From 3ce102f751145360dcefc7e8c697372496f4fece Mon Sep 17 00:00:00 2001
From: Markus Friedl <markus@cvs.openbsd.org>
Date: Thu, 30 Nov 2000 22:53:36 +0000
Subject: disable agent/x11/port fwding if hostkey has changed; ok niels@

---
 usr.bin/ssh/sshconnect.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'usr.bin/ssh/sshconnect.c')

diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index dfc55331abf..64cfec5c30d 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.82 2000/11/29 13:51:27 provos Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -637,6 +637,14 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			error("Agent forwarding is disabled to avoid trojan horses.");
 			options.forward_agent = 0;
 		}
+		if (options.forward_x11) {
+			error("X11 forwarding is disabled to avoid trojan horses.");
+			options.forward_x11 = 0;
+		}
+	        if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
+			error("Port forwarding is disabled to avoid trojan horses.");
+			options.num_local_forwards = options.num_remote_forwards = 0;
+		}
 		/*
 		 * XXX Should permit the user to change to use the new id.
 		 * This could be done by converting the host key to an
-- 
cgit v1.2.3