upstream: make IgnoreRhosts a tri-state option: "yes" ignore

rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@ OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
author: djm@openbsd.org <djm@openbsd.org> 2020-04-17 03:30:05 +0000
committer: Damien Miller <djm@mindrot.org> 2020-04-17 14:03:36 +1000
commit: c90f72d29e84b4a2709078bf5546a72c29a65177 (patch)
tree: 58f38f99566d13f7e142c3181878f54e4cd2af21 /auth-rhosts.c
parent: 321c7147079270f3a154f91b59e66219aac3d514 (diff)
download: openssh-git-c90f72d29e84b4a2709078bf5546a72c29a65177.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 7a10210b..e81321b4 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.51 2019/10/02 00:42:30 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.52 2020/04/17 03:30:05 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -298,7 +298,9 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
 		 * Check if we have been configured to ignore .rhosts
 		 * and .shosts files.
 		 */
-		if (options.ignore_rhosts) {
+		if (options.ignore_rhosts == IGNORE_RHOSTS_YES ||
+		    (options.ignore_rhosts == IGNORE_RHOSTS_SHOSTS &&
+		    strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) {
 			auth_debug_add("Server has been configured to "
 			    "ignore %.100s.", rhosts_files[rhosts_file_index]);
 			continue;
author	djm@openbsd.org <djm@openbsd.org>	2020-04-17 03:30:05 +0000
committer	Damien Miller <djm@mindrot.org>	2020-04-17 14:03:36 +1000
commit	c90f72d29e84b4a2709078bf5546a72c29a65177 (patch)
tree	58f38f99566d13f7e142c3181878f54e4cd2af21 /auth-rhosts.c
parent	321c7147079270f3a154f91b59e66219aac3d514 (diff)
download	openssh-git-c90f72d29e84b4a2709078bf5546a72c29a65177.tar.gz