- (djm) OpenBSD CVS Sync

   - markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too

1 files changed, 9 insertions, 7 deletions

diff --git a/auth-passwd.c b/auth-passwd.c
index b893165bf..9a94c373f 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -144,22 +144,24 @@ auth_password(Authctxt *authctxt, const char *password)
                 HANDLE hToken = cygwin_logon_user(pw, password);
 
                 if (hToken == INVALID_HANDLE_VALUE)
-                        return 0;
+                        return (0);
                 cygwin_set_impersonation_token(hToken);
-                return 1;
+                return (1);
         }
 # endif
 # ifdef WITH_AIXAUTHENTICATE
         authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
 
-        if (authsuccess)
+        if (authsuccess) {
                 /* We don't have a pty yet, so just label the line as "ssh" */
                 if (loginsuccess(authctxt->user,
-                        get_canonical_hostname(options.verify_reverse_mapping),
-                        "ssh", &aixloginmsg) < 0)
-                                aixloginmsg = NULL;
+                    get_canonical_hostname(options.use_dns),
+                    "ssh", &aixloginmsg) < 0) {
+                        aixloginmsg = NULL;
+                }
+        }
 
-        return(authsuccess);
+        return (authsuccess);
 # endif
 # ifdef KRB4
         if (options.kerberos_authentication == 1) {