From 654c03fd064618e3577d098837108263f4e5457a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 13 Feb 2002 13:54:44 +1100 Subject: - markus@cvs.openbsd.org 2002/02/11 16:17:55 [sshd.c] do not complain about port > 1024 if rhosts-auth is disabled --- ChangeLog | 5 ++++- sshd.c | 7 ++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index ec00e5cdc..3ea7d551f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ - markus@cvs.openbsd.org 2002/02/11 16:15:46 [sshconnect1.c] include md5.h, not evp.h + - markus@cvs.openbsd.org 2002/02/11 16:17:55 + [sshd.c] + do not complain about port > 1024 if rhosts-auth is disabled 20020210 - (djm) OpenBSD CVS Sync @@ -7554,4 +7557,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1840 2002/02/13 02:54:27 djm Exp $ +$Id: ChangeLog,v 1.1841 2002/02/13 02:54:44 djm Exp $ diff --git a/sshd.c b/sshd.c index fc07f9264..54eb5eb34 100644 --- a/sshd.c +++ b/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.224 2002/02/04 12:15:25 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.225 2002/02/11 16:17:55 markus Exp $"); #include #include @@ -1207,8 +1207,9 @@ main(int ac, char **av) * machine, he can connect from any port. So do not use these * authentication methods from machines that you do not trust. */ - if (remote_port >= IPPORT_RESERVED || - remote_port < IPPORT_RESERVED / 2) { + if (options.rhosts_authentication && + (remote_port >= IPPORT_RESERVED || + remote_port < IPPORT_RESERVED / 2)) { debug("Rhosts Authentication disabled, " "originating port %d not trusted.", remote_port); options.rhosts_authentication = 0; -- cgit v1.2.3