summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 20f3309e1..3e5706f4d 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -564,9 +564,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
564{ 564{
565 char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; 565 char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
566 u_long linenum = 0; 566 u_long linenum = 0;
567 u_int i; 567 u_int i, found_principal = 0;
568 568
569 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 569 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
570 /* Always consume entire input */
571 if (found_principal)
572 continue;
570 /* Skip leading whitespace. */ 573 /* Skip leading whitespace. */
571 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 574 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
572 ; 575 ;
@@ -599,11 +602,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
599 if (auth_parse_options(pw, line_opts, 602 if (auth_parse_options(pw, line_opts,
600 file, linenum) != 1) 603 file, linenum) != 1)
601 continue; 604 continue;
602 return 1; 605 found_principal = 1;
606 continue;
603 } 607 }
604 } 608 }
605 } 609 }
606 return 0; 610 return found_principal;
607} 611}
608 612
609static int 613static int
@@ -727,6 +731,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
727 731
728 ok = process_principals(f, NULL, pw, cert); 732 ok = process_principals(f, NULL, pw, cert);
729 733
734 fclose(f);
735 f = NULL;
736
730 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) 737 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
731 goto out; 738 goto out;
732 739
@@ -768,6 +775,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
768 char *cp, *key_options = NULL, *fp = NULL; 775 char *cp, *key_options = NULL, *fp = NULL;
769 const char *reason = NULL; 776 const char *reason = NULL;
770 777
778 /* Always consume entrire file */
779 if (found_key)
780 continue;
771 if (found != NULL) 781 if (found != NULL)
772 key_free(found); 782 key_free(found);
773 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); 783 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
@@ -854,7 +864,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
854 file, linenum, key_type(found), fp); 864 file, linenum, key_type(found), fp);
855 free(fp); 865 free(fp);
856 found_key = 1; 866 found_key = 1;
857 break; 867 continue;
858 } 868 }
859 } 869 }
860 if (found != NULL) 870 if (found != NULL)
@@ -1050,6 +1060,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
1050 1060
1051 ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); 1061 ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
1052 1062
1063 fclose(f);
1064 f = NULL;
1065
1053 if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) 1066 if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
1054 goto out; 1067 goto out;
1055 1068
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 17:58:55 +0000