summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2009-08-27 17:44:53 +0000
committerDamien Miller <djm@cvs.openbsd.org>2009-08-27 17:44:53 +0000
commit01975d3d54e833fb99c394d7bd50ddf425731138 (patch)
treed9f1af0d83bf4e5317df54f8e5104fa119e2facd /usr.bin/ssh
parent78467dc36ab5dfafdc25b3639e36ee3cd4b0864a (diff)
Do not fall back to adding keys without contraints (ssh-add -c / -t ...)
when the agent refuses the constrained add request. This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/authfd.c8
-rw-r--r--usr.bin/ssh/authfd.h3
-rw-r--r--usr.bin/ssh/ssh-add.c5
3 files changed, 3 insertions, 13 deletions
diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c
index c05c23c6d73..99778fcb68f 100644
--- a/usr.bin/ssh/authfd.c
+++ b/usr.bin/ssh/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.80 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: authfd.c,v 1.81 2009/08/27 17:44:52 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -543,12 +543,6 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
return decode_reply(type);
}
-int
-ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
-{
- return ssh_add_identity_constrained(auth, key, comment, 0, 0);
-}
-
/*
* Removes an identity from the authentication server. This call is not
* meant to be used by normal applications.
diff --git a/usr.bin/ssh/authfd.h b/usr.bin/ssh/authfd.h
index 3da2561127e..2582a27aa52 100644
--- a/usr.bin/ssh/authfd.h
+++ b/usr.bin/ssh/authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.36 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: authfd.h,v 1.37 2009/08/27 17:44:52 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -75,7 +75,6 @@ void ssh_close_authentication_connection(AuthenticationConnection *);
int ssh_get_num_identities(AuthenticationConnection *, int);
Key *ssh_get_first_identity(AuthenticationConnection *, char **, int);
Key *ssh_get_next_identity(AuthenticationConnection *, char **, int);
-int ssh_add_identity(AuthenticationConnection *, Key *, const char *);
int ssh_add_identity_constrained(AuthenticationConnection *, Key *,
const char *, u_int, u_int);
int ssh_remove_identity(AuthenticationConnection *, Key *);
diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c
index 07bc23f7a9d..93ea32d9a79 100644
--- a/usr.bin/ssh/ssh-add.c
+++ b/usr.bin/ssh/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.90 2007/09/09 11:38:01 sobrado Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.91 2009/08/27 17:44:52 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -191,9 +191,6 @@ add_file(AuthenticationConnection *ac, const char *filename)
if (confirm != 0)
fprintf(stderr,
"The user has to confirm each use of the key\n");
- } else if (ssh_add_identity(ac, private, comment)) {
- fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
- ret = 0;
} else {
fprintf(stderr, "Could not add identity: %s\n", filename);
}