diff options
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 375d91cbd..20f3309e1 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-pubkey.c,v 1.59 2016/09/21 17:44:20 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -757,17 +757,17 @@ static int | |||
| 757 | check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | 757 | check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) |
| 758 | { | 758 | { |
| 759 | char line[SSH_MAX_PUBKEY_BYTES]; | 759 | char line[SSH_MAX_PUBKEY_BYTES]; |
| 760 | const char *reason; | ||
| 761 | int found_key = 0; | 760 | int found_key = 0; |
| 762 | u_long linenum = 0; | 761 | u_long linenum = 0; |
| 763 | Key *found; | 762 | Key *found; |
| 764 | char *fp; | ||
| 765 | 763 | ||
| 766 | found_key = 0; | 764 | found_key = 0; |
| 767 | 765 | ||
| 768 | found = NULL; | 766 | found = NULL; |
| 769 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 767 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
| 770 | char *cp, *key_options = NULL; | 768 | char *cp, *key_options = NULL, *fp = NULL; |
| 769 | const char *reason = NULL; | ||
| 770 | |||
| 771 | if (found != NULL) | 771 | if (found != NULL) |
| 772 | key_free(found); | 772 | key_free(found); |
| 773 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | 773 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
| @@ -832,10 +832,8 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
| 832 | authorized_principals == NULL ? pw->pw_name : NULL, | 832 | authorized_principals == NULL ? pw->pw_name : NULL, |
| 833 | &reason) != 0) | 833 | &reason) != 0) |
| 834 | goto fail_reason; | 834 | goto fail_reason; |
| 835 | if (auth_cert_options(key, pw) != 0) { | 835 | if (auth_cert_options(key, pw, &reason) != 0) |
| 836 | free(fp); | 836 | goto fail_reason; |
| 837 | continue; | ||
| 838 | } | ||
| 839 | verbose("Accepted certificate ID \"%s\" (serial %llu) " | 837 | verbose("Accepted certificate ID \"%s\" (serial %llu) " |
| 840 | "signed by %s CA %s via %s", key->cert->key_id, | 838 | "signed by %s CA %s via %s", key->cert->key_id, |
| 841 | (unsigned long long)key->cert->serial, | 839 | (unsigned long long)key->cert->serial, |
| @@ -913,8 +911,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
| 913 | if (key_cert_check_authority(key, 0, 1, | 911 | if (key_cert_check_authority(key, 0, 1, |
| 914 | use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) | 912 | use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) |
| 915 | goto fail_reason; | 913 | goto fail_reason; |
| 916 | if (auth_cert_options(key, pw) != 0) | 914 | if (auth_cert_options(key, pw, &reason) != 0) |
| 917 | goto out; | 915 | goto fail_reason; |
| 918 | 916 | ||
| 919 | verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " | 917 | verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " |
| 920 | "%s CA %s via %s", key->cert->key_id, | 918 | "%s CA %s via %s", key->cert->key_id, |