upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/

author djm@openbsd.org <djm@openbsd.org>

Thu, 25 Feb 2021 03:27:34 +0000 (03:27 +0000)

committer Damien Miller <djm@mindrot.org>

Thu, 25 Feb 2021 04:15:46 +0000 (15:15 +1100)
author djm@openbsd.org <djm@openbsd.org>
Thu, 25 Feb 2021 03:27:34 +0000 (03:27 +0000)
committer Damien Miller <djm@mindrot.org>
Thu, 25 Feb 2021 04:15:46 +0000 (15:15 +1100)
diff --git a/regress/agent.sh b/regress/agent.sh

index a3ad1385f488149f1b5c8b34d78caf6cccf36baf..f187b675720142a9f235536478074b093e56e8d1 100644 (file)
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: agent.sh,v 1.19 2020/07/15 04:55:47 dtucker Exp $
+#      $OpenBSD: agent.sh,v 1.20 2021/02/25 03:27:34 djm Exp $
  #      Placed in the Public Domain.
  
  tid="simple agent test"
@@ -87,8 +87,8 @@ fi
  for t in ${SSH_KEYTYPES}; do
         trace "connect via agent using $t key"
         if [ "$t" = "ssh-dss" ]; then
-               echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
-               echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
+               echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/ssh_proxy
+               echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/sshd_proxy
         fi
         ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
                 somehost exit 52
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh

index 097bf846346cd9634f93f3571f3eb95f522665dd..ebf6c903925c21809d3ac60f436f2d87279d7fc1 100644 (file)
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: cert-hostkey.sh,v 1.23 2020/01/03 03:02:26 djm Exp $
+#      $OpenBSD: cert-hostkey.sh,v 1.24 2021/02/25 03:27:34 djm Exp $
  #      Placed in the Public Domain.
  
  tid="certified host keys"
@@ -29,12 +29,12 @@ for i in `$SSH -Q key | maybe_filter_sk`; do
  done
  (
         echo "HostKeyAlgorithms ${types}"
-       echo "PubkeyAcceptedKeyTypes *"
+       echo "PubkeyAcceptedAlgorithms *"
  ) >> $OBJ/ssh_proxy
  cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
  (
         echo "HostKeyAlgorithms *"
-       echo "PubkeyAcceptedKeyTypes *"
+       echo "PubkeyAcceptedAlgorithms *"
  ) >> $OBJ/sshd_proxy_bak
  
  HOSTS='localhost-with-alias,127.0.0.1,::1'
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh

index 91596fa789c016b715fd78f7e63e96e9a689dab3..baa6903ea268cc4b7dd560586ba13384ac08764e 100644 (file)
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: cert-userkey.sh,v 1.25 2020/01/03 03:02:26 djm Exp $
+#      $OpenBSD: cert-userkey.sh,v 1.26 2021/02/25 03:27:34 djm Exp $
  #      Placed in the Public Domain.
  
  tid="certified user keys"
@@ -71,11 +71,11 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                         echo "AuthorizedPrincipalsFile " \
                             "$OBJ/authorized_principals_%u"
                         echo "TrustedUserCAKeys $OBJ/user_ca_key.pub"
-                       echo "PubkeyAcceptedKeyTypes ${t}"
+                       echo "PubkeyAcceptedAlgorithms ${t}"
                 ) > $OBJ/sshd_proxy
                 (
                         cat $OBJ/ssh_proxy_bak
-                       echo "PubkeyAcceptedKeyTypes ${t}"
+                       echo "PubkeyAcceptedAlgorithms ${t}"
                 ) > $OBJ/ssh_proxy
  
                 # Missing authorized_principals
@@ -149,11 +149,11 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                 (
                         cat $OBJ/sshd_proxy_bak
                         echo "UsePrivilegeSeparation $privsep"
-                       echo "PubkeyAcceptedKeyTypes ${t}"
+                       echo "PubkeyAcceptedAlgorithms ${t}"
                 ) > $OBJ/sshd_proxy
                 (
                         cat $OBJ/ssh_proxy_bak
-                       echo "PubkeyAcceptedKeyTypes ${t}"
+                       echo "PubkeyAcceptedAlgorithms ${t}"
                 ) > $OBJ/ssh_proxy
  
