diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-10-31 21:18:28 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-11-01 09:46:09 +1100 |
| commit | 884416bdb10468f1252e4d7c13d51b43dccba7f6 (patch) | |
| tree | f81dc3ed23cddcda6163102363c5dc75a63430e6 /readconf.c | |
| parent | 01a0670f69c5b86e471e033b92145d6c7cc77c58 (diff) | |
upstream: ssh client support for U2F/FIDO keys
OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 17 |
1 files changed, 15 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.309 2019/09/06 14:45:34 naddy Exp $ */ +/* $OpenBSD: readconf.c,v 1.310 2019/10/31 21:18:28 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -174,6 +174,7 @@ typedef enum { oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, + oSecurityKeyProvider, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -214,6 +215,7 @@ static struct { { "smartcarddevice", oUnsupported }, { "pkcs11provider", oUnsupported }, #endif + { "securitykeyprovider", oSecurityKeyProvider }, { "rsaauthentication", oUnsupported }, { "rhostsrsaauthentication", oUnsupported }, { "compressionlevel", oUnsupported }, @@ -1146,6 +1148,10 @@ parse_char_array: charptr = &options->pkcs11_provider; goto parse_string; + case oSecurityKeyProvider: + charptr = &options->sk_provider; + goto parse_string; + case oProxyCommand: charptr = &options->proxy_command; /* Ignore ProxyCommand if ProxyJump already specified */ @@ -1906,6 +1912,7 @@ initialize_options(Options * options) options->bind_address = NULL; options->bind_interface = NULL; options->pkcs11_provider = NULL; + options->sk_provider = NULL; options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; options->identities_only = - 1; @@ -2043,6 +2050,8 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); #ifdef OPENSSL_HAS_ECC add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0); + add_identity_file(options, "~/", + _PATH_SSH_CLIENT_ID_ECDSA_SK, 0); #endif add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ED25519, 0); @@ -2118,6 +2127,8 @@ fill_default_options(Options * options) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; if (options->update_hostkeys == -1) options->update_hostkeys = 0; + if (options->sk_provider == NULL) + options->sk_provider = xstrdup("$SSH_SK_PROVIDER"); /* Expand KEX name lists */ all_cipher = cipher_alg_list(',', 0); @@ -2135,7 +2146,7 @@ fill_default_options(Options * options) ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac); ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex); ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); + ASSEMBLE(pubkey_key_types, PUBKEY_DEFAULT_PK_ALG, all_key); ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); #undef ASSEMBLE free(all_cipher); @@ -2157,6 +2168,7 @@ fill_default_options(Options * options) CLEAR_ON_NONE(options->control_path); CLEAR_ON_NONE(options->revoked_host_keys); CLEAR_ON_NONE(options->pkcs11_provider); + CLEAR_ON_NONE(options->sk_provider); if (options->jump_host != NULL && strcmp(options->jump_host, "none") == 0 && options->jump_port == 0 && options->jump_user == NULL) { @@ -2673,6 +2685,7 @@ dump_client_config(Options *o, const char *host) #ifdef ENABLE_PKCS11 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); #endif + dump_cfg_string(oSecurityKeyProvider, o->sk_provider); dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); |