diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-12 11:33:04 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-12 11:33:04 +1100 |
commit | 322650927bec37d850a3ab72f82bda1cd49b09e4 (patch) | |
tree | cb0bd087fb2f709f4d070221479249d8102e14bf /auth-rh-rsa.c | |
parent | 776af5de4f7f2aa938cdd17bf85a9c891ce7dbd9 (diff) |
- Merged changes from OpenBSD CVS
- [sshd.c] session_key_int may be zero
- [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
deraadt,millert
- Brought default sshd_config more in line with OpenBSDs
Diffstat (limited to 'auth-rh-rsa.c')
-rw-r--r-- | auth-rh-rsa.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index ee6af218c..b6f1d6c73 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -15,22 +15,22 @@ authentication. | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $"); | 18 | RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $"); |
19 | 19 | ||
20 | #include "packet.h" | 20 | #include "packet.h" |
21 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | #include "xmalloc.h" | 22 | #include "xmalloc.h" |
23 | #include "uidswap.h" | 23 | #include "uidswap.h" |
24 | #include "servconf.h" | ||
24 | 25 | ||
25 | /* Tries to authenticate the user using the .rhosts file and the host using | 26 | /* Tries to authenticate the user using the .rhosts file and the host using |
26 | its host key. Returns true if authentication succeeds. | 27 | its host key. Returns true if authentication succeeds. */ |
27 | .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */ | ||
28 | 28 | ||
29 | int auth_rhosts_rsa(struct passwd *pw, const char *client_user, | 29 | int auth_rhosts_rsa(struct passwd *pw, const char *client_user, |
30 | unsigned int client_host_key_bits, | 30 | unsigned int client_host_key_bits, |
31 | BIGNUM *client_host_key_e, BIGNUM *client_host_key_n, | 31 | BIGNUM *client_host_key_e, BIGNUM *client_host_key_n) |
32 | int ignore_rhosts, int strict_modes) | ||
33 | { | 32 | { |
33 | extern ServerOptions options; | ||
34 | const char *canonical_hostname; | 34 | const char *canonical_hostname; |
35 | HostStatus host_status; | 35 | HostStatus host_status; |
36 | BIGNUM *ke, *kn; | 36 | BIGNUM *ke, *kn; |
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, | |||
38 | debug("Trying rhosts with RSA host authentication for %.100s", client_user); | 38 | debug("Trying rhosts with RSA host authentication for %.100s", client_user); |
39 | 39 | ||
40 | /* Check if we would accept it using rhosts authentication. */ | 40 | /* Check if we would accept it using rhosts authentication. */ |
41 | if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes)) | 41 | if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes)) |
42 | return 0; | 42 | return 0; |
43 | 43 | ||
44 | canonical_hostname = get_canonical_hostname(); | 44 | canonical_hostname = get_canonical_hostname(); |
@@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, | |||
53 | host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, | 53 | host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, |
54 | client_host_key_bits, client_host_key_e, | 54 | client_host_key_bits, client_host_key_e, |
55 | client_host_key_n, ke, kn); | 55 | client_host_key_n, ke, kn); |
56 | /* Check user host file. */ | 56 | |
57 | if (host_status != HOST_OK) { | 57 | /* Check user host file unless ignored. */ |
58 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { | ||
58 | struct stat st; | 59 | struct stat st; |
59 | char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); | 60 | char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); |
60 | /* Check file permissions of SSH_USER_HOSTFILE, | 61 | /* Check file permissions of SSH_USER_HOSTFILE, |
61 | auth_rsa() did already check pw->pw_dir, but there is a race XXX */ | 62 | auth_rsa() did already check pw->pw_dir, but there is a race XXX */ |
62 | if (strict_modes && | 63 | if (options.strict_modes && |
63 | (stat(user_hostfile, &st) == 0) && | 64 | (stat(user_hostfile, &st) == 0) && |
64 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | 65 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
65 | (st.st_mode & 022) != 0)) { | 66 | (st.st_mode & 022) != 0)) { |