summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-11-25 00:54:23 +0000
committerDamien Miller <djm@mindrot.org>2019-11-25 12:23:40 +1100
commit2e71263b80fec7ad977e098004fef7d122169d40 (patch)
treeb4eef0768ef7fb69c0acdfad6a9d63762791d6f6 /auth2-pubkey.c
parent0fddf2967ac51d518e300408a0d7e6adf4cd2634 (diff)
upstream: add a "no-touch-required" option for authorized_keys and
a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 0ef982a48..b656b1f8c 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.96 2019/11/25 00:52:46 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -225,7 +225,8 @@ userauth_pubkey(struct ssh *ssh)
225 __func__, sig_details->sk_counter, 225 __func__, sig_details->sk_counter,
226 sig_details->sk_flags); 226 sig_details->sk_flags);
227 req_presence = (options.pubkey_auth_options & 227 req_presence = (options.pubkey_auth_options &
228 PUBKEYAUTH_TOUCH_REQUIRED); 228 PUBKEYAUTH_TOUCH_REQUIRED) ||
229 !authopts->no_require_user_presence;
229 if (req_presence && (sig_details->sk_flags & 230 if (req_presence && (sig_details->sk_flags &
230 SSH_SK_USER_PRESENCE_REQD) == 0) { 231 SSH_SK_USER_PRESENCE_REQD) == 0) {
231 error("public key %s signature for %s%s from " 232 error("public key %s signature for %s%s from "