diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-25 12:24:16 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-25 12:24:16 +0000 |
commit | 02d776600121afc31658f3b857ab9d41c7cad5ca (patch) | |
tree | 46d879a915140a1383efdd7bd08b66c064795824 | |
parent | 59247ecde39f2d826a94ab07f6095ca1f6644e88 (diff) |
* Backport from upstream:
- Do not fall back to adding keys without contraints (ssh-add -c / -t
...) when the agent refuses the constrained add request. This was a
useful migration measure back in 2002 when constraints were new, but
just adds risk now (LP: #209447).
-rw-r--r-- | authfd.c | 6 | ||||
-rw-r--r-- | authfd.h | 1 | ||||
-rw-r--r-- | debian/changelog | 5 | ||||
-rw-r--r-- | ssh-add.c | 3 |
4 files changed, 5 insertions, 10 deletions
@@ -545,12 +545,6 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
545 | return decode_reply(type); | 545 | return decode_reply(type); |
546 | } | 546 | } |
547 | 547 | ||
548 | int | ||
549 | ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) | ||
550 | { | ||
551 | return ssh_add_identity_constrained(auth, key, comment, 0, 0); | ||
552 | } | ||
553 | |||
554 | /* | 548 | /* |
555 | * Removes an identity from the authentication server. This call is not | 549 | * Removes an identity from the authentication server. This call is not |
556 | * meant to be used by normal applications. | 550 | * meant to be used by normal applications. |
@@ -75,7 +75,6 @@ void ssh_close_authentication_connection(AuthenticationConnection *); | |||
75 | int ssh_get_num_identities(AuthenticationConnection *, int); | 75 | int ssh_get_num_identities(AuthenticationConnection *, int); |
76 | Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); | 76 | Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); |
77 | Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); | 77 | Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); |
78 | int ssh_add_identity(AuthenticationConnection *, Key *, const char *); | ||
79 | int ssh_add_identity_constrained(AuthenticationConnection *, Key *, | 78 | int ssh_add_identity_constrained(AuthenticationConnection *, Key *, |
80 | const char *, u_int, u_int); | 79 | const char *, u_int, u_int); |
81 | int ssh_remove_identity(AuthenticationConnection *, Key *); | 80 | int ssh_remove_identity(AuthenticationConnection *, Key *); |
diff --git a/debian/changelog b/debian/changelog index 8ff7c54ac..ed90f6561 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -3,6 +3,11 @@ openssh (1:5.3p1-1) UNRELEASED; urgency=low | |||
3 | * New upstream release. | 3 | * New upstream release. |
4 | * Update to GSSAPI patch from | 4 | * Update to GSSAPI patch from |
5 | http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch. | 5 | http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch. |
6 | * Backport from upstream: | ||
7 | - Do not fall back to adding keys without contraints (ssh-add -c / -t | ||
8 | ...) when the agent refuses the constrained add request. This was a | ||
9 | useful migration measure back in 2002 when constraints were new, but | ||
10 | just adds risk now (LP: #209447). | ||
6 | 11 | ||
7 | -- Colin Watson <cjwatson@debian.org> Sun, 24 Jan 2010 22:32:25 +0000 | 12 | -- Colin Watson <cjwatson@debian.org> Sun, 24 Jan 2010 22:32:25 +0000 |
8 | 13 | ||
@@ -203,9 +203,6 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
203 | if (confirm != 0) | 203 | if (confirm != 0) |
204 | fprintf(stderr, | 204 | fprintf(stderr, |
205 | "The user has to confirm each use of the key\n"); | 205 | "The user has to confirm each use of the key\n"); |
206 | } else if (ssh_add_identity(ac, private, comment)) { | ||
207 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | ||
208 | ret = 0; | ||
209 | } else { | 206 | } else { |
210 | fprintf(stderr, "Could not add identity: %s\n", filename); | 207 | fprintf(stderr, "Could not add identity: %s\n", filename); |
211 | } | 208 | } |