[BACK]Return to session.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/session.c between version 1.295 and 1.296

version 1.295, 2018/06/01 03:33:53 version 1.296, 2018/06/06 18:22:41
Line 280 
Line 280 
   
         if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)          if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
                 return;                  return;
         channel_clear_permitted_opens(ssh);          channel_clear_permission(ssh, FORWARD_USER, FORWARD_LOCAL);
         for (i = 0; i < auth_opts->npermitopen; i++) {          for (i = 0; i < auth_opts->npermitopen; i++) {
                 tmp = cp = xstrdup(auth_opts->permitopen[i]);                  tmp = cp = xstrdup(auth_opts->permitopen[i]);
                 /* This shouldn't fail as it has already been checked */                  /* This shouldn't fail as it has already been checked */
Line 290 
Line 290 
                 if (cp == NULL || (port = permitopen_port(cp)) < 0)                  if (cp == NULL || (port = permitopen_port(cp)) < 0)
                         fatal("%s: internal error: permitopen port",                          fatal("%s: internal error: permitopen port",
                             __func__);                              __func__);
                 channel_add_permitted_opens(ssh, host, port);                  channel_add_permission(ssh, FORWARD_USER, FORWARD_LOCAL,
                       host, port);
                 free(tmp);                  free(tmp);
         }          }
 }  }
Line 305 
Line 306 
         /* setup the channel layer */          /* setup the channel layer */
         /* XXX - streamlocal? */          /* XXX - streamlocal? */
         set_permitopen_from_authopts(ssh, auth_opts);          set_permitopen_from_authopts(ssh, auth_opts);
         if (!auth_opts->permit_port_forwarding_flag ||  
             options.disable_forwarding ||  
             (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)  
                 channel_disable_adm_local_opens(ssh);  
         else  
                 channel_permit_all_opens(ssh);  
   
           if (!auth_opts->permit_port_forwarding_flag ||
               options.disable_forwarding) {
                   channel_disable_admin(ssh, FORWARD_LOCAL);
                   channel_disable_admin(ssh, FORWARD_REMOTE);
           } else {
                   if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
                           channel_disable_admin(ssh, FORWARD_LOCAL);
                   else
                           channel_permit_all(ssh, FORWARD_LOCAL);
                   if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0)
                           channel_disable_admin(ssh, FORWARD_REMOTE);
                   else
                           channel_permit_all(ssh, FORWARD_REMOTE);
           }
         auth_debug_send();          auth_debug_send();
   
         prepare_auth_info_file(authctxt->pw, authctxt->session_info);          prepare_auth_info_file(authctxt->pw, authctxt->session_info);
Legend:
Removed from v.1.295  
changed lines
  Added in v.1.296