Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 3a961dc0d36c1f87788b707130f6d07709822d38^! / . / servconf.c
commit3a961dc0d36c1f87788b707130f6d07709822d38[log] [tgz]
authorDamien Miller <djm@mindrot.org>Tue Jun 03 10:25:48 2003 +1000
committerDamien Miller <djm@mindrot.org>Tue Jun 03 10:25:48 2003 +1000
tree57f3a729408e4cbe08fa7f9699de2e583e0b2ca0
parent35276253a60a3e57ec21b82b2e3c81e03c0206de [diff] [blame]
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too

diff --git a/servconf.c b/servconf.c
index a737f4b..c501d7b 100644
--- a/servconf.c
+++ b/servconf.c

@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.121 2003/05/15 14:02:47 jakob Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.122 2003/06/02 09:17:34 markus Exp $");
 
 #if defined(KRB4)
 #include <krb.h>
@@ -116,7 +116,7 @@
 	options->max_startups_rate = -1;
 	options->max_startups = -1;
 	options->banner = NULL;
-	options->verify_reverse_mapping = -1;
+	options->use_dns = -1;
 	options->client_alive_interval = -1;
 	options->client_alive_count_max = -1;
 	options->authorized_keys_file = NULL;
@@ -232,8 +232,8 @@
 		options->max_startups_rate = 100;		/* 100% */
 	if (options->max_startups_begin == -1)
 		options->max_startups_begin = options->max_startups;
-	if (options->verify_reverse_mapping == -1)
-		options->verify_reverse_mapping = 0;
+	if (options->use_dns == -1)
+		options->use_dns = 1;
 	if (options->client_alive_interval == -1)
 		options->client_alive_interval = 0;
 	if (options->client_alive_count_max == -1)
@@ -282,7 +282,7 @@
 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
-	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
+	sBanner, sUseDNS, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 	sUsePrivilegeSeparation,
@@ -366,8 +366,9 @@
 	{ "subsystem", sSubsystem },
 	{ "maxstartups", sMaxStartups },
 	{ "banner", sBanner },
-	{ "verifyreversemapping", sVerifyReverseMapping },
-	{ "reversemappingcheck", sVerifyReverseMapping },
+	{ "usedns", sUseDNS },
+	{ "verifyreversemapping", sDeprecated },
+	{ "reversemappingcheck", sDeprecated },
 	{ "clientaliveinterval", sClientAliveInterval },
 	{ "clientalivecountmax", sClientAliveCountMax },
 	{ "authorizedkeysfile", sAuthorizedKeysFile },
@@ -723,8 +724,8 @@
 		intptr = &options->gateway_ports;
 		goto parse_flag;
 
-	case sVerifyReverseMapping:
-		intptr = &options->verify_reverse_mapping;
+	case sUseDNS:
+		intptr = &options->use_dns;
 		goto parse_flag;
 
 	case sLogFacility: