- djm@cvs.openbsd.org 2001/12/21 10:06:43

[openssh.git] / auth-rh-rsa.c

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 0edbdb5f3772ee84a22acb7ab59fdb0ca921ae34..8a486b330a0bab62554210fc0382ac0ed36687da 100644 (file)
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.22 2001/02/03 10:08:36 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -24,7 +24,6 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.22 2001/02/03 10:08:36 markus Exp $");
 #include "hostfile.h"
 #include "pathnames.h"
 #include "auth.h"
-#include "tildexpand.h"
 #include "canohost.h"
 
 /*
@@ -38,7 +37,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
        extern ServerOptions options;
        const char *canonical_hostname;
        HostStatus host_status;
-       Key *client_key, *found;
+       Key *client_key;
 
        debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);
 
@@ -58,37 +57,12 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
        client_key = key_new(KEY_RSA1);
        BN_copy(client_key->rsa->e, client_host_key->e);
        BN_copy(client_key->rsa->n, client_host_key->n);
-       found = key_new(KEY_RSA1);
 
-       /* Check if we know the host and its host key. */
-       host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
-           client_key, found, NULL);
+       host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,
+           _PATH_SSH_SYSTEM_HOSTFILE,
+           options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
 
-       /* Check user host file unless ignored. */
-       if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
-               struct stat st;
-               char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
-               /*
-                * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
-                * did already check pw->pw_dir, but there is a race XXX
-                */
-               if (options.strict_modes &&
-                   (stat(user_hostfile, &st) == 0) &&
-                   ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-                    (st.st_mode & 022) != 0)) {
-                       log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
-                           pw->pw_name, user_hostfile);
-               } else {
-                       /* XXX race between stat and the following open() */
-                       temporarily_use_uid(pw->pw_uid);
-                       host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
-                           client_key, found, NULL);
-                       restore_uid();
-               }
-               xfree(user_hostfile);
-       }
        key_free(client_key);
-       key_free(found);
 
        if (host_status != HOST_OK) {
                debug("Rhosts with RSA host authentication denied: unknown or invalid host key");