diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 33 |
1 files changed, 33 insertions, 0 deletions
@@ -57,6 +57,7 @@ | |||
57 | #include "servconf.h" | 57 | #include "servconf.h" |
58 | #include "key.h" | 58 | #include "key.h" |
59 | #include "hostfile.h" | 59 | #include "hostfile.h" |
60 | #include "authfile.h" | ||
60 | #include "auth.h" | 61 | #include "auth.h" |
61 | #include "auth-options.h" | 62 | #include "auth-options.h" |
62 | #include "canohost.h" | 63 | #include "canohost.h" |
@@ -397,6 +398,38 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
397 | return host_status; | 398 | return host_status; |
398 | } | 399 | } |
399 | 400 | ||
401 | int | ||
402 | reject_blacklisted_key(Key *key, int hostkey) | ||
403 | { | ||
404 | char *fp; | ||
405 | |||
406 | if (blacklisted_key(key, &fp) != 1) | ||
407 | return 0; | ||
408 | |||
409 | if (options.permit_blacklisted_keys) { | ||
410 | if (hostkey) | ||
411 | error("Host key %s blacklisted (see " | ||
412 | "ssh-vulnkey(1)); continuing anyway", fp); | ||
413 | else | ||
414 | logit("Public key %s from %s blacklisted (see " | ||
415 | "ssh-vulnkey(1)); continuing anyway", | ||
416 | fp, get_remote_ipaddr()); | ||
417 | xfree(fp); | ||
418 | } else { | ||
419 | if (hostkey) | ||
420 | error("Host key %s blacklisted (see " | ||
421 | "ssh-vulnkey(1))", fp); | ||
422 | else | ||
423 | logit("Public key %s from %s blacklisted (see " | ||
424 | "ssh-vulnkey(1))", | ||
425 | fp, get_remote_ipaddr()); | ||
426 | xfree(fp); | ||
427 | return 1; | ||
428 | } | ||
429 | |||
430 | return 0; | ||
431 | } | ||
432 | |||
400 | 433 | ||
401 | /* | 434 | /* |
402 | * Check a given file for security. This is defined as all components | 435 | * Check a given file for security. This is defined as all components |