- (djm) OpenBSD CVS Sync

   - markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too

1 files changed, 2 insertions, 2 deletions

diff --git a/auth-sia.c b/auth-sia.c
index 05cf47c4..cae5f091 100644
--- a/auth-sia.c
+++ b/auth-sia.c
@@ -52,7 +52,7 @@ auth_sia_password(Authctxt *authctxt, char *pass)
 	SIAENTITY *ent = NULL;
 	const char *host;
 
-	host = get_canonical_hostname(options.verify_reverse_mapping);
+	host = get_canonical_hostname(options.use_dns);
 
 	if (!authctxt->user || pass == NULL || pass[0] == '\0')
 		return (0);
@@ -81,7 +81,7 @@ session_setup_sia(struct passwd *pw, char *tty)
 	SIAENTITY *ent = NULL;
 	const char *host;
 
-	host = get_canonical_hostname(options.verify_reverse_mapping);
+	host = get_canonical_hostname(options.use_dns);
 
 	if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, 
 	    tty, 0, NULL) != SIASUCCESS)