upstream commit

Make the arguments to match_principals_command() similar
 to match_principals_file(), by changing the last argument a struct
 sshkey_cert * and dereferencing key->cert in the caller.

No functional change.

ok djm@

Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c
This commit is contained in:
jsing@openbsd.org 2015-06-15 18:42:19 +00:00 committed by Damien Miller
parent 97e2e1596c
commit aff3e94c0d
1 changed files with 4 additions and 4 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.51 2015/05/21 06:43:30 djm Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.52 2015/06/15 18:42:19 jsing Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -624,7 +624,7 @@ match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert)
* returns 1 if the principal is allowed or 0 otherwise. * returns 1 if the principal is allowed or 0 otherwise.
*/ */
static int static int
match_principals_command(struct passwd *user_pw, struct sshkey *key) match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert)
{ {
FILE *f = NULL; FILE *f = NULL;
int ok, found_principal = 0; int ok, found_principal = 0;
@ -689,7 +689,7 @@ match_principals_command(struct passwd *user_pw, struct sshkey *key)
uid_swapped = 1; uid_swapped = 1;
temporarily_use_uid(pw); temporarily_use_uid(pw);
ok = process_principals(f, NULL, pw, key->cert); ok = process_principals(f, NULL, pw, cert);
if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
goto out; goto out;
@ -857,7 +857,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
found_principal = 1; found_principal = 1;
} }
/* Try querying command if specified */ /* Try querying command if specified */
if (!found_principal && match_principals_command(pw, key)) if (!found_principal && match_principals_command(pw, key->cert))
found_principal = 1; found_principal = 1;
/* If principals file or command specify, then require a match here */ /* If principals file or command specify, then require a match here */
if (!found_principal && (principals_file != NULL || if (!found_principal && (principals_file != NULL ||