diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-12 23:34:34 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-12 23:34:34 +0000 |
| commit | 5eabda303aa26c77e4c383230db9ce9d9175e580 (patch) | |
| tree | a084d793ff9789b41920bb259c7ff309d21eba24 /auth-rhosts.c | |
| parent | 0998872972ec9a059204344cf0bec64123b3e28c (diff) | |
| download | openssh-git-5eabda303aa26c77e4c383230db9ce9d9175e580.tar.gz | |
- markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
Diffstat (limited to 'auth-rhosts.c')
| -rw-r--r-- | auth-rhosts.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c index c71e9b55..324a0f92 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.22 2001/04/06 21:00:06 markus Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.23 2001/04/12 19:15:24 markus Exp $"); #include "packet.h" #include "xmalloc.h" @@ -25,6 +25,9 @@ RCSID("$OpenBSD: auth-rhosts.c,v 1.22 2001/04/06 21:00:06 markus Exp $"); #include "canohost.h" #include "auth.h" +/* import */ +extern ServerOptions options; + /* * This function processes an rhosts-style file (.rhosts, .shosts, or * /etc/hosts.equiv). This returns true if authentication can be granted @@ -150,16 +153,31 @@ check_rhosts_file(const char *filename, const char *hostname, int auth_rhosts(struct passwd *pw, const char *client_user) { - extern ServerOptions options; - char buf[1024]; const char *hostname, *ipaddr; + int ret; + + hostname = get_canonical_hostname(options.reverse_mapping_check); + ipaddr = get_remote_ipaddr(); + ret = auth_rhosts2(pw, client_user, hostname, ipaddr); + return ret; +} + +int +auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, + const char *ipaddr) +{ + char buf[1024]; struct stat st; static const char *rhosts_files[] = {".shosts", ".rhosts", NULL}; u_int rhosts_file_index; + debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", + client_user, hostname, ipaddr); + /* no user given */ if (pw == NULL) return 0; + /* Switch to the user's uid. */ temporarily_use_uid(pw); /* @@ -184,9 +202,6 @@ auth_rhosts(struct passwd *pw, const char *client_user) stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) return 0; - hostname = get_canonical_hostname(options.reverse_mapping_check); - ipaddr = get_remote_ipaddr(); - /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ if (pw->pw_uid != 0) { if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, |