Quieten logs when multiple from= restrictions are used in different

authorized_keys lines for the same key; it's still not ideal, but at
least you'll only get one log entry per key (closes: #630606).

1 files changed, 4 insertions, 0 deletions

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 62a553612..dbf0d0d22 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -211,6 +211,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
                 restore_uid();
                 return 0;
         }
+        auth_start_parse_options();
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 /* Skip leading whitespace. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -280,6 +281,8 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
         found_key = 0;
         found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
 
+        auth_start_parse_options();
+
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 char *cp, *key_options = NULL;
 
@@ -416,6 +419,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
         if (key_cert_check_authority(key, 0, 1,
             principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
                 goto fail_reason;
+        auth_start_parse_options();
         if (auth_cert_options(key, pw) != 0)
                 goto out;