From 93e9c23240b154d074dc33f26ccb23f8874f8c3a Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 26 May 2008 22:16:40 +0000
Subject: Refactor rejection of blacklisted user keys into a single
 reject_blacklisted_key function in auth.c (thanks, Dmitry V. Levin).

---
 auth2-hostbased.c | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

(limited to 'auth2-hostbased.c')

diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index d7009eeb0..f6fb74043 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -40,7 +40,6 @@
 #include "compat.h"
 #include "key.h"
 #include "hostfile.h"
-#include "authfile.h"
 #include "auth.h"
 #include "canohost.h"
 #ifdef GSSAPI
@@ -142,25 +141,12 @@ int
 hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
     Key *key)
 {
-	char *fp;
 	const char *resolvedname, *ipaddr, *lookup;
 	HostStatus host_status;
 	int len;
 
-	if (blacklisted_key(key) == 1) {
-		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-		if (options.permit_blacklisted_keys)
-			logit("Public key %s from %s blacklisted (see "
-			    "ssh-vulnkey(1)); continuing anyway",
-			    fp, get_remote_ipaddr());
-		else
-			logit("Public key %s from %s blacklisted (see "
-			    "ssh-vulnkey(1))",
-			    fp, get_remote_ipaddr());
-		xfree(fp);
-		if (!options.permit_blacklisted_keys)
-			return 0;
-	}
+	if (reject_blacklisted_key(key, 0) == 1)
+		return 0;
 
 	resolvedname = get_canonical_hostname(options.use_dns);
 	ipaddr = get_remote_ipaddr();
-- 
cgit v1.2.3