diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 15 |
1 files changed, 13 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.99 2012/12/14 05:26:43 dtucker Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.100 2013/01/17 23:00:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -71,6 +71,7 @@ | |||
71 | #endif | 71 | #endif |
72 | #include "authfile.h" | 72 | #include "authfile.h" |
73 | #include "monitor_wrap.h" | 73 | #include "monitor_wrap.h" |
74 | #include "krl.h" | ||
74 | 75 | ||
75 | /* import */ | 76 | /* import */ |
76 | extern ServerOptions options; | 77 | extern ServerOptions options; |
@@ -640,7 +641,16 @@ auth_key_is_revoked(Key *key) | |||
640 | 641 | ||
641 | if (options.revoked_keys_file == NULL) | 642 | if (options.revoked_keys_file == NULL) |
642 | return 0; | 643 | return 0; |
643 | 644 | switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) { | |
645 | case 0: | ||
646 | return 0; /* Not revoked */ | ||
647 | case -2: | ||
648 | break; /* Not a KRL */ | ||
649 | default: | ||
650 | goto revoked; | ||
651 | } | ||
652 | debug3("%s: treating %s as a key list", __func__, | ||
653 | options.revoked_keys_file); | ||
644 | switch (key_in_file(key, options.revoked_keys_file, 0)) { | 654 | switch (key_in_file(key, options.revoked_keys_file, 0)) { |
645 | case 0: | 655 | case 0: |
646 | /* key not revoked */ | 656 | /* key not revoked */ |
@@ -651,6 +661,7 @@ auth_key_is_revoked(Key *key) | |||
651 | "authentication"); | 661 | "authentication"); |
652 | return 1; | 662 | return 1; |
653 | case 1: | 663 | case 1: |
664 | revoked: | ||
654 | /* Key revoked */ | 665 | /* Key revoked */ |
655 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 666 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
656 | error("WARNING: authentication attempt with a revoked " | 667 | error("WARNING: authentication attempt with a revoked " |