Bugzilla – Attachment 3682 Details for
Bug 3355
no-touch-required flag not restored from hardware token
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
ssh-keygen: accept -O no-touch-required with -K
bz3355.diff (text/plain), 1.82 KB, created by
Damien Miller
on 2023-03-14 11:05:16 AEDT
(
hide
)
Description:
ssh-keygen: accept -O no-touch-required with -K
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2023-03-14 11:05:16 AEDT
Size:
1.82 KB
patch
obsolete
>diff --git a/ssh-keygen.1 b/ssh-keygen.1 >index 1be082282..9903c8aab 100644 >--- a/ssh-keygen.1 >+++ b/ssh-keygen.1 >@@ -1109,7 +1109,7 @@ Explicitly specify a > .Xr fido 4 > device to use, rather than letting the authenticator middleware select one. > .It Cm no-touch-required >-Indicate that the generated private key should not require touch >+Indicate that the generated or downloaded private key should not require touch > events (user presence) when making signatures. > Note that > .Xr sshd 8 >diff --git a/ssh-keygen.c b/ssh-keygen.c >index 5f8337f4e..804f24f66 100644 >--- a/ssh-keygen.c >+++ b/ssh-keygen.c >@@ -3135,7 +3135,7 @@ sk_suffix(const char *application, const uint8_t *user, size_t userlen) > } > > static int >-do_download_sk(const char *skprovider, const char *device) >+do_download_sk(const char *skprovider, const char *device, uint8_t sk_flags) > { > struct sshsk_resident_key **srks; > size_t nsrks, i; >@@ -3171,6 +3171,8 @@ do_download_sk(const char *skprovider, const char *device) > sshkey_type(key), key->type); > continue; > } >+ if ((sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) >+ key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD; > if ((fp = sshkey_fingerprint(key, fingerprint_hash, > SSH_FP_DEFAULT)) == NULL) > fatal_f("sshkey_fingerprint failed"); >@@ -3706,12 +3708,14 @@ main(int argc, char **argv) > for (i = 0; i < nopts; i++) { > if (strncasecmp(opts[i], "device=", 7) == 0) { > sk_device = xstrdup(opts[i] + 7); >+ } else if (strcasecmp(opts[i], "no-touch-required") == 0) { >+ sk_flags &= ~SSH_SK_USER_PRESENCE_REQD; > } else { > fatal("Option \"%s\" is unsupported for " > "FIDO authenticator download", opts[i]); > } > } >- return do_download_sk(sk_provider, sk_device); >+ return do_download_sk(sk_provider, sk_device, sk_flags); > } > if (print_fingerprint || print_bubblebabble) > do_fingerprint(pw);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3682">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3355
: 3682 |
3683