diff options
Diffstat (limited to 'auth-rh-rsa.c')
-rw-r--r-- | auth-rh-rsa.c | 35 |
1 files changed, 5 insertions, 30 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 506a5a239..870436b55 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.23 2001/04/06 21:00:04 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.24 2001/06/23 00:20:57 markus Exp $"); |
17 | 17 | ||
18 | #include "packet.h" | 18 | #include "packet.h" |
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
@@ -38,7 +38,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
38 | extern ServerOptions options; | 38 | extern ServerOptions options; |
39 | const char *canonical_hostname; | 39 | const char *canonical_hostname; |
40 | HostStatus host_status; | 40 | HostStatus host_status; |
41 | Key *client_key, *found; | 41 | Key *client_key; |
42 | 42 | ||
43 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); | 43 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); |
44 | 44 | ||
@@ -58,37 +58,12 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
58 | client_key = key_new(KEY_RSA1); | 58 | client_key = key_new(KEY_RSA1); |
59 | BN_copy(client_key->rsa->e, client_host_key->e); | 59 | BN_copy(client_key->rsa->e, client_host_key->e); |
60 | BN_copy(client_key->rsa->n, client_host_key->n); | 60 | BN_copy(client_key->rsa->n, client_host_key->n); |
61 | found = key_new(KEY_RSA1); | ||
62 | 61 | ||
63 | /* Check if we know the host and its host key. */ | 62 | host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname, |
64 | host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname, | 63 | _PATH_SSH_SYSTEM_HOSTFILE, |
65 | client_key, found, NULL); | 64 | options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL); |
66 | 65 | ||
67 | /* Check user host file unless ignored. */ | ||
68 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { | ||
69 | struct stat st; | ||
70 | char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); | ||
71 | /* | ||
72 | * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa() | ||
73 | * did already check pw->pw_dir, but there is a race XXX | ||
74 | */ | ||
75 | if (options.strict_modes && | ||
76 | (stat(user_hostfile, &st) == 0) && | ||
77 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | ||
78 | (st.st_mode & 022) != 0)) { | ||
79 | log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s", | ||
80 | pw->pw_name, user_hostfile); | ||
81 | } else { | ||
82 | /* XXX race between stat and the following open() */ | ||
83 | temporarily_use_uid(pw); | ||
84 | host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, | ||
85 | client_key, found, NULL); | ||
86 | restore_uid(); | ||
87 | } | ||
88 | xfree(user_hostfile); | ||
89 | } | ||
90 | key_free(client_key); | 66 | key_free(client_key); |
91 | key_free(found); | ||
92 | 67 | ||
93 | if (host_status != HOST_OK) { | 68 | if (host_status != HOST_OK) { |
94 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); | 69 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); |