1 files changed, 24 insertions, 1 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index c433578bf..ee6af218c 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,7 +15,7 @@ authentication.
 */
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -53,8 +53,31 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
  host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
                                       client_host_key_bits, client_host_key_e,
                                       client_host_key_n, ke, kn);
+  /* Check user host file. */
+  if (host_status != HOST_OK) {
+    struct stat st;
+    char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
+    /* Check file permissions of SSH_USER_HOSTFILE,
+       auth_rsa() did already check pw->pw_dir, but there is a race XXX */
+    if (strict_modes &&
+        (stat(user_hostfile, &st) == 0) &&
+        ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+        (st.st_mode & 022) != 0)) {
+       log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
+           pw->pw_name, user_hostfile);
+    } else {
+      /* XXX race between stat and the following open() */
+      temporarily_use_uid(pw->pw_uid);
+      host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
+                                           client_host_key_bits, client_host_key_e,
+                                           client_host_key_n, ke, kn);
+      restore_uid();
+    }
+    xfree(user_hostfile);
+  }
  BN_free(ke);
  BN_free(kn);
  if (host_status != HOST_OK) {
    /* The host key was not found. */
    debug("Rhosts with RSA host authentication denied: unknown or invalid host key");

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index c433578bf..ee6af218c 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c
@@ -15,7 +15,7 @@ authentication.
15	*/	15	*/
16		16
17	#include "includes.h"	17	#include "includes.h"
18	RCSID("$Id: auth-rh-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $");	18	RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");
19		19
20	#include "packet.h"	20	#include "packet.h"
21	#include "ssh.h"	21	#include "ssh.h"
@@ -53,8 +53,31 @@ int auth_rhosts_rsa(struct passwd pw, const char client_user,
53	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,	53	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
54	client_host_key_bits, client_host_key_e,	54	client_host_key_bits, client_host_key_e,
55	client_host_key_n, ke, kn);	55	client_host_key_n, ke, kn);
		56	/* Check user host file. */
		57	if (host_status != HOST_OK) {
		58	struct stat st;
		59	char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
		60	/* Check file permissions of SSH_USER_HOSTFILE,
		61	auth_rsa() did already check pw->pw_dir, but there is a race XXX */
		62	if (strict_modes &&
		63	(stat(user_hostfile, &st) == 0) &&
		64	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|
		65	(st.st_mode & 022) != 0)) {
		66	log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
		67	pw->pw_name, user_hostfile);
		68	} else {
		69	/* XXX race between stat and the following open() */
		70	temporarily_use_uid(pw->pw_uid);
		71	host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
		72	client_host_key_bits, client_host_key_e,
		73	client_host_key_n, ke, kn);
		74	restore_uid();
		75	}
		76	xfree(user_hostfile);
		77	}
56	BN_free(ke);	78	BN_free(ke);
57	BN_free(kn);	79	BN_free(kn);
		80
58	if (host_status != HOST_OK) {	81	if (host_status != HOST_OK) {
59	/* The host key was not found. */	82	/* The host key was not found. */
60	debug("Rhosts with RSA host authentication denied: unknown or invalid host key");	83	debug("Rhosts with RSA host authentication denied: unknown or invalid host key");