diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2014-12-22 07:51:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-12-22 19:06:52 +1100 |
| commit | f69b69b8625be447b8826b21d87713874dac25a6 (patch) | |
| tree | ad29e7621445860c76e02f7f2384b0198bfc27e5 /auth.h | |
| parent | 46ac2ed4677968224c4ca825bc98fc68dae183f0 (diff) | |
upstream commit
remember which public keys have been used for
authentication and refuse to accept previously-used keys.
This allows AuthenticationMethods=publickey,publickey to require
that users authenticate using two _different_ pubkeys.
ok markus@
Diffstat (limited to 'auth.h')
| -rw-r--r-- | auth.h | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.79 2014/12/22 07:51:30 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -42,6 +42,8 @@ #include <krb5.h> #endif +struct sshkey; + typedef struct Authctxt Authctxt; typedef struct Authmethod Authmethod; typedef struct KbdintDevice KbdintDevice; @@ -75,6 +77,9 @@ struct Authctxt { #endif Buffer *loginmsg; void *methoddata; + + struct sshkey **prev_userkeys; + u_int nprev_userkeys; }; /* * Every authentication method has to handle authentication requests for @@ -123,6 +128,8 @@ int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); int user_key_allowed(struct passwd *, Key *); void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) __attribute__((__format__ (printf, 3, 4))); +void auth2_record_userkey(Authctxt *, struct sshkey *); +int auth2_userkey_already_used(Authctxt *, struct sshkey *); struct stat; int auth_secure_path(const char *, struct stat *, const char *, uid_t, |