Clear r_list if the interface is passive. Additionaly move the check
for passive interface a bit further up so that the function can return
Memory leak observed and reported by Jason Tubnor.
allow security keys to act as host keys as well as user keys.
Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
Explicitly print root user in status OWNER column
With "owner root:wheel" (any group) the status output prints ":wheel" only,
presumably to emphasize that only group membership matters.
Always print whatever is configured to be explicit and less confusing.
Allow more outgoing ports, the default 16 is pretty tight for the
recursor. Also change strategy to not fetch addresses of nameservers
pro-actively, it does not help a lot in typical unwind setups and
consumes resources we would like to spend on actual resolving user
queries. ok florian@
rkpcie: Add support for gen2 negotiation
* Enable gen2 link training when the dtb is configured with
max-link-speed = <2>;
* Workaround a rockchip bug where Target Link Speed is not set when
PCIE_CLIENT_PCIE_GEN_SEL_2 is configured
* Wait for LTSSM L0 state after initial link training to ensure gen2
link training does not start too early
- check if this is an answer to a still running query up front,
if not there is nothing more to do
- get rid of the retry case, we can now just inline it
- reduce indent by always calculating elapsed time for DOUBT_NXDOMAIN_SEC
Triggered by, input and OK otto
Revert previous. When we get an ACPI notification we already have the
ACPI lock and when we call our own ws_[gs]et_param functions we cannot
take the lock again, because it's non-recursive. Thus we need to find
another way, like not taking the lock if we already have it. But the
solutions need to be discussed first, so back it out in the meantime.
perform security key enrollment via ssh-sk-helper too. This means
that ssh-keygen no longer needs to link against ssh-sk-helper,
and only ssh-sk-helper needs libfido2 and /dev/uhid* access;
feedback & ok markus@
use ssh-sk-helper for all security key signing operations
This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*
requested by, feedback and ok markus@