diff options
Diffstat (limited to 'auth-rhosts.c')
-rw-r--r-- | auth-rhosts.c | 18 |
1 files changed, 1 insertions, 17 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c index 7e5614cb8..8f6655d4d 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -16,7 +16,7 @@ the login based on rhosts authentication. This file also processes | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $"); | 19 | RCSID("$Id: auth-rhosts.c,v 1.3 1999/11/15 04:25:10 damien Exp $"); |
20 | 20 | ||
21 | #include "packet.h" | 21 | #include "packet.h" |
22 | #include "ssh.h" | 22 | #include "ssh.h" |
@@ -161,7 +161,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user) | |||
161 | extern ServerOptions options; | 161 | extern ServerOptions options; |
162 | char buf[1024]; | 162 | char buf[1024]; |
163 | const char *hostname, *ipaddr; | 163 | const char *hostname, *ipaddr; |
164 | int port; | ||
165 | struct stat st; | 164 | struct stat st; |
166 | static const char *rhosts_files[] = { ".shosts", ".rhosts", NULL }; | 165 | static const char *rhosts_files[] = { ".shosts", ".rhosts", NULL }; |
167 | unsigned int rhosts_file_index; | 166 | unsigned int rhosts_file_index; |
@@ -190,21 +189,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user) | |||
190 | /* Get the name, address, and port of the remote host. */ | 189 | /* Get the name, address, and port of the remote host. */ |
191 | hostname = get_canonical_hostname(); | 190 | hostname = get_canonical_hostname(); |
192 | ipaddr = get_remote_ipaddr(); | 191 | ipaddr = get_remote_ipaddr(); |
193 | port = get_remote_port(); | ||
194 | |||
195 | /* Check that the connection comes from a privileged port. | ||
196 | Rhosts authentication only makes sense for priviledged programs. | ||
197 | Of course, if the intruder has root access on his local machine, | ||
198 | he can connect from any port. So do not use .rhosts | ||
199 | authentication from machines that you do not trust. */ | ||
200 | if (port >= IPPORT_RESERVED || | ||
201 | port < IPPORT_RESERVED / 2) | ||
202 | { | ||
203 | log("Connection from %.100s from nonpriviledged port %d", | ||
204 | hostname, port); | ||
205 | packet_send_debug("Your ssh client is not running as root."); | ||
206 | return 0; | ||
207 | } | ||
208 | 192 | ||
209 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ | 193 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
210 | if (pw->pw_uid != 0) | 194 | if (pw->pw_uid != 0) |