- markus@cvs.openbsd.org 2001/11/07 22:53:21

[openssh.git] / auth-rhosts.c

diff --git a/auth-rhosts.c b/auth-rhosts.c
index 4f9ea886d47a5bf0365c4168a182cad4348df025..9ba64dbc3a9d729bd008d1cf77ab3e28ae4adc82 100644 (file)
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -23,6 +23,10 @@ RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
 #include "log.h"
 #include "servconf.h"
 #include "canohost.h"
+#include "auth.h"
+
+/* import */
+extern ServerOptions options;
 
 /*
  * This function processes an rhosts-style file (.rhosts, .shosts, or
@@ -30,7 +34,7 @@ RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
  * based on the file, and returns zero otherwise.
  */
 
-int
+static int
 check_rhosts_file(const char *filename, const char *hostname,
                  const char *ipaddr, const char *client_user,
                  const char *server_user)
@@ -149,18 +153,33 @@ check_rhosts_file(const char *filename, const char *hostname,
 int
 auth_rhosts(struct passwd *pw, const char *client_user)
 {
-       extern ServerOptions options;
-       char buf[1024];
        const char *hostname, *ipaddr;
+       int ret;
+
+       hostname = get_canonical_hostname(options.reverse_mapping_check);
+       ipaddr = get_remote_ipaddr();
+       ret = auth_rhosts2(pw, client_user, hostname, ipaddr);
+       return ret;
+}
+
+int
+auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
+    const char *ipaddr)
+{
+       char buf[1024];
        struct stat st;
        static const char *rhosts_files[] = {".shosts", ".rhosts", NULL};
        u_int rhosts_file_index;
 
+       debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
+           client_user, hostname, ipaddr);
+
        /* no user given */
        if (pw == NULL)
                return 0;
+
        /* Switch to the user's uid. */
-       temporarily_use_uid(pw->pw_uid);
+       temporarily_use_uid(pw);
        /*
         * Quick check: if the user has no .shosts or .rhosts files, return
         * failure immediately without doing costly lookups from name
@@ -183,12 +202,9 @@ auth_rhosts(struct passwd *pw, const char *client_user)
            stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
                return 0;
 
-       hostname = get_canonical_hostname();
-       ipaddr = get_remote_ipaddr();
-
        /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
        if (pw->pw_uid != 0) {
-               if (check_rhosts_file("/etc/hosts.equiv", hostname, ipaddr, client_user,
+               if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user,
                                      pw->pw_name)) {
                        packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
                                          hostname, ipaddr);
@@ -222,7 +238,7 @@ auth_rhosts(struct passwd *pw, const char *client_user)
                return 0;
        }
        /* Temporarily use the user's uid. */
-       temporarily_use_uid(pw->pw_uid);
+       temporarily_use_uid(pw);
 
        /* Check all .rhosts files (currently .shosts and .rhosts). */
        for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];