1 files changed, 11 insertions, 27 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c
index ee9e827a..e81321b4 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.46 2014/12/23 22:42:48 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.52 2020/04/17 03:30:05 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -30,14 +30,14 @@
 #include <unistd.h>
 
 #include "packet.h"
-#include "buffer.h"
 #include "uidswap.h"
 #include "pathnames.h"
 #include "log.h"
 #include "misc.h"
+#include "sshbuf.h"
+#include "sshkey.h"
 #include "servconf.h"
 #include "canohost.h"
-#include "key.h"
 #include "hostfile.h"
 #include "auth.h"
 
@@ -185,19 +185,8 @@ check_rhosts_file(const char *filename, const char *hostname,
  * true if authentication succeeds.  If ignore_rhosts is true, only
  * /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored).
  */
-
 int
-auth_rhosts(struct passwd *pw, const char *client_user)
-{
-	const char *hostname, *ipaddr;
-
-	hostname = get_canonical_hostname(options.use_dns);
-	ipaddr = get_remote_ipaddr();
-	return auth_rhosts2(pw, client_user, hostname, ipaddr);
-}
-
-static int
-auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostname,
+auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
     const char *ipaddr)
 {
 	char buf[1024];
@@ -232,8 +221,8 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 	 * are no system-wide files.
 	 */
 	if (!rhosts_files[rhosts_file_index] &&
-	    stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
-	    stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
+	    stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
+	    stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
 		debug3("%s: no hosts access files exist", __func__);
 		return 0;
 	}
@@ -263,7 +252,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 	 * Check that the home directory is owned by root or the user, and is
 	 * not group or world writable.
 	 */
-	if (stat(pw->pw_dir, &st) < 0) {
+	if (stat(pw->pw_dir, &st) == -1) {
 		logit("Rhosts authentication refused for %.100s: "
 		    "no home directory %.200s", pw->pw_name, pw->pw_dir);
 		auth_debug_add("Rhosts authentication refused for %.100s: "
@@ -288,7 +277,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 		/* Check users .rhosts or .shosts. */
 		snprintf(buf, sizeof buf, "%.500s/%.100s",
 			 pw->pw_dir, rhosts_files[rhosts_file_index]);
-		if (stat(buf, &st) < 0)
+		if (stat(buf, &st) == -1)
 			continue;
 
 		/*
@@ -309,7 +298,9 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 		 * Check if we have been configured to ignore .rhosts
 		 * and .shosts files.
 		 */
-		if (options.ignore_rhosts) {
+		if (options.ignore_rhosts == IGNORE_RHOSTS_YES ||
+		    (options.ignore_rhosts == IGNORE_RHOSTS_SHOSTS &&
+		    strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) {
 			auth_debug_add("Server has been configured to "
 			    "ignore %.100s.", rhosts_files[rhosts_file_index]);
 			continue;
@@ -332,10 +323,3 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
 	restore_uid();
 	return 0;
 }
-
-int
-auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
-    const char *ipaddr)
-{
-       return auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
-}