1 files changed, 33 insertions, 0 deletions
diff --git a/auth.c b/auth.c
index 3585daadc..ae2cdec57 100644
--- a/auth.c
+++ b/auth.c
@@ -59,6 +59,7 @@
 #include "servconf.h"
 #include "key.h"
 #include "hostfile.h"
+#include "authfile.h"
 #include "auth.h"
 #include "auth-options.h"
 #include "canohost.h"
@@ -398,6 +399,38 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
        return host_status;
 }
+int
+reject_blacklisted_key(Key *key, int hostkey)
+{
+        char *fp;
+        if (blacklisted_key(key, &fp) != 1)
+                return 0;
+        if (options.permit_blacklisted_keys) {
+                if (hostkey)
+                        error("Host key %s blacklisted (see "
+                            "ssh-vulnkey(1)); continuing anyway", fp);
+                else
+                        logit("Public key %s from %s blacklisted (see "
+                            "ssh-vulnkey(1)); continuing anyway",
+                            fp, get_remote_ipaddr());
+                xfree(fp);
+        } else {
+                if (hostkey)
+                        error("Host key %s blacklisted (see "
+                            "ssh-vulnkey(1))", fp);
+                else
+                        logit("Public key %s from %s blacklisted (see "
+                            "ssh-vulnkey(1))",
+                            fp, get_remote_ipaddr());
+                xfree(fp);
+                return 1;
+        }
+        return 0;
+}
 /*
 * Check a given file for security. This is defined as all components

diff --git a/auth.c b/auth.c index 3585daadc..ae2cdec57 100644 --- a/auth.c +++ b/auth.c
@@ -59,6 +59,7 @@
59	#include "servconf.h"	59	#include "servconf.h"
60	#include "key.h"	60	#include "key.h"
61	#include "hostfile.h"	61	#include "hostfile.h"
		62	#include "authfile.h"
62	#include "auth.h"	63	#include "auth.h"
63	#include "auth-options.h"	64	#include "auth-options.h"
64	#include "canohost.h"	65	#include "canohost.h"
@@ -398,6 +399,38 @@ check_key_in_hostfiles(struct passwd pw, Key key, const char *host,
398	return host_status;	399	return host_status;
399	}	400	}
400		401
		402	int
		403	reject_blacklisted_key(Key *key, int hostkey)
		404	{
		405	char *fp;
		406
		407	if (blacklisted_key(key, &fp) != 1)
		408	return 0;
		409
		410	if (options.permit_blacklisted_keys) {
		411	if (hostkey)
		412	error("Host key %s blacklisted (see "
		413	"ssh-vulnkey(1)); continuing anyway", fp);
		414	else
		415	logit("Public key %s from %s blacklisted (see "
		416	"ssh-vulnkey(1)); continuing anyway",
		417	fp, get_remote_ipaddr());
		418	xfree(fp);
		419	} else {
		420	if (hostkey)
		421	error("Host key %s blacklisted (see "
		422	"ssh-vulnkey(1))", fp);
		423	else
		424	logit("Public key %s from %s blacklisted (see "
		425	"ssh-vulnkey(1))",
		426	fp, get_remote_ipaddr());
		427	xfree(fp);
		428	return 1;
		429	}
		430
		431	return 0;
		432	}
		433
401		434
402	/*	435	/*
403	* Check a given file for security. This is defined as all components	436	* Check a given file for security. This is defined as all components