                 # Wrong principals list
@@ -204,12 +204,12 @@ basic_tests() {
                         (
                                 cat $OBJ/sshd_proxy_bak
                                 echo "UsePrivilegeSeparation $privsep"
-                               echo "PubkeyAcceptedKeyTypes ${t}"
+                               echo "PubkeyAcceptedAlgorithms ${t}"
                                 echo "$extra_sshd"
                         ) > $OBJ/sshd_proxy
                         (
                                 cat $OBJ/ssh_proxy_bak
-                               echo "PubkeyAcceptedKeyTypes ${t}"
+                               echo "PubkeyAcceptedAlgorithms ${t}"
                         ) > $OBJ/ssh_proxy
  
                         ${SSH} -i $OBJ/cert_user_key_${ktype} \
@@ -224,7 +224,7 @@ basic_tests() {
                                 cat $OBJ/sshd_proxy_bak
                                 echo "UsePrivilegeSeparation $privsep"
                                 echo "RevokedKeys $OBJ/cert_user_key_revoked"
-                               echo "PubkeyAcceptedKeyTypes ${t}"
+                               echo "PubkeyAcceptedAlgorithms ${t}"
                                 echo "$extra_sshd"
                         ) > $OBJ/sshd_proxy
                         cp $OBJ/cert_user_key_${ktype}.pub \
@@ -257,7 +257,7 @@ basic_tests() {
                 (
                         cat $OBJ/sshd_proxy_bak
                         echo "RevokedKeys $OBJ/user_ca_key.pub"
-                       echo "PubkeyAcceptedKeyTypes ${t}"
+                       echo "PubkeyAcceptedAlgorithms ${t}"
                         echo "$extra_sshd"
                 ) > $OBJ/sshd_proxy
                 ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
@@ -270,7 +270,7 @@ basic_tests() {
         verbose "$tid: $auth CA does not authenticate"
         (
                 cat $OBJ/sshd_proxy_bak
-               echo "PubkeyAcceptedKeyTypes ${t}"
+               echo "PubkeyAcceptedAlgorithms ${t}"
                 echo "$extra_sshd"
         ) > $OBJ/sshd_proxy
         verbose "$tid: ensure CA key does not authenticate user"
@@ -308,7 +308,7 @@ test_one() {
                                 echo > $OBJ/authorized_keys_$USER
                                 echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" \
                                     >> $OBJ/sshd_proxy
-                               echo "PubkeyAcceptedKeyTypes ${t}*" \
+                               echo "PubkeyAcceptedAlgorithms ${t}*" \
                                     >> $OBJ/sshd_proxy
                                 if test "x$auth_opt" != "x" ; then
                                         echo $auth_opt >> $OBJ/sshd_proxy
diff --git a/regress/keytype.sh b/regress/keytype.sh

index 20a8ceaf2253dd52b6b64158043d07c44fb090e2..f1c045183bd38523c907a77c9267f2af60f041b6 100644 (file)
--- a/regress/keytype.sh
+++ b/regress/keytype.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: keytype.sh,v 1.10 2019/12/16 02:39:05 djm Exp $
+#      $OpenBSD: keytype.sh,v 1.11 2021/02/25 03:27:34 djm Exp $
  #      Placed in the Public Domain.
  
