- /* Check if we would accept it using rhosts authentication. */
- if (!auth_rhosts(pw, client_user))
- return 0;
-
- canonical_hostname = get_canonical_hostname();
-
- debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
-
- /* wrap the RSA key into a 'generic' key */
- client_key = key_new(KEY_RSA1);
- BN_copy(client_key->rsa->e, client_host_key->e);
- BN_copy(client_key->rsa->n, client_host_key->n);
- found = key_new(KEY_RSA1);
-
- /* Check if we know the host and its host key. */
- host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
- client_key, found, NULL);
-
- /* Check user host file unless ignored. */
- if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
- struct stat st;
- char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
- /*
- * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
- * did already check pw->pw_dir, but there is a race XXX
- */
- if (options.strict_modes &&
- (stat(user_hostfile, &st) == 0) &&
- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
- log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
- pw->pw_name, user_hostfile);
- } else {
- /* XXX race between stat and the following open() */
- temporarily_use_uid(pw->pw_uid);
- host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
- client_key, found, NULL);
- restore_uid();
- }
- xfree(user_hostfile);
- }
- key_free(client_key);
- key_free(found);