diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-25 00:54:23 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-25 12:23:40 +1100 |
commit | 2e71263b80fec7ad977e098004fef7d122169d40 (patch) | |
tree | b4eef0768ef7fb69c0acdfad6a9d63762791d6f6 /auth2-pubkey.c | |
parent | 0fddf2967ac51d518e300408a0d7e6adf4cd2634 (diff) |
upstream: add a "no-touch-required" option for authorized_keys and
a similar extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched their
key to authorize them.
feedback deraadt, ok markus
OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 0ef982a48..b656b1f8c 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.96 2019/11/25 00:52:46 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -225,7 +225,8 @@ userauth_pubkey(struct ssh *ssh) | |||
225 | __func__, sig_details->sk_counter, | 225 | __func__, sig_details->sk_counter, |
226 | sig_details->sk_flags); | 226 | sig_details->sk_flags); |
227 | req_presence = (options.pubkey_auth_options & | 227 | req_presence = (options.pubkey_auth_options & |
228 | PUBKEYAUTH_TOUCH_REQUIRED); | 228 | PUBKEYAUTH_TOUCH_REQUIRED) || |
229 | !authopts->no_require_user_presence; | ||
229 | if (req_presence && (sig_details->sk_flags & | 230 | if (req_presence && (sig_details->sk_flags & |
230 | SSH_SK_USER_PRESENCE_REQD) == 0) { | 231 | SSH_SK_USER_PRESENCE_REQD) == 0) { |
231 | error("public key %s signature for %s%s from " | 232 | error("public key %s signature for %s%s from " |