diff options
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 3ff6faa8b..f980b0dad 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -217,6 +217,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) | |||
217 | restore_uid(); | 217 | restore_uid(); |
218 | return 0; | 218 | return 0; |
219 | } | 219 | } |
220 | auth_start_parse_options(); | ||
220 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 221 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
221 | /* Skip leading whitespace. */ | 222 | /* Skip leading whitespace. */ |
222 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 223 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
@@ -278,6 +279,8 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
278 | found_key = 0; | 279 | found_key = 0; |
279 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | 280 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
280 | 281 | ||
282 | auth_start_parse_options(); | ||
283 | |||
281 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 284 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
282 | char *cp, *key_options = NULL; | 285 | char *cp, *key_options = NULL; |
283 | 286 | ||
@@ -412,6 +415,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
412 | if (key_cert_check_authority(key, 0, 1, | 415 | if (key_cert_check_authority(key, 0, 1, |
413 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) | 416 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) |
414 | goto fail_reason; | 417 | goto fail_reason; |
418 | auth_start_parse_options(); | ||
415 | if (auth_cert_options(key, pw) != 0) | 419 | if (auth_cert_options(key, pw) != 0) |
416 | goto out; | 420 | goto out; |
417 | 421 | ||
@@ -608,9 +612,10 @@ user_key_allowed(struct passwd *pw, Key *key) | |||
608 | u_int success, i; | 612 | u_int success, i; |
609 | char *file; | 613 | char *file; |
610 | 614 | ||
611 | if (auth_key_is_revoked(key)) | 615 | if (auth_key_is_revoked(key, 0)) |
612 | return 0; | 616 | return 0; |
613 | if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) | 617 | if (key_is_cert(key) && |
618 | auth_key_is_revoked(key->cert->signature_key, 0)) | ||
614 | return 0; | 619 | return 0; |
615 | 620 | ||
616 | success = user_cert_trusted_ca(pw, key); | 621 | success = user_cert_trusted_ca(pw, key); |