From c0ce2a6a97af66881675916c504af9caed2f9c2e Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 8 Sep 2008 15:14:02 +0000
Subject: * Patch from Frédéric Moulins adding options to authorized_keys.  
 Needs review.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

--HG--
branch : pubkey-options
extra : convert_revision : 26872f944d79ddacff1070aab32115a6d726392c
---
 svr-tcpfwd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'svr-tcpfwd.c')

diff --git a/svr-tcpfwd.c b/svr-tcpfwd.c
index d4dca6b..a55361b 100644
--- a/svr-tcpfwd.c
+++ b/svr-tcpfwd.c
@@ -32,6 +32,7 @@
 #include "packet.h"
 #include "listener.h"
 #include "runopts.h"
+#include "auth.h"
 
 #ifdef ENABLE_SVR_REMOTETCPFWD
 
@@ -72,7 +73,7 @@ void recv_msg_global_request_remotetcp() {
 
 	TRACE(("enter recv_msg_global_request_remotetcp"))
 
-	if (svr_opts.noremotetcp) {
+	if (svr_opts.noremotetcp || !svr_pubkey_allows_tcpfwd()) {
 		TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled"))
 		goto out;
 	}
@@ -236,7 +237,7 @@ static int newtcpdirect(struct Channel * channel) {
 	int len;
 	int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
 
-	if (svr_opts.nolocaltcp) {
+	if (svr_opts.nolocaltcp || !svr_pubkey_allows_tcpfwd()) {
 		TRACE(("leave newtcpdirect: local tcp forwarding disabled"))
 		goto out;
 	}
-- 
cgit v1.2.3