version 1.36, 2013/05/17 00:13:13 |
version 1.37, 2013/05/19 02:38:28 |
|
|
#ifdef DEBUG_PK |
#ifdef DEBUG_PK |
buffer_dump(&b); |
buffer_dump(&b); |
#endif |
#endif |
|
pubkey_auth_info(authctxt, key); |
|
|
/* test for correct signature */ |
/* test for correct signature */ |
authenticated = 0; |
authenticated = 0; |
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && |
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && |
|
|
return authenticated; |
return authenticated; |
} |
} |
|
|
|
void |
|
pubkey_auth_info(Authctxt *authctxt, const Key *key) |
|
{ |
|
char *fp; |
|
|
|
if (key_is_cert(key)) { |
|
fp = key_fingerprint(key->cert->signature_key, |
|
SSH_FP_MD5, SSH_FP_HEX); |
|
auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s", |
|
key_type(key), key->cert->key_id, |
|
(unsigned long long)key->cert->serial, |
|
key_type(key->cert->signature_key), fp); |
|
free(fp); |
|
} else { |
|
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
|
auth_info(authctxt, "%s %s", key_type(key), fp); |
|
free(fp); |
|
} |
|
} |
|
|
static int |
static int |
match_principals_option(const char *principal_list, struct KeyCert *cert) |
match_principals_option(const char *principal_list, struct KeyCert *cert) |
{ |
{ |
|
|
char *fp; |
char *fp; |
|
|
found_key = 0; |
found_key = 0; |
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
|
|
|
|
found = NULL; |
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
char *cp, *key_options = NULL; |
char *cp, *key_options = NULL; |
|
if (found != NULL) |
|
key_free(found); |
|
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
auth_clear_options(); |
auth_clear_options(); |
|
|
/* Skip leading whitespace, empty and comment lines. */ |
/* Skip leading whitespace, empty and comment lines. */ |
|
|
if (key_is_cert_authority) |
if (key_is_cert_authority) |
continue; |
continue; |
found_key = 1; |
found_key = 1; |
debug("matching key found: file %s, line %lu", |
|
file, linenum); |
|
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); |
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); |
verbose("Found matching %s key: %s", |
debug("matching key found: file %s, line %lu %s %s", |
key_type(found), fp); |
file, linenum, key_type(found), fp); |
free(fp); |
free(fp); |
break; |
break; |
} |
} |
} |
} |
key_free(found); |
if (found != NULL) |
|
key_free(found); |
if (!found_key) |
if (!found_key) |
debug2("key not found"); |
debug2("key not found"); |
return found_key; |
return found_key; |