Merge branch 'vendor/OPENSSH'
[dragonfly.git] / crypto / openssh / auth-rsa.c
index 4edaab0..12bc35c 100644 (file)
@@ -40,6 +40,7 @@
 #include "key.h"
 #include "auth-options.h"
 #include "hostfile.h"
+#include "authfile.h"
 #include "auth.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -202,6 +203,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
                char *cp;
                char *key_options;
                int keybits;
+               char *fp;
 
                /* Skip leading whitespace, empty and comment lines. */
                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -250,6 +252,19 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
                if (auth_key_is_revoked(key))
                        break;
 
+               if (blacklisted_key(key)) {
+                       fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+                       if (options.permit_blacklisted_keys)
+                               logit("Public key %s blacklisted (see "
+                                   "ssh-vulnkey(1)); continuing anyway", fp);
+                       else
+                               logit("Public key %s blacklisted (see "
+                                   "ssh-vulnkey(1))", fp);
+                       xfree(fp);
+                       if (!options.permit_blacklisted_keys)
+                               continue;
+               }
+
                /* We have found the desired key. */
                /*
                 * If our options do not allow this key to be used,