diff options
| author | Damien Miller <djm@mindrot.org> | 1999-11-15 15:25:10 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-11-15 15:25:10 +1100 |
| commit | 2ccf661cbe0924a1549a74b5a4f970e90f94d6a9 (patch) | |
| tree | 8bb7ea3cbe9d473e7f46b7084f563cc593cc5d47 /auth-rhosts.c | |
| parent | cedfecc99e73f9661d4dc3cea8c88e57c6e0b487 (diff) | |
- Merged more OpenBSD CVS changes:
[auth-krb4.c]
- disconnect if getpeername() fails
- missing xfree(*client)
[canohost.c]
- disconnect if getpeername() fails
- fix comment: we _do_ disconnect if ip-options are set
[sshd.c]
- disconnect if getpeername() fails
- move checking of remote port to central place
[auth-rhosts.c] move checking of remote port to central place
[log-server.c] avoid extra fd per sshd, from millert@
[readconf.c] print _all_ bad config-options in ssh(1), too
[readconf.h] print _all_ bad config-options in ssh(1), too
[ssh.c] print _all_ bad config-options in ssh(1), too
[sshconnect.c] disconnect if getpeername() fails
- OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
Diffstat (limited to 'auth-rhosts.c')
| -rw-r--r-- | auth-rhosts.c | 18 |
1 files changed, 1 insertions, 17 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c index 7e5614cb8..8f6655d4d 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
| @@ -16,7 +16,7 @@ the login based on rhosts authentication. This file also processes | |||
| 16 | */ | 16 | */ |
| 17 | 17 | ||
| 18 | #include "includes.h" | 18 | #include "includes.h" |
| 19 | RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $"); | 19 | RCSID("$Id: auth-rhosts.c,v 1.3 1999/11/15 04:25:10 damien Exp $"); |
| 20 | 20 | ||
| 21 | #include "packet.h" | 21 | #include "packet.h" |
| 22 | #include "ssh.h" | 22 | #include "ssh.h" |
| @@ -161,7 +161,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user) | |||
| 161 | extern ServerOptions options; | 161 | extern ServerOptions options; |
| 162 | char buf[1024]; | 162 | char buf[1024]; |
| 163 | const char *hostname, *ipaddr; | 163 | const char *hostname, *ipaddr; |
| 164 | int port; | ||
| 165 | struct stat st; | 164 | struct stat st; |
| 166 | static const char *rhosts_files[] = { ".shosts", ".rhosts", NULL }; | 165 | static const char *rhosts_files[] = { ".shosts", ".rhosts", NULL }; |
| 167 | unsigned int rhosts_file_index; | 166 | unsigned int rhosts_file_index; |
| @@ -190,21 +189,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user) | |||
| 190 | /* Get the name, address, and port of the remote host. */ | 189 | /* Get the name, address, and port of the remote host. */ |
| 191 | hostname = get_canonical_hostname(); | 190 | hostname = get_canonical_hostname(); |
| 192 | ipaddr = get_remote_ipaddr(); | 191 | ipaddr = get_remote_ipaddr(); |
| 193 | port = get_remote_port(); | ||
| 194 | |||
| 195 | /* Check that the connection comes from a privileged port. | ||
| 196 | Rhosts authentication only makes sense for priviledged programs. | ||
| 197 | Of course, if the intruder has root access on his local machine, | ||
| 198 | he can connect from any port. So do not use .rhosts | ||
| 199 | authentication from machines that you do not trust. */ | ||
| 200 | if (port >= IPPORT_RESERVED || | ||
| 201 | port < IPPORT_RESERVED / 2) | ||
| 202 | { | ||
| 203 | log("Connection from %.100s from nonpriviledged port %d", | ||
| 204 | hostname, port); | ||
| 205 | packet_send_debug("Your ssh client is not running as root."); | ||
| 206 | return 0; | ||
| 207 | } | ||
| 208 | 192 | ||
| 209 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ | 193 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
| 210 | if (pw->pw_uid != 0) | 194 | if (pw->pw_uid != 0) |