artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 490cd47) | patch
If AuthorizedPrincipalsCommand is specified, however
authorjsing <jsing@openbsd.org>
Mon, 15 Jun 2015 18:44:22 +0000 (18:44 +0000)
committerjsing <jsing@openbsd.org>
Mon, 15 Jun 2015 18:44:22 +0000 (18:44 +0000)
commit8133225e0bf8eb862ac4198880595fada753fe4b
tree3fd4c1472c48f457f27bf2bd6c7f203c1c6f4318tree | snapshot
parent490cd472af5014e11caa7d5f1dc3f74d2eb4b951commit | diff
If AuthorizedPrincipalsCommand is specified, however
AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
potentially fail due to key_cert_check_authority() failing to locate a
principal that matches the username, even though an authorized principal
has already been matched in the output of the subprocess. Fix this by using
the same logic to determine if pw->pw_name should be passed, as is used to
determine if a authorized principal must be matched earlier on.

ok djm@
usr.bin/ssh/auth2-pubkey.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim