upstream commit

since a couple of people have asked, leave a comment explaining why we retain SSH v.1 support in the "delete all keys from agent" path. Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
2017-05-04 06:10:57 +00:00 · 2017-05-04 06:10:57 +00:00 · 744bde79c3
parent 0c378ff6d9
commit 744bde79c3
2 changed files with 11 additions and 2 deletions
--- a/authfd.c
+++ b/authfd.c
@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.102 2017/05/04 06:10:57 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -575,6 +575,10 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
 /*
 * Removes all identities from the agent.
 * This call is intended only for use by ssh-add(1) and like applications.
 *
 * This supports the SSH protocol 1 message to because, when clearing all
 * keys from an agent, we generally want to clear both protocol v1 and v2
 * keys.
 */
 int
 ssh_remove_all_identities(int sock, int version)
--- a/ssh-add.c
+++ b/ssh-add.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.129 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.130 2017/05/04 06:10:57 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -161,6 +161,11 @@ delete_all(int agent_fd)
 {
 	int ret = -1;
 	/*
 	 * Since the agent might be forwarded, old or non-OpenSSH, when asked
 	 * to remove all keys, attempt to remove both protocol v.1 and v.2
 	 * keys.
 	 */
 	if (ssh_remove_all_identities(agent_fd, 2) == 0)
 		ret = 0;
 	/* ignore error-code for ssh1 */