diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-11-25 00:55:58 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-11-25 12:25:30 +1100 |
| commit | daeaf4136927c2a82af1399022103d67ff03f74a (patch) | |
| tree | ae36ea4af1bd3fcc57813bfa71eca4cceef0efe9 /ssh-keygen.c | |
| parent | 2e71263b80fec7ad977e098004fef7d122169d40 (diff) | |
upstream: allow "ssh-keygen -x no-touch-required" when generating a
security key keypair to request one that does not require a touch for each
authentication attempt. The default remains to require touch.
feedback deraadt; ok markus@
OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 16d196fc8..e939c5b57 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.371 2019/11/25 00:54:23 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.372 2019/11/25 00:55:58 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2810,6 +2810,7 @@ main(int argc, char **argv) | |||
| 2810 | unsigned long long ull, cert_serial = 0; | 2810 | unsigned long long ull, cert_serial = 0; |
| 2811 | char *identity_comment = NULL, *ca_key_path = NULL; | 2811 | char *identity_comment = NULL, *ca_key_path = NULL; |
| 2812 | u_int32_t bits = 0; | 2812 | u_int32_t bits = 0; |
| 2813 | uint8_t sk_flags = SSH_SK_USER_PRESENCE_REQD; | ||
| 2813 | FILE *f; | 2814 | FILE *f; |
| 2814 | const char *errstr; | 2815 | const char *errstr; |
| 2815 | int log_level = SYSLOG_LEVEL_INFO; | 2816 | int log_level = SYSLOG_LEVEL_INFO; |
| @@ -2822,9 +2823,6 @@ main(int argc, char **argv) | |||
| 2822 | unsigned long start_lineno = 0, lines_to_process = 0; | 2823 | unsigned long start_lineno = 0, lines_to_process = 0; |
| 2823 | BIGNUM *start = NULL; | 2824 | BIGNUM *start = NULL; |
| 2824 | #endif | 2825 | #endif |
| 2825 | #ifdef ENABLE_SK | ||
| 2826 | uint8_t sk_flags = SSH_SK_USER_PRESENCE_REQD; | ||
| 2827 | #endif | ||
| 2828 | 2826 | ||
| 2829 | extern int optind; | 2827 | extern int optind; |
| 2830 | extern char *optarg; | 2828 | extern char *optarg; |
| @@ -3015,15 +3013,19 @@ main(int argc, char **argv) | |||
| 3015 | case 'x': | 3013 | case 'x': |
| 3016 | if (*optarg == '\0') | 3014 | if (*optarg == '\0') |
| 3017 | fatal("Missing security key flags"); | 3015 | fatal("Missing security key flags"); |
| 3018 | ull = strtoull(optarg, &ep, 0); | 3016 | if (strcasecmp(optarg, "no-touch-required") == 0) |
| 3019 | if (*ep != '\0') | 3017 | sk_flags &= ~SSH_SK_USER_PRESENCE_REQD; |
| 3020 | fatal("Security key flags \"%s\" is not a " | 3018 | else { |
| 3021 | "number", optarg); | 3019 | ull = strtoull(optarg, &ep, 0); |
| 3022 | if (ull > 0xff) | 3020 | if (*ep != '\0') |
| 3023 | fatal("Invalid security key flags 0x%llx", ull); | 3021 | fatal("Security key flags \"%s\" is " |
| 3024 | #ifdef ENABLE_SK | 3022 | "not a number", optarg); |
| 3025 | sk_flags = (uint8_t)ull; | 3023 | if (ull > 0xff) { |
| 3026 | #endif | 3024 | fatal("Invalid security key " |
| 3025 | "flags 0x%llx", ull); | ||
| 3026 | } | ||
| 3027 | sk_flags = (uint8_t)ull; | ||
| 3028 | } | ||
| 3027 | break; | 3029 | break; |
| 3028 | case 'z': | 3030 | case 'z': |
| 3029 | errno = 0; | 3031 | errno = 0; |