- djm@cvs.openbsd.org 2011/05/20 00:55:02

     [servconf.c]
     the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
     and AuthorizedPrincipalsFile were not being correctly applied in
     Match blocks, despite being overridable there; ok dtucker@

2 files changed, 11 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 6a0cf493..eb513617 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,11 @@
      [key.c]
      fatal() if asked to generate a legacy ECDSA cert (these don't exist)
      and fix the regress test that was trying to generate them :)
+   - djm@cvs.openbsd.org 2011/05/20 00:55:02
+     [servconf.c]
+     the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
+     and AuthorizedPrincipalsFile were not being correctly applied in
+     Match blocks, despite being overridable there; ok dtucker@
 
 20110515
  - (djm) OpenBSD CVS Sync
diff --git a/servconf.c b/servconf.c
index f862fbfd..ab134ee5 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.215 2011/05/11 04:47:06 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.216 2011/05/20 00:55:02 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1500,14 +1500,15 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 	M_CP_INTOPT(ip_qos_bulk);
 
 	M_CP_STROPT(banner);
-	if (preauth)
-		return;
-	M_CP_STROPT(adm_forced_command);
-	M_CP_STROPT(chroot_directory);
 	M_CP_STROPT(trusted_user_ca_keys);
 	M_CP_STROPT(revoked_keys_file);
 	M_CP_STROPT(authorized_keys_file);
 	M_CP_STROPT(authorized_principals_file);
+
+	if (preauth)
+		return;
+	M_CP_STROPT(adm_forced_command);
+	M_CP_STROPT(chroot_directory);
 }
 
 #undef M_CP_INTOPT