From 645a5abb6f7e3ec6dd428865397111b0261f2a70 Mon Sep 17 00:00:00 2001 From: dtucker Date: Tue, 6 Oct 2009 21:47:02 +0000 Subject: - djm@cvs.openbsd.org 2009/08/27 17:44:52 [authfd.c ssh-add.c authfd.h] Do not fall back to adding keys without contraints (ssh-add -c / -t ...) when the agent refuses the constrained add request. This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@ --- authfd.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'authfd.h') diff --git a/authfd.h b/authfd.h index 3da25611..2582a27a 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.36 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: authfd.h,v 1.37 2009/08/27 17:44:52 djm Exp $ */ /* * Author: Tatu Ylonen @@ -75,7 +75,6 @@ void ssh_close_authentication_connection(AuthenticationConnection *); int ssh_get_num_identities(AuthenticationConnection *, int); Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); -int ssh_add_identity(AuthenticationConnection *, Key *, const char *); int ssh_add_identity_constrained(AuthenticationConnection *, Key *, const char *, u_int, u_int); int ssh_remove_identity(AuthenticationConnection *, Key *); -- cgit v1.2.1