Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssh Merge conflicts



details:   https://anonhg.NetBSD.org/src/rev/4fee97fccdbd
branches:  trunk
changeset: 969669:4fee97fccdbd
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Feb 27 00:24:38 2020 +0000

description:
Merge conflicts

diffstat:

 crypto/external/bsd/openssh/Makefile                       |    4 +-
 crypto/external/bsd/openssh/bin/scp/Makefile               |    4 +-
 crypto/external/bsd/openssh/bin/sftp-server/Makefile       |    5 +-
 crypto/external/bsd/openssh/bin/sftp/Makefile              |    4 +-
 crypto/external/bsd/openssh/bin/ssh-add/Makefile           |    4 +-
 crypto/external/bsd/openssh/bin/ssh-agent/Makefile         |    4 +-
 crypto/external/bsd/openssh/bin/ssh-keygen/Makefile        |    4 +-
 crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile       |    4 +-
 crypto/external/bsd/openssh/bin/ssh-keysign/Makefile       |    4 +-
 crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile |    4 +-
 crypto/external/bsd/openssh/bin/ssh/Makefile               |    5 +-
 crypto/external/bsd/openssh/bin/sshd/Makefile              |    5 +-
 crypto/external/bsd/openssh/dist/PROTOCOL.certkeys         |   10 +-
 crypto/external/bsd/openssh/dist/auth-options.c            |   42 +-
 crypto/external/bsd/openssh/dist/auth-options.h            |    7 +-
 crypto/external/bsd/openssh/dist/auth.c                    |   30 +-
 crypto/external/bsd/openssh/dist/auth2-chall.c             |    7 +-
 crypto/external/bsd/openssh/dist/auth2-gss.c               |    5 +-
 crypto/external/bsd/openssh/dist/auth2-hostbased.c         |    8 +-
 crypto/external/bsd/openssh/dist/auth2-kbdint.c            |    7 +-
 crypto/external/bsd/openssh/dist/auth2-pubkey.c            |   43 +-
 crypto/external/bsd/openssh/dist/authfd.c                  |   66 +-
 crypto/external/bsd/openssh/dist/authfd.h                  |    9 +-
 crypto/external/bsd/openssh/dist/authfile.c                |  112 +-
 crypto/external/bsd/openssh/dist/authfile.h                |    7 +-
 crypto/external/bsd/openssh/dist/channels.c                |   13 +-
 crypto/external/bsd/openssh/dist/channels.h                |   12 +-
 crypto/external/bsd/openssh/dist/cipher.c                  |   17 +-
 crypto/external/bsd/openssh/dist/cipher.h                  |    5 +-
 crypto/external/bsd/openssh/dist/clientloop.c              |  140 +-
 crypto/external/bsd/openssh/dist/gss-serv.c                |    5 +-
 crypto/external/bsd/openssh/dist/hash.c                    |   32 +-
 crypto/external/bsd/openssh/dist/hostfile.c                |    7 +-
 crypto/external/bsd/openssh/dist/kex.c                     |   11 +-
 crypto/external/bsd/openssh/dist/kexgen.c                  |    6 +-
 crypto/external/bsd/openssh/dist/kexgexc.c                 |    8 +-
 crypto/external/bsd/openssh/dist/krl.c                     |   24 +-
 crypto/external/bsd/openssh/dist/match.c                   |    7 +-
 crypto/external/bsd/openssh/dist/misc.c                    |   73 +-
 crypto/external/bsd/openssh/dist/misc.h                    |   13 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048    |  161 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072    |  149 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096    |  132 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144    |  140 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680    |  142 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192    |  130 +-
 crypto/external/bsd/openssh/dist/moduli.c                  |   16 +-
 crypto/external/bsd/openssh/dist/monitor.c                 |   94 +-
 crypto/external/bsd/openssh/dist/monitor_wrap.c            |   32 +-
 crypto/external/bsd/openssh/dist/monitor_wrap.h            |    9 +-
 crypto/external/bsd/openssh/dist/msg.c                     |   18 +-
 crypto/external/bsd/openssh/dist/mux.c                     |   26 +-
 crypto/external/bsd/openssh/dist/myproposal.h              |   49 +-
 crypto/external/bsd/openssh/dist/packet.c                  |   47 +-
 crypto/external/bsd/openssh/dist/pathnames.h               |   11 +-
 crypto/external/bsd/openssh/dist/progressmeter.c           |   12 +-
 crypto/external/bsd/openssh/dist/readconf.c                |  157 +-
 crypto/external/bsd/openssh/dist/readconf.h                |    7 +-
 crypto/external/bsd/openssh/dist/readpass.c                |  123 +-
 crypto/external/bsd/openssh/dist/scp.1                     |    8 +-
