- provos@cvs.openbsd.org 2002/03/18 17:50:31

     [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!

1 files changed, 4 insertions, 2 deletions

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 2a88e18b..c940ec58 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.31 2002/03/16 17:22:09 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.32 2002/03/18 17:50:31 provos Exp $");
 
 #include "packet.h"
 #include "uidswap.h"
@@ -25,6 +25,8 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.31 2002/03/16 17:22:09 markus Exp $");
 #include "auth.h"
 #include "canohost.h"
 
+#include "monitor_wrap.h"
+
 /* import */
 extern ServerOptions options;
 
@@ -69,7 +71,7 @@ auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key)
 	chost = (char *)get_canonical_hostname(options.verify_reverse_mapping);
 	debug("Rhosts RSA authentication: canonical host %.900s", chost);
 
-	if (!auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key)) {
+	if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {
 		debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
 		packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
 		return 0;