diff options
Diffstat (limited to 'auth2-hostbased.c')
| -rw-r--r-- | auth2-hostbased.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 663dec5d9..a0ee3060a 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
| @@ -40,6 +40,7 @@ | |||
| 40 | #include "compat.h" | 40 | #include "compat.h" |
| 41 | #include "key.h" | 41 | #include "key.h" |
| 42 | #include "hostfile.h" | 42 | #include "hostfile.h" |
| 43 | #include "authfile.h" | ||
| 43 | #include "auth.h" | 44 | #include "auth.h" |
| 44 | #include "canohost.h" | 45 | #include "canohost.h" |
| 45 | #ifdef GSSAPI | 46 | #ifdef GSSAPI |
| @@ -141,10 +142,24 @@ int | |||
| 141 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | 142 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, |
| 142 | Key *key) | 143 | Key *key) |
| 143 | { | 144 | { |
| 145 | char *fp; | ||
| 144 | const char *resolvedname, *ipaddr, *lookup; | 146 | const char *resolvedname, *ipaddr, *lookup; |
| 145 | HostStatus host_status; | 147 | HostStatus host_status; |
| 146 | int len; | 148 | int len; |
| 147 | 149 | ||
| 150 | if (blacklisted_key(key)) { | ||
| 151 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
| 152 | if (options.permit_blacklisted_keys) | ||
| 153 | logit("Public key %s blacklisted (see " | ||
| 154 | "ssh-vulnkey(1)); continuing anyway", fp); | ||
| 155 | else | ||
| 156 | logit("Public key %s blacklisted (see " | ||
| 157 | "ssh-vulnkey(1))", fp); | ||
| 158 | xfree(fp); | ||
| 159 | if (!options.permit_blacklisted_keys) | ||
| 160 | return 0; | ||
| 161 | } | ||
| 162 | |||
| 148 | resolvedname = get_canonical_hostname(options.use_dns); | 163 | resolvedname = get_canonical_hostname(options.use_dns); |
| 149 | ipaddr = get_remote_ipaddr(); | 164 | ipaddr = get_remote_ipaddr(); |
| 150 | 165 | ||