summaryrefslogtreecommitdiff
path: root/auth-rh-rsa.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-11-12 11:33:04 +1100
committerDamien Miller <djm@mindrot.org>1999-11-12 11:33:04 +1100
commit322650927bec37d850a3ab72f82bda1cd49b09e4 (patch)
treecb0bd087fb2f709f4d070221479249d8102e14bf /auth-rh-rsa.c
parent776af5de4f7f2aa938cdd17bf85a9c891ce7dbd9 (diff)
- Merged changes from OpenBSD CVS
- [sshd.c] session_key_int may be zero - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert - Brought default sshd_config more in line with OpenBSDs
Diffstat (limited to 'auth-rh-rsa.c')
-rw-r--r--auth-rh-rsa.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index ee6af218..b6f1d6c7 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,22 +15,22 @@ authentication.
*/
#include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
#include "packet.h"
#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "servconf.h"
/* Tries to authenticate the user using the .rhosts file and the host using
- its host key. Returns true if authentication succeeds.
- .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
+ its host key. Returns true if authentication succeeds. */
int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
unsigned int client_host_key_bits,
- BIGNUM *client_host_key_e, BIGNUM *client_host_key_n,
- int ignore_rhosts, int strict_modes)
+ BIGNUM *client_host_key_e, BIGNUM *client_host_key_n)
{
+ extern ServerOptions options;
const char *canonical_hostname;
HostStatus host_status;
BIGNUM *ke, *kn;
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
debug("Trying rhosts with RSA host authentication for %.100s", client_user);
/* Check if we would accept it using rhosts authentication. */
- if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))
+ if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
return 0;
canonical_hostname = get_canonical_hostname();
@@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
client_host_key_bits, client_host_key_e,
client_host_key_n, ke, kn);
- /* Check user host file. */
- if (host_status != HOST_OK) {
+
+ /* Check user host file unless ignored. */
+ if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
struct stat st;
char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
/* Check file permissions of SSH_USER_HOSTFILE,
auth_rsa() did already check pw->pw_dir, but there is a race XXX */
- if (strict_modes &&
+ if (options.strict_modes &&
(stat(user_hostfile, &st) == 0) &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {