summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2016-11-30 02:57:40 +0000
committerDamien Miller <djm@mindrot.org>2016-11-30 19:44:01 +1100
commitfd6dcef2030d23c43f986d26979f84619c10589d (patch)
treea9b9d64866a656d5e187f7d63b61e1c1bede5e8f /auth2-pubkey.c
parent7fc4766ac78abae81ee75b22b7550720bfa28a33 (diff)
upstream commit
When a forced-command appears in both a certificate and an authorized keys/principals command= restriction, refuse to accept the certificate unless they are identical. The previous (documented) behaviour of having the certificate forced- command override the other could be a bit confused and more error-prone. Pointed out by Jann Horn of Project Zero; ok dtucker@ Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c18
1 files changed, 8 insertions, 10 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 375d91cbd..20f3309e1 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.59 2016/09/21 17:44:20 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -757,17 +757,17 @@ static int
757check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) 757check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
758{ 758{
759 char line[SSH_MAX_PUBKEY_BYTES]; 759 char line[SSH_MAX_PUBKEY_BYTES];
760 const char *reason;
761 int found_key = 0; 760 int found_key = 0;
762 u_long linenum = 0; 761 u_long linenum = 0;
763 Key *found; 762 Key *found;
764 char *fp;
765 763
766 found_key = 0; 764 found_key = 0;
767 765
768 found = NULL; 766 found = NULL;
769 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 767 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
770 char *cp, *key_options = NULL; 768 char *cp, *key_options = NULL, *fp = NULL;
769 const char *reason = NULL;
770
771 if (found != NULL) 771 if (found != NULL)
772 key_free(found); 772 key_free(found);
773 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); 773 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
@@ -832,10 +832,8 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
832 authorized_principals == NULL ? pw->pw_name : NULL, 832 authorized_principals == NULL ? pw->pw_name : NULL,
833 &reason) != 0) 833 &reason) != 0)
834 goto fail_reason; 834 goto fail_reason;
835 if (auth_cert_options(key, pw) != 0) { 835 if (auth_cert_options(key, pw, &reason) != 0)
836 free(fp); 836 goto fail_reason;
837 continue;
838 }
839 verbose("Accepted certificate ID \"%s\" (serial %llu) " 837 verbose("Accepted certificate ID \"%s\" (serial %llu) "
840 "signed by %s CA %s via %s", key->cert->key_id, 838 "signed by %s CA %s via %s", key->cert->key_id,
841 (unsigned long long)key->cert->serial, 839 (unsigned long long)key->cert->serial,
@@ -913,8 +911,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
913 if (key_cert_check_authority(key, 0, 1, 911 if (key_cert_check_authority(key, 0, 1,
914 use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) 912 use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
915 goto fail_reason; 913 goto fail_reason;
916 if (auth_cert_options(key, pw) != 0) 914 if (auth_cert_options(key, pw, &reason) != 0)
917 goto out; 915 goto fail_reason;
918 916
919 verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " 917 verbose("Accepted certificate ID \"%s\" (serial %llu) signed by "
920 "%s CA %s via %s", key->cert->key_id, 918 "%s CA %s via %s", key->cert->key_id,
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 17:43:24 +0000