summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c33
1 files changed, 33 insertions, 0 deletions
diff --git a/auth.c b/auth.c
index c1e0f4812..fa32da70f 100644
--- a/auth.c
+++ b/auth.c
@@ -57,6 +57,7 @@
57#include "servconf.h" 57#include "servconf.h"
58#include "key.h" 58#include "key.h"
59#include "hostfile.h" 59#include "hostfile.h"
60#include "authfile.h"
60#include "auth.h" 61#include "auth.h"
61#include "auth-options.h" 62#include "auth-options.h"
62#include "canohost.h" 63#include "canohost.h"
@@ -397,6 +398,38 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
397 return host_status; 398 return host_status;
398} 399}
399 400
401int
402reject_blacklisted_key(Key *key, int hostkey)
403{
404 char *fp;
405
406 if (blacklisted_key(key, &fp) != 1)
407 return 0;
408
409 if (options.permit_blacklisted_keys) {
410 if (hostkey)
411 error("Host key %s blacklisted (see "
412 "ssh-vulnkey(1)); continuing anyway", fp);
413 else
414 logit("Public key %s from %s blacklisted (see "
415 "ssh-vulnkey(1)); continuing anyway",
416 fp, get_remote_ipaddr());
417 xfree(fp);
418 } else {
419 if (hostkey)
420 error("Host key %s blacklisted (see "
421 "ssh-vulnkey(1))", fp);
422 else
423 logit("Public key %s from %s blacklisted (see "
424 "ssh-vulnkey(1))",
425 fp, get_remote_ipaddr());
426 xfree(fp);
427 return 1;
428 }
429
430 return 0;
431}
432
400 433
401/* 434/*
402 * Check a given file for security. This is defined as all components 435 * Check a given file for security. This is defined as all components