 crypto/external/bsd/openssh/dist/scp.c                     |   26 +-
 crypto/external/bsd/openssh/dist/servconf.c                |  272 +++-
 crypto/external/bsd/openssh/dist/servconf.h                |   27 +-
 crypto/external/bsd/openssh/dist/serverloop.c              |   27 +-
 crypto/external/bsd/openssh/dist/session.c                 |    9 +-
 crypto/external/bsd/openssh/dist/sftp-glob.c               |    7 +-
 crypto/external/bsd/openssh/dist/sftp-realpath.c           |    2 +
 crypto/external/bsd/openssh/dist/sftp-server.8             |    8 +-
 crypto/external/bsd/openssh/dist/sftp.1                    |    8 +-
 crypto/external/bsd/openssh/dist/sftp.c                    |   39 +-
 crypto/external/bsd/openssh/dist/sk-usbhid.c               |    6 +-
 crypto/external/bsd/openssh/dist/ssh-add.1                 |   35 +-
 crypto/external/bsd/openssh/dist/ssh-add.c                 |  144 +-
 crypto/external/bsd/openssh/dist/ssh-agent.1               |  172 +-
 crypto/external/bsd/openssh/dist/ssh-agent.c               |  155 +-
 crypto/external/bsd/openssh/dist/ssh-ecdsa-sk.c            |    3 +
 crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c          |    3 +
 crypto/external/bsd/openssh/dist/ssh-keygen.1              |  903 +++++++-----
 crypto/external/bsd/openssh/dist/ssh-keygen.c              |  839 ++++++++---
 crypto/external/bsd/openssh/dist/ssh-keyscan.1             |    8 +-
 crypto/external/bsd/openssh/dist/ssh-keyscan.c             |   28 +-
 crypto/external/bsd/openssh/dist/ssh-keysign.8             |    8 +-
 crypto/external/bsd/openssh/dist/ssh-keysign.c             |   11 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c       |   18 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8       |    6 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c       |   25 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11.c              |  146 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11.h              |    6 +-
 crypto/external/bsd/openssh/dist/ssh-sk-client.c           |    5 +-
 crypto/external/bsd/openssh/dist/ssh-sk-helper.c           |    9 +-
 crypto/external/bsd/openssh/dist/ssh-sk.c                  |    3 +
 crypto/external/bsd/openssh/dist/ssh.1                     |   38 +-
 crypto/external/bsd/openssh/dist/ssh.c                     |  123 +-
 crypto/external/bsd/openssh/dist/ssh_api.c                 |   13 +-
 crypto/external/bsd/openssh/dist/ssh_config.5              |  103 +-
 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c     |    7 +-
 crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c    |   14 +-
 crypto/external/bsd/openssh/dist/sshbuf-io.c               |    3 +
 crypto/external/bsd/openssh/dist/sshbuf-misc.c             |    4 +-
 crypto/external/bsd/openssh/dist/sshbuf.c                  |    6 +-
 crypto/external/bsd/openssh/dist/sshbuf.h                  |   20 +-
 crypto/external/bsd/openssh/dist/sshconnect.c              |   41 +-
 crypto/external/bsd/openssh/dist/sshconnect.h              |    7 +-
 crypto/external/bsd/openssh/dist/sshconnect2.c             |  175 +-
 crypto/external/bsd/openssh/dist/sshd.8                    |   66 +-
 crypto/external/bsd/openssh/dist/sshd.c                    |  166 +-
 crypto/external/bsd/openssh/dist/sshd_config.5             |  123 +-
 crypto/external/bsd/openssh/dist/ssherr.c                  |    8 +-
 crypto/external/bsd/openssh/dist/ssherr.h                  |    6 +-
 crypto/external/bsd/openssh/dist/sshkey-xmss.c             |   84 +-
 crypto/external/bsd/openssh/dist/sshkey.c                  |  509 +++++-
 crypto/external/bsd/openssh/dist/sshkey.h                  |   55 +-
 crypto/external/bsd/openssh/dist/sshsig.c                  |  358 ++++-
 crypto/external/bsd/openssh/dist/umac.c                    |    7 +-
 crypto/external/bsd/openssh/dist/version.h                 |    8 +-
 crypto/external/bsd/openssh/dist/xmalloc.c                 |   25 +-
 crypto/external/bsd/openssh/dist/xmalloc.h                 |    6 +-
 crypto/external/bsd/openssh/lib/Makefile                   |    5 +-
 crypto/external/bsd/openssh/lib/shlib_version              |    4 +-
 crypto/external/bsd/openssh/libexec/Makefile               |    7 +
 crypto/external/bsd/openssh/libexec/Makefile.inc           |    7 +
 crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile |   12 +
 122 files changed, 4835 insertions(+), 2373 deletions(-)

