upstream: ssh-keygen -Y find-principals fixes based on feedback

from Markus: use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@ OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
author: djm@openbsd.org <djm@openbsd.org> 2020-01-23 23:31:52 +0000
committer: Damien Miller <djm@mindrot.org> 2020-01-25 11:27:29 +1100
commit: 72a8bea2d748c8bd7f076a8b39a52082c79ae95f (patch)
tree: 14bea4a63d81af371d75708384811f5829a38267 /sshsig.h
parent: 0585b5697201f5d8b32e6f1b0fee7e188268d30d (diff)
download: openssh-git-72a8bea2d748c8bd7f076a8b39a52082c79ae95f.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/sshsig.h b/sshsig.h
index 939e3dfe..63cc1ad1 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -93,13 +93,12 @@ struct sshsigopt *sshsigopt_parse(const char *opts,
 void sshsigopt_free(struct sshsigopt *opts);
 
 /* Get public key from signature */
-int
-sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
+int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
 
 /* Find principal in allowed_keys file, given a sshkey. Returns
  * 0 on success.
  */
-int sshsig_find_principal(const char *path, const struct sshkey *sign_key,
+int sshsig_find_principals(const char *path, const struct sshkey *sign_key,
     char **principal);
 
 #endif /* SSHSIG_H */
author	djm@openbsd.org <djm@openbsd.org>	2020-01-23 23:31:52 +0000
committer	Damien Miller <djm@mindrot.org>	2020-01-25 11:27:29 +1100
commit	72a8bea2d748c8bd7f076a8b39a52082c79ae95f (patch)
tree	14bea4a63d81af371d75708384811f5829a38267 /sshsig.h
parent	0585b5697201f5d8b32e6f1b0fee7e188268d30d (diff)
download	openssh-git-72a8bea2d748c8bd7f076a8b39a52082c79ae95f.tar.gz