diff options
| author | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
| commit | 3a961dc0d36c1f87788b707130f6d07709822d38 (patch) | |
| tree | 57f3a729408e4cbe08fa7f9699de2e583e0b2ca0 /servconf.c | |
| parent | 35276253a60a3e57ec21b82b2e3c81e03c0206de (diff) | |
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/servconf.c b/servconf.c index a737f4b46..c501d7b64 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: servconf.c,v 1.121 2003/05/15 14:02:47 jakob Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.122 2003/06/02 09:17:34 markus Exp $"); |
| 14 | 14 | ||
| 15 | #if defined(KRB4) | 15 | #if defined(KRB4) |
| 16 | #include <krb.h> | 16 | #include <krb.h> |
| @@ -116,7 +116,7 @@ initialize_server_options(ServerOptions *options) | |||
| 116 | options->max_startups_rate = -1; | 116 | options->max_startups_rate = -1; |
| 117 | options->max_startups = -1; | 117 | options->max_startups = -1; |
| 118 | options->banner = NULL; | 118 | options->banner = NULL; |
| 119 | options->verify_reverse_mapping = -1; | 119 | options->use_dns = -1; |
| 120 | options->client_alive_interval = -1; | 120 | options->client_alive_interval = -1; |
| 121 | options->client_alive_count_max = -1; | 121 | options->client_alive_count_max = -1; |
| 122 | options->authorized_keys_file = NULL; | 122 | options->authorized_keys_file = NULL; |
| @@ -232,8 +232,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 232 | options->max_startups_rate = 100; /* 100% */ | 232 | options->max_startups_rate = 100; /* 100% */ |
| 233 | if (options->max_startups_begin == -1) | 233 | if (options->max_startups_begin == -1) |
| 234 | options->max_startups_begin = options->max_startups; | 234 | options->max_startups_begin = options->max_startups; |
| 235 | if (options->verify_reverse_mapping == -1) | 235 | if (options->use_dns == -1) |
| 236 | options->verify_reverse_mapping = 0; | 236 | options->use_dns = 1; |
| 237 | if (options->client_alive_interval == -1) | 237 | if (options->client_alive_interval == -1) |
| 238 | options->client_alive_interval = 0; | 238 | options->client_alive_interval = 0; |
| 239 | if (options->client_alive_count_max == -1) | 239 | if (options->client_alive_count_max == -1) |
| @@ -282,7 +282,7 @@ typedef enum { | |||
| 282 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 282 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| 283 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 283 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| 284 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, | 284 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
| 285 | sBanner, sVerifyReverseMapping, sHostbasedAuthentication, | 285 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 286 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 286 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 287 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 287 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| 288 | sUsePrivilegeSeparation, | 288 | sUsePrivilegeSeparation, |
| @@ -366,8 +366,9 @@ static struct { | |||
| 366 | { "subsystem", sSubsystem }, | 366 | { "subsystem", sSubsystem }, |
| 367 | { "maxstartups", sMaxStartups }, | 367 | { "maxstartups", sMaxStartups }, |
| 368 | { "banner", sBanner }, | 368 | { "banner", sBanner }, |
| 369 | { "verifyreversemapping", sVerifyReverseMapping }, | 369 | { "usedns", sUseDNS }, |
| 370 | { "reversemappingcheck", sVerifyReverseMapping }, | 370 | { "verifyreversemapping", sDeprecated }, |
| 371 | { "reversemappingcheck", sDeprecated }, | ||
| 371 | { "clientaliveinterval", sClientAliveInterval }, | 372 | { "clientaliveinterval", sClientAliveInterval }, |
| 372 | { "clientalivecountmax", sClientAliveCountMax }, | 373 | { "clientalivecountmax", sClientAliveCountMax }, |
| 373 | { "authorizedkeysfile", sAuthorizedKeysFile }, | 374 | { "authorizedkeysfile", sAuthorizedKeysFile }, |
| @@ -723,8 +724,8 @@ parse_flag: | |||
| 723 | intptr = &options->gateway_ports; | 724 | intptr = &options->gateway_ports; |
| 724 | goto parse_flag; | 725 | goto parse_flag; |
| 725 | 726 | ||
| 726 | case sVerifyReverseMapping: | 727 | case sUseDNS: |
| 727 | intptr = &options->verify_reverse_mapping; | 728 | intptr = &options->use_dns; |
| 728 | goto parse_flag; | 729 | goto parse_flag; |
| 729 | 730 | ||
| 730 | case sLogFacility: | 731 | case sLogFacility: |