X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/fdaef11efd4ad6eff933b4671d563e7096fabb23..HEAD:/auth-rhosts.c diff --git a/auth-rhosts.c b/auth-rhosts.c index 585246e8..5c129670 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-rhosts.c,v 1.43 2008/06/13 14:18:51 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,15 +15,31 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $"); + +#include +#include + +#ifdef HAVE_NETGROUP_H +# include +#endif +#include +#include +#include +#include +#include +#include #include "packet.h" +#include "buffer.h" #include "uidswap.h" #include "pathnames.h" #include "log.h" #include "servconf.h" #include "canohost.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" +#include "misc.h" /* import */ extern ServerOptions options; @@ -41,12 +58,27 @@ check_rhosts_file(const char *filename, const char *hostname, { FILE *f; char buf[1024]; /* Must not be larger than host, user, dummy below. */ + int fd; + struct stat st; /* Open the .rhosts file, deny if unreadable */ - f = fopen(filename, "r"); - if (!f) + if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1) return 0; - + if (fstat(fd, &st) == -1) { + close(fd); + return 0; + } + if (!S_ISREG(st.st_mode)) { + logit("User %s hosts file %s is not a regular file", + server_user, filename); + close(fd); + return 0; + } + unset_nonblock(fd); + if ((f = fdopen(fd, "r")) == NULL) { + close(fd); + return 0; + } while (fgets(buf, sizeof(buf), f)) { /* All three must be at least as big as buf to avoid overflows. */ char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp; @@ -133,7 +165,7 @@ check_rhosts_file(const char *filename, const char *hostname, /* If the entry was negated, deny access. */ if (negated) { auth_debug_add("Matched negative entry in %.100s.", - filename); + filename); return 0; } /* Accept authentication. */