Import debian 5.9p1-1

[openssh.git] / auth2-pubkey.c

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 137887e..a1d31e9 100644 (file)
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -211,6 +211,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
                restore_uid();
                return 0;
        }
+       auth_start_parse_options();
        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                /* Skip leading whitespace. */
                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -280,6 +281,8 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
        found_key = 0;
        found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
 
+       auth_start_parse_options();
+
        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                char *cp, *key_options = NULL;
 
@@ -416,6 +419,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
        if (key_cert_check_authority(key, 0, 1,
            principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
                goto fail_reason;
+       auth_start_parse_options();
        if (auth_cert_options(key, pw) != 0)
                goto out;
 
@@ -439,9 +443,10 @@ user_key_allowed(struct passwd *pw, Key *key)
        u_int success, i;
        char *file;
 
-       if (auth_key_is_revoked(key))
+       if (auth_key_is_revoked(key, 0))
                return 0;
-       if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
+       if (key_is_cert(key) &&
+           auth_key_is_revoked(key->cert->signature_key, 0))
                return 0;
 
        success = user_cert_trusted_ca(pw, key);