diff options
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index 69f9a5896..1d277f92a 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -40,6 +40,7 @@ | |||
40 | #include "servconf.h" | 40 | #include "servconf.h" |
41 | #include "key.h" | 41 | #include "key.h" |
42 | #include "hostfile.h" | 42 | #include "hostfile.h" |
43 | #include "authfile.h" | ||
43 | #include "auth.h" | 44 | #include "auth.h" |
44 | #ifdef GSSAPI | 45 | #ifdef GSSAPI |
45 | #include "ssh-gss.h" | 46 | #include "ssh-gss.h" |
@@ -221,6 +222,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
221 | char *cp; | 222 | char *cp; |
222 | char *key_options; | 223 | char *key_options; |
223 | int keybits; | 224 | int keybits; |
225 | char *fp; | ||
224 | 226 | ||
225 | /* Skip leading whitespace, empty and comment lines. */ | 227 | /* Skip leading whitespace, empty and comment lines. */ |
226 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 228 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
@@ -265,6 +267,19 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
265 | "actual %d vs. announced %d.", | 267 | "actual %d vs. announced %d.", |
266 | file, linenum, BN_num_bits(key->rsa->n), bits); | 268 | file, linenum, BN_num_bits(key->rsa->n), bits); |
267 | 269 | ||
270 | if (blacklisted_key(key)) { | ||
271 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
272 | if (options.permit_blacklisted_keys) | ||
273 | logit("Public key %s blacklisted (see " | ||
274 | "ssh-vulnkey(1)); continuing anyway", fp); | ||
275 | else | ||
276 | logit("Public key %s blacklisted (see " | ||
277 | "ssh-vulnkey(1))", fp); | ||
278 | xfree(fp); | ||
279 | if (!options.permit_blacklisted_keys) | ||
280 | continue; | ||
281 | } | ||
282 | |||
268 | /* We have found the desired key. */ | 283 | /* We have found the desired key. */ |
269 | /* | 284 | /* |
270 | * If our options do not allow this key to be used, | 285 | * If our options do not allow this key to be used, |