upstream commit

since a couple of people have asked, leave a comment
explaining why we retain SSH v.1 support in the "delete all keys from agent"
path.

Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4

diff --git a/authfd.c b/authfd.c
index 915a6da48de9eaec5a115a022be987d909df107d..ea664a167915b7e2c0214961846a8904645785cb 100644 (file)
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.102 2017/05/04 06:10:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -575,6 +575,10 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
 /*
  * Removes all identities from the agent.
  * This call is intended only for use by ssh-add(1) and like applications.
+ *
+ * This supports the SSH protocol 1 message to because, when clearing all
+ * keys from an agent, we generally want to clear both protocol v1 and v2
+ * keys.
  */
 int
 ssh_remove_all_identities(int sock, int version)

diff --git a/ssh-add.c b/ssh-add.c
index 37ce56dfd12a521e4901d7bbff8861a2c05986ae..5f62420f9ca190b59596a745c4c41d5471557145 100644 (file)
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.129 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.130 2017/05/04 06:10:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -161,6 +161,11 @@ delete_all(int agent_fd)
 {
        int ret = -1;
 
+       /*
+        * Since the agent might be forwarded, old or non-OpenSSH, when asked
+        * to remove all keys, attempt to remove both protocol v.1 and v.2
+        * keys.
+        */
        if (ssh_remove_all_identities(agent_fd, 2) == 0)
                ret = 0;
        /* ignore error-code for ssh1 */