Hi all

Patch adds flag -C to ssh-agent which will force
confirmation for any key added in agent (similar
to ssh-add -c)
Helps when forwarded agent authentication is used and
each key should be confirmed before use


catam


--- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300
+++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300
@@ -111,9 +111,6 @@
/* Default lifetime (0 == forever) */
static int lifetime = 0;

-/* global confirm */
-static int confirm = 0;
-
static void
close_socket(SocketEntry *e)
{
@@ -246,7 +243,7 @@
goto failure;

id = lookup_identity(key, 1);
- if (id != NULL && ((!confirm && !id->confirm) || confirm_key(id) == 0)) {
+ if (id != NULL && (!id->confirm || confirm_key(id) == 0)) {
Key *private = id->key;
/* Decrypt the challenge using the private key. */
if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
@@ -306,7 +303,7 @@
key = key_from_blob(blob, blen);
if (key != NULL) {
Identity *id = lookup_identity(key, 2);
- if (id != NULL && ((!confirm && !id->confirm) || confirm_key(id) == 0))
+ if (id != NULL && (!id->confirm || confirm_key(id) == 0))
ok = key_sign(id->key, &signature, &slen, data,
dlen);
}
key_free(key);
@@ -1029,7 +1026,7 @@
init_rng();
seed_rng();

- while ((ch = getopt(ac, av, "Ccdksa:t:")) != -1) {
+ while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
switch (ch) {
case 'c':
if (s_flag)
@@ -1058,9 +1055,6 @@
usage();
}
break;
- case 'C':
- confirm = 1;
- break;
default:
usage();
}

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/lis...enssh-unix-dev