Description: ssh-add: Don't discard constraints when agent refuses request This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. Origin: upstream, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/5777 Author: Daniel Kahn Gillmor Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1612 Bug-Ubuntu: https://bugs.launchpad.net/bugs/209447 Last-Update: 2010-02-28 Index: b/authfd.c =================================================================== --- a/authfd.c +++ b/authfd.c @@ -545,12 +545,6 @@ return decode_reply(type); } -int -ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) -{ - return ssh_add_identity_constrained(auth, key, comment, 0, 0); -} - /* * Removes an identity from the authentication server. This call is not * meant to be used by normal applications. Index: b/authfd.h =================================================================== --- a/authfd.h +++ b/authfd.h @@ -75,7 +75,6 @@ int ssh_get_num_identities(AuthenticationConnection *, int); Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); -int ssh_add_identity(AuthenticationConnection *, Key *, const char *); int ssh_add_identity_constrained(AuthenticationConnection *, Key *, const char *, u_int, u_int); int ssh_remove_identity(AuthenticationConnection *, Key *); Index: b/ssh-add.c =================================================================== --- a/ssh-add.c +++ b/ssh-add.c @@ -203,9 +203,6 @@ if (confirm != 0) fprintf(stderr, "The user has to confirm each use of the key\n"); - } else if (ssh_add_identity(ac, private, comment)) { - fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); - ret = 0; } else { fprintf(stderr, "Could not add identity: %s\n", filename); }