diff options
author | Damien Miller <djm@mindrot.org> | 2019-12-14 09:21:46 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-14 09:21:46 +1100 |
commit | 9244990ecdcfa36bb9371058111685b05f201c1e (patch) | |
tree | a068b6ce79b806f20c0159cf3306a0234ef1f387 /ssh-sk-client.c | |
parent | a33ab1688b5c460a7e2a301418241ce1b13b2638 (diff) |
remove a bunch of ENABLE_SK #ifdefs
The ssh-sk-helper client API gives us a nice place to disable
security key support when it is wasn't enabled at compile time,
so we don't need to check everywere.
Also, verification of security key signatures can remain enabled
all the time - it has no additional dependencies. So sshd can
accept security key pubkeys in authorized_keys, etc regardless of
the host's support for dlopen, etc.
Diffstat (limited to 'ssh-sk-client.c')
-rw-r--r-- | ssh-sk-client.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ssh-sk-client.c b/ssh-sk-client.c index 92ac0e7e1..8a7ac97c4 100644 --- a/ssh-sk-client.c +++ b/ssh-sk-client.c | |||
@@ -198,6 +198,10 @@ sshsk_sign(const char *provider, struct sshkey *key, | |||
198 | *sigp = NULL; | 198 | *sigp = NULL; |
199 | *lenp = 0; | 199 | *lenp = 0; |
200 | 200 | ||
201 | #ifndef ENABLE_SK | ||
202 | return SSH_ERR_KEY_TYPE_UNKNOWN; | ||
203 | #endif | ||
204 | |||
201 | if ((kbuf = sshbuf_new()) == NULL || | 205 | if ((kbuf = sshbuf_new()) == NULL || |
202 | (req = sshbuf_new()) == NULL) { | 206 | (req = sshbuf_new()) == NULL) { |
203 | r = SSH_ERR_ALLOC_FAIL; | 207 | r = SSH_ERR_ALLOC_FAIL; |
@@ -266,6 +270,10 @@ sshsk_enroll(int type, const char *provider_path, const char *application, | |||
266 | if (attest != NULL) | 270 | if (attest != NULL) |
267 | sshbuf_reset(attest); | 271 | sshbuf_reset(attest); |
268 | 272 | ||
273 | #ifndef ENABLE_SK | ||
274 | return SSH_ERR_KEY_TYPE_UNKNOWN; | ||
275 | #endif | ||
276 | |||
269 | if (type < 0) | 277 | if (type < 0) |
270 | return SSH_ERR_INVALID_ARGUMENT; | 278 | return SSH_ERR_INVALID_ARGUMENT; |
271 | 279 | ||