diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-12 23:34:34 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-12 23:34:34 +0000 |
commit | 5eabda303aa26c77e4c383230db9ce9d9175e580 (patch) | |
tree | a084d793ff9789b41920bb259c7ff309d21eba24 /auth-rhosts.c | |
parent | 0998872972ec9a059204344cf0bec64123b3e28c (diff) |
- markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
Diffstat (limited to 'auth-rhosts.c')
-rw-r--r-- | auth-rhosts.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c index c71e9b55d..324a0f925 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.22 2001/04/06 21:00:06 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.23 2001/04/12 19:15:24 markus Exp $"); |
18 | 18 | ||
19 | #include "packet.h" | 19 | #include "packet.h" |
20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
@@ -25,6 +25,9 @@ RCSID("$OpenBSD: auth-rhosts.c,v 1.22 2001/04/06 21:00:06 markus Exp $"); | |||
25 | #include "canohost.h" | 25 | #include "canohost.h" |
26 | #include "auth.h" | 26 | #include "auth.h" |
27 | 27 | ||
28 | /* import */ | ||
29 | extern ServerOptions options; | ||
30 | |||
28 | /* | 31 | /* |
29 | * This function processes an rhosts-style file (.rhosts, .shosts, or | 32 | * This function processes an rhosts-style file (.rhosts, .shosts, or |
30 | * /etc/hosts.equiv). This returns true if authentication can be granted | 33 | * /etc/hosts.equiv). This returns true if authentication can be granted |
@@ -150,16 +153,31 @@ check_rhosts_file(const char *filename, const char *hostname, | |||
150 | int | 153 | int |
151 | auth_rhosts(struct passwd *pw, const char *client_user) | 154 | auth_rhosts(struct passwd *pw, const char *client_user) |
152 | { | 155 | { |
153 | extern ServerOptions options; | ||
154 | char buf[1024]; | ||
155 | const char *hostname, *ipaddr; | 156 | const char *hostname, *ipaddr; |
157 | int ret; | ||
158 | |||
159 | hostname = get_canonical_hostname(options.reverse_mapping_check); | ||
160 | ipaddr = get_remote_ipaddr(); | ||
161 | ret = auth_rhosts2(pw, client_user, hostname, ipaddr); | ||
162 | return ret; | ||
163 | } | ||
164 | |||
165 | int | ||
166 | auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, | ||
167 | const char *ipaddr) | ||
168 | { | ||
169 | char buf[1024]; | ||
156 | struct stat st; | 170 | struct stat st; |
157 | static const char *rhosts_files[] = {".shosts", ".rhosts", NULL}; | 171 | static const char *rhosts_files[] = {".shosts", ".rhosts", NULL}; |
158 | u_int rhosts_file_index; | 172 | u_int rhosts_file_index; |
159 | 173 | ||
174 | debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", | ||
175 | client_user, hostname, ipaddr); | ||
176 | |||
160 | /* no user given */ | 177 | /* no user given */ |
161 | if (pw == NULL) | 178 | if (pw == NULL) |
162 | return 0; | 179 | return 0; |
180 | |||
163 | /* Switch to the user's uid. */ | 181 | /* Switch to the user's uid. */ |
164 | temporarily_use_uid(pw); | 182 | temporarily_use_uid(pw); |
165 | /* | 183 | /* |
@@ -184,9 +202,6 @@ auth_rhosts(struct passwd *pw, const char *client_user) | |||
184 | stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) | 202 | stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) |
185 | return 0; | 203 | return 0; |
186 | 204 | ||
187 | hostname = get_canonical_hostname(options.reverse_mapping_check); | ||
188 | ipaddr = get_remote_ipaddr(); | ||
189 | |||
190 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ | 205 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
191 | if (pw->pw_uid != 0) { | 206 | if (pw->pw_uid != 0) { |
192 | if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, | 207 | if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, |