diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-25 00:54:23 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-25 12:23:40 +1100 |
commit | 2e71263b80fec7ad977e098004fef7d122169d40 (patch) | |
tree | b4eef0768ef7fb69c0acdfad6a9d63762791d6f6 /auth.c | |
parent | 0fddf2967ac51d518e300408a0d7e6adf4cd2634 (diff) |
upstream: add a "no-touch-required" option for authorized_keys and
a similar extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched their
key to authorize them.
feedback deraadt, ok markus
OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.142 2019/10/16 06:05:39 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.143 2019/11/25 00:54:23 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -1005,7 +1005,7 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) | |||
1005 | 1005 | ||
1006 | snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); | 1006 | snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); |
1007 | /* Try to keep this alphabetically sorted */ | 1007 | /* Try to keep this alphabetically sorted */ |
1008 | snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s", | 1008 | snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s", |
1009 | opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", | 1009 | opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", |
1010 | opts->force_command == NULL ? "" : " command", | 1010 | opts->force_command == NULL ? "" : " command", |
1011 | do_env ? " environment" : "", | 1011 | do_env ? " environment" : "", |
@@ -1018,7 +1018,8 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) | |||
1018 | opts->force_tun_device == -1 ? "" : " tun=", | 1018 | opts->force_tun_device == -1 ? "" : " tun=", |
1019 | opts->force_tun_device == -1 ? "" : buf, | 1019 | opts->force_tun_device == -1 ? "" : buf, |
1020 | opts->permit_user_rc ? " user-rc" : "", | 1020 | opts->permit_user_rc ? " user-rc" : "", |
1021 | opts->permit_x11_forwarding_flag ? " x11-forwarding" : ""); | 1021 | opts->permit_x11_forwarding_flag ? " x11-forwarding" : "", |
1022 | opts->no_require_user_presence ? " no-touch-required" : ""); | ||
1022 | 1023 | ||
1023 | debug("%s: %s", loc, msg); | 1024 | debug("%s: %s", loc, msg); |
1024 | if (do_remote) | 1025 | if (do_remote) |