diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 31 |
1 files changed, 30 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.84 2010/02/09 06:18:46 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.85 2010/03/04 10:36:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -69,6 +69,7 @@ | |||
69 | #ifdef GSSAPI | 69 | #ifdef GSSAPI |
70 | #include "ssh-gss.h" | 70 | #include "ssh-gss.h" |
71 | #endif | 71 | #endif |
72 | #include "authfile.h" | ||
72 | #include "monitor_wrap.h" | 73 | #include "monitor_wrap.h" |
73 | 74 | ||
74 | /* import */ | 75 | /* import */ |
@@ -582,6 +583,34 @@ getpwnamallow(const char *user) | |||
582 | return (NULL); | 583 | return (NULL); |
583 | } | 584 | } |
584 | 585 | ||
586 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ | ||
587 | int | ||
588 | auth_key_is_revoked(Key *key) | ||
589 | { | ||
590 | char *key_fp; | ||
591 | |||
592 | if (options.revoked_keys_file == NULL) | ||
593 | return 0; | ||
594 | |||
595 | switch (key_in_file(key, options.revoked_keys_file, 0)) { | ||
596 | case 0: | ||
597 | /* key not revoked */ | ||
598 | return 0; | ||
599 | case -1: | ||
600 | /* Error opening revoked_keys_file: refuse all keys */ | ||
601 | error("Revoked keys file is unreadable: refusing public key " | ||
602 | "authentication"); | ||
603 | return 1; | ||
604 | case 1: | ||
605 | /* Key revoked */ | ||
606 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
607 | error("%s key %s is revoked", key_type(key), key_fp); | ||
608 | xfree(key_fp); | ||
609 | return 1; | ||
610 | } | ||
611 | fatal("key_in_file returned junk"); | ||
612 | } | ||
613 | |||
585 | void | 614 | void |
586 | auth_debug_add(const char *fmt,...) | 615 | auth_debug_add(const char *fmt,...) |
587 | { | 616 | { |