diff options
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 9863cd9e6..cf911968a 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
| @@ -42,6 +42,7 @@ | |||
| 42 | #include "compat.h" | 42 | #include "compat.h" |
| 43 | #include "key.h" | 43 | #include "key.h" |
| 44 | #include "hostfile.h" | 44 | #include "hostfile.h" |
| 45 | #include "authfile.h" | ||
| 45 | #include "auth.h" | 46 | #include "auth.h" |
| 46 | #include "pathnames.h" | 47 | #include "pathnames.h" |
| 47 | #include "uidswap.h" | 48 | #include "uidswap.h" |
| @@ -269,9 +270,23 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
| 269 | int | 270 | int |
| 270 | user_key_allowed(struct passwd *pw, Key *key) | 271 | user_key_allowed(struct passwd *pw, Key *key) |
| 271 | { | 272 | { |
| 273 | char *fp; | ||
| 272 | int success; | 274 | int success; |
| 273 | char *file; | 275 | char *file; |
| 274 | 276 | ||
| 277 | if (blacklisted_key(key)) { | ||
| 278 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
| 279 | if (options.permit_blacklisted_keys) | ||
| 280 | logit("Public key %s blacklisted (see " | ||
| 281 | "ssh-vulnkey(1)); continuing anyway", fp); | ||
| 282 | else | ||
| 283 | logit("Public key %s blacklisted (see " | ||
| 284 | "ssh-vulnkey(1))", fp); | ||
| 285 | xfree(fp); | ||
| 286 | if (!options.permit_blacklisted_keys) | ||
| 287 | return 0; | ||
| 288 | } | ||
| 289 | |||
| 275 | file = authorized_keys_file(pw); | 290 | file = authorized_keys_file(pw); |
| 276 | success = user_key_allowed2(pw, key, file); | 291 | success = user_key_allowed2(pw, key, file); |
| 277 | xfree(file); | 292 | xfree(file); |