1 files changed, 30 insertions, 1 deletions
diff --git a/auth.c b/auth.c
index ab9c69fb8..e680efbcc 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.84 2010/02/09 06:18:46 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.85 2010/03/04 10:36:03 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -69,6 +69,7 @@
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
+#include "authfile.h"
 #include "monitor_wrap.h"
 /* import */
@@ -582,6 +583,34 @@ getpwnamallow(const char *user)
        return (NULL);
 }
+/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
+int
+auth_key_is_revoked(Key *key)
+{
+        char *key_fp;
+        if (options.revoked_keys_file == NULL)
+                return 0;
+        switch (key_in_file(key, options.revoked_keys_file, 0)) {
+        case 0:
+                /* key not revoked */
+                return 0;
+        case -1:
+                /* Error opening revoked_keys_file: refuse all keys */
+                error("Revoked keys file is unreadable: refusing public key "
+                    "authentication");
+                return 1;
+        case 1:
+                /* Key revoked */
+                key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+                error("%s key %s is revoked", key_type(key), key_fp);
+                xfree(key_fp);
+                return 1;
+        }
+        fatal("key_in_file returned junk");
+}
 void
 auth_debug_add(const char *fmt,...)
 {

diff --git a/auth.c b/auth.c index ab9c69fb8..e680efbcc 100644 --- a/auth.c +++ b/auth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth.c,v 1.84 2010/02/09 06:18:46 djm Exp $ */	1	/* $OpenBSD: auth.c,v 1.85 2010/03/04 10:36:03 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -69,6 +69,7 @@
69	#ifdef GSSAPI	69	#ifdef GSSAPI
70	#include "ssh-gss.h"	70	#include "ssh-gss.h"
71	#endif	71	#endif
		72	#include "authfile.h"
72	#include "monitor_wrap.h"	73	#include "monitor_wrap.h"
73		74
74	/* import */	75	/* import */
@@ -582,6 +583,34 @@ getpwnamallow(const char *user)
582	return (NULL);	583	return (NULL);
583	}	584	}
584		585
		586	/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
		587	int
		588	auth_key_is_revoked(Key *key)
		589	{
		590	char *key_fp;
		591
		592	if (options.revoked_keys_file == NULL)
		593	return 0;
		594
		595	switch (key_in_file(key, options.revoked_keys_file, 0)) {
		596	case 0:
		597	/* key not revoked */
		598	return 0;
		599	case -1:
		600	/* Error opening revoked_keys_file: refuse all keys */
		601	error("Revoked keys file is unreadable: refusing public key "
		602	"authentication");
		603	return 1;
		604	case 1:
		605	/* Key revoked */
		606	key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
		607	error("%s key %s is revoked", key_type(key), key_fp);
		608	xfree(key_fp);
		609	return 1;
		610	}
		611	fatal("key_in_file returned junk");
		612	}
		613
585	void	614	void
586	auth_debug_add(const char *fmt,...)	615	auth_debug_add(const char *fmt,...)
587	{	616	{