summaryrefslogtreecommitdiff
path: root/auth-rhosts.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-11-15 15:25:10 +1100
committerDamien Miller <djm@mindrot.org>1999-11-15 15:25:10 +1100
commit2ccf661cbe0924a1549a74b5a4f970e90f94d6a9 (patch)
tree8bb7ea3cbe9d473e7f46b7084f563cc593cc5d47 /auth-rhosts.c
parentcedfecc99e73f9661d4dc3cea8c88e57c6e0b487 (diff)
- Merged more OpenBSD CVS changes:
[auth-krb4.c] - disconnect if getpeername() fails - missing xfree(*client) [canohost.c] - disconnect if getpeername() fails - fix comment: we _do_ disconnect if ip-options are set [sshd.c] - disconnect if getpeername() fails - move checking of remote port to central place [auth-rhosts.c] move checking of remote port to central place [log-server.c] avoid extra fd per sshd, from millert@ [readconf.c] print _all_ bad config-options in ssh(1), too [readconf.h] print _all_ bad config-options in ssh(1), too [ssh.c] print _all_ bad config-options in ssh(1), too [sshconnect.c] disconnect if getpeername() fails - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
Diffstat (limited to 'auth-rhosts.c')
-rw-r--r--auth-rhosts.c18
1 files changed, 1 insertions, 17 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 7e5614cb..8f6655d4 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -16,7 +16,7 @@ the login based on rhosts authentication. This file also processes
*/
#include "includes.h"
-RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $");
+RCSID("$Id: auth-rhosts.c,v 1.3 1999/11/15 04:25:10 damien Exp $");
#include "packet.h"
#include "ssh.h"
@@ -161,7 +161,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user)
extern ServerOptions options;
char buf[1024];
const char *hostname, *ipaddr;
- int port;
struct stat st;
static const char *rhosts_files[] = { ".shosts", ".rhosts", NULL };
unsigned int rhosts_file_index;
@@ -190,21 +189,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user)
/* Get the name, address, and port of the remote host. */
hostname = get_canonical_hostname();
ipaddr = get_remote_ipaddr();
- port = get_remote_port();
-
- /* Check that the connection comes from a privileged port.
- Rhosts authentication only makes sense for priviledged programs.
- Of course, if the intruder has root access on his local machine,
- he can connect from any port. So do not use .rhosts
- authentication from machines that you do not trust. */
- if (port >= IPPORT_RESERVED ||
- port < IPPORT_RESERVED / 2)
- {
- log("Connection from %.100s from nonpriviledged port %d",
- hostname, port);
- packet_send_debug("Your ssh client is not running as root.");
- return 0;
- }
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
if (pw->pw_uid != 0)