upstream: ssh AddKeysToAgent support for U2F/FIDO keys

feedback & ok markus@ OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
author: djm@openbsd.org <djm@openbsd.org> 2019-10-31 21:20:38 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-01 09:46:09 +1100
commit: eebec620c9519c4839d781c4d5b6082152998f82 (patch)
tree: f049afbdf3a9302dfd851fb7fcb3bb3cdff3d133 /sshconnect.c
parent: 486164d060314a7f8bca2a00f53be9e900c5e74d (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 223074bd6..177775f6e 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.320 2019/10/31 21:19:15 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.321 2019/10/31 21:20:38 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1409,6 +1409,7 @@ maybe_add_key_to_agent(char *authfile, struct sshkey *private,
    char *comment, char *passphrase)
 {
        int auth_sock = -1, r;
+        const char *skprovider = NULL;
        if (options.add_keys_to_agent == 0)
                return;
@@ -1424,9 +1425,10 @@ maybe_add_key_to_agent(char *authfile, struct sshkey *private,
                close(auth_sock);
                return;
        }
+        if (sshkey_type_plain(private->type) == KEY_ECDSA_SK)
+                skprovider = options.sk_provider;
        if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
-            (options.add_keys_to_agent == 3), 0, NULL)) == 0)
+            (options.add_keys_to_agent == 3), 0, skprovider)) == 0)
                debug("identity added to agent: %s", authfile);
        else
                debug("could not add identity to agent: %s (%d)", authfile, r);
author	djm@openbsd.org <djm@openbsd.org>	2019-10-31 21:20:38 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-01 09:46:09 +1100
commit	eebec620c9519c4839d781c4d5b6082152998f82 (patch)
tree	f049afbdf3a9302dfd851fb7fcb3bb3cdff3d133 /sshconnect.c
parent	486164d060314a7f8bca2a00f53be9e900c5e74d (diff)

diff --git a/sshconnect.c b/sshconnect.c index 223074bd6..177775f6e 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect.c,v 1.320 2019/10/31 21:19:15 djm Exp $ */	1	/* $OpenBSD: sshconnect.c,v 1.321 2019/10/31 21:20:38 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1409,6 +1409,7 @@ maybe_add_key_to_agent(char authfile, struct sshkey private,
1409	char comment, char passphrase)	1409	char comment, char passphrase)
1410	{	1410	{
1411	int auth_sock = -1, r;	1411	int auth_sock = -1, r;
		1412	const char *skprovider = NULL;
1412		1413
1413	if (options.add_keys_to_agent == 0)	1414	if (options.add_keys_to_agent == 0)
1414	return;	1415	return;
@@ -1424,9 +1425,10 @@ maybe_add_key_to_agent(char authfile, struct sshkey private,
1424	close(auth_sock);	1425	close(auth_sock);
1425	return;	1426	return;
1426	}	1427	}
1427		1428	if (sshkey_type_plain(private->type) == KEY_ECDSA_SK)
		1429	skprovider = options.sk_provider;
1428	if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,	1430	if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
1429	(options.add_keys_to_agent == 3), 0, NULL)) == 0)	1431	(options.add_keys_to_agent == 3), 0, skprovider)) == 0)
1430	debug("identity added to agent: %s", authfile);	1432	debug("identity added to agent: %s", authfile);
1431	else	1433	else
1432	debug("could not add identity to agent: %s (%d)", authfile, r);	1434	debug("could not add identity to agent: %s (%d)", authfile, r);