diffs (truncated from 13835 to 300 lines):

diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/Makefile
--- a/crypto/external/bsd/openssh/Makefile      Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/Makefile      Thu Feb 27 00:24:38 2020 +0000
@@ -1,5 +1,5 @@
-#      $NetBSD: Makefile,v 1.1 2009/06/07 22:38:44 christos Exp $
+#      $NetBSD: Makefile,v 1.2 2020/02/27 00:24:38 christos Exp $
 
-SUBDIR=                lib .WAIT bin
+SUBDIR=                lib .WAIT bin # libexec
 
 .include <bsd.subdir.mk>
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/scp/Makefile
--- a/crypto/external/bsd/openssh/bin/scp/Makefile      Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/scp/Makefile      Thu Feb 27 00:24:38 2020 +0000
@@ -1,8 +1,8 @@
-#      $NetBSD: Makefile,v 1.1 2009/06/07 22:38:45 christos Exp $
+#      $NetBSD: Makefile,v 1.2 2020/02/27 00:24:38 christos Exp $
 
 BINDIR=/usr/bin
 
 PROG=  scp
-SRCS=  scp.c
+SRCS=  scp.c ssh-sk-client.c
 
 .include <bsd.prog.mk>
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/sftp-server/Makefile
--- a/crypto/external/bsd/openssh/bin/sftp-server/Makefile      Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/sftp-server/Makefile      Thu Feb 27 00:24:38 2020 +0000
@@ -1,9 +1,10 @@
-#      $NetBSD: Makefile,v 1.2 2019/10/12 18:32:21 christos Exp $
+#      $NetBSD: Makefile,v 1.3 2020/02/27 00:24:39 christos Exp $
 
 BINDIR=        /usr/libexec
 
 PROG=  sftp-server
-SRCS=  sftp-server.c sftp-common.c sftp-server-main.c sftp-realpath.c
+SRCS=  sftp-server.c sftp-common.c sftp-server-main.c sftp-realpath.c \
+       ssh-sk-client.c
 MAN=   sftp-server.8
 
 .include <bsd.prog.mk>
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/sftp/Makefile
--- a/crypto/external/bsd/openssh/bin/sftp/Makefile     Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/sftp/Makefile     Thu Feb 27 00:24:38 2020 +0000
@@ -1,9 +1,9 @@
-#      $NetBSD: Makefile,v 1.7 2019/09/29 23:44:58 mrg Exp $
+#      $NetBSD: Makefile,v 1.8 2020/02/27 00:24:38 christos Exp $
 
 BINDIR=        /usr/bin
 
 PROG=  sftp
-SRCS=  sftp.c sftp-client.c sftp-common.c sftp-glob.c
+SRCS=  sftp.c sftp-client.c sftp-common.c sftp-glob.c ssh-sk-client.c
 MAN=   sftp.1
 
 LDADD+=        -ledit -lterminfo
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/ssh-add/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-add/Makefile  Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-add/Makefile  Thu Feb 27 00:24:38 2020 +0000
@@ -1,8 +1,8 @@
-#      $NetBSD: Makefile,v 1.1 2009/06/07 22:38:45 christos Exp $
+#      $NetBSD: Makefile,v 1.2 2020/02/27 00:24:39 christos Exp $
 
 BINDIR=/usr/bin
 
 PROG=  ssh-add
-SRCS=  ssh-add.c
+SRCS=  ssh-add.c ssh-sk-client.c
 
 .include <bsd.prog.mk>
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/ssh-agent/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-agent/Makefile        Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-agent/Makefile        Thu Feb 27 00:24:38 2020 +0000
@@ -1,9 +1,9 @@
-#      $NetBSD: Makefile,v 1.3 2019/10/13 07:28:05 mrg Exp $
+#      $NetBSD: Makefile,v 1.4 2020/02/27 00:24:39 christos Exp $
 
 BINDIR=/usr/bin
 
 PROG=  ssh-agent
-SRCS=  ssh-agent.c ssh-pkcs11-client.c
+SRCS=  ssh-agent.c ssh-pkcs11-client.c ssh-sk-client.c
 
