Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403
commit596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403[log] [tgz]
authorjsing@openbsd.org <jsing@openbsd.org>Mon Jun 15 18:44:22 2015 +0000
committerDamien Miller <djm@mindrot.org>Wed Jun 17 22:12:05 2015 +1000
tree83d8c183a65709172408da4b4473fe90ab9efca3
parentaff3e94c0d75d0d0fa84ea392b50ab04f8c57905 [diff]
upstream commit

If AuthorizedPrincipalsCommand is specified, however
 AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
 potentially fail due to key_cert_check_authority() failing to locate a
 principal that matches the username, even though an authorized principal has
 already been matched in the output of the subprocess. Fix this by using the
 same logic to determine if pw->pw_name should be passed, as is used to
 determine if a authorized principal must be matched earlier on.

ok djm@

Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d
1 file changed
tree: 83d8c183a65709172408da4b4473fe90ab9efca3
  1. contrib/
  2. openbsd-compat/
  3. regress/
  4. scard/
  5. .cvsignore
  6. aclocal.m4
  7. addrmatch.c
  8. atomicio.c
  9. atomicio.h
  10. audit-bsm.c
  11. audit-linux.c
  12. audit.c
  13. audit.h
  14. auth-bsdauth.c
  15. auth-chall.c
  16. auth-krb5.c
  17. auth-options.c
  18. auth-options.h
  19. auth-pam.c
  20. auth-pam.h
  21. auth-passwd.c
  22. auth-rh-rsa.c
  23. auth-rhosts.c
  24. auth-rsa.c
  25. auth-shadow.c
  26. auth-sia.c
  27. auth-sia.h
  28. auth-skey.c
  29. auth.c
  30. auth.h
  31. auth1.c
  32. auth2-chall.c
  33. auth2-gss.c
  34. auth2-hostbased.c
  35. auth2-kbdint.c
  36. auth2-none.c
  37. auth2-passwd.c
  38. auth2-pubkey.c
  39. auth2.c
  40. authfd.c
  41. authfd.h
  42. authfile.c
  43. authfile.h
  44. bitmap.c
  45. bitmap.h
  46. blocks.c
  47. bufaux.c
  48. bufbn.c
  49. bufec.c
  50. buffer.c
  51. buffer.h
  52. buildpkg.sh.in
  53. canohost.c
  54. canohost.h
  55. chacha.c
  56. chacha.h
  57. channels.c
  58. channels.h
  59. cipher-3des1.c
  60. cipher-aes.c
  61. cipher-aesctr.c
  62. cipher-aesctr.h
  63. cipher-bf1.c
  64. cipher-chachapoly.c
  65. cipher-chachapoly.h
  66. cipher-ctr.c
  67. cipher.c
  68. cipher.h
  69. cleanup.c
  70. clientloop.c
  71. clientloop.h
  72. compat.c
  73. compat.h
  74. config.guess
  75. config.sub
  76. configure.ac
  77. crc32.c
  78. crc32.h
  79. CREDITS
  80. crypto_api.h
  81. deattack.c
  82. deattack.h
  83. defines.h
  84. dh.c
  85. dh.h
  86. digest-libc.c
  87. digest-openssl.c
  88. digest.h
  89. dispatch.c
  90. dispatch.h
  91. dns.c
  92. dns.h
  93. ed25519.c
  94. entropy.c
  95. entropy.h
  96. fatal.c
  97. fe25519.c
  98. fe25519.h
  99. fixalgorithms
  100. fixpaths
  101. fixprogs
  102. ge25519.c
  103. ge25519.h
  104. ge25519_base.data
  105. groupaccess.c
  106. groupaccess.h
  107. gss-genr.c
  108. gss-serv-krb5.c
  109. gss-serv.c
  110. hash.c
  111. hmac.c
  112. hmac.h
  113. hostfile.c
  114. hostfile.h
  115. includes.h
  116. INSTALL
  117. install-sh
  118. kex.c
  119. kex.h
  120. kexc25519.c
  121. kexc25519c.c
  122. kexc25519s.c
  123. kexdh.c
  124. kexdhc.c
  125. kexdhs.c
  126. kexecdh.c
  127. kexecdhc.c
  128. kexecdhs.c
  129. kexgex.c
  130. kexgexc.c
