ssh-add: don't consider a sk_provider a key constraint

unless explicitly specified, don't consider a sk_provider a key constraint, allowing ssh-sk keys using the default internal provider to be added with SSH2_AGENTC_ADD_IDENTITY instead of SSH2_AGENTC_ADD_ID_CONSTRAINED.
PowerShell · Dec 9, 2021 · 7393b48 · 7393b48
1 parent deecf32
commit 7393b48
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/ssh-add.c b/ssh-add.c
@@ -347,7 +347,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
 		}
 		ssh_free_identitylist(idlist);
 	}
-
+#ifndef WINDOWS
 	if (sshkey_is_sk(private)) {
 		if (skprovider == NULL) {
 			fprintf(stderr, "Cannot load FIDO key %s "
@@ -363,7 +363,10 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
 		/* Don't send provider constraint for other keys */
 		skprovider = NULL;
 	}
-
+#else
+	if (!sshkey_is_sk(private))
+		skprovider = NULL;
+#endif
 	if ((r = ssh_add_identity_constrained(agent_fd, private, comment,
 	    lifetime, confirm, maxsign, skprovider)) == 0) {
 		ret = 0;
@@ -796,7 +799,7 @@ main(int argc, char **argv)
 		goto done;
 	}
 
-#ifdef ENABLE_SK_INTERNAL
+#if !defined(WINDOWS) && defined(ENABLE_SK_INTERNAL)
 	if (skprovider == NULL)
 		skprovider = "internal";
 #endif