 COPTS.ssh-agent.c+=    ${GCC_NO_FORMAT_TRUNCATION}
 
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/ssh-keygen/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile       Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile       Thu Feb 27 00:24:38 2020 +0000
@@ -1,9 +1,9 @@
-#      $NetBSD: Makefile,v 1.6 2019/10/13 07:28:05 mrg Exp $
+#      $NetBSD: Makefile,v 1.7 2020/02/27 00:24:39 christos Exp $
 
 BINDIR=        /usr/bin
 
 PROG=  ssh-keygen
-SRCS=  ssh-keygen.c moduli.c sshsig.c
+SRCS=  ssh-keygen.c moduli.c sshsig.c ssh-sk-client.c
 
 COPTS.ssh-keygen.c=    -Wno-pointer-sign
 
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile      Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile      Thu Feb 27 00:24:38 2020 +0000
@@ -1,9 +1,9 @@
-#      $NetBSD: Makefile,v 1.3 2019/04/20 17:16:40 christos Exp $
+#      $NetBSD: Makefile,v 1.4 2020/02/27 00:24:39 christos Exp $
 
 BINDIR=        /usr/bin
 
 PROG=  ssh-keyscan
-SRCS=  ssh-keyscan.c ssh_api.c kexgexs.c
+SRCS=  ssh-keyscan.c ssh_api.c kexgexs.c ssh-sk-client.c
 MAN=   ssh-keyscan.1
 
 .include <bsd.prog.mk>
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/ssh-keysign/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keysign/Makefile      Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keysign/Makefile      Thu Feb 27 00:24:38 2020 +0000
@@ -1,11 +1,11 @@
-#      $NetBSD: Makefile,v 1.1 2009/06/07 22:38:46 christos Exp $
+#      $NetBSD: Makefile,v 1.2 2020/02/27 00:24:39 christos Exp $
 
 BINOWN=        root
 BINMODE=4555
 BINDIR=        /usr/libexec
 
 PROG=  ssh-keysign
-SRCS=  ssh-keysign.c readconf.c
+SRCS=  ssh-keysign.c readconf.c ssh-sk-client.c
 MAN=   ssh-keysign.8
 
 .include <bsd.prog.mk>
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile        Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile        Thu Feb 27 00:24:38 2020 +0000
@@ -1,11 +1,11 @@
-#      $NetBSD: Makefile,v 1.1 2010/11/21 19:19:22 adam Exp $
+#      $NetBSD: Makefile,v 1.2 2020/02/27 00:24:39 christos Exp $
 
 BINOWN= root
 BINMODE=555
 BINDIR= /usr/libexec
 
 PROG=  ssh-pkcs11-helper
-SRCS=  ssh-pkcs11-helper.c
+SRCS=  ssh-pkcs11-helper.c ssh-sk-client.c
 MAN=   ssh-pkcs11-helper.8
 
 .include <bsd.prog.mk>
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/ssh/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh/Makefile      Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh/Makefile      Thu Feb 27 00:24:38 2020 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.15 2019/10/13 07:28:05 mrg Exp $
+#      $NetBSD: Makefile,v 1.16 2020/02/27 00:24:39 christos Exp $
 
 .include <bsd.own.mk>
 
@@ -6,7 +6,8 @@
 
 PROG=  ssh
 SRCS=  ssh.c readconf.c clientloop.c sshtty.c \
-       sshconnect.c sshconnect2.c mux.c auth.c
+       sshconnect.c sshconnect2.c mux.c auth.c \
+       ssh-sk-client.c
 
 COPTS.auth.c=          -DHOST_ONLY
 COPTS.mux.c=           -Wno-pointer-sign
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile     Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile     Thu Feb 27 00:24:38 2020 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.19 2019/10/13 07:28:05 mrg Exp $
+#      $NetBSD: Makefile,v 1.20 2020/02/27 00:24:39 christos Exp $
 
 .include <bsd.own.mk>
 
@@ -15,7 +15,8 @@
        auth2-none.c auth2-passwd.c auth2-pubkey.c \
        monitor.c monitor_wrap.c \
        kexgexs.c sftp-server.c sftp-common.c \
-       sftp-realpath.c sandbox-rlimit.c pfilter.c
+       sftp-realpath.c sandbox-rlimit.c pfilter.c \
+       ssh-sk-client.c
 
 COPTS.auth-options.c+= -Wno-pointer-sign
 COPTS.ldapauth.c+=     -Wno-format-nonliteral  # XXX: should fix
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys        Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys        Thu Feb 27 00:24:38 2020 +0000
@@ -280,6 +280,13 @@
 
 Name                    Format        Description
 -----------------------------------------------------------------------------
+no-presence-required    empty         Flag indicating that signatures made
+                                      with this certificate need not assert
+                                      user presence. This option only make
+                                      sense for the U2F/FIDO security key
+                                      types that support this feature in
+                                      their signature formats.
+
 permit-X11-forwarding   empty         Flag indicating that X11 forwarding
                                       should be permitted. X11 forwarding will
                                       be refused if this option is absent.
@@ -305,4 +312,5 @@
                                       this option is not present.
 
