From 72a8bea2d748c8bd7f076a8b39a52082c79ae95f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 23 Jan 2020 23:31:52 +0000 Subject: upstream: ssh-keygen -Y find-principals fixes based on feedback from Markus: use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@ OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf --- sshsig.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'sshsig.h') diff --git a/sshsig.h b/sshsig.h index 939e3dfe..63cc1ad1 100644 --- a/sshsig.h +++ b/sshsig.h @@ -93,13 +93,12 @@ struct sshsigopt *sshsigopt_parse(const char *opts, void sshsigopt_free(struct sshsigopt *opts); /* Get public key from signature */ -int -sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey); +int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey); /* Find principal in allowed_keys file, given a sshkey. Returns * 0 on success. */ -int sshsig_find_principal(const char *path, const struct sshkey *sign_key, +int sshsig_find_principals(const char *path, const struct sshkey *sign_key, char **principal); #endif /* SSHSIG_H */ -- cgit v1.2.1