summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-11-25 00:54:23 +0000
committerDamien Miller <djm@mindrot.org>2019-11-25 12:23:40 +1100
commit2e71263b80fec7ad977e098004fef7d122169d40 (patch)
treeb4eef0768ef7fb69c0acdfad6a9d63762791d6f6 /auth.c
parent0fddf2967ac51d518e300408a0d7e6adf4cd2634 (diff)
upstream: add a "no-touch-required" option for authorized_keys and
a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/auth.c b/auth.c
index b092f212..0a46e1d8 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.142 2019/10/16 06:05:39 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.143 2019/11/25 00:54:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -1005,7 +1005,7 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);
/* Try to keep this alphabetically sorted */
- snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s",
+ snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",
opts->force_command == NULL ? "" : " command",
do_env ? " environment" : "",
@@ -1018,7 +1018,8 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
opts->force_tun_device == -1 ? "" : " tun=",
opts->force_tun_device == -1 ? "" : buf,
opts->permit_user_rc ? " user-rc" : "",
- opts->permit_x11_forwarding_flag ? " x11-forwarding" : "");
+ opts->permit_x11_forwarding_flag ? " x11-forwarding" : "",
+ opts->no_require_user_presence ? " no-touch-required" : "");
debug("%s: %s", loc, msg);
if (do_remote)