 $OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
-$NetBSD: PROTOCOL.certkeys,v 1.11 2019/04/20 17:16:40 christos Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.17 2019/11/25 00:57:51 djm Exp $
+$NetBSD: PROTOCOL.certkeys,v 1.12 2020/02/27 00:24:40 christos Exp $
diff -r 78e7e6866de2 -r 4fee97fccdbd crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c   Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c   Thu Feb 27 00:24:38 2020 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: auth-options.c,v 1.21 2019/10/12 18:32:22 christos Exp $       */
-/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */
+/*     $NetBSD: auth-options.c,v 1.22 2020/02/27 00:24:40 christos Exp $       */
+/* $OpenBSD: auth-options.c,v 1.90 2019/11/25 00:54:23 djm Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
  *
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.21 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.22 2020/02/27 00:24:40 christos Exp $");
 #include <sys/types.h>
 #include <sys/queue.h>
 
@@ -97,7 +97,10 @@
                    name, sshbuf_len(data));
                found = 0;
                if ((which & OPTIONS_EXTENSIONS) != 0) {
-                       if (strcmp(name, "permit-X11-forwarding") == 0) {
+                       if (strcmp(name, "no-touch-required") == 0) {
+                               opts->no_require_user_presence = 1;
+                               found = 1;
+                       } else if (strcmp(name, "permit-X11-forwarding") == 0) {
                                opts->permit_x11_forwarding_flag = 1;
                                found = 1;
                        } else if (strcmp(name,
@@ -348,6 +351,8 @@
                        ret->permit_agent_forwarding_flag = r == 1;
                } else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) {
                        ret->permit_x11_forwarding_flag = r == 1;
+               } else if ((r = opt_flag("touch-required", 1, &opts)) != -1) {
+                       ret->no_require_user_presence = r != 1; /* NB. flip */
                } else if ((r = opt_flag("pty", 1, &opts)) != -1) {
                        ret->permit_pty_flag = r == 1;
                } else if ((r = opt_flag("user-rc", 1, &opts)) != -1) {
@@ -568,14 +573,15 @@
                        goto alloc_fail;
        }
 
-       /* Flags are logical-AND (i.e. must be set in both for permission) */
-#define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1)
-       OPTFLAG(permit_port_forwarding_flag);
-       OPTFLAG(permit_agent_forwarding_flag);
-       OPTFLAG(permit_x11_forwarding_flag);
-       OPTFLAG(permit_pty_flag);
-       OPTFLAG(permit_user_rc);
-#undef OPTFLAG
+#define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1)
+       /* Permissive flags are logical-AND (i.e. must be set in both) */
+       OPTFLAG_AND(permit_port_forwarding_flag);
+       OPTFLAG_AND(permit_agent_forwarding_flag);
+       OPTFLAG_AND(permit_x11_forwarding_flag);
+       OPTFLAG_AND(permit_pty_flag);
+       OPTFLAG_AND(permit_user_rc);
+       OPTFLAG_AND(no_require_user_presence);
+#undef OPTFLAG_AND
 
        /* Earliest expiry time should win */
        if (primary->valid_before != 0)
@@ -644,6 +650,7 @@
        OPTSCALAR(cert_authority);
        OPTSCALAR(force_tun_device);
        OPTSCALAR(valid_before);
+       OPTSCALAR(no_require_user_presence);
 #undef OPTSCALAR
 #define OPTSTRING(x) \
        do { \
@@ -766,7 +773,7 @@
 {
        int r = SSH_ERR_INTERNAL_ERROR;
 
-       /* Flag and simple integer options */
+       /* Flag options */
        if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 ||
            (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 ||
            (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 ||
@@ -774,7 +781,11 @@
            (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 ||
            (r = sshbuf_put_u8(m, opts->restricted)) != 0 ||
            (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 ||
-           (r = sshbuf_put_u64(m, opts->valid_before)) != 0)
+           (r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0)
+               return r;



Home | Main Index | Thread Index | Old Index