=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth-rhosts.c,v retrieving revision 1.13 retrieving revision 1.13.2.3 diff -u -r1.13 -r1.13.2.3 --- src/usr.bin/ssh/auth-rhosts.c 2000/04/14 10:30:29 1.13 +++ src/usr.bin/ssh/auth-rhosts.c 2001/03/12 15:44:07 1.13.2.3 @@ -1,28 +1,29 @@ /* - * - * auth-rhosts.c - * * Author: Tatu Ylonen - * * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved - * - * Created: Fri Mar 17 05:12:18 1995 ylo - * * Rhosts authentication. This file contains code to check whether to admit * the login based on rhosts authentication. This file also processes * /etc/hosts.equiv. * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". */ #include "includes.h" -RCSID("$Id: auth-rhosts.c,v 1.13 2000/04/14 10:30:29 markus Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.13.2.3 2001/03/12 15:44:07 jason Exp $"); #include "packet.h" -#include "ssh.h" #include "xmalloc.h" #include "uidswap.h" +#include "pathnames.h" +#include "log.h" #include "servconf.h" +#include "canohost.h" +#include "auth.h" /* * This function processes an rhosts-style file (.rhosts, .shosts, or @@ -154,8 +155,11 @@ const char *hostname, *ipaddr; struct stat st; static const char *rhosts_files[] = {".shosts", ".rhosts", NULL}; - unsigned int rhosts_file_index; + u_int rhosts_file_index; + /* no user given */ + if (pw == NULL) + return 0; /* Switch to the user's uid. */ temporarily_use_uid(pw->pw_uid); /* @@ -176,25 +180,25 @@ /* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */ if (!rhosts_files[rhosts_file_index] && - stat("/etc/hosts.equiv", &st) < 0 && - stat(SSH_HOSTS_EQUIV, &st) < 0) + stat(_PATH_RHOSTS_EQUIV, &st) < 0 && + stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) return 0; - hostname = get_canonical_hostname(); + hostname = get_canonical_hostname(options.reverse_mapping_check); ipaddr = get_remote_ipaddr(); /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ if (pw->pw_uid != 0) { - if (check_rhosts_file("/etc/hosts.equiv", hostname, ipaddr, client_user, + if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, pw->pw_name)) { packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", hostname, ipaddr); return 1; } - if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, + if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, pw->pw_name)) { packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", - hostname, ipaddr, SSH_HOSTS_EQUIV); + hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); return 1; } }