summaryrefslogtreecommitdiffstats
path: root/sshsig.h
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2021-11-27 08:14:46 +0100
committerDamien Miller <djm@mindrot.org>2021-11-27 08:22:41 +0100
commit78230b3ec8cbabc1e7de68732dc5cbd4837c6675 (patch)
treee771d5586735f696454bd641b844ca2fe77f3bff /sshsig.h
parentupstream: debug("func: ...") -> debug_f("...") (diff)
downloadopenssh-78230b3ec8cbabc1e7de68732dc5cbd4837c6675.tar.xz
openssh-78230b3ec8cbabc1e7de68732dc5cbd4837c6675.zip
upstream: Add ssh-keygen -Y match-principals operation to perform
matching of principals names against an allowed signers file. Requested by and mostly written by Fabian Stelzer, towards a TOFU model for SSH signatures in git. Some tweaks by me. "doesn't bother me" deraadt@ OpenBSD-Commit-ID: 8d1b71f5a4127bc5e10a880c8ea6053394465247
Diffstat (limited to '')
-rw-r--r--sshsig.h6
1 files changed, 5 insertions, 1 deletions
diff --git a/sshsig.h b/sshsig.h
index b725c7d7a..ac5577962 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.h,v 1.10 2021/07/23 03:37:52 djm Exp $ */
+/* $OpenBSD: sshsig.h,v 1.11 2021/11/27 07:14:46 djm Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@@ -104,4 +104,8 @@ int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
int sshsig_find_principals(const char *path, const struct sshkey *sign_key,
uint64_t verify_time, char **principal);
+/* Find all principals in allowed_keys file matching *principal */
+int sshsig_match_principals(const char *path,
+ const char *principal, char ***principalsp, size_t *nprincipalsp);
+
#endif /* SSHSIG_H */