diff options
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 27 |
1 files changed, 20 insertions, 7 deletions
| @@ -641,7 +641,7 @@ main(int ac, char **av) | |||
| 641 | tty_flag = 0; | 641 | tty_flag = 0; |
| 642 | /* Do not allocate a tty if stdin is not a tty. */ | 642 | /* Do not allocate a tty if stdin is not a tty. */ |
| 643 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) { | 643 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) { |
| 644 | if (tty_flag) | 644 | if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET) |
| 645 | logit("Pseudo-terminal will not be allocated because " | 645 | logit("Pseudo-terminal will not be allocated because " |
| 646 | "stdin is not a terminal."); | 646 | "stdin is not a terminal."); |
| 647 | tty_flag = 0; | 647 | tty_flag = 0; |
| @@ -852,15 +852,12 @@ main(int ac, char **av) | |||
| 852 | strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); | 852 | strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); |
| 853 | if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { | 853 | if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { |
| 854 | #ifdef WITH_SELINUX | 854 | #ifdef WITH_SELINUX |
| 855 | char *scon; | 855 | ssh_selinux_setfscreatecon(buf); |
| 856 | |||
| 857 | matchpathcon(buf, 0700, &scon); | ||
| 858 | setfscreatecon(scon); | ||
| 859 | #endif | 856 | #endif |
| 860 | if (mkdir(buf, 0700) < 0) | 857 | if (mkdir(buf, 0700) < 0) |
| 861 | error("Could not create directory '%.200s'.", buf); | 858 | error("Could not create directory '%.200s'.", buf); |
| 862 | #ifdef WITH_SELINUX | 859 | #ifdef WITH_SELINUX |
| 863 | setfscreatecon(NULL); | 860 | ssh_selinux_setfscreatecon(NULL); |
| 864 | #endif | 861 | #endif |
| 865 | } | 862 | } |
| 866 | /* load options.identity_files */ | 863 | /* load options.identity_files */ |
| @@ -1448,7 +1445,7 @@ ssh_session2(void) | |||
| 1448 | static void | 1445 | static void |
| 1449 | load_public_identity_files(void) | 1446 | load_public_identity_files(void) |
| 1450 | { | 1447 | { |
| 1451 | char *filename, *cp, thishost[NI_MAXHOST]; | 1448 | char *filename, *cp, thishost[NI_MAXHOST], *fp; |
| 1452 | char *pwdir = NULL, *pwname = NULL; | 1449 | char *pwdir = NULL, *pwname = NULL; |
| 1453 | int i = 0; | 1450 | int i = 0; |
| 1454 | Key *public; | 1451 | Key *public; |
| @@ -1505,6 +1502,22 @@ load_public_identity_files(void) | |||
| 1505 | public = key_load_public(filename, NULL); | 1502 | public = key_load_public(filename, NULL); |
| 1506 | debug("identity file %s type %d", filename, | 1503 | debug("identity file %s type %d", filename, |
| 1507 | public ? public->type : -1); | 1504 | public ? public->type : -1); |
| 1505 | if (public && blacklisted_key(public, &fp) == 1) { | ||
| 1506 | if (options.use_blacklisted_keys) | ||
| 1507 | logit("Public key %s blacklisted (see " | ||
| 1508 | "ssh-vulnkey(1)); continuing anyway", fp); | ||
| 1509 | else | ||
| 1510 | logit("Public key %s blacklisted (see " | ||
| 1511 | "ssh-vulnkey(1)); refusing to send it", | ||
| 1512 | fp); | ||
| 1513 | xfree(fp); | ||
| 1514 | if (!options.use_blacklisted_keys) { | ||
| 1515 | key_free(public); | ||
| 1516 | xfree(filename); | ||
| 1517 | filename = NULL; | ||
| 1518 | public = NULL; | ||
| 1519 | } | ||
| 1520 | } | ||
| 1508 | xfree(options.identity_files[i]); | 1521 | xfree(options.identity_files[i]); |
| 1509 | identity_files[n_ids] = filename; | 1522 | identity_files[n_ids] = filename; |
| 1510 | identity_keys[n_ids] = public; | 1523 | identity_keys[n_ids] = public; |