search for: auth_get_canonical_hostname

...s, and it included a config option to turn it on/off (with the default being off). it largely applied cleanly up through 7.2 until the get_canonical_hostname refactor. since that func only lives in auth.c now, how do you want it to work ? basically have to revert the get_canonical_hostname -> auth_get_canonical_hostname change to make it work. -- You are receiving this mail because: You are the assignee for the bug. You are watching someone on the CC list of the bug.

...ef HAVE_AUTH_HOSTOK + const char *from_host, *from_ip; +#endif #ifdef BSD_AUTH auth_session_t *as; #endif @@ -510,6 +513,21 @@ getpwnamallow(struct ssh *ssh, const char *user) debug("unable to get login class: %s", user); return (NULL); } +#ifdef HAVE_AUTH_HOSTOK + from_host = auth_get_canonical_hostname(ssh, options.use_dns); + from_ip = ssh_remote_ipaddr(ssh); + if (!auth_hostok(lc, from_host, from_ip)) { + debug("Denied connection for %.200s from %.200s [%.200s].", + pw->pw_name, from_host, from_ip); + return (NULL); + } +#endif /* HAVE_AUTH_HOSTOK */ +#ifdef HAVE_AUTH_TIMEOK...