version 1.24, 2001/06/23 15:12:17 |
version 1.24.2.1, 2002/03/07 17:37:46 |
|
|
RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
|
|
#include "packet.h" |
#include "packet.h" |
#include "xmalloc.h" |
|
#include "uidswap.h" |
#include "uidswap.h" |
#include "pathnames.h" |
#include "pathnames.h" |
#include "log.h" |
#include "log.h" |
|
|
const char *hostname, *ipaddr; |
const char *hostname, *ipaddr; |
int ret; |
int ret; |
|
|
hostname = get_canonical_hostname(options.reverse_mapping_check); |
hostname = get_canonical_hostname(options.verify_reverse_mapping); |
ipaddr = get_remote_ipaddr(); |
ipaddr = get_remote_ipaddr(); |
ret = auth_rhosts2(pw, client_user, hostname, ipaddr); |
ret = auth_rhosts2(pw, client_user, hostname, ipaddr); |
return ret; |
return ret; |
|
|
* servers. |
* servers. |
*/ |
*/ |
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; |
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; |
rhosts_file_index++) { |
rhosts_file_index++) { |
/* Check users .rhosts or .shosts. */ |
/* Check users .rhosts or .shosts. */ |
snprintf(buf, sizeof buf, "%.500s/%.100s", |
snprintf(buf, sizeof buf, "%.500s/%.100s", |
pw->pw_dir, rhosts_files[rhosts_file_index]); |
pw->pw_dir, rhosts_files[rhosts_file_index]); |
|
|
|
|
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
if (pw->pw_uid != 0) { |
if (pw->pw_uid != 0) { |
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, |
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, |
pw->pw_name)) { |
client_user, pw->pw_name)) { |
packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", |
packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", |
hostname, ipaddr); |
hostname, ipaddr); |
return 1; |
return 1; |
} |
} |
if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, |
if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, |
pw->pw_name)) { |
client_user, pw->pw_name)) { |
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", |
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", |
hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); |
hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); |
return 1; |
return 1; |
} |
} |
} |
} |
|
|
} |
} |
if (options.strict_modes && |
if (options.strict_modes && |
((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
(st.st_mode & 022) != 0)) { |
(st.st_mode & 022) != 0)) { |
log("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", |
log("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", |
pw->pw_name); |
pw->pw_name); |
packet_send_debug("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", |
packet_send_debug("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", |
|
|
|
|
/* Check all .rhosts files (currently .shosts and .rhosts). */ |
/* Check all .rhosts files (currently .shosts and .rhosts). */ |
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; |
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; |
rhosts_file_index++) { |
rhosts_file_index++) { |
/* Check users .rhosts or .shosts. */ |
/* Check users .rhosts or .shosts. */ |
snprintf(buf, sizeof buf, "%.500s/%.100s", |
snprintf(buf, sizeof buf, "%.500s/%.100s", |
pw->pw_dir, rhosts_files[rhosts_file_index]); |
pw->pw_dir, rhosts_files[rhosts_file_index]); |
|
|
*/ |
*/ |
if (options.strict_modes && |
if (options.strict_modes && |
((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
(st.st_mode & 022) != 0)) { |
(st.st_mode & 022) != 0)) { |
log("Rhosts authentication refused for %.100s: bad modes for %.200s", |
log("Rhosts authentication refused for %.100s: bad modes for %.200s", |
pw->pw_name, buf); |
pw->pw_name, buf); |
packet_send_debug("Bad file modes for %.200s", buf); |
packet_send_debug("Bad file modes for %.200s", buf); |