summaryrefslogtreecommitdiff
path: root/auth-rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-rsa.c')
-rw-r--r--auth-rsa.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index 69f9a5896..1d277f92a 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -40,6 +40,7 @@
40#include "servconf.h" 40#include "servconf.h"
41#include "key.h" 41#include "key.h"
42#include "hostfile.h" 42#include "hostfile.h"
43#include "authfile.h"
43#include "auth.h" 44#include "auth.h"
44#ifdef GSSAPI 45#ifdef GSSAPI
45#include "ssh-gss.h" 46#include "ssh-gss.h"
@@ -221,6 +222,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
221 char *cp; 222 char *cp;
222 char *key_options; 223 char *key_options;
223 int keybits; 224 int keybits;
225 char *fp;
224 226
225 /* Skip leading whitespace, empty and comment lines. */ 227 /* Skip leading whitespace, empty and comment lines. */
226 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 228 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -265,6 +267,19 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
265 "actual %d vs. announced %d.", 267 "actual %d vs. announced %d.",
266 file, linenum, BN_num_bits(key->rsa->n), bits); 268 file, linenum, BN_num_bits(key->rsa->n), bits);
267 269
270 if (blacklisted_key(key)) {
271 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
272 if (options.permit_blacklisted_keys)
273 logit("Public key %s blacklisted (see "
274 "ssh-vulnkey(1)); continuing anyway", fp);
275 else
276 logit("Public key %s blacklisted (see "
277 "ssh-vulnkey(1))", fp);
278 xfree(fp);
279 if (!options.permit_blacklisted_keys)
280 continue;
281 }
282
268 /* We have found the desired key. */ 283 /* We have found the desired key. */
269 /* 284 /*
270 * If our options do not allow this key to be used, 285 * If our options do not allow this key to be used,