version 1.59, 2016/09/21 17:44:20 |
version 1.60, 2016/11/30 02:57:40 |
|
|
check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) |
check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) |
{ |
{ |
char line[SSH_MAX_PUBKEY_BYTES]; |
char line[SSH_MAX_PUBKEY_BYTES]; |
const char *reason; |
|
int found_key = 0; |
int found_key = 0; |
u_long linenum = 0; |
u_long linenum = 0; |
Key *found; |
Key *found; |
char *fp; |
|
|
|
found_key = 0; |
found_key = 0; |
|
|
found = NULL; |
found = NULL; |
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
char *cp, *key_options = NULL; |
char *cp, *key_options = NULL, *fp = NULL; |
|
const char *reason = NULL; |
|
|
if (found != NULL) |
if (found != NULL) |
key_free(found); |
key_free(found); |
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
|
|
authorized_principals == NULL ? pw->pw_name : NULL, |
authorized_principals == NULL ? pw->pw_name : NULL, |
&reason) != 0) |
&reason) != 0) |
goto fail_reason; |
goto fail_reason; |
if (auth_cert_options(key, pw) != 0) { |
if (auth_cert_options(key, pw, &reason) != 0) |
free(fp); |
goto fail_reason; |
continue; |
|
} |
|
verbose("Accepted certificate ID \"%s\" (serial %llu) " |
verbose("Accepted certificate ID \"%s\" (serial %llu) " |
"signed by %s CA %s via %s", key->cert->key_id, |
"signed by %s CA %s via %s", key->cert->key_id, |
(unsigned long long)key->cert->serial, |
(unsigned long long)key->cert->serial, |
|
|
if (key_cert_check_authority(key, 0, 1, |
if (key_cert_check_authority(key, 0, 1, |
use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) |
use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) |
goto fail_reason; |
goto fail_reason; |
if (auth_cert_options(key, pw) != 0) |
if (auth_cert_options(key, pw, &reason) != 0) |
goto out; |
goto fail_reason; |
|
|
verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " |
verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " |
"%s CA %s via %s", key->cert->key_id, |
"%s CA %s via %s", key->cert->key_id, |