| version 1.54, 2022/02/01 23:32:51 |
version 1.55, 2022/02/23 11:15:57 |
|
|
| #include "pathnames.h" |
#include "pathnames.h" |
| #include "log.h" |
#include "log.h" |
| #include "misc.h" |
#include "misc.h" |
| |
#include "xmalloc.h" |
| #include "sshbuf.h" |
#include "sshbuf.h" |
| #include "sshkey.h" |
#include "sshkey.h" |
| #include "servconf.h" |
#include "servconf.h" |
|
|
| auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, |
auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, |
| const char *ipaddr) |
const char *ipaddr) |
| { |
{ |
| char buf[1024]; |
char *path = NULL; |
| struct stat st; |
struct stat st; |
| static const char * const rhosts_files[] = {".shosts", ".rhosts", NULL}; |
static const char * const rhosts_files[] = {".shosts", ".rhosts", NULL}; |
| u_int rhosts_file_index; |
u_int rhosts_file_index; |
| |
int r; |
| |
|
| debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", |
debug2_f("clientuser %s hostname %s ipaddr %s", |
| client_user, hostname, ipaddr); |
client_user, hostname, ipaddr); |
| |
|
| /* Switch to the user's uid. */ |
/* Switch to the user's uid. */ |
|
|
| for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; |
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; |
| rhosts_file_index++) { |
rhosts_file_index++) { |
| /* Check users .rhosts or .shosts. */ |
/* Check users .rhosts or .shosts. */ |
| snprintf(buf, sizeof buf, "%.500s/%.100s", |
xasprintf(&path, "%s/%s", |
| pw->pw_dir, rhosts_files[rhosts_file_index]); |
pw->pw_dir, rhosts_files[rhosts_file_index]); |
| if (stat(buf, &st) >= 0) |
r = stat(path, &st); |
| |
free(path); |
| |
if (r >= 0) |
| break; |
break; |
| } |
} |
| /* Switch back to privileged uid. */ |
/* Switch back to privileged uid. */ |
|
|
| for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; |
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; |
| rhosts_file_index++) { |
rhosts_file_index++) { |
| /* Check users .rhosts or .shosts. */ |
/* Check users .rhosts or .shosts. */ |
| snprintf(buf, sizeof buf, "%.500s/%.100s", |
xasprintf(&path, "%s/%s", |
| pw->pw_dir, rhosts_files[rhosts_file_index]); |
pw->pw_dir, rhosts_files[rhosts_file_index]); |
| if (stat(buf, &st) == -1) |
if (stat(path, &st) == -1) { |
| |
free(path); |
| continue; |
continue; |
| |
} |
| |
|
| /* |
/* |
| * Make sure that the file is either owned by the user or by |
* Make sure that the file is either owned by the user or by |
|
|
| if (options.strict_modes && |
if (options.strict_modes && |
| ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
| (st.st_mode & 022) != 0)) { |
(st.st_mode & 022) != 0)) { |
| logit("Rhosts authentication refused for %.100s: bad modes for %.200s", |
logit("Rhosts authentication refused for %.100s: " |
| pw->pw_name, buf); |
"bad modes for %.200s", pw->pw_name, path); |
| auth_debug_add("Bad file modes for %.200s", buf); |
auth_debug_add("Bad file modes for %.200s", path); |
| |
free(path); |
| continue; |
continue; |
| } |
} |
| /* |
/* |
|
|
| strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) { |
strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) { |
| auth_debug_add("Server has been configured to " |
auth_debug_add("Server has been configured to " |
| "ignore %.100s.", rhosts_files[rhosts_file_index]); |
"ignore %.100s.", rhosts_files[rhosts_file_index]); |
| |
free(path); |
| continue; |
continue; |
| } |
} |
| /* Check if authentication is permitted by the file. */ |
/* Check if authentication is permitted by the file. */ |
| if (check_rhosts_file(buf, hostname, ipaddr, |
if (check_rhosts_file(path, hostname, ipaddr, |
| client_user, pw->pw_name)) { |
client_user, pw->pw_name)) { |
| auth_debug_add("Accepted by %.100s.", |
auth_debug_add("Accepted by %.100s.", |
| rhosts_files[rhosts_file_index]); |
rhosts_files[rhosts_file_index]); |
|
|
| auth_debug_add("Accepted host %s ip %s client_user " |
auth_debug_add("Accepted host %s ip %s client_user " |
| "%s server_user %s", hostname, ipaddr, |
"%s server_user %s", hostname, ipaddr, |
| client_user, pw->pw_name); |
client_user, pw->pw_name); |
| |
free(path); |
| return 1; |
return 1; |
| } |
} |
| |
free(path); |
| } |
} |
| |
|
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-rhosts.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh