upstream commit

add AuthorizedPrincipalsCommand that allows getting authorized_principals from a subprocess rather than a file, which is quite useful in deployments with large userbases feedback and ok markus@ Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
author: djm@openbsd.org <djm@openbsd.org> 2015-05-21 06:43:30 +0000
committer: Damien Miller <djm@mindrot.org> 2015-05-21 16:45:46 +1000
commit: bcc50d816187fa9a03907ac1f3a52f04a52e10d1 (patch)
tree: 7fee32fe8c063a24674a37aad34e4b381d995ae5 /sshd.c
parent: 24232a3e5ab467678a86aa67968bbb915caffed4 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index 78729ddde..eb49b5b84 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.448 2015/04/27 00:21:21 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.449 2015/05/21 06:43:31 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1698,6 +1698,11 @@ main(int ac, char **av)
            strcasecmp(options.authorized_keys_command, "none") != 0))
                fatal("AuthorizedKeysCommand set without "
                    "AuthorizedKeysCommandUser");
+        if (options.authorized_principals_command_user == NULL &&
+            (options.authorized_principals_command != NULL &&
+            strcasecmp(options.authorized_principals_command, "none") != 0))
+                fatal("AuthorizedPrincipalsCommand set without "
+                    "AuthorizedPrincipalsCommandUser");
        /*
         * Check whether there is any path through configured auth methods.
author	djm@openbsd.org <djm@openbsd.org>	2015-05-21 06:43:30 +0000
committer	Damien Miller <djm@mindrot.org>	2015-05-21 16:45:46 +1000
commit	bcc50d816187fa9a03907ac1f3a52f04a52e10d1 (patch)
tree	7fee32fe8c063a24674a37aad34e4b381d995ae5 /sshd.c
parent	24232a3e5ab467678a86aa67968bbb915caffed4 (diff)