summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c39
1 files changed, 38 insertions, 1 deletions
diff --git a/auth.c b/auth.c
index 3585daadc..68370ca94 100644
--- a/auth.c
+++ b/auth.c
@@ -59,6 +59,7 @@
59#include "servconf.h" 59#include "servconf.h"
60#include "key.h" 60#include "key.h"
61#include "hostfile.h" 61#include "hostfile.h"
62#include "authfile.h"
62#include "auth.h" 63#include "auth.h"
63#include "auth-options.h" 64#include "auth-options.h"
64#include "canohost.h" 65#include "canohost.h"
@@ -398,6 +399,38 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
398 return host_status; 399 return host_status;
399} 400}
400 401
402int
403reject_blacklisted_key(Key *key, int hostkey)
404{
405 char *fp;
406
407 if (blacklisted_key(key, &fp) != 1)
408 return 0;
409
410 if (options.permit_blacklisted_keys) {
411 if (hostkey)
412 error("Host key %s blacklisted (see "
413 "ssh-vulnkey(1)); continuing anyway", fp);
414 else
415 logit("Public key %s from %s blacklisted (see "
416 "ssh-vulnkey(1)); continuing anyway",
417 fp, get_remote_ipaddr());
418 xfree(fp);
419 } else {
420 if (hostkey)
421 error("Host key %s blacklisted (see "
422 "ssh-vulnkey(1))", fp);
423 else
424 logit("Public key %s from %s blacklisted (see "
425 "ssh-vulnkey(1))",
426 fp, get_remote_ipaddr());
427 xfree(fp);
428 return 1;
429 }
430
431 return 0;
432}
433
401 434
402/* 435/*
403 * Check a given file for security. This is defined as all components 436 * Check a given file for security. This is defined as all components
@@ -483,8 +516,12 @@ auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
483 * Open the file containing the authorized keys 516 * Open the file containing the authorized keys
484 * Fail quietly if file does not exist 517 * Fail quietly if file does not exist
485 */ 518 */
486 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) 519 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
520 if (errno != ENOENT)
521 debug("Could not open keyfile '%s': %s", file,
522 strerror(errno));
487 return NULL; 523 return NULL;
524 }
488 525
489 if (fstat(fd, &st) < 0) { 526 if (fstat(fd, &st) < 0) {
490 close(fd); 527 close(fd);