Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: ssh-agent: Implement destination constraints #10252

Draft
wants to merge 6 commits into
base: develop
Choose a base branch
from
Draft

WIP: ssh-agent: Implement destination constraints #10252

wants to merge 6 commits into from
+796 −73

Commits on Feb 9, 2024

  1. Update i18n 

    Command: ./release-tool i18n lupdate

Signed-off-by: Konrad Gräfe <kgraefe@paktolos.net>
    @kgraefe
    kgraefe committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    e7fc633 View commit details
    Browse the repository at this point in the history

  2. tests: Test KeeAgentSettings 

    This change adds testing all KeeAgentSettings fields including their XML
conversions by separately:
- verifying the default value,
- change the current to something else,
- convert the KeeAgentSettings object to XML,
- convert it back to a second KeeAgentSettings object,
- compare both objects to be equal and
- verify that the new value landed in the field of the second
  KeeAgentSettings object.

Signed-off-by: Konrad Gräfe <kgraefe@paktolos.net>
    @kgraefe
    kgraefe committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    1645f7a View commit details
    Browse the repository at this point in the history

Commits on Feb 20, 2024

  1. ssh-agent: Implement destination constraints 

    This change implements loading ssh-agent destination constraints from
KeeAgent.settings into the ssh-agent. For now there is no UI so
configuration must be done in KeePass2/KeeAgent.

The ssh-agent constrain extension is described at [1]. However, I found
it partly misleading:
- in the constaint array each constraint is enveloped where in the
  keyspec arrays the keyspec are just appended to the constraint.
- each constraint and host has an additional string field reserved for
  future use.
The actual structure has been obtained from openssh ssh-add source code [2].

[1]: https://www.openssh.com/agent-restrict.html
[2]: https://github.com/openssh/openssh-portable/blob/3ad669f81aabbd2ba9fbd472903f680f598e1e99/authfd.c#L538

Signed-off-by: Konrad Gräfe <kgraefe@paktolos.net>
    @kgraefe
    kgraefe committed Feb 20, 2024
    Configuration menu
    Copy the full SHA
    6f70688 View commit details
    Browse the repository at this point in the history

  2. TestSSHAgent: Skip testDestinationConstraints() on OpenSSH < 8.9 

    Signed-off-by: Konrad Gräfe <kgraefe@paktolos.net>
    @kgraefe
    kgraefe committed Feb 20, 2024
    Configuration menu
    Copy the full SHA
    55c6cd2 View commit details
    Browse the repository at this point in the history

  3. WIP: SSH agent: Add UI for destination constraints 

    Signed-off-by: Konrad Gräfe <kgraefe@paktolos.net>
    @kgraefe
    kgraefe committed Feb 20, 2024
    Configuration menu
    Copy the full SHA
    bde28ea View commit details
    Browse the repository at this point in the history

Commits on Mar 3, 2024

  1. WIP 

    Signed-off-by: Konrad Gräfe <kgraefe@paktolos.net>
    @kgraefe
    kgraefe committed Mar 3, 2024
    Configuration menu
    Copy the full SHA
    136b571 View commit details
    Browse the repository at this point in the history