- /* Check user host file unless ignored. */
- if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
- struct stat st;
- char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
- /* Check file permissions of SSH_USER_HOSTFILE, auth_rsa()
- did already check pw->pw_dir, but there is a race XXX */
- if (options.strict_modes &&
- (stat(user_hostfile, &st) == 0) &&
- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
- log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
- pw->pw_name, user_hostfile);
- } else {
- /* XXX race between stat and the following open() */
- temporarily_use_uid(pw->pw_uid);
- host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
- client_host_key_e, client_host_key_n,
- ke, kn);
- restore_uid();
- }
- xfree(user_hostfile);
- }
- BN_free(ke);
- BN_free(kn);
+ chost = (char *)get_canonical_hostname(options.verify_reverse_mapping);
+ debug("Rhosts RSA authentication: canonical host %.900s", chost);