- djm@cvs.openbsd.org 2010/01/30 02:54:53

[openssh.git] / auth-rhosts.c

diff --git a/auth-rhosts.c b/auth-rhosts.c
index de2cb67f3e2578496c7ebcf14e1319d0d1fdc88d..5c12967016b4d62720e2aadfa10505c9c3f310a2 100644 (file)
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: auth-rhosts.c,v 1.43 2008/06/13 14:18:51 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -14,15 +15,31 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.29 2003/04/08 20:21:28 itojun Exp $");
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#ifdef HAVE_NETGROUP_H
+# include <netgroup.h>
+#endif
+#include <pwd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 #include "packet.h"
+#include "buffer.h"
 #include "uidswap.h"
 #include "pathnames.h"
 #include "log.h"
 #include "servconf.h"
 #include "canohost.h"
+#include "key.h"
+#include "hostfile.h"
 #include "auth.h"
+#include "misc.h"
 
 /* import */
 extern ServerOptions options;
@@ -41,12 +58,27 @@ check_rhosts_file(const char *filename, const char *hostname,
 {
        FILE *f;
        char buf[1024]; /* Must not be larger than host, user, dummy below. */
+       int fd;
+       struct stat st;
 
        /* Open the .rhosts file, deny if unreadable */
-       f = fopen(filename, "r");
-       if (!f)
+       if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1)
                return 0;
-
+       if (fstat(fd, &st) == -1) {
+               close(fd);
+               return 0;
+       }
+       if (!S_ISREG(st.st_mode)) {
+               logit("User %s hosts file %s is not a regular file",
+                   server_user, filename);
+               close(fd);
+               return 0;
+       }
+       unset_nonblock(fd);
+       if ((f = fdopen(fd, "r")) == NULL) {
+               close(fd);
+               return 0;
+       }
        while (fgets(buf, sizeof(buf), f)) {
                /* All three must be at least as big as buf to avoid overflows. */
                char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp;
@@ -68,7 +100,8 @@ check_rhosts_file(const char *filename, const char *hostname,
                 * This should be safe because each buffer is as big as the
                 * whole string, and thus cannot be overwritten.
                 */
-               switch (sscanf(buf, "%s %s %s", hostbuf, userbuf, dummy)) {
+               switch (sscanf(buf, "%1023s %1023s %1023s", hostbuf, userbuf,
+                   dummy)) {
                case 0:
                        auth_debug_add("Found empty line in %.100s.", filename);
                        continue;
@@ -132,7 +165,7 @@ check_rhosts_file(const char *filename, const char *hostname,
                /* If the entry was negated, deny access. */
                if (negated) {
                        auth_debug_add("Matched negative entry in %.100s.",
-                            filename);
+                           filename);
                        return 0;
                }
                /* Accept authentication. */
@@ -155,7 +188,7 @@ auth_rhosts(struct passwd *pw, const char *client_user)
 {
        const char *hostname, *ipaddr;
 
-       hostname = get_canonical_hostname(options.verify_reverse_mapping);
+       hostname = get_canonical_hostname(options.use_dns);
        ipaddr = get_remote_ipaddr();
        return auth_rhosts2(pw, client_user, hostname, ipaddr);
 }
@@ -172,10 +205,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
        debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
            client_user, hostname, ipaddr);
 
-       /* no user given */
-       if (pw == NULL)
-               return 0;
-
        /* Switch to the user's uid. */
        temporarily_use_uid(pw);
        /*