1 files changed, 10 insertions, 9 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index ee6af218c..b6f1d6c73 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,22 +15,22 @@ authentication.
 */
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
 #include "xmalloc.h"
 #include "uidswap.h"
+#include "servconf.h"
 /* Tries to authenticate the user using the .rhosts file and the host using
-   its host key.  Returns true if authentication succeeds. 
+   its host key.  Returns true if authentication succeeds. */
-   .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
 int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
                    unsigned int client_host_key_bits,
-                    BIGNUM *client_host_key_e, BIGNUM *client_host_key_n,
+                    BIGNUM *client_host_key_e, BIGNUM *client_host_key_n)
-                    int ignore_rhosts, int strict_modes)
 {
+  extern ServerOptions options;
  const char *canonical_hostname;
  HostStatus host_status;
  BIGNUM *ke, *kn;
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
  debug("Trying rhosts with RSA host authentication for %.100s", client_user);
  /* Check if we would accept it using rhosts authentication. */
-  if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))
+  if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
    return 0;
  canonical_hostname = get_canonical_hostname();
@@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
  host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
                                       client_host_key_bits, client_host_key_e,
                                       client_host_key_n, ke, kn);
-  /* Check user host file. */
-  if (host_status != HOST_OK) {
+  /* Check user host file unless ignored. */
+  if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
    struct stat st;
    char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
    /* Check file permissions of SSH_USER_HOSTFILE,
       auth_rsa() did already check pw->pw_dir, but there is a race XXX */
-    if (strict_modes &&
+    if (options.strict_modes &&
        (stat(user_hostfile, &st) == 0) &&
        ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
        (st.st_mode & 022) != 0)) {

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index ee6af218c..b6f1d6c73 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c
@@ -15,22 +15,22 @@ authentication.
15	*/	15	*/
16		16
17	#include "includes.h"	17	#include "includes.h"
18	RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");	18	RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
19		19
20	#include "packet.h"	20	#include "packet.h"
21	#include "ssh.h"	21	#include "ssh.h"
22	#include "xmalloc.h"	22	#include "xmalloc.h"
23	#include "uidswap.h"	23	#include "uidswap.h"
		24	#include "servconf.h"
24		25
25	/* Tries to authenticate the user using the .rhosts file and the host using	26	/* Tries to authenticate the user using the .rhosts file and the host using
26	its host key. Returns true if authentication succeeds.	27	its host key. Returns true if authentication succeeds. */
27	.rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
28		28
29	int auth_rhosts_rsa(struct passwd pw, const char client_user,	29	int auth_rhosts_rsa(struct passwd pw, const char client_user,
30	unsigned int client_host_key_bits,	30	unsigned int client_host_key_bits,
31	BIGNUM client_host_key_e, BIGNUM client_host_key_n,	31	BIGNUM client_host_key_e, BIGNUM client_host_key_n)
32	int ignore_rhosts, int strict_modes)
33	{	32	{
		33	extern ServerOptions options;
34	const char *canonical_hostname;	34	const char *canonical_hostname;
35	HostStatus host_status;	35	HostStatus host_status;
36	BIGNUM ke, kn;	36	BIGNUM ke, kn;
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd pw, const char client_user,
38	debug("Trying rhosts with RSA host authentication for %.100s", client_user);	38	debug("Trying rhosts with RSA host authentication for %.100s", client_user);
39		39
40	/* Check if we would accept it using rhosts authentication. */	40	/* Check if we would accept it using rhosts authentication. */
41	if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))	41	if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
42	return 0;	42	return 0;
43		43
44	canonical_hostname = get_canonical_hostname();	44	canonical_hostname = get_canonical_hostname();
@@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd pw, const char client_user,
53	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,	53	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
54	client_host_key_bits, client_host_key_e,	54	client_host_key_bits, client_host_key_e,
55	client_host_key_n, ke, kn);	55	client_host_key_n, ke, kn);
56	/* Check user host file. */	56
57	if (host_status != HOST_OK) {	57	/* Check user host file unless ignored. */
		58	if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
58	struct stat st;	59	struct stat st;
59	char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);	60	char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
60	/* Check file permissions of SSH_USER_HOSTFILE,	61	/* Check file permissions of SSH_USER_HOSTFILE,
61	auth_rsa() did already check pw->pw_dir, but there is a race XXX */	62	auth_rsa() did already check pw->pw_dir, but there is a race XXX */
62	if (strict_modes &&	63	if (options.strict_modes &&
63	(stat(user_hostfile, &st) == 0) &&	64	(stat(user_hostfile, &st) == 0) &&
64	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|	65	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|
65	(st.st_mode & 022) != 0)) {	66	(st.st_mode & 022) != 0)) {