CVSROOT: /cvs Module name: src Changes by: d...@cvs.openbsd.org 2016/11/29 19:57:40
Modified files: usr.bin/ssh : auth-options.c auth-options.h auth2-pubkey.c sshd.8 Log message: When a forced-command appears in both a certificate and an authorized keys/principals command= restriction, refuse to accept the certificate unless they are identical. The previous (documented) behaviour of having the certificate forced- command override the other could be a bit confused and more error-prone. Pointed out by Jann Horn of Project Zero; ok dtucker@