  tid="login with different key types"
@@ -58,13 +58,13 @@ for ut in $ktypes; do
                 (
                         grep -v HostKey $OBJ/sshd_proxy_bak
                         echo HostKey $OBJ/key.$ht
-                       echo PubkeyAcceptedKeyTypes $user_type
+                       echo PubkeyAcceptedAlgorithms $user_type
                         echo HostKeyAlgorithms $host_type
                 ) > $OBJ/sshd_proxy
                 (
                         grep -v IdentityFile $OBJ/ssh_proxy_bak
                         echo IdentityFile $OBJ/key.$ut
-                       echo PubkeyAcceptedKeyTypes $user_type
+                       echo PubkeyAcceptedAlgorithms $user_type
                         echo HostKeyAlgorithms $host_type
                 ) > $OBJ/ssh_proxy
                 (
diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh

index 010a88cd7f296d872beb4c2370a27c9f37947b9f..7127de007cc63cceee25211ea36dd93a9ab37043 100644 (file)
--- a/regress/limit-keytype.sh
+++ b/regress/limit-keytype.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: limit-keytype.sh,v 1.9 2019/12/16 02:39:05 djm Exp $
+#      $OpenBSD: limit-keytype.sh,v 1.10 2021/02/25 03:27:34 djm Exp $
  #      Placed in the Public Domain.
  
  tid="restrict pubkey type"
@@ -69,7 +69,7 @@ prepare_config() {
         ) > $OBJ/sshd_proxy
  }
  
-# Return the required parameter for PubkeyAcceptedKeyTypes corresponding to
+# Return the required parameter for PubkeyAcceptedAlgorithms corresponding to
  # the supplied key type.
  keytype() {
         case "$1" in
@@ -92,14 +92,14 @@ ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
  # Allow plain Ed25519 and RSA. The certificate should fail.
  verbose "allow $ktype2,$ktype1"
  prepare_config \
-       "PubkeyAcceptedKeyTypes `keytype $ktype2`,`keytype $ktype1`"
+       "PubkeyAcceptedAlgorithms `keytype $ktype2`,`keytype $ktype1`"
  ${SSH} $certopts proxy true && fatal "cert succeeded"
  ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
  ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
  
  # Allow Ed25519 only.
  verbose "allow $ktype1"
-prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype1`"
+prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype1`"
  ${SSH} $certopts proxy true && fatal "cert succeeded"
  ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
  if [ "$ktype1" != "$ktype2" ]; then
@@ -108,15 +108,15 @@ fi
  
  # Allow all certs. Plain keys should fail.
  verbose "allow cert only"
-prepare_config "PubkeyAcceptedKeyTypes *-cert-v01@openssh.com"
+prepare_config "PubkeyAcceptedAlgorithms *-cert-v01@openssh.com"
  ${SSH} $certopts proxy true || fatal "cert failed"
  ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded"
  ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded"
  
  # Allow RSA in main config, Ed25519 for non-existent user.
  verbose "match w/ no match"
-prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype2`" \
-       "Match user x$USER" "PubkeyAcceptedKeyTypes +`keytype $ktype1`"
+prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype2`" \
+       "Match user x$USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`"
  ${SSH} $certopts proxy true && fatal "cert succeeded"
  if [ "$ktype1" != "$ktype2" ]; then
         ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded"
@@ -125,8 +125,8 @@ ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
  
  # Allow only DSA in main config, Ed25519 for user.
  verbose "match w/ matching"
-prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype4`" \
-       "Match user $USER" "PubkeyAcceptedKeyTypes +`keytype $ktype1`"
+prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype4`" \
+       "Match user $USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`"
  ${SSH} $certopts proxy true || fatal "cert failed"
  ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
  ${SSH} $opts -i $OBJ/user_key4 proxy true && fatal "key4 succeeded"
author	djm@openbsd.org <djm@openbsd.org>
	Thu, 25 Feb 2021 03:27:34 +0000 (03:27 +0000)
committer	Damien Miller <djm@mindrot.org>
	Thu, 25 Feb 2021 04:15:46 +0000 (15:15 +1100)
regress/agent.sh		patch \| blob \| blame \| history
regress/cert-hostkey.sh		patch \| blob \| blame \| history
regress/cert-userkey.sh		patch \| blob \| blame \| history
regress/keytype.sh		patch \| blob \| blame \| history
regress/limit-keytype.sh		patch \| blob \| blame \| history