- Merged changes from OpenBSD CVS

- [sshd.c] session_key_int may be zero - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert - Brought default sshd_config more in line with OpenBSDs
author: Damien Miller <djm@mindrot.org> 1999-11-12 11:33:04 +1100
committer: Damien Miller <djm@mindrot.org> 1999-11-12 11:33:04 +1100
commit: 322650927bec37d850a3ab72f82bda1cd49b09e4 (patch)
tree: cb0bd087fb2f709f4d070221479249d8102e14bf /auth-rh-rsa.c
parent: 776af5de4f7f2aa938cdd17bf85a9c891ce7dbd9 (diff)
1 files changed, 10 insertions, 9 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index ee6af218c..b6f1d6c73 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,22 +15,22 @@ authentication.
 */
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
 #include "xmalloc.h"
 #include "uidswap.h"
+#include "servconf.h"
 /* Tries to authenticate the user using the .rhosts file and the host using
-   its host key.  Returns true if authentication succeeds. 
+   its host key.  Returns true if authentication succeeds. */
-   .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
 int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
                    unsigned int client_host_key_bits,
-                    BIGNUM *client_host_key_e, BIGNUM *client_host_key_n,
+                    BIGNUM *client_host_key_e, BIGNUM *client_host_key_n)
-                    int ignore_rhosts, int strict_modes)
 {
+  extern ServerOptions options;
  const char *canonical_hostname;
  HostStatus host_status;
  BIGNUM *ke, *kn;
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
  debug("Trying rhosts with RSA host authentication for %.100s", client_user);
  /* Check if we would accept it using rhosts authentication. */
-  if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))
+  if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
    return 0;
  canonical_hostname = get_canonical_hostname();
@@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
  host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
                                       client_host_key_bits, client_host_key_e,
                                       client_host_key_n, ke, kn);
-  /* Check user host file. */
-  if (host_status != HOST_OK) {
+  /* Check user host file unless ignored. */
+  if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
    struct stat st;
    char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
    /* Check file permissions of SSH_USER_HOSTFILE,
       auth_rsa() did already check pw->pw_dir, but there is a race XXX */
-    if (strict_modes &&
+    if (options.strict_modes &&
        (stat(user_hostfile, &st) == 0) &&
        ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
        (st.st_mode & 022) != 0)) {
author	Damien Miller <djm@mindrot.org>	1999-11-12 11:33:04 +1100
committer	Damien Miller <djm@mindrot.org>	1999-11-12 11:33:04 +1100
commit	322650927bec37d850a3ab72f82bda1cd49b09e4 (patch)
tree	cb0bd087fb2f709f4d070221479249d8102e14bf /auth-rh-rsa.c
parent	776af5de4f7f2aa938cdd17bf85a9c891ce7dbd9 (diff)

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index ee6af218c..b6f1d6c73 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c
@@ -15,22 +15,22 @@ authentication.
15	*/	15	*/
16		16
17	#include "includes.h"	17	#include "includes.h"
18	RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");	18	RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
19		19
20	#include "packet.h"	20	#include "packet.h"
21	#include "ssh.h"	21	#include "ssh.h"
22	#include "xmalloc.h"	22	#include "xmalloc.h"
23	#include "uidswap.h"	23	#include "uidswap.h"
		24	#include "servconf.h"
24		25
25	/* Tries to authenticate the user using the .rhosts file and the host using	26	/* Tries to authenticate the user using the .rhosts file and the host using
26	its host key. Returns true if authentication succeeds.	27	its host key. Returns true if authentication succeeds. */
27	.rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
28		28
29	int auth_rhosts_rsa(struct passwd pw, const char client_user,	29	int auth_rhosts_rsa(struct passwd pw, const char client_user,
30	unsigned int client_host_key_bits,	30	unsigned int client_host_key_bits,
31	BIGNUM client_host_key_e, BIGNUM client_host_key_n,	31	BIGNUM client_host_key_e, BIGNUM client_host_key_n)
32	int ignore_rhosts, int strict_modes)
33	{	32	{
		33	extern ServerOptions options;
34	const char *canonical_hostname;	34	const char *canonical_hostname;
35	HostStatus host_status;	35	HostStatus host_status;
36	BIGNUM ke, kn;	36	BIGNUM ke, kn;
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd pw, const char client_user,
38	debug("Trying rhosts with RSA host authentication for %.100s", client_user);	38	debug("Trying rhosts with RSA host authentication for %.100s", client_user);
39		39
40	/* Check if we would accept it using rhosts authentication. */	40	/* Check if we would accept it using rhosts authentication. */
41	if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))	41	if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
42	return 0;	42	return 0;
43		43
44	canonical_hostname = get_canonical_hostname();	44	canonical_hostname = get_canonical_hostname();
@@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd pw, const char client_user,
53	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,	53	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
54	client_host_key_bits, client_host_key_e,	54	client_host_key_bits, client_host_key_e,
55	client_host_key_n, ke, kn);	55	client_host_key_n, ke, kn);
56	/* Check user host file. */	56
57	if (host_status != HOST_OK) {	57	/* Check user host file unless ignored. */
		58	if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
58	struct stat st;	59	struct stat st;
59	char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);	60	char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
60	/* Check file permissions of SSH_USER_HOSTFILE,	61	/* Check file permissions of SSH_USER_HOSTFILE,
61	auth_rsa() did already check pw->pw_dir, but there is a race XXX */	62	auth_rsa() did already check pw->pw_dir, but there is a race XXX */
62	if (strict_modes &&	63	if (options.strict_modes &&
63	(stat(user_hostfile, &st) == 0) &&	64	(stat(user_hostfile, &st) == 0) &&
64	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|	65	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|
65	(st.st_mode & 022) != 0)) {	66	(st.st_mode & 022) != 0)) {