version 1.13.2.4, 2001/03/21 18:52:33 |
version 1.14, 2000/06/20 01:39:38 |
|
|
/* |
/* |
|
* |
|
* auth-rhosts.c |
|
* |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
|
* |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* All rights reserved |
* All rights reserved |
|
* |
|
* Created: Fri Mar 17 05:12:18 1995 ylo |
|
* |
* Rhosts authentication. This file contains code to check whether to admit |
* Rhosts authentication. This file contains code to check whether to admit |
* the login based on rhosts authentication. This file also processes |
* the login based on rhosts authentication. This file also processes |
* /etc/hosts.equiv. |
* /etc/hosts.equiv. |
* |
* |
* As far as I am concerned, the code I have written for this software |
|
* can be used freely for any purpose. Any derived versions of this |
|
* software must be clearly marked as such, and if the derived work is |
|
* incompatible with the protocol description in the RFC file, it must be |
|
* called by a name other than "ssh" or "Secure Shell". |
|
*/ |
*/ |
|
|
#include "includes.h" |
#include "includes.h" |
RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
|
|
#include "packet.h" |
#include "packet.h" |
|
#include "ssh.h" |
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "uidswap.h" |
#include "uidswap.h" |
#include "pathnames.h" |
|
#include "log.h" |
|
#include "servconf.h" |
#include "servconf.h" |
#include "canohost.h" |
|
#include "auth.h" |
|
|
|
/* |
/* |
* This function processes an rhosts-style file (.rhosts, .shosts, or |
* This function processes an rhosts-style file (.rhosts, .shosts, or |
|
|
const char *hostname, *ipaddr; |
const char *hostname, *ipaddr; |
struct stat st; |
struct stat st; |
static const char *rhosts_files[] = {".shosts", ".rhosts", NULL}; |
static const char *rhosts_files[] = {".shosts", ".rhosts", NULL}; |
u_int rhosts_file_index; |
unsigned int rhosts_file_index; |
|
|
/* no user given */ |
|
if (pw == NULL) |
|
return 0; |
|
/* Switch to the user's uid. */ |
/* Switch to the user's uid. */ |
temporarily_use_uid(pw->pw_uid); |
temporarily_use_uid(pw->pw_uid); |
/* |
/* |
|
|
|
|
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */ |
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */ |
if (!rhosts_files[rhosts_file_index] && |
if (!rhosts_files[rhosts_file_index] && |
stat(_PATH_RHOSTS_EQUIV, &st) < 0 && |
stat("/etc/hosts.equiv", &st) < 0 && |
stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) |
stat(SSH_HOSTS_EQUIV, &st) < 0) |
return 0; |
return 0; |
|
|
hostname = get_canonical_hostname(options.reverse_mapping_check); |
hostname = get_canonical_hostname(); |
ipaddr = get_remote_ipaddr(); |
ipaddr = get_remote_ipaddr(); |
|
|
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
if (pw->pw_uid != 0) { |
if (pw->pw_uid != 0) { |
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, |
if (check_rhosts_file("/etc/hosts.equiv", hostname, ipaddr, client_user, |
pw->pw_name)) { |
pw->pw_name)) { |
packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", |
packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", |
hostname, ipaddr); |
hostname, ipaddr); |
return 1; |
return 1; |
} |
} |
if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, |
if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, |
pw->pw_name)) { |
pw->pw_name)) { |
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", |
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", |
hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); |
hostname, ipaddr, SSH_HOSTS_EQUIV); |
return 1; |
return 1; |
} |
} |
} |
} |