upstream: it's no longer possible to disable privilege separation

in sshd, so don't double the tests' work by trying both off/on

OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68

diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index dc40b782a342027322e1d627a1d8b89d2d3c90b5..67a9795d00fd2bbc764856964777ba0ab6c2f23f 100644 (file)
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: cert-hostkey.sh,v 1.20 2019/11/26 23:43:10 djm Exp $
+#      $OpenBSD: cert-hostkey.sh,v 1.21 2019/12/11 18:47:14 djm Exp $
 #      Placed in the Public Domain.
 
 tid="certified host keys"
@@ -131,7 +131,7 @@ attempt_connect() {
 }
 
 # Basic connect and revocation tests.
-for privsep in yes sandbox ; do
+for privsep in yes ; do
        for ktype in $PLAIN_TYPES ; do
                verbose "$tid: host ${ktype} cert connect privsep $privsep"
                (
@@ -169,7 +169,7 @@ for ktype in $PLAIN_TYPES ; do
        kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig
 done
 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
-for privsep in yes sandbox ; do
+for privsep in yes ; do
        for ktype in $PLAIN_TYPES ; do
                verbose "$tid: host ${ktype} revoked cert privsep $privsep"
                (

diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index d6e293d57144869149b750defa9dd15cee4200ce..87d30d27b60ab72d84b02102768bb2241c51b758 100644 (file)
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: cert-userkey.sh,v 1.23 2019/11/26 23:43:10 djm Exp $
+#      $OpenBSD: cert-userkey.sh,v 1.24 2019/12/11 18:47:14 djm Exp $
 #      Placed in the Public Domain.
 
 tid="certified user keys"
@@ -60,7 +60,7 @@ done
 # Test explicitly-specified principals
 for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
        t=$(kname $ktype)
-       for privsep in yes sandbox ; do
+       for privsep in yes ; do
                _prefix="${ktype} privsep $privsep"
 
                # Setup for AuthorizedPrincipalsFile
@@ -197,7 +197,7 @@ basic_tests() {
 
        for ktype in $PLAIN_TYPES ; do
                t=$(kname $ktype)
-               for privsep in yes no ; do
+               for privsep in yes ; do
                        _prefix="${ktype} privsep $privsep $auth"
                        # Simple connect
                        verbose "$tid: ${_prefix} connect"

diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index af2ed78060a0657ccc06b6ae90ef2dc3d460eeef..7f490e013ab57c152167b58bd3ca5397c661a5be 100644 (file)
--- a/regress/hostkey-agent.sh
+++ b/regress/hostkey-agent.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: hostkey-agent.sh,v 1.9 2019/11/26 23:43:10 djm Exp $
+#      $OpenBSD: hostkey-agent.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
 #      Placed in the Public Domain.
 
 tid="hostkey agent"
@@ -30,7 +30,7 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts
 
 unset SSH_AUTH_SOCK
 
-for ps in no yes; do
+for ps in yes; do
        for k in `${SSH} -Q key-plain | filter_sk` ; do
                verbose "key type $k privsep=$ps"
                cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy

diff --git a/regress/multipubkey.sh b/regress/multipubkey.sh
index 4d443ec45da3072545d38532dc25094d80c52c15..9b22733531812f1d5a9246d2097c6746e6b60a69 100644 (file)
--- a/regress/multipubkey.sh
+++ b/regress/multipubkey.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: multipubkey.sh,v 1.2 2018/10/31 11:09:27 dtucker Exp $
+#      $OpenBSD: multipubkey.sh,v 1.3 2019/12/11 18:47:14 djm Exp $
 #      Placed in the Public Domain.
 
 tid="multiple pubkey"
@@ -31,7 +31,7 @@ grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
 opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
 opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2"
 
-for privsep in yes sandbox ; do
+for privsep in yes ; do
        (
                grep -v "Protocol"  $OBJ/sshd_proxy.orig
                echo "Protocol 2"

diff --git a/regress/principals-command.sh b/regress/principals-command.sh
index a91858cbbbcb29400099529cb2ae1d3f20117e1a..9e85e8e7543e09f0cd86a6472cda392c23bcb1dd 100644 (file)
--- a/regress/principals-command.sh
+++ b/regress/principals-command.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: principals-command.sh,v 1.8 2019/11/01 01:55:41 djm Exp $
+#      $OpenBSD: principals-command.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
 #      Placed in the Public Domain.
 
 tid="authorized principals command"
@@ -63,7 +63,7 @@ fi
 
 if [ -x $PRINCIPALS_COMMAND ]; then
        # Test explicitly-specified principals
-       for privsep in yes sandbox ; do
+       for privsep in yes ; do
                _prefix="privsep $privsep"
 
                # Setup for AuthorizedPrincipalsCommand