diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-15 15:25:10 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-15 15:25:10 +1100 |
commit | 2ccf661cbe0924a1549a74b5a4f970e90f94d6a9 (patch) | |
tree | 8bb7ea3cbe9d473e7f46b7084f563cc593cc5d47 /auth-rhosts.c | |
parent | cedfecc99e73f9661d4dc3cea8c88e57c6e0b487 (diff) |
- Merged more OpenBSD CVS changes:
[auth-krb4.c]
- disconnect if getpeername() fails
- missing xfree(*client)
[canohost.c]
- disconnect if getpeername() fails
- fix comment: we _do_ disconnect if ip-options are set
[sshd.c]
- disconnect if getpeername() fails
- move checking of remote port to central place
[auth-rhosts.c] move checking of remote port to central place
[log-server.c] avoid extra fd per sshd, from millert@
[readconf.c] print _all_ bad config-options in ssh(1), too
[readconf.h] print _all_ bad config-options in ssh(1), too
[ssh.c] print _all_ bad config-options in ssh(1), too
[sshconnect.c] disconnect if getpeername() fails
- OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
Diffstat (limited to 'auth-rhosts.c')
-rw-r--r-- | auth-rhosts.c | 18 |
1 files changed, 1 insertions, 17 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c index 7e5614cb8..8f6655d4d 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -16,7 +16,7 @@ the login based on rhosts authentication. This file also processes | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $"); | 19 | RCSID("$Id: auth-rhosts.c,v 1.3 1999/11/15 04:25:10 damien Exp $"); |
20 | 20 | ||
21 | #include "packet.h" | 21 | #include "packet.h" |
22 | #include "ssh.h" | 22 | #include "ssh.h" |
@@ -161,7 +161,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user) | |||
161 | extern ServerOptions options; | 161 | extern ServerOptions options; |
162 | char buf[1024]; | 162 | char buf[1024]; |
163 | const char *hostname, *ipaddr; | 163 | const char *hostname, *ipaddr; |
164 | int port; | ||
165 | struct stat st; | 164 | struct stat st; |
166 | static const char *rhosts_files[] = { ".shosts", ".rhosts", NULL }; | 165 | static const char *rhosts_files[] = { ".shosts", ".rhosts", NULL }; |
167 | unsigned int rhosts_file_index; | 166 | unsigned int rhosts_file_index; |
@@ -190,21 +189,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user) | |||
190 | /* Get the name, address, and port of the remote host. */ | 189 | /* Get the name, address, and port of the remote host. */ |
191 | hostname = get_canonical_hostname(); | 190 | hostname = get_canonical_hostname(); |
192 | ipaddr = get_remote_ipaddr(); | 191 | ipaddr = get_remote_ipaddr(); |
193 | port = get_remote_port(); | ||
194 | |||
195 | /* Check that the connection comes from a privileged port. | ||
196 | Rhosts authentication only makes sense for priviledged programs. | ||
197 | Of course, if the intruder has root access on his local machine, | ||
198 | he can connect from any port. So do not use .rhosts | ||
199 | authentication from machines that you do not trust. */ | ||
200 | if (port >= IPPORT_RESERVED || | ||
201 | port < IPPORT_RESERVED / 2) | ||
202 | { | ||
203 | log("Connection from %.100s from nonpriviledged port %d", | ||
204 | hostname, port); | ||
205 | packet_send_debug("Your ssh client is not running as root."); | ||
206 | return 0; | ||
207 | } | ||
208 | 192 | ||
209 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ | 193 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
210 | if (pw->pw_uid != 0) | 194 | if (pw->pw_uid != 0) |