summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2017-04-02 01:26:17 +0100
committerColin Watson <cjwatson@debian.org>2017-04-02 01:54:08 +0100
commit20adc7e0fc13ff9c7d270db250aac1fa140e3851 (patch)
tree5d9f06b0ff195db88093037d9102f0cdcf3884c6 /auth2-pubkey.c
parentaf27669f905133925224acc753067dea710881dd (diff)
parentec338656a3d6b21bb87f3b6367b232d297f601e5 (diff)
New upstream release (7.5p1)
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index add77136e..6dc5076ef 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -564,10 +564,13 @@ process_principals(FILE *f, char *file, struct passwd *pw,
564{ 564{
565 char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; 565 char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
566 u_long linenum = 0; 566 u_long linenum = 0;
567 u_int i; 567 u_int i, found_principal = 0;
568 568
569 auth_start_parse_options(); 569 auth_start_parse_options();
570 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 570 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
571 /* Always consume entire input */
572 if (found_principal)
573 continue;
571 /* Skip leading whitespace. */ 574 /* Skip leading whitespace. */
572 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 575 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
573 ; 576 ;
@@ -600,11 +603,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
600 if (auth_parse_options(pw, line_opts, 603 if (auth_parse_options(pw, line_opts,
601 file, linenum) != 1) 604 file, linenum) != 1)
602 continue; 605 continue;
603 return 1; 606 found_principal = 1;
607 continue;
604 } 608 }
605 } 609 }
606 } 610 }
607 return 0; 611 return found_principal;
608} 612}
609 613
610static int 614static int
@@ -728,6 +732,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
728 732
729 ok = process_principals(f, NULL, pw, cert); 733 ok = process_principals(f, NULL, pw, cert);
730 734
735 fclose(f);
736 f = NULL;
737
731 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) 738 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
732 goto out; 739 goto out;
733 740
@@ -770,6 +777,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
770 char *cp, *key_options = NULL, *fp = NULL; 777 char *cp, *key_options = NULL, *fp = NULL;
771 const char *reason = NULL; 778 const char *reason = NULL;
772 779
780 /* Always consume entrire file */
781 if (found_key)
782 continue;
773 if (found != NULL) 783 if (found != NULL)
774 key_free(found); 784 key_free(found);
775 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); 785 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
@@ -856,7 +866,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
856 file, linenum, key_type(found), fp); 866 file, linenum, key_type(found), fp);
857 free(fp); 867 free(fp);
858 found_key = 1; 868 found_key = 1;
859 break; 869 continue;
860 } 870 }
861 } 871 }
862 if (found != NULL) 872 if (found != NULL)
@@ -1053,6 +1063,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
1053 1063
1054 ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); 1064 ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
1055 1065
1066 fclose(f);
1067 f = NULL;
1068
1056 if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) 1069 if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
1057 goto out; 1070 goto out;
1058 1071
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 07:05:29 +0000