- /* Check user host file unless ignored. */
- if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
- struct stat st;
- char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
- /*
- * Check file permissions of SSH_USER_HOSTFILE, auth_rsa()
- * did already check pw->pw_dir, but there is a race XXX
- */
- if (options.strict_modes &&
- (stat(user_hostfile, &st) == 0) &&
- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
- log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
- pw->pw_name, user_hostfile);
- } else {
- /* XXX race between stat and the following open() */
- temporarily_use_uid(pw->pw_uid);
- host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
- client_key, found);
- restore_uid();
- }
- xfree(user_hostfile);
- }
- key_free(client_key);
- key_free(found);
+ if (!authctxt->valid || client_host_key == NULL ||
+ client_host_key->rsa == NULL)
+ return 0;
+
+ chost = (char *)get_canonical_hostname(options.use_dns);
+ debug("Rhosts RSA authentication: canonical host %.900s", chost);