From b9dd14d3091e31fb836f69873d3aa622eb7b4a1c Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 31 Oct 2019 21:19:14 +0000
Subject: upstream: add new agent key constraint for U2F/FIDO provider

feedback & ok markus@

OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
---
 authfd.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'authfd.h')

diff --git a/authfd.h b/authfd.h
index 57907650..443771a0 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.46 2019/09/03 08:29:15 djm Exp $ */
+/* $OpenBSD: authfd.h,v 1.47 2019/10/31 21:19:15 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -30,7 +30,8 @@ int	ssh_lock_agent(int sock, int lock, const char *password);
 int	ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
 void	ssh_free_identitylist(struct ssh_identitylist *idl);
 int	ssh_add_identity_constrained(int sock, struct sshkey *key,
-	    const char *comment, u_int life, u_int confirm, u_int maxsign);
+	    const char *comment, u_int life, u_int confirm, u_int maxsign,
+	    const char *provider);
 int	ssh_agent_has_key(int sock, struct sshkey *key);
 int	ssh_remove_identity(int sock, struct sshkey *key);
 int	ssh_update_card(int sock, int add, const char *reader_id,
@@ -77,6 +78,7 @@ int	ssh_agent_sign(int sock, const struct sshkey *key,
 #define	SSH_AGENT_CONSTRAIN_LIFETIME		1
 #define	SSH_AGENT_CONSTRAIN_CONFIRM		2
 #define	SSH_AGENT_CONSTRAIN_MAXSIGN		3
+#define	SSH_AGENT_CONSTRAIN_EXTENSION		255
 
 /* extended failure messages */
 #define SSH2_AGENT_FAILURE			30
-- 
cgit v1.2.3