summaryrefslogtreecommitdiff
path: root/sshsig.h
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-01-23 23:31:52 +0000
committerDamien Miller <djm@mindrot.org>2020-01-25 11:27:29 +1100
commit72a8bea2d748c8bd7f076a8b39a52082c79ae95f (patch)
tree14bea4a63d81af371d75708384811f5829a38267 /sshsig.h
parent0585b5697201f5d8b32e6f1b0fee7e188268d30d (diff)
upstream: ssh-keygen -Y find-principals fixes based on feedback
from Markus: use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@ OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
Diffstat (limited to 'sshsig.h')
-rw-r--r--sshsig.h5
1 files changed, 2 insertions, 3 deletions
diff --git a/sshsig.h b/sshsig.h
index 939e3dfe0..63cc1ad1a 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -93,13 +93,12 @@ struct sshsigopt *sshsigopt_parse(const char *opts,
93void sshsigopt_free(struct sshsigopt *opts); 93void sshsigopt_free(struct sshsigopt *opts);
94 94
95/* Get public key from signature */ 95/* Get public key from signature */
96int 96int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
97sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
98 97
99/* Find principal in allowed_keys file, given a sshkey. Returns 98/* Find principal in allowed_keys file, given a sshkey. Returns
100 * 0 on success. 99 * 0 on success.
101 */ 100 */
102int sshsig_find_principal(const char *path, const struct sshkey *sign_key, 101int sshsig_find_principals(const char *path, const struct sshkey *sign_key,
103 char **principal); 102 char **principal);
104 103
105#endif /* SSHSIG_H */ 104#endif /* SSHSIG_H */