diff options
author | Damien Miller <djm@mindrot.org> | 2011-05-29 21:39:36 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2011-05-29 21:39:36 +1000 |
commit | d8478b6a9b32760d47c2419279c4a73f5f88fdb6 (patch) | |
tree | b62b256606749fbb784ab7c2c7baa610c2a7dd71 /auth2-pubkey.c | |
parent | acacced70b3fd520ee3f12d3f477f9fd7c2f687a (diff) |
OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/23 03:30:07
[auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)
feedback and ok markus@ dtucker@
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index a97509c2..137887ec 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.28 2011/05/11 04:47:06 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.29 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -436,7 +436,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) int user_key_allowed(struct passwd *pw, Key *key) { - int success; + u_int success, i; char *file; if (auth_key_is_revoked(key)) @@ -448,9 +448,12 @@ user_key_allowed(struct passwd *pw, Key *key) if (success) return success; - file = authorized_keys_file(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); + for (i = 0; !success && i < options.num_authkeys_files; i++) { + file = expand_authorized_keys( + options.authorized_keys_files[i], pw); + success = user_key_allowed2(pw, key, file); + xfree(file); + } return success; } |