Refactor rejection of blacklisted user keys into a single

reject_blacklisted_key function in auth.c (thanks, Dmitry V. Levin).

1 files changed, 2 insertions, 16 deletions

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 0870d64f6..4f305ef1b 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -42,7 +42,6 @@
 #include "compat.h"
 #include "key.h"
 #include "hostfile.h"
-#include "authfile.h"
 #include "auth.h"
 #include "pathnames.h"
 #include "uidswap.h"
@@ -270,24 +269,11 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 int
 user_key_allowed(struct passwd *pw, Key *key)
 {
-        char *fp;
         int success;
         char *file;
 
-        if (blacklisted_key(key) == 1) {
-                fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-                if (options.permit_blacklisted_keys)
-                        logit("Public key %s from %s blacklisted (see "
-                            "ssh-vulnkey(1)); continuing anyway",
-                            fp, get_remote_ipaddr());
-                else
-                        logit("Public key %s from %s blacklisted (see "
-                            "ssh-vulnkey(1))",
-                            fp, get_remote_ipaddr());
-                xfree(fp);
-                if (!options.permit_blacklisted_keys)
-                        return 0;
-        }
+        if (reject_blacklisted_key(key, 0) == 1)
+                return 0;
 
         file = authorized_keys_file(pw);
         success = user_key_allowed2(pw, key, file);