diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth2-pubkey.c | 18 |
2 files changed, 16 insertions, 6 deletions
@@ -29,6 +29,10 @@ use with LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` feedback and ok djm@ + - djm@cvs.openbsd.org 2010/05/20 11:25:26 + [auth2-pubkey.c] + fix logspam when key options (from="..." especially) deny non-matching + keys; reported by henning@ also bz#1765; ok markus@ dtucker@ 20100511 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 6b4a9972..faab0e77 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.24 2010/05/07 11:30:29 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.25 2010/05/20 11:25:26 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -291,13 +291,14 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) continue; } } - if (auth_parse_options(pw, key_options, file, linenum) != 1) - continue; if (key_is_cert(key)) { - if (!key_is_cert_authority) - continue; if (!key_equal(found, key->cert->signature_key)) continue; + if (auth_parse_options(pw, key_options, file, + linenum) != 1) + continue; + if (!key_is_cert_authority) + continue; fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); debug("matching CA found: file %s, line %lu, %s %s", @@ -332,7 +333,12 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) xfree(fp); found_key = 1; break; - } else if (!key_is_cert_authority && key_equal(found, key)) { + } else if (key_equal(found, key)) { + if (auth_parse_options(pw, key_options, file, + linenum) != 1) + continue; + if (key_is_cert_authority) + continue; found_key = 1; debug("matching key found: file %s, line %lu", file, linenum); |