diff options
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 137887ecd..a1d31e930 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -211,6 +211,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) | |||
211 | restore_uid(); | 211 | restore_uid(); |
212 | return 0; | 212 | return 0; |
213 | } | 213 | } |
214 | auth_start_parse_options(); | ||
214 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 215 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
215 | /* Skip leading whitespace. */ | 216 | /* Skip leading whitespace. */ |
216 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 217 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
@@ -280,6 +281,8 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
280 | found_key = 0; | 281 | found_key = 0; |
281 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | 282 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
282 | 283 | ||
284 | auth_start_parse_options(); | ||
285 | |||
283 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 286 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
284 | char *cp, *key_options = NULL; | 287 | char *cp, *key_options = NULL; |
285 | 288 | ||
@@ -416,6 +419,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
416 | if (key_cert_check_authority(key, 0, 1, | 419 | if (key_cert_check_authority(key, 0, 1, |
417 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) | 420 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) |
418 | goto fail_reason; | 421 | goto fail_reason; |
422 | auth_start_parse_options(); | ||
419 | if (auth_cert_options(key, pw) != 0) | 423 | if (auth_cert_options(key, pw) != 0) |
420 | goto out; | 424 | goto out; |
421 | 425 | ||
@@ -439,9 +443,10 @@ user_key_allowed(struct passwd *pw, Key *key) | |||
439 | u_int success, i; | 443 | u_int success, i; |
440 | char *file; | 444 | char *file; |
441 | 445 | ||
442 | if (auth_key_is_revoked(key)) | 446 | if (auth_key_is_revoked(key, 0)) |
443 | return 0; | 447 | return 0; |
444 | if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) | 448 | if (key_is_cert(key) && |
449 | auth_key_is_revoked(key->cert->signature_key, 0)) | ||
445 | return 0; | 450 | return 0; |
446 | 451 | ||
447 | success = user_cert_trusted_ca(pw, key); | 452 | success = user_cert_trusted_ca(pw, key); |