57 #include "auth-options.h"
71 extern ServerOptions options;
78 	    options.fingerprint_hash, SSH_FP_DEFAULT);
158 	if (match_pattern_list(pkalg, options.pubkey_accepted_algos, 0) != 1) {
164 	    options.ca_sign_algorithms)) != 0) {
171 	    options.required_rsa_size)) != 0) {
232 			req_presence = (options.pubkey_auth_options &
247 			req_verify = (options.pubkey_auth_options &
295 		debug_f("key options inconsistent with existing");
326 	if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) {
357 	if (options.authorized_principals_command == NULL)
359 	if (options.authorized_principals_command_user == NULL) {
372 	username = percent_expand(options.authorized_principals_command_user,
382 	if (argv_split(options.authorized_principals_command,
385 		    "invalid quotes", options.authorized_principals_command);
390 		    options.authorized_principals_command);
394 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
399 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
491 	if (!sshkey_is_cert(key) || options.trusted_user_ca_keys == NULL)
495 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
499 	    options.trusted_user_ca_keys, 1, 0)) != 0) {
502 		    options.trusted_user_ca_keys);
521 	    options.authorized_principals_command != NULL;
532 	/* Check authority from options in key and from principals file/cmd */
534 		reason = "Invalid certificate options";
539 		reason = "Refused by certificate options";
548 			reason = "Refused by certificate principals options";
565 	    options.trusted_user_ca_keys);
599 	if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) {
629 	if (options.authorized_keys_command == NULL)
631 	if (options.authorized_keys_command_user == NULL) {
643 	username = percent_expand(options.authorized_keys_command_user,
653 	if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
664 	if (argv_split(options.authorized_keys_command, &ac, &av, 0) != 0) {
666 		    options.authorized_keys_command);
671 		    options.authorized_keys_command);
719 	    options.authorized_keys_command, key, remote_ip,
770 	remote_host = auth_get_canonical_hostname(ssh, options.use_dns);
775 	for (i = 0; !success && i < options.num_authkeys_files; i++) {
776 		if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
779 		    options.authorized_keys_files[i], pw);

Indexes created Mon Jul 29 19:40:31 MDT 2024