summaryrefslogtreecommitdiffstats
path: root/ssh-sk-client.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-4/+5
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: check access(ssh-sk-helper, X_OK) to provide friendlydjm@openbsd.org2020-01-211-1/+9
| | | | | | error message for misconfigured helper paths OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341
* upstream: pass the log-on-stderr flag and log level through todjm@openbsd.org2020-01-211-17/+23
| | | | | | ssh-sk-helper, making debugging a bit easier. ok markus@ OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
* upstream: Extends the SK API to accept a set of key/value optionsdjm@openbsd.org2020-01-061-5/+9
| | | | | | | | | | | | | | | | | | | | for all operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@ OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
* upstream: SK API and sk-helper error/PIN passingdjm@openbsd.org2019-12-301-10/+37
| | | | | | | | | | | | | Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
* upstream: implement loading of resident keys in ssh-sk-helperdjm@openbsd.org2019-12-301-1/+71
| | | | | | feedback and ok markus@ OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
* remove a bunch of ENABLE_SK #ifdefsDamien Miller2019-12-131-0/+8
| | | | | | | | | | | The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
* ssh-sk-client.c needs includes.hDamien Miller2019-12-131-0/+2
|
* upstream: actually commit the ssh-sk-helper client code; ok markusdjm@openbsd.org2019-12-131-0/+323
OpenBSD-Commit-ID: fd2ea776a5bbbf4d452989d3c3054cf25a5e0589
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 10:21:08 +0100