,7 +237,7 @@
 	int len;
 	int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
 
-	if (svr_opts.nolocaltcp) {
+	if (svr_opts.nolocaltcp || !svr_pubkey_allows_tcpfwd()) {
 		TRACE(("leave newtcpdirect: local tcp forwarding disabled"))
 		goto out;
 	}