diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2021-11-27 08:14:46 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2021-11-27 08:22:41 +0100 |
| commit | 78230b3ec8cbabc1e7de68732dc5cbd4837c6675 (patch) | |
| tree | e771d5586735f696454bd641b844ca2fe77f3bff /sshsig.h | |
| parent | upstream: debug("func: ...") -> debug_f("...") (diff) | |
| download | openssh-78230b3ec8cbabc1e7de68732dc5cbd4837c6675.tar.xz openssh-78230b3ec8cbabc1e7de68732dc5cbd4837c6675.zip | |
upstream: Add ssh-keygen -Y match-principals operation to perform
matching of principals names against an allowed signers file.
Requested by and mostly written by Fabian Stelzer, towards a TOFU
model for SSH signatures in git. Some tweaks by me.
"doesn't bother me" deraadt@
OpenBSD-Commit-ID: 8d1b71f5a4127bc5e10a880c8ea6053394465247
Diffstat (limited to 'sshsig.h')
| -rw-r--r-- | sshsig.h | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshsig.h,v 1.10 2021/07/23 03:37:52 djm Exp $ */ +/* $OpenBSD: sshsig.h,v 1.11 2021/11/27 07:14:46 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -104,4 +104,8 @@ int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey); int sshsig_find_principals(const char *path, const struct sshkey *sign_key, uint64_t verify_time, char **principal); +/* Find all principals in allowed_keys file matching *principal */ +int sshsig_match_principals(const char *path, + const char *principal, char ***principalsp, size_t *nprincipalsp); + #endif /* SSHSIG_H */ |