diff options
author | Colin Watson <cjwatson@debian.org> | 2008-05-26 22:16:40 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2008-05-26 22:16:40 +0000 |
commit | 93e9c23240b154d074dc33f26ccb23f8874f8c3a (patch) | |
tree | 2348f401a2148e4ea2e23e09c6ab1be5cf525003 /auth2-hostbased.c | |
parent | 85825a2f1ca42576b0f9cd2b170314c107b9af26 (diff) |
Refactor rejection of blacklisted user keys into a single
reject_blacklisted_key function in auth.c (thanks, Dmitry V. Levin).
Diffstat (limited to 'auth2-hostbased.c')
-rw-r--r-- | auth2-hostbased.c | 18 |
1 files changed, 2 insertions, 16 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index d7009eeb0..f6fb74043 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
@@ -40,7 +40,6 @@ | |||
40 | #include "compat.h" | 40 | #include "compat.h" |
41 | #include "key.h" | 41 | #include "key.h" |
42 | #include "hostfile.h" | 42 | #include "hostfile.h" |
43 | #include "authfile.h" | ||
44 | #include "auth.h" | 43 | #include "auth.h" |
45 | #include "canohost.h" | 44 | #include "canohost.h" |
46 | #ifdef GSSAPI | 45 | #ifdef GSSAPI |
@@ -142,25 +141,12 @@ int | |||
142 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | 141 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, |
143 | Key *key) | 142 | Key *key) |
144 | { | 143 | { |
145 | char *fp; | ||
146 | const char *resolvedname, *ipaddr, *lookup; | 144 | const char *resolvedname, *ipaddr, *lookup; |
147 | HostStatus host_status; | 145 | HostStatus host_status; |
148 | int len; | 146 | int len; |
149 | 147 | ||
150 | if (blacklisted_key(key) == 1) { | 148 | if (reject_blacklisted_key(key, 0) == 1) |
151 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 149 | return 0; |
152 | if (options.permit_blacklisted_keys) | ||
153 | logit("Public key %s from %s blacklisted (see " | ||
154 | "ssh-vulnkey(1)); continuing anyway", | ||
155 | fp, get_remote_ipaddr()); | ||
156 | else | ||
157 | logit("Public key %s from %s blacklisted (see " | ||
158 | "ssh-vulnkey(1))", | ||
159 | fp, get_remote_ipaddr()); | ||
160 | xfree(fp); | ||
161 | if (!options.permit_blacklisted_keys) | ||
162 | return 0; | ||
163 | } | ||
164 | 150 | ||
165 | resolvedname = get_canonical_hostname(options.use_dns); | 151 | resolvedname = get_canonical_hostname(options.use_dns); |
166 | ipaddr = get_remote_ipaddr(); | 152 | ipaddr = get_remote_ipaddr(); |