diff options
| -rw-r--r-- | authfd.c | 6 | ||||
| -rw-r--r-- | authfd.h | 1 | ||||
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | ssh-add.c | 3 |
4 files changed, 5 insertions, 10 deletions
| @@ -545,12 +545,6 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
| 545 | return decode_reply(type); | 545 | return decode_reply(type); |
| 546 | } | 546 | } |
| 547 | 547 | ||
| 548 | int | ||
| 549 | ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) | ||
| 550 | { | ||
| 551 | return ssh_add_identity_constrained(auth, key, comment, 0, 0); | ||
| 552 | } | ||
| 553 | |||
| 554 | /* | 548 | /* |
| 555 | * Removes an identity from the authentication server. This call is not | 549 | * Removes an identity from the authentication server. This call is not |
| 556 | * meant to be used by normal applications. | 550 | * meant to be used by normal applications. |
| @@ -75,7 +75,6 @@ void ssh_close_authentication_connection(AuthenticationConnection *); | |||
| 75 | int ssh_get_num_identities(AuthenticationConnection *, int); | 75 | int ssh_get_num_identities(AuthenticationConnection *, int); |
| 76 | Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); | 76 | Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); |
| 77 | Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); | 77 | Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); |
| 78 | int ssh_add_identity(AuthenticationConnection *, Key *, const char *); | ||
| 79 | int ssh_add_identity_constrained(AuthenticationConnection *, Key *, | 78 | int ssh_add_identity_constrained(AuthenticationConnection *, Key *, |
| 80 | const char *, u_int, u_int); | 79 | const char *, u_int, u_int); |
| 81 | int ssh_remove_identity(AuthenticationConnection *, Key *); | 80 | int ssh_remove_identity(AuthenticationConnection *, Key *); |
diff --git a/debian/changelog b/debian/changelog index 8ff7c54ac..ed90f6561 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -3,6 +3,11 @@ openssh (1:5.3p1-1) UNRELEASED; urgency=low | |||
| 3 | * New upstream release. | 3 | * New upstream release. |
| 4 | * Update to GSSAPI patch from | 4 | * Update to GSSAPI patch from |
| 5 | http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch. | 5 | http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch. |
| 6 | * Backport from upstream: | ||
| 7 | - Do not fall back to adding keys without contraints (ssh-add -c / -t | ||
| 8 | ...) when the agent refuses the constrained add request. This was a | ||
| 9 | useful migration measure back in 2002 when constraints were new, but | ||
| 10 | just adds risk now (LP: #209447). | ||
| 6 | 11 | ||
| 7 | -- Colin Watson <cjwatson@debian.org> Sun, 24 Jan 2010 22:32:25 +0000 | 12 | -- Colin Watson <cjwatson@debian.org> Sun, 24 Jan 2010 22:32:25 +0000 |
| 8 | 13 | ||
| @@ -203,9 +203,6 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 203 | if (confirm != 0) | 203 | if (confirm != 0) |
| 204 | fprintf(stderr, | 204 | fprintf(stderr, |
| 205 | "The user has to confirm each use of the key\n"); | 205 | "The user has to confirm each use of the key\n"); |
| 206 | } else if (ssh_add_identity(ac, private, comment)) { | ||
| 207 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | ||
| 208 | ret = 0; | ||
| 209 | } else { | 206 | } else { |
| 210 | fprintf(stderr, "Could not add identity: %s\n", filename); | 207 | fprintf(stderr, "Could not add identity: %s\n", filename); |
| 211 | } | 208 | } |