openssh unix dev - Jan 2000 - sshd doesn't set SSH_AUTH_RHOSTS as supported authentication

Okay...I've got it narrowed down, just don't know why this is
happening...

In sshd.c, auth_mask is set to "supported authentication methods":

        /* Declare supported authentication types. */
        auth_mask = 0;
        if (options.rhosts_authentication)
                auth_mask |= 1 << SSH_AUTH_RHOSTS;
        if (options.rhosts_rsa_authentication)
                auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
        if (options.rsa_authentication)
                auth_mask |= 1 << SSH_AUTH_RSA;

Now, in servconf.c, options.rhosts_authentication is set to 0 if
IgnoreRhosts is no:

    case sIgnoreRhosts:
      intptr = &options->ignore_rhosts;
parse_flag:
      cp = strtok(NULL, WHITESPACE);
      fprintf(stderr, "sIgnoreRhosts triggered as %s\n", cp);
      if (!cp) {
        fprintf(stderr, "%s line %d: missing yes/no argument.\n",
          filename, linenum);
        exit(1);
      }
      if (strcmp(cp, "yes") == 0)
        value = 1;
      else if (strcmp(cp, "no") == 0)
        value = 0;
      else {
        fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
          filename, linenum, cp);
        exit(1);
      }
      if (*intptr == -1)
        *intptr = value;
      break;

===============
now, just in case I had my logic backwards here, I wrote a test stub:

#include <stdio.h>

main()
{
  if(1) printf("1 - hello\n");
  if(0) printf("0 - hello\n");
}

and the results are:

atelier# !./
./t2
1 - hello
atelier# 

=======================
	So, am I going crazy, or is the logic in sshd.c backwards?  Should
it not be:

        /* Declare supported authentication types. */
        auth_mask = 0;
        if (!options.rhosts_authentication)
                auth_mask |= 1 << SSH_AUTH_RHOSTS;
        if (options.rhosts_rsa_authentication)
                auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
        if (options.rsa_authentication)
                auth_mask |= 1 << SSH_AUTH_RSA;

P? 2000-Jan-13 klokka 15:22:33 -0400 skrivet Marc G. Fournier:

: Now, in servconf.c, options.rhosts_authentication is set to 0 if
                              ^^^^^^^^^^^^^^^^^^^^^
: IgnoreRhosts is no:
: 
:     case sIgnoreRhosts:
:       intptr = &options->ignore_rhosts;
                           ^^^^^^^^^^^^^
: parse_flag:
:       cp = strtok(NULL, WHITESPACE);
:       fprintf(stderr, "sIgnoreRhosts triggered as %s\n", cp);
:       if (!cp) {
:         fprintf(stderr, "%s line %d: missing yes/no argument.\n",
:           filename, linenum);
:         exit(1);
:       }
:       if (strcmp(cp, "yes") == 0)
:         value = 1;
:       else if (strcmp(cp, "no") == 0)
:         value = 0;
:       else {
:         fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
:           filename, linenum, cp);
:         exit(1);
:       }
:       if (*intptr == -1)
:         *intptr = value;
:       break;

I might be wrong, but i don't see options.rhosts_authentication being
set in the code snippet above.

-- 
jim knoble
jmknoble at pobox.com

In message <Pine.BSF.4.10.10001131427490.65453-100000 at
atelier.acadiau.ca>, "Mar
c G. Fournier" writes:
>Now, in servconf.c, options.rhosts_authentication is set to 0 if
>IgnoreRhosts is no:
>
>    case sIgnoreRhosts:
>      intptr = &options->ignore_rhosts;
>parse_flag:
>      cp = strtok(NULL, WHITESPACE);
>      fprintf(stderr, "sIgnoreRhosts triggered as %s\n", cp);
Your debug fprintf is rather bogus, many case statements reuse this
code by jumping to parse_flag. That also explains why you got so many
print outs in your log.

Niels.