Refactor rejection of blacklisted user keys into a single

reject_blacklisted_key function in auth.c (thanks, Dmitry V. Levin).
author: Colin Watson <cjwatson@debian.org> 2008-05-26 22:16:40 +0000
committer: Colin Watson <cjwatson@debian.org> 2008-05-26 22:16:40 +0000
commit: 93e9c23240b154d074dc33f26ccb23f8874f8c3a (patch)
tree: 2348f401a2148e4ea2e23e09c6ab1be5cf525003 /auth.c
parent: 85825a2f1ca42576b0f9cd2b170314c107b9af26 (diff)
1 files changed, 33 insertions, 0 deletions
diff --git a/auth.c b/auth.c
index c1e0f4812..fa32da70f 100644
--- a/auth.c
+++ b/auth.c
@@ -57,6 +57,7 @@
 #include "servconf.h"
 #include "key.h"
 #include "hostfile.h"
+#include "authfile.h"
 #include "auth.h"
 #include "auth-options.h"
 #include "canohost.h"
@@ -397,6 +398,38 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
        return host_status;
 }
+int
+reject_blacklisted_key(Key *key, int hostkey)
+{
+        char *fp;
+        if (blacklisted_key(key, &fp) != 1)
+                return 0;
+        if (options.permit_blacklisted_keys) {
+                if (hostkey)
+                        error("Host key %s blacklisted (see "
+                            "ssh-vulnkey(1)); continuing anyway", fp);
+                else
+                        logit("Public key %s from %s blacklisted (see "
+                            "ssh-vulnkey(1)); continuing anyway",
+                            fp, get_remote_ipaddr());
+                xfree(fp);
+        } else {
+                if (hostkey)
+                        error("Host key %s blacklisted (see "
+                            "ssh-vulnkey(1))", fp);
+                else
+                        logit("Public key %s from %s blacklisted (see "
+                            "ssh-vulnkey(1))",
+                            fp, get_remote_ipaddr());
+                xfree(fp);
+                return 1;
+        }
+        return 0;
+}
 /*
 * Check a given file for security. This is defined as all components
author	Colin Watson <cjwatson@debian.org>	2008-05-26 22:16:40 +0000
committer	Colin Watson <cjwatson@debian.org>	2008-05-26 22:16:40 +0000
commit	93e9c23240b154d074dc33f26ccb23f8874f8c3a (patch)
tree	2348f401a2148e4ea2e23e09c6ab1be5cf525003 /auth.c
parent	85825a2f1ca42576b0f9cd2b170314c107b9af26 (diff)

diff --git a/auth.c b/auth.c index c1e0f4812..fa32da70f 100644 --- a/auth.c +++ b/auth.c
@@ -57,6 +57,7 @@
57	#include "servconf.h"	57	#include "servconf.h"
58	#include "key.h"	58	#include "key.h"
59	#include "hostfile.h"	59	#include "hostfile.h"
		60	#include "authfile.h"
60	#include "auth.h"	61	#include "auth.h"
61	#include "auth-options.h"	62	#include "auth-options.h"
62	#include "canohost.h"	63	#include "canohost.h"
@@ -397,6 +398,38 @@ check_key_in_hostfiles(struct passwd pw, Key key, const char *host,
397	return host_status;	398	return host_status;
398	}	399	}
399		400
		401	int
		402	reject_blacklisted_key(Key *key, int hostkey)
		403	{
		404	char *fp;
		405
		406	if (blacklisted_key(key, &fp) != 1)
		407	return 0;
		408
		409	if (options.permit_blacklisted_keys) {
		410	if (hostkey)
		411	error("Host key %s blacklisted (see "
		412	"ssh-vulnkey(1)); continuing anyway", fp);
		413	else
		414	logit("Public key %s from %s blacklisted (see "
		415	"ssh-vulnkey(1)); continuing anyway",
		416	fp, get_remote_ipaddr());
		417	xfree(fp);
		418	} else {
		419	if (hostkey)
		420	error("Host key %s blacklisted (see "
		421	"ssh-vulnkey(1))", fp);
		422	else
		423	logit("Public key %s from %s blacklisted (see "
		424	"ssh-vulnkey(1))",
		425	fp, get_remote_ipaddr());
		426	xfree(fp);
		427	return 1;
		428	}
		429
		430	return 0;
		431	}
		432
400		433
401	/*	434	/*
402	* Check a given file for security. This is defined as all components	435	* Check a given file for security. This is defined as all components