| version 1.52, 2015/06/15 18:42:19 |
version 1.53, 2015/06/15 18:44:22 |
|
|
| { |
{ |
| char *ca_fp, *principals_file = NULL; |
char *ca_fp, *principals_file = NULL; |
| const char *reason; |
const char *reason; |
| int ret = 0, found_principal = 0; |
int ret = 0, found_principal = 0, use_authorized_principals; |
| |
|
| if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) |
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) |
| return 0; |
return 0; |
|
|
| /* Try querying command if specified */ |
/* Try querying command if specified */ |
| if (!found_principal && match_principals_command(pw, key->cert)) |
if (!found_principal && match_principals_command(pw, key->cert)) |
| found_principal = 1; |
found_principal = 1; |
| /* If principals file or command specify, then require a match here */ |
/* If principals file or command is specified, then require a match */ |
| if (!found_principal && (principals_file != NULL || |
use_authorized_principals = principals_file != NULL || |
| options.authorized_principals_command != NULL)) { |
options.authorized_principals_command != NULL; |
| |
if (!found_principal && use_authorized_principals) { |
| reason = "Certificate does not contain an authorized principal"; |
reason = "Certificate does not contain an authorized principal"; |
| fail_reason: |
fail_reason: |
| error("%s", reason); |
error("%s", reason); |
|
|
| goto out; |
goto out; |
| } |
} |
| if (key_cert_check_authority(key, 0, 1, |
if (key_cert_check_authority(key, 0, 1, |
| principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) |
use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) |
| goto fail_reason; |
goto fail_reason; |
| if (auth_cert_options(key, pw) != 0) |
if (auth_cert_options(key, pw) != 0) |
| goto out; |
goto out; |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth2-pubkey.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh