summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 3ff6faa8b..f980b0dad 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -217,6 +217,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
217 restore_uid(); 217 restore_uid();
218 return 0; 218 return 0;
219 } 219 }
220 auth_start_parse_options();
220 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 221 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
221 /* Skip leading whitespace. */ 222 /* Skip leading whitespace. */
222 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 223 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -278,6 +279,8 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
278 found_key = 0; 279 found_key = 0;
279 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); 280 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
280 281
282 auth_start_parse_options();
283
281 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 284 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
282 char *cp, *key_options = NULL; 285 char *cp, *key_options = NULL;
283 286
@@ -412,6 +415,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
412 if (key_cert_check_authority(key, 0, 1, 415 if (key_cert_check_authority(key, 0, 1,
413 principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) 416 principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
414 goto fail_reason; 417 goto fail_reason;
418 auth_start_parse_options();
415 if (auth_cert_options(key, pw) != 0) 419 if (auth_cert_options(key, pw) != 0)
416 goto out; 420 goto out;
417 421
@@ -608,9 +612,10 @@ user_key_allowed(struct passwd *pw, Key *key)
608 u_int success, i; 612 u_int success, i;
609 char *file; 613 char *file;
610 614
611 if (auth_key_is_revoked(key)) 615 if (auth_key_is_revoked(key, 0))
612 return 0; 616 return 0;
613 if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) 617 if (key_is_cert(key) &&
618 auth_key_is_revoked(key->cert->signature_key, 0))
614 return 0; 619 return 0;
615 620
616 success = user_cert_trusted_ca(pw, key); 621 success = user_cert_trusted_ca(pw, key);