- markus@cvs.openbsd.org 2002/02/11 16:17:55

     [sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled

diff --git a/ChangeLog b/ChangeLog
index 34b7dc575346c2e643d7c6f32d3d14b242fdd7fd..eae9a9cbef82e68eb83adef29e052a49ceecd380 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
    - markus@cvs.openbsd.org 2002/02/11 16:15:46
      [sshconnect1.c]
      include md5.h, not evp.h
+   - markus@cvs.openbsd.org 2002/02/11 16:17:55
+     [sshd.c]
+     do not complain about port > 1024 if rhosts-auth is disabled
 
 20020210
  - (djm) OpenBSD CVS Sync

diff --git a/sshd.c b/sshd.c
index fc07f9264412010446058dc88c90973216c55321..54eb5eb345fbba3b6d4699b7d5c8c6176be081d7 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.224 2002/02/04 12:15:25 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.225 2002/02/11 16:17:55 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1207,8 +1207,9 @@ main(int ac, char **av)
         * machine, he can connect from any port.  So do not use these
         * authentication methods from machines that you do not trust.
         */
-       if (remote_port >= IPPORT_RESERVED ||
-           remote_port < IPPORT_RESERVED / 2) {
+       if (options.rhosts_authentication &&
+           (remote_port >= IPPORT_RESERVED ||
+           remote_port < IPPORT_RESERVED / 2)) {
                debug("Rhosts Authentication disabled, "
                    "originating port %d not trusted.", remote_port);
                options.rhosts_authentication = 0;