- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
diff --git a/auth-sia.c b/auth-sia.c
index 05cf47c..cae5f09 100644
--- a/auth-sia.c
+++ b/auth-sia.c
@@ -52,7 +52,7 @@
SIAENTITY *ent = NULL;
const char *host;
- host = get_canonical_hostname(options.verify_reverse_mapping);
+ host = get_canonical_hostname(options.use_dns);
if (!authctxt->user || pass == NULL || pass[0] == '\0')
return (0);
@@ -81,7 +81,7 @@
SIAENTITY *ent = NULL;
const char *host;
- host = get_canonical_hostname(options.verify_reverse_mapping);
+ host = get_canonical_hostname(options.use_dns);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
tty, 0, NULL) != SIASUCCESS)