diff options
| author | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
| commit | 3a961dc0d36c1f87788b707130f6d07709822d38 (patch) | |
| tree | 57f3a729408e4cbe08fa7f9699de2e583e0b2ca0 /session.c | |
| parent | 35276253a60a3e57ec21b82b2e3c81e03c0206de (diff) | |
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 8 |
1 files changed, 4 insertions, 4 deletions
| @@ -33,7 +33,7 @@ | |||
| 33 | */ | 33 | */ |
| 34 | 34 | ||
| 35 | #include "includes.h" | 35 | #include "includes.h" |
| 36 | RCSID("$OpenBSD: session.c,v 1.157 2003/05/14 22:24:42 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.158 2003/06/02 09:17:34 markus Exp $"); |
| 37 | 37 | ||
| 38 | #include "ssh.h" | 38 | #include "ssh.h" |
| 39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
| @@ -694,7 +694,7 @@ do_pre_login(Session *s) | |||
| 694 | } | 694 | } |
| 695 | 695 | ||
| 696 | record_utmp_only(pid, s->tty, s->pw->pw_name, | 696 | record_utmp_only(pid, s->tty, s->pw->pw_name, |
| 697 | get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), | 697 | get_remote_name_or_ip(utmp_len, options.use_dns), |
| 698 | (struct sockaddr *)&from, fromlen); | 698 | (struct sockaddr *)&from, fromlen); |
| 699 | } | 699 | } |
| 700 | #endif | 700 | #endif |
| @@ -749,7 +749,7 @@ do_login(Session *s, const char *command) | |||
| 749 | if (!use_privsep) | 749 | if (!use_privsep) |
| 750 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, | 750 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, |
| 751 | get_remote_name_or_ip(utmp_len, | 751 | get_remote_name_or_ip(utmp_len, |
| 752 | options.verify_reverse_mapping), | 752 | options.use_dns), |
| 753 | (struct sockaddr *)&from, fromlen); | 753 | (struct sockaddr *)&from, fromlen); |
| 754 | 754 | ||
| 755 | #ifdef USE_PAM | 755 | #ifdef USE_PAM |
| @@ -1353,7 +1353,7 @@ do_child(Session *s, const char *command) | |||
| 1353 | /* we have to stash the hostname before we close our socket. */ | 1353 | /* we have to stash the hostname before we close our socket. */ |
| 1354 | if (options.use_login) | 1354 | if (options.use_login) |
| 1355 | hostname = get_remote_name_or_ip(utmp_len, | 1355 | hostname = get_remote_name_or_ip(utmp_len, |
| 1356 | options.verify_reverse_mapping); | 1356 | options.use_dns); |
| 1357 | /* | 1357 | /* |
| 1358 | * Close the connection descriptors; note that this is the child, and | 1358 | * Close the connection descriptors; note that this is the child, and |
| 1359 | * the server will still have the socket open, and it is important | 1359 | * the server will still have the socket open, and it is important |