diff options
author | Colin Watson <cjwatson@debian.org> | 2017-03-29 01:35:00 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2017-03-29 01:35:00 +0100 |
commit | 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (patch) | |
tree | b4377d09196e24e2c6f2c2128f66f92cf7891105 /auth2-pubkey.c | |
parent | 971a7653746a6972b907dfe0ce139c06e4a6f482 (diff) | |
parent | d38f05dbdd291212bc95ea80648b72b7177e9f4e (diff) |
Import openssh_7.5p1.orig.tar.gz
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 20f3309e1..3e5706f4d 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -564,9 +564,12 @@ process_principals(FILE *f, char *file, struct passwd *pw, | |||
564 | { | 564 | { |
565 | char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; | 565 | char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; |
566 | u_long linenum = 0; | 566 | u_long linenum = 0; |
567 | u_int i; | 567 | u_int i, found_principal = 0; |
568 | 568 | ||
569 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 569 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
570 | /* Always consume entire input */ | ||
571 | if (found_principal) | ||
572 | continue; | ||
570 | /* Skip leading whitespace. */ | 573 | /* Skip leading whitespace. */ |
571 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 574 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
572 | ; | 575 | ; |
@@ -599,11 +602,12 @@ process_principals(FILE *f, char *file, struct passwd *pw, | |||
599 | if (auth_parse_options(pw, line_opts, | 602 | if (auth_parse_options(pw, line_opts, |
600 | file, linenum) != 1) | 603 | file, linenum) != 1) |
601 | continue; | 604 | continue; |
602 | return 1; | 605 | found_principal = 1; |
606 | continue; | ||
603 | } | 607 | } |
604 | } | 608 | } |
605 | } | 609 | } |
606 | return 0; | 610 | return found_principal; |
607 | } | 611 | } |
608 | 612 | ||
609 | static int | 613 | static int |
@@ -727,6 +731,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) | |||
727 | 731 | ||
728 | ok = process_principals(f, NULL, pw, cert); | 732 | ok = process_principals(f, NULL, pw, cert); |
729 | 733 | ||
734 | fclose(f); | ||
735 | f = NULL; | ||
736 | |||
730 | if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) | 737 | if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) |
731 | goto out; | 738 | goto out; |
732 | 739 | ||
@@ -768,6 +775,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
768 | char *cp, *key_options = NULL, *fp = NULL; | 775 | char *cp, *key_options = NULL, *fp = NULL; |
769 | const char *reason = NULL; | 776 | const char *reason = NULL; |
770 | 777 | ||
778 | /* Always consume entrire file */ | ||
779 | if (found_key) | ||
780 | continue; | ||
771 | if (found != NULL) | 781 | if (found != NULL) |
772 | key_free(found); | 782 | key_free(found); |
773 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | 783 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
@@ -854,7 +864,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
854 | file, linenum, key_type(found), fp); | 864 | file, linenum, key_type(found), fp); |
855 | free(fp); | 865 | free(fp); |
856 | found_key = 1; | 866 | found_key = 1; |
857 | break; | 867 | continue; |
858 | } | 868 | } |
859 | } | 869 | } |
860 | if (found != NULL) | 870 | if (found != NULL) |
@@ -1050,6 +1060,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |||
1050 | 1060 | ||
1051 | ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); | 1061 | ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); |
1052 | 1062 | ||
1063 | fclose(f); | ||
1064 | f = NULL; | ||
1065 | |||
1053 | if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) | 1066 | if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) |
1054 | goto out; | 1067 | goto out; |
1055 | 1068 | ||