- /* Check user host file unless ignored. */
- if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
- struct stat st;
- char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
- /*
- * Check file permissions of SSH_USER_HOSTFILE, auth_rsa()
- * did already check pw->pw_dir, but there is a race XXX
- */
- if (options.strict_modes &&
- (stat(user_hostfile, &st) == 0) &&
- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
- log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
- pw->pw_name, user_hostfile);
- } else {
- /* XXX race between stat and the following open() */
- temporarily_use_uid(pw->pw_uid);
- host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
- client_host_key_e, client_host_key_n,
- ke, kn);
- restore_uid();
- }
- xfree(user_hostfile);
- }
- BN_free(ke);
- BN_free(kn);
+ host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,
+ _PATH_SSH_SYSTEM_HOSTFILE,
+ options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
+
+ key_free(client_key);