[Bug 3597] Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Aug 2 12:15:19 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3597

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WORKSFORME
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
remote_add_provider indicates whether the user has allowed remote
ssh-agent clients to add PKCS#11 providers.

e->nsession_ids>0 indicates that a session is actually remote. A local
session will have e->nsession_ids=0.

See process_ext_session_bind() in ssh-agent.c and the corresponding
authfd.c:ssh_agent_bind_hostkey() code that is called from ssh's
clientloop.c:client_request_agent().

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list