From 72a8bea2d748c8bd7f076a8b39a52082c79ae95f Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 23 Jan 2020 23:31:52 +0000
Subject: upstream: ssh-keygen -Y find-principals fixes based on feedback

from Markus:

use "principals" instead of principal, as allowed_signers lines may list
multiple.

When the signing key is a certificate, emit only principals that match
the certificate principal list.

NB. the command -Y name changes: "find-principal" => "find-principals"

ok markus@

OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
---
 sshsig.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'sshsig.h')

diff --git a/sshsig.h b/sshsig.h
index 939e3dfe..63cc1ad1 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -93,13 +93,12 @@ struct sshsigopt *sshsigopt_parse(const char *opts,
 void sshsigopt_free(struct sshsigopt *opts);
 
 /* Get public key from signature */
-int
-sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
+int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
 
 /* Find principal in allowed_keys file, given a sshkey. Returns
  * 0 on success.
  */
-int sshsig_find_principal(const char *path, const struct sshkey *sign_key,
+int sshsig_find_principals(const char *path, const struct sshkey *sign_key,
     char **principal);
 
 #endif /* SSHSIG_H */
-- 
cgit v1.2.1