diff options
| author | Damien Miller <djm@mindrot.org> | 1999-11-15 15:25:10 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-11-15 15:25:10 +1100 |
| commit | 2ccf661cbe0924a1549a74b5a4f970e90f94d6a9 (patch) | |
| tree | 8bb7ea3cbe9d473e7f46b7084f563cc593cc5d47 /auth-rhosts.c | |
| parent | cedfecc99e73f9661d4dc3cea8c88e57c6e0b487 (diff) | |
- Merged more OpenBSD CVS changes:
[auth-krb4.c]
- disconnect if getpeername() fails
- missing xfree(*client)
[canohost.c]
- disconnect if getpeername() fails
- fix comment: we _do_ disconnect if ip-options are set
[sshd.c]
- disconnect if getpeername() fails
- move checking of remote port to central place
[auth-rhosts.c] move checking of remote port to central place
[log-server.c] avoid extra fd per sshd, from millert@
[readconf.c] print _all_ bad config-options in ssh(1), too
[readconf.h] print _all_ bad config-options in ssh(1), too
[ssh.c] print _all_ bad config-options in ssh(1), too
[sshconnect.c] disconnect if getpeername() fails
- OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
Diffstat (limited to 'auth-rhosts.c')
| -rw-r--r-- | auth-rhosts.c | 18 |
1 files changed, 1 insertions, 17 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c index 7e5614cb..8f6655d4 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -16,7 +16,7 @@ the login based on rhosts authentication. This file also processes */ #include "includes.h" -RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $"); +RCSID("$Id: auth-rhosts.c,v 1.3 1999/11/15 04:25:10 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -161,7 +161,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user) extern ServerOptions options; char buf[1024]; const char *hostname, *ipaddr; - int port; struct stat st; static const char *rhosts_files[] = { ".shosts", ".rhosts", NULL }; unsigned int rhosts_file_index; @@ -190,21 +189,6 @@ int auth_rhosts(struct passwd *pw, const char *client_user) /* Get the name, address, and port of the remote host. */ hostname = get_canonical_hostname(); ipaddr = get_remote_ipaddr(); - port = get_remote_port(); - - /* Check that the connection comes from a privileged port. - Rhosts authentication only makes sense for priviledged programs. - Of course, if the intruder has root access on his local machine, - he can connect from any port. So do not use .rhosts - authentication from machines that you do not trust. */ - if (port >= IPPORT_RESERVED || - port < IPPORT_RESERVED / 2) - { - log("Connection from %.100s from nonpriviledged port %d", - hostname, port); - packet_send_debug("Your ssh client is not running as root."); - return 0; - } /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ if (pw->pw_uid != 0) |