Make the arguments to match_principals_command() similar to

match_principals_file(), by changing the last argument a
struct sshkey_cert * and dereferencing key->cert in the caller.

No functional change.

ok djm@

diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c
index 102fea8..5beb44a 100644 (file)
--- a/usr.bin/ssh/auth2-pubkey.c
+++ b/usr.bin/ssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.51 2015/05/21 06:43:30 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.52 2015/06/15 18:42:19 jsing Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -621,7 +621,7 @@ match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert)
  * returns 1 if the principal is allowed or 0 otherwise.
  */
 static int
-match_principals_command(struct passwd *user_pw, struct sshkey *key)
+match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert)
 {
        FILE *f = NULL;
        int ok, found_principal = 0;
@@ -686,7 +686,7 @@ match_principals_command(struct passwd *user_pw, struct sshkey *key)
        uid_swapped = 1;
        temporarily_use_uid(pw);
 
-       ok = process_principals(f, NULL, pw, key->cert);
+       ok = process_principals(f, NULL, pw, cert);
 
        if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
                goto out;
@@ -854,7 +854,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
                        found_principal = 1;
        }
        /* Try querying command if specified */
-       if (!found_principal && match_principals_command(pw, key))
+       if (!found_principal && match_principals_command(pw, key->cert))
                found_principal = 1;
        /* If principals file or command specify, then require a match here */
        if (!found_principal && (principals_file != NULL ||