upstream: switch over to the new authorized_keys options API and

remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
author: djm@openbsd.org <djm@openbsd.org> 2018-03-03 03:15:51 +0000
committer: Damien Miller <djm@mindrot.org> 2018-03-03 14:37:16 +1100
commit: 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 (patch)
tree: 48c837fc9c9e11d64862d4f54c1a886b54d8721c /auth2.c
parent: 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/auth2.c b/auth2.c
index c80911aeb..e0034229a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.144 2018/01/23 05:27:21 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.145 2018/03/03 03:15:51 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -310,7 +310,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
        /* Special handling for root */
        if (authenticated && authctxt->pw->pw_uid == 0 &&
-            !auth_root_allowed(method)) {
+            !auth_root_allowed(ssh, method)) {
                authenticated = 0;
 #ifdef SSH_AUDIT_EVENTS
                PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
author	djm@openbsd.org <djm@openbsd.org>	2018-03-03 03:15:51 +0000
committer	Damien Miller <djm@mindrot.org>	2018-03-03 14:37:16 +1100
commit	7c856857607112a3dfe6414696bf4c7ab7fb0cb3 (patch)
tree	48c837fc9c9e11d64862d4f54c1a886b54d8721c /auth2.c
parent	90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b (diff)

diff --git a/auth2.c b/auth2.c index c80911aeb..e0034229a 100644 --- a/auth2.c +++ b/auth2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2.c,v 1.144 2018/01/23 05:27:21 djm Exp $ */	1	/* $OpenBSD: auth2.c,v 1.145 2018/03/03 03:15:51 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -310,7 +310,7 @@ userauth_finish(struct ssh ssh, int authenticated, const char method,
310		310
311	/* Special handling for root */	311	/* Special handling for root */
312	if (authenticated && authctxt->pw->pw_uid == 0 &&	312	if (authenticated && authctxt->pw->pw_uid == 0 &&
313	!auth_root_allowed(method)) {	313	!auth_root_allowed(ssh, method)) {
314	authenticated = 0;	314	authenticated = 0;
315	#ifdef SSH_AUDIT_EVENTS	315	#ifdef SSH_AUDIT_EVENTS
316	PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));	316	PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));