summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/auth.c b/auth.c
index 9a36f1dac..6662e9a75 100644
--- a/auth.c
+++ b/auth.c
@@ -59,6 +59,7 @@
59#include "servconf.h" 59#include "servconf.h"
60#include "key.h" 60#include "key.h"
61#include "hostfile.h" 61#include "hostfile.h"
62#include "authfile.h"
62#include "auth.h" 63#include "auth.h"
63#include "auth-options.h" 64#include "auth-options.h"
64#include "canohost.h" 65#include "canohost.h"
@@ -657,10 +658,34 @@ getpwnamallow(const char *user)
657 658
658/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ 659/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
659int 660int
660auth_key_is_revoked(Key *key) 661auth_key_is_revoked(Key *key, int hostkey)
661{ 662{
662 char *key_fp; 663 char *key_fp;
663 664
665 if (blacklisted_key(key, &key_fp) == 1) {
666 if (options.permit_blacklisted_keys) {
667 if (hostkey)
668 error("Host key %s blacklisted (see "
669 "ssh-vulnkey(1)); continuing anyway",
670 key_fp);
671 else
672 logit("Public key %s from %s blacklisted (see "
673 "ssh-vulnkey(1)); continuing anyway",
674 key_fp, get_remote_ipaddr());
675 free(key_fp);
676 } else {
677 if (hostkey)
678 error("Host key %s blacklisted (see "
679 "ssh-vulnkey(1))", key_fp);
680 else
681 logit("Public key %s from %s blacklisted (see "
682 "ssh-vulnkey(1))",
683 key_fp, get_remote_ipaddr());
684 free(key_fp);
685 return 1;
686 }
687 }
688
664 if (options.revoked_keys_file == NULL) 689 if (options.revoked_keys_file == NULL)
665 return 0; 690 return 0;
666 switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) { 691 switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {