summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/auth2-pubkey.c
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2013-05-19 02:38:29 +0000
committerDamien Miller <djm@cvs.openbsd.org>2013-05-19 02:38:29 +0000
commitacb6ba1628411ae9bf6b797dc6a4c3bb05188b85 (patch)
treefe02e52a3ccf6dc25719b516020dca07d5a437b7 /usr.bin/ssh/auth2-pubkey.c
parente86b7ca9afe5cd6805eafa2493470595aa25f900 (diff)
fix failure to recognise cert-authority keys if a key of a different type
appeared in authorized_keys before it; ok markus@
Diffstat (limited to 'usr.bin/ssh/auth2-pubkey.c')
-rw-r--r--usr.bin/ssh/auth2-pubkey.c39
1 files changed, 31 insertions, 8 deletions
diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c
index d74f20e70de..61f7c207ef0 100644
--- a/usr.bin/ssh/auth2-pubkey.c
+++ b/usr.bin/ssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.36 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.37 2013/05/19 02:38:28 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -144,6 +144,8 @@ userauth_pubkey(Authctxt *authctxt)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
+ pubkey_auth_info(authctxt, key);
+
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
@@ -184,6 +186,26 @@ done:
return authenticated;
}
+void
+pubkey_auth_info(Authctxt *authctxt, const Key *key)
+{
+ char *fp;
+
+ if (key_is_cert(key)) {
+ fp = key_fingerprint(key->cert->signature_key,
+ SSH_FP_MD5, SSH_FP_HEX);
+ auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s",
+ key_type(key), key->cert->key_id,
+ (unsigned long long)key->cert->serial,
+ key_type(key->cert->signature_key), fp);
+ free(fp);
+ } else {
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ auth_info(authctxt, "%s %s", key_type(key), fp);
+ free(fp);
+ }
+}
+
static int
match_principals_option(const char *principal_list, struct KeyCert *cert)
{
@@ -277,11 +299,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
char *fp;
found_key = 0;
- found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
+ found = NULL;
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp, *key_options = NULL;
-
+ if (found != NULL)
+ key_free(found);
+ found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
auth_clear_options();
/* Skip leading whitespace, empty and comment lines. */
@@ -359,16 +383,15 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
if (key_is_cert_authority)
continue;
found_key = 1;
- debug("matching key found: file %s, line %lu",
- file, linenum);
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
- verbose("Found matching %s key: %s",
- key_type(found), fp);
+ debug("matching key found: file %s, line %lu %s %s",
+ file, linenum, key_type(found), fp);
free(fp);
break;
}
}
- key_free(found);
+ if (found != NULL)
+ key_free(found);
if (!found_key)
debug2("key not found");
return found_key;