  131. kexgexs.c
  132. key.c
  133. key.h
  134. krl.c
  135. krl.h
  136. LICENCE
  137. log.c
  138. log.h
  139. loginrec.c
  140. loginrec.h
  141. logintest.c
  142. mac.c
  143. mac.h
  144. Makefile.in
  145. match.c
  146. match.h
  147. md-sha256.c
  148. md5crypt.c
  149. md5crypt.h
  150. mdoc2man.awk
  151. misc.c
  152. misc.h
  153. mkinstalldirs
  154. moduli
  155. moduli.5
  156. moduli.c
  157. monitor.c
  158. monitor.h
  159. monitor_fdpass.c
  160. monitor_fdpass.h
  161. monitor_mm.c
  162. monitor_mm.h
  163. monitor_wrap.c
  164. monitor_wrap.h
  165. msg.c
  166. msg.h
  167. mux.c
  168. myproposal.h
  169. nchan.c
  170. nchan.ms
  171. nchan2.ms
  172. opacket.c
  173. opacket.h
  174. openssh.xml.in
  175. opensshd.init.in
  176. OVERVIEW
  177. packet.c
  178. packet.h
  179. pathnames.h
  180. pkcs11.h
  181. platform.c
  182. platform.h
  183. poly1305.c
  184. poly1305.h
  185. progressmeter.c
  186. progressmeter.h
  187. PROTOCOL
  188. PROTOCOL.agent
  189. PROTOCOL.certkeys
  190. PROTOCOL.chacha20poly1305
  191. PROTOCOL.key
  192. PROTOCOL.krl
  193. PROTOCOL.mux
  194. readconf.c
  195. readconf.h
  196. README
  197. README.dns
  198. README.platform
  199. README.privsep
  200. README.tun
  201. readpass.c
  202. rijndael.c
  203. rijndael.h
  204. roaming.h
  205. roaming_client.c
  206. roaming_common.c
  207. roaming_dummy.c
  208. roaming_serv.c
  209. rsa.c
  210. rsa.h
  211. sandbox-capsicum.c
  212. sandbox-darwin.c
  213. sandbox-null.c
  214. sandbox-rlimit.c
  215. sandbox-seccomp-filter.c
  216. sandbox-systrace.c
  217. sc25519.c
  218. sc25519.h
  219. scp.1
  220. scp.c
  221. servconf.c
  222. servconf.h
  223. serverloop.c
  224. serverloop.h
  225. session.c
  226. session.h
  227. sftp-client.c
  228. sftp-client.h
  229. sftp-common.c
  230. sftp-common.h
  231. sftp-glob.c
  232. sftp-server-main.c
  233. sftp-server.8
  234. sftp-server.c
  235. sftp.1
  236. sftp.c
  237. sftp.h
  238. smult_curve25519_ref.c
  239. ssh-add.1
  240. ssh-add.c
  241. ssh-agent.1
  242. ssh-agent.c
  243. ssh-dss.c
  244. ssh-ecdsa.c
  245. ssh-ed25519.c
  246. ssh-gss.h
  247. ssh-keygen.1
  248. ssh-keygen.c
  249. ssh-keyscan.1
  250. ssh-keyscan.c
  251. ssh-keysign.8
  252. ssh-keysign.c
  253. ssh-pkcs11-client.c
  254. ssh-pkcs11-helper.8
  255. ssh-pkcs11-helper.c
  256. ssh-pkcs11.c
  257. ssh-pkcs11.h
  258. ssh-rsa.c
  259. ssh-sandbox.h
  260. ssh.1
  261. ssh.c
  262. ssh.h
  263. ssh1.h
  264. ssh2.h
  265. ssh_api.c
  266. ssh_api.h
  267. ssh_config
  268. ssh_config.5
  269. sshbuf-getput-basic.c
  270. sshbuf-getput-crypto.c
  271. sshbuf-misc.c
  272. sshbuf.c
  273. sshbuf.h
  274. sshconnect.c
  275. sshconnect.h
  276. sshconnect1.c
  277. sshconnect2.c
  278. sshd.8
  279. sshd.c
  280. sshd_config
  281. sshd_config.5
  282. ssherr.c
  283. ssherr.h
  284. sshkey.c
  285. sshkey.h
  286. sshlogin.c
  287. sshlogin.h
  288. sshpty.c
  289. sshpty.h
  290. sshtty.c
  291. survey.sh.in
  292. TODO
  293. ttymodes.c
  294. ttymodes.h
  295. uidswap.c
  296. uidswap.h
  297. umac.c
  298. umac.h
  299. uuencode.c
  300. uuencode.h
  301. verify.c
  302. version.h
  303. xmalloc.c
  304. xmalloc.h