Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 74836ae0fabcc1a76b9d9eacd1629c88a054b2d0^! / . / auth2-pubkey.c
commit74836ae0fabcc1a76b9d9eacd1629c88a054b2d0[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Sun Jun 02 07:32:00 2013 +1000
committerDarren Tucker <dtucker@zip.com.au>Sun Jun 02 07:32:00 2013 +1000
treed82e1ff85ed1f7d88daf3e31c98cc23a7b495bd3
parenta627d42e51ffa71e014d7b2d2c07118122fd3ec3 [diff] [blame]
   - djm@cvs.openbsd.org 2013/05/19 02:38:28
     [auth2-pubkey.c]
     fix failure to recognise cert-authority keys if a key of a different type
     appeared in authorized_keys before it; ok markus@

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 4c326df..45306f8 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.36 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.37 2013/05/19 02:38:28 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -147,6 +147,8 @@
 #ifdef DEBUG_PK
 		buffer_dump(&b);
 #endif
+		pubkey_auth_info(authctxt, key);
+
 		/* test for correct signature */
 		authenticated = 0;
 		if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
@@ -187,6 +189,26 @@
 	return authenticated;
 }
 
+void
+pubkey_auth_info(Authctxt *authctxt, const Key *key)
+{
+	char *fp;
+
+	if (key_is_cert(key)) {
+		fp = key_fingerprint(key->cert->signature_key,
+		    SSH_FP_MD5, SSH_FP_HEX);
+		auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s", 
+		    key_type(key), key->cert->key_id,
+		    (unsigned long long)key->cert->serial,
+		    key_type(key->cert->signature_key), fp);
+		free(fp);
+	} else {
+		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+		auth_info(authctxt, "%s %s", key_type(key), fp);
+		free(fp);
+	}
+}
+
 static int
 match_principals_option(const char *principal_list, struct KeyCert *cert)
 {
@@ -280,11 +302,13 @@
 	char *fp;
 
 	found_key = 0;
-	found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
 
+	found = NULL;
 	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
 		char *cp, *key_options = NULL;
-
+		if (found != NULL)
+			key_free(found);
+		found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
 		auth_clear_options();
 
 		/* Skip leading whitespace, empty and comment lines. */
@@ -362,16 +386,15 @@
 			if (key_is_cert_authority)
 				continue;
 			found_key = 1;
-			debug("matching key found: file %s, line %lu",
-			    file, linenum);
 			fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
-			verbose("Found matching %s key: %s",
-			    key_type(found), fp);
+			debug("matching key found: file %s, line %lu %s %s",
+			    file, linenum, key_type(found), fp);
 			free(fp);
 			break;
 		}
 	}
-	key_free(found);
+	if (found != NULL)
+		key_free(found);
 	if (!found_key)
 		debug2("key not found");
 	return found_key;