X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/1e3b8b0749ec6793df5d8a9aca41ad4cae79bd4a..090621f278e8710cb76027a0976fe97b99b6ab66:/auth-rhosts.c

diff --git a/auth-rhosts.c b/auth-rhosts.c
index fb7dabe7..9ba64dbc 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,13 +14,19 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $");
 
 #include "packet.h"
-#include "ssh.h"
 #include "xmalloc.h"
 #include "uidswap.h"
+#include "pathnames.h"
+#include "log.h"
 #include "servconf.h"
+#include "canohost.h"
+#include "auth.h"
+
+/* import */
+extern ServerOptions options;
 
 /*
  * This function processes an rhosts-style file (.rhosts, .shosts, or
@@ -28,7 +34,7 @@ RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
  * based on the file, and returns zero otherwise.
  */
 
-int
+static int
 check_rhosts_file(const char *filename, const char *hostname,
 		  const char *ipaddr, const char *client_user,
 		  const char *server_user)
@@ -147,18 +153,33 @@ check_rhosts_file(const char *filename, const char *hostname,
 int
 auth_rhosts(struct passwd *pw, const char *client_user)
 {
-	extern ServerOptions options;
-	char buf[1024];
 	const char *hostname, *ipaddr;
+	int ret;
+
+	hostname = get_canonical_hostname(options.reverse_mapping_check);
+	ipaddr = get_remote_ipaddr();
+	ret = auth_rhosts2(pw, client_user, hostname, ipaddr);
+	return ret;
+}
+
+int
+auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
+    const char *ipaddr)
+{
+	char buf[1024];
 	struct stat st;
 	static const char *rhosts_files[] = {".shosts", ".rhosts", NULL};
 	u_int rhosts_file_index;
 
+	debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
+	    client_user, hostname, ipaddr);
+
 	/* no user given */
 	if (pw == NULL)
 		return 0;
+
 	/* Switch to the user's uid. */
-	temporarily_use_uid(pw->pw_uid);
+	temporarily_use_uid(pw);
 	/*
 	 * Quick check: if the user has no .shosts or .rhosts files, return
 	 * failure immediately without doing costly lookups from name
@@ -177,25 +198,22 @@ auth_rhosts(struct passwd *pw, const char *client_user)
 
 	/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
 	if (!rhosts_files[rhosts_file_index] &&
-	    stat("/etc/hosts.equiv", &st) < 0 &&
-	    stat(SSH_HOSTS_EQUIV, &st) < 0)
+	    stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
+	    stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
 		return 0;
 
-	hostname = get_canonical_hostname();
-	ipaddr = get_remote_ipaddr();
-
 	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
 	if (pw->pw_uid != 0) {
-		if (check_rhosts_file("/etc/hosts.equiv", hostname, ipaddr, client_user,
+		if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user,
 				      pw->pw_name)) {
 			packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
 					  hostname, ipaddr);
 			return 1;
 		}
-		if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
+		if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
 				      pw->pw_name)) {
 			packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
-				      hostname, ipaddr, SSH_HOSTS_EQUIV);
+				      hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
 			return 1;
 		}
 	}
@@ -220,7 +238,7 @@ auth_rhosts(struct passwd *pw, const char *client_user)
 		return 0;
 	}
 	/* Temporarily use the user's uid. */
-	temporarily_use_uid(pw->pw_uid);
+	temporarily_use_uid(pw);
 
 	/* Check all .rhosts files (currently .shosts and .rhosts). */
 	for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];