tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

add a way for principals command to get see key ID and serial
too

Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb
This commit is contained in:
djm@openbsd.org 2016-09-21 01:34:45 +00:00 committed by Damien Miller
parent 920585b826
commit bfa9d969ab
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.57 2016/09/14 20:11:26 djm Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.58 2016/09/21 01:34:45 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -639,6 +639,7 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
pid_t pid;
char *tmp, *username = NULL, *command = NULL, **av = NULL;
char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL;
char serial_s[16];
void (*osigchld)(int);
if (options.authorized_principals_command == NULL)
@ -694,6 +695,7 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
goto out;
}
snprintf(serial_s, sizeof(serial_s), "%llu", cert->serial);
for (i = 1; i < ac; i++) {
tmp = percent_expand(av[i],
"u", user_pw->pw_name,
@ -704,6 +706,8 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
"F", ca_fp,
"k", keytext,
"K", catext,
"i", cert->key_id,
"s", serial_s,
(char *)NULL);
if (tmp == NULL)
fatal("%s: percent_expand failed", __func__);

18
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.232 2016/09/14 05:42:25 djm Exp $
.Dd $Mdocdate: September 14 2016 $
.\" $OpenBSD: sshd_config.5,v 1.233 2016/09/21 01:34:45 djm Exp $
.Dd $Mdocdate: September 21 2016 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -306,14 +306,16 @@ Arguments to
may be provided using the following tokens, which will be expanded
at runtime:
%% is replaced by a literal '%',
%u is replaced by the username being authenticated,
%h is replaced by the home directory of the user being authenticated,
%t is replaced with type of the certificate being offered,
%T with the type of the CA key,
%f is replaced with certificate fingerprint,
%F with the fingerprint of the CA key,
%k is replaced with the full base-64 encoded certificate and
%f is replaced with certificate fingerprint,
%K is replaced with the base-64 encoded CA key.
%k is replaced with the full base-64 encoded certificate,
%h is replaced with the home directory of the user being authenticated,
%i is replaced with key ID in the certificate,
%s is replaced with the serial number of the certificate,
%T with the type of the CA key,
%t is replaced with type of the certificate being offered, and
%u is replaced by the username being authenticated,
If no arguments are specified then the username of the target user
will be supplied.
.Pp