1 files changed, 12 insertions, 30 deletions
diff --git a/auth2.c b/auth2.c
index 1d635d60c..3d2dcdc6c 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.63 2001/06/22 21:55:49 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.64 2001/06/23 00:20:58 markus Exp $");
 #include <openssl/evp.h>
@@ -761,10 +761,7 @@ int
 hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
    Key *key)
 {
-        Key *found;
        const char *resolvedname, *ipaddr, *lookup;
-        struct stat st;
-        char *user_hostfile;
        int host_status, len;
        resolvedname = get_canonical_hostname(options.reverse_mapping_check);
@@ -792,32 +789,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
        }
        debug2("userauth_hostbased: access allowed by auth_rhosts2");
-        /* XXX this is copied from auth-rh-rsa.c and should be shared */
+        host_status = check_key_in_hostfiles(pw, key, lookup,
-        found = key_new(key->type);
+            _PATH_SSH_SYSTEM_HOSTFILE,
-        host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE2, lookup,
+            options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL);
-            key, found, NULL);
+        /* backward compat if no key has been found. */
-        if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
+        if (host_status == HOST_NEW)
-                user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE2,
+                host_status = check_key_in_hostfiles(pw, key, lookup,
-                    pw->pw_uid);
+                    _PATH_SSH_SYSTEM_HOSTFILE2,
-                if (options.strict_modes &&
+                    options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE2 :
-                    (stat(user_hostfile, &st) == 0) &&
+                    NULL);
-                    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-                     (st.st_mode & 022) != 0)) {
-                        log("Hostbased authentication refused for %.100s: "
-                            "bad owner or modes for %.200s",
-                            pw->pw_name, user_hostfile);
-                } else {
-                        temporarily_use_uid(pw);
-                        host_status = check_host_in_hostfile(user_hostfile,
-                            lookup, key, found, NULL);
-                        restore_uid();
-                }
-                xfree(user_hostfile);
-        }
-        key_free(found);
-        debug2("userauth_hostbased: key %s for %s", host_status == HOST_OK ?
-            "ok" : "not found", lookup);
        return (host_status == HOST_OK);
 }

diff --git a/auth2.c b/auth2.c index 1d635d60c..3d2dcdc6c 100644 --- a/auth2.c +++ b/auth2.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: auth2.c,v 1.63 2001/06/22 21:55:49 markus Exp $");	26	RCSID("$OpenBSD: auth2.c,v 1.64 2001/06/23 00:20:58 markus Exp $");
27		27
28	#include <openssl/evp.h>	28	#include <openssl/evp.h>
29		29
@@ -761,10 +761,7 @@ int
761	hostbased_key_allowed(struct passwd pw, const char cuser, char *chost,	761	hostbased_key_allowed(struct passwd pw, const char cuser, char *chost,
762	Key *key)	762	Key *key)
763	{	763	{
764	Key *found;
765	const char resolvedname, ipaddr, *lookup;	764	const char resolvedname, ipaddr, *lookup;
766	struct stat st;
767	char *user_hostfile;
768	int host_status, len;	765	int host_status, len;
769		766
770	resolvedname = get_canonical_hostname(options.reverse_mapping_check);	767	resolvedname = get_canonical_hostname(options.reverse_mapping_check);
@@ -792,32 +789,17 @@ hostbased_key_allowed(struct passwd pw, const char cuser, char *chost,
792	}	789	}
793	debug2("userauth_hostbased: access allowed by auth_rhosts2");	790	debug2("userauth_hostbased: access allowed by auth_rhosts2");
794		791
795	/* XXX this is copied from auth-rh-rsa.c and should be shared */	792	host_status = check_key_in_hostfiles(pw, key, lookup,
796	found = key_new(key->type);	793	_PATH_SSH_SYSTEM_HOSTFILE,
797	host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE2, lookup,	794	options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL);
798	key, found, NULL);	795
799		796	/* backward compat if no key has been found. */
800	if (host_status != HOST_OK && !options.ignore_user_known_hosts) {	797	if (host_status == HOST_NEW)
801	user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE2,	798	host_status = check_key_in_hostfiles(pw, key, lookup,
802	pw->pw_uid);	799	_PATH_SSH_SYSTEM_HOSTFILE2,
803	if (options.strict_modes &&	800	options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE2 :
804	(stat(user_hostfile, &st) == 0) &&	801	NULL);
805	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|
806	(st.st_mode & 022) != 0)) {
807	log("Hostbased authentication refused for %.100s: "
808	"bad owner or modes for %.200s",
809	pw->pw_name, user_hostfile);
810	} else {
811	temporarily_use_uid(pw);
812	host_status = check_host_in_hostfile(user_hostfile,
813	lookup, key, found, NULL);
814	restore_uid();
815	}
816	xfree(user_hostfile);
817	}
818	key_free(found);
819		802
820	debug2("userauth_hostbased: key %s for %s", host_status == HOST_OK ?
821	"ok" : "not found", lookup);
822	return (host_status == HOST_OK);	803	return (host_status == HOST_OK);
823	}	804	}
		805