diff options
Diffstat (limited to 'auth-rh-rsa.c')
| -rw-r--r-- | auth-rh-rsa.c | 35 |
1 files changed, 5 insertions, 30 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 506a5a239..870436b55 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.23 2001/04/06 21:00:04 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.24 2001/06/23 00:20:57 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include "packet.h" | 18 | #include "packet.h" |
| 19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
| @@ -38,7 +38,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
| 38 | extern ServerOptions options; | 38 | extern ServerOptions options; |
| 39 | const char *canonical_hostname; | 39 | const char *canonical_hostname; |
| 40 | HostStatus host_status; | 40 | HostStatus host_status; |
| 41 | Key *client_key, *found; | 41 | Key *client_key; |
| 42 | 42 | ||
| 43 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); | 43 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); |
| 44 | 44 | ||
| @@ -58,37 +58,12 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
| 58 | client_key = key_new(KEY_RSA1); | 58 | client_key = key_new(KEY_RSA1); |
| 59 | BN_copy(client_key->rsa->e, client_host_key->e); | 59 | BN_copy(client_key->rsa->e, client_host_key->e); |
| 60 | BN_copy(client_key->rsa->n, client_host_key->n); | 60 | BN_copy(client_key->rsa->n, client_host_key->n); |
| 61 | found = key_new(KEY_RSA1); | ||
| 62 | 61 | ||
| 63 | /* Check if we know the host and its host key. */ | 62 | host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname, |
| 64 | host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname, | 63 | _PATH_SSH_SYSTEM_HOSTFILE, |
| 65 | client_key, found, NULL); | 64 | options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL); |
| 66 | 65 | ||
| 67 | /* Check user host file unless ignored. */ | ||
| 68 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { | ||
| 69 | struct stat st; | ||
| 70 | char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); | ||
| 71 | /* | ||
| 72 | * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa() | ||
| 73 | * did already check pw->pw_dir, but there is a race XXX | ||
| 74 | */ | ||
| 75 | if (options.strict_modes && | ||
| 76 | (stat(user_hostfile, &st) == 0) && | ||
| 77 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | ||
| 78 | (st.st_mode & 022) != 0)) { | ||
| 79 | log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s", | ||
| 80 | pw->pw_name, user_hostfile); | ||
| 81 | } else { | ||
| 82 | /* XXX race between stat and the following open() */ | ||
| 83 | temporarily_use_uid(pw); | ||
| 84 | host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, | ||
| 85 | client_key, found, NULL); | ||
| 86 | restore_uid(); | ||
| 87 | } | ||
| 88 | xfree(user_hostfile); | ||
| 89 | } | ||
| 90 | key_free(client_key); | 66 | key_free(client_key); |
| 91 | key_free(found); | ||
| 92 | 67 | ||
| 93 | if (host_status != HOST_OK) { | 68 | if (host_status != HOST_OK) { |
| 94 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); | 69 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); |