diff options
Diffstat (limited to 'authfd.h')
| -rw-r--r-- | authfd.h | 26 |
1 files changed, 22 insertions, 4 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.50 2021/12/19 22:08:48 djm Exp $ */ +/* $OpenBSD: authfd.h,v 1.51 2021/12/19 22:10:24 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -17,6 +17,7 @@ #define AUTHFD_H struct sshbuf; +struct sshkey; /* List of identities returned by ssh_fetch_identitylist() */ struct ssh_identitylist { @@ -25,6 +26,20 @@ struct ssh_identitylist { char **comments; }; +/* Key destination restrictions */ +struct dest_constraint_hop { + char *user; /* wildcards allowed */ + char *hostname; /* used to matching cert principals and for display */ + int is_ca; + u_int nkeys; /* number of entries in *both* 'keys' and 'key_is_ca' */ + struct sshkey **keys; + int *key_is_ca; +}; +struct dest_constraint { + struct dest_constraint_hop from; + struct dest_constraint_hop to; +}; + int ssh_get_authentication_socket(int *fdp); int ssh_get_authentication_socket_path(const char *authsocket, int *fdp); void ssh_close_authentication_socket(int sock); @@ -33,12 +48,15 @@ int ssh_lock_agent(int sock, int lock, const char *password); int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp); void ssh_free_identitylist(struct ssh_identitylist *idl); int ssh_add_identity_constrained(int sock, struct sshkey *key, - const char *comment, u_int life, u_int confirm, u_int maxsign, - const char *provider); + const char *comment, u_int life, u_int confirm, u_int maxsign, + const char *provider, struct dest_constraint **dest_constraints, + size_t ndest_constraints); int ssh_agent_has_key(int sock, const struct sshkey *key); int ssh_remove_identity(int sock, const struct sshkey *key); int ssh_update_card(int sock, int add, const char *reader_id, - const char *pin, u_int life, u_int confirm); + const char *pin, u_int life, u_int confirm, + struct dest_constraint **dest_constraints, + size_t ndest_constraints); int ssh_remove_all_identities(int sock, int version); int ssh_agent_sign(int sock, const struct sshkey *key, |