diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 39 |
1 files changed, 38 insertions, 1 deletions
@@ -59,6 +59,7 @@ | |||
59 | #include "servconf.h" | 59 | #include "servconf.h" |
60 | #include "key.h" | 60 | #include "key.h" |
61 | #include "hostfile.h" | 61 | #include "hostfile.h" |
62 | #include "authfile.h" | ||
62 | #include "auth.h" | 63 | #include "auth.h" |
63 | #include "auth-options.h" | 64 | #include "auth-options.h" |
64 | #include "canohost.h" | 65 | #include "canohost.h" |
@@ -398,6 +399,38 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
398 | return host_status; | 399 | return host_status; |
399 | } | 400 | } |
400 | 401 | ||
402 | int | ||
403 | reject_blacklisted_key(Key *key, int hostkey) | ||
404 | { | ||
405 | char *fp; | ||
406 | |||
407 | if (blacklisted_key(key, &fp) != 1) | ||
408 | return 0; | ||
409 | |||
410 | if (options.permit_blacklisted_keys) { | ||
411 | if (hostkey) | ||
412 | error("Host key %s blacklisted (see " | ||
413 | "ssh-vulnkey(1)); continuing anyway", fp); | ||
414 | else | ||
415 | logit("Public key %s from %s blacklisted (see " | ||
416 | "ssh-vulnkey(1)); continuing anyway", | ||
417 | fp, get_remote_ipaddr()); | ||
418 | xfree(fp); | ||
419 | } else { | ||
420 | if (hostkey) | ||
421 | error("Host key %s blacklisted (see " | ||
422 | "ssh-vulnkey(1))", fp); | ||
423 | else | ||
424 | logit("Public key %s from %s blacklisted (see " | ||
425 | "ssh-vulnkey(1))", | ||
426 | fp, get_remote_ipaddr()); | ||
427 | xfree(fp); | ||
428 | return 1; | ||
429 | } | ||
430 | |||
431 | return 0; | ||
432 | } | ||
433 | |||
401 | 434 | ||
402 | /* | 435 | /* |
403 | * Check a given file for security. This is defined as all components | 436 | * Check a given file for security. This is defined as all components |
@@ -483,8 +516,12 @@ auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) | |||
483 | * Open the file containing the authorized keys | 516 | * Open the file containing the authorized keys |
484 | * Fail quietly if file does not exist | 517 | * Fail quietly if file does not exist |
485 | */ | 518 | */ |
486 | if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) | 519 | if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { |
520 | if (errno != ENOENT) | ||
521 | debug("Could not open keyfile '%s': %s", file, | ||
522 | strerror(errno)); | ||
487 | return NULL; | 523 | return NULL; |
524 | } | ||
488 | 525 | ||
489 | if (fstat(fd, &st) < 0) { | 526 | if (fstat(fd, &st) < 0) { |
490 | close(fd); | 527 | close(fd); |