- (djm) OpenBSD CVS Sync

   - markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too

1 files changed, 9 insertions, 7 deletions

diff --git a/auth-passwd.c b/auth-passwd.c
index b893165b..9a94c373 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -144,22 +144,24 @@ auth_password(Authctxt *authctxt, const char *password)
 		HANDLE hToken = cygwin_logon_user(pw, password);
 
 		if (hToken == INVALID_HANDLE_VALUE)
-			return 0;
+			return (0);
 		cygwin_set_impersonation_token(hToken);
-		return 1;
+		return (1);
 	}
 # endif
 # ifdef WITH_AIXAUTHENTICATE
 	authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
 
-	if (authsuccess)
+	if (authsuccess) {
 	        /* We don't have a pty yet, so just label the line as "ssh" */
 	        if (loginsuccess(authctxt->user,
-			get_canonical_hostname(options.verify_reverse_mapping),
-			"ssh", &aixloginmsg) < 0)
-				aixloginmsg = NULL;
+		    get_canonical_hostname(options.use_dns),
+		    "ssh", &aixloginmsg) < 0) {
+			aixloginmsg = NULL;
+		}
+	}
 
-	return(authsuccess);
+	return (authsuccess);
 # endif
 # ifdef KRB4
 	if (options.kerberos_authentication == 1) {