- djm@cvs.openbsd.org 2009/08/27 17:44:52 [authfd.c ssh-add.c authfd.h] Do not fall back to adding keys without contraints (ssh-add -c / -t ...) when the agent refuses the constrained add request. This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@

commit: 893d73549d7cfa277434bf0113688a5a14055408 [log] [tgz]
author: Darren Tucker <dtucker@zip.com.au> Wed Oct 07 08:47:02 2009 +1100
committer: Darren Tucker <dtucker@zip.com.au> Wed Oct 07 08:47:02 2009 +1100
tree: 7cc83baeb70199c132f8f239be7acfcf694d0384
parent: 6b286a46821fa230258f1da82d0e013cfe3bf685 [diff] [blame]
diff --git a/authfd.h b/authfd.h
index 3da2561..2582a27 100644
--- a/authfd.h
+++ b/authfd.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.36 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: authfd.h,v 1.37 2009/08/27 17:44:52 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -75,7 +75,6 @@
 int	 ssh_get_num_identities(AuthenticationConnection *, int);
 Key	*ssh_get_first_identity(AuthenticationConnection *, char **, int);
 Key	*ssh_get_next_identity(AuthenticationConnection *, char **, int);
-int	 ssh_add_identity(AuthenticationConnection *, Key *, const char *);
 int	 ssh_add_identity_constrained(AuthenticationConnection *, Key *,
     const char *, u_int, u_int);
 int	 ssh_remove_identity(AuthenticationConnection *, Key *);
commit	893d73549d7cfa277434bf0113688a5a14055408	[log] [tgz]
author	Darren Tucker <dtucker@zip.com.au>	Wed Oct 07 08:47:02 2009 +1100
committer	Darren Tucker <dtucker@zip.com.au>	Wed Oct 07 08:47:02 2009 +1100
tree	7cc83baeb70199c132f8f239be7acfcf694d0384
parent	6b286a46821fa230258f1da82d0e013cfe3bf685 [diff] [blame]