- markus@cvs.openbsd.org 2002/02/11 16:17:55

     [sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled

2 files changed, 8 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index ec00e5cdc..3ea7d551f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
    - markus@cvs.openbsd.org 2002/02/11 16:15:46
      [sshconnect1.c]
      include md5.h, not evp.h
+   - markus@cvs.openbsd.org 2002/02/11 16:17:55
+     [sshd.c]
+     do not complain about port > 1024 if rhosts-auth is disabled
 
 20020210
  - (djm) OpenBSD CVS Sync
@@ -7554,4 +7557,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1840 2002/02/13 02:54:27 djm Exp $
+$Id: ChangeLog,v 1.1841 2002/02/13 02:54:44 djm Exp $
diff --git a/sshd.c b/sshd.c
index fc07f9264..54eb5eb34 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.224 2002/02/04 12:15:25 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.225 2002/02/11 16:17:55 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1207,8 +1207,9 @@ main(int ac, char **av)
          * machine, he can connect from any port.  So do not use these
          * authentication methods from machines that you do not trust.
          */
-        if (remote_port >= IPPORT_RESERVED ||
-            remote_port < IPPORT_RESERVED / 2) {
+        if (options.rhosts_authentication &&
+            (remote_port >= IPPORT_RESERVED ||
+            remote_port < IPPORT_RESERVED / 2)) {
                 debug("Rhosts Authentication disabled, "
                     "originating port %d not trusted.", remote_port);
                 options.rhosts_authentication = 0;