[openssh-commits] [openssh] 01/02: upstream: Rename HostbasedKeyTypes (ssh) and
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Jan 26 22:51:01 AEDT 2021
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit e9f78d6b06fc323bba1890b2dc3b8423138fb35c
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Tue Jan 26 05:32:21 2021 +0000
upstream: Rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
---
auth2-hostbased.c | 6 +++---
monitor.c | 4 ++--
readconf.c | 19 ++++++++++---------
readconf.h | 4 ++--
scp.1 | 6 +++---
servconf.c | 17 +++++++++--------
servconf.h | 6 +++---
sftp.1 | 6 +++---
ssh.1 | 6 +++---
ssh.c | 7 ++++---
ssh_config.5 | 7 ++++---
sshconnect2.c | 6 +++---
sshd_config.5 | 11 ++++++-----
13 files changed, 55 insertions(+), 50 deletions(-)
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index ae43dd8a..3bc799c4 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.44 2021/01/26 00:49:30 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.45 2021/01/26 05:32:21 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -108,8 +108,8 @@ userauth_hostbased(struct ssh *ssh)
"signature format");
goto done;
}
- if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) {
- logit_f("key type %s not in HostbasedAcceptedKeyTypes",
+ if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
+ logit_f("key type %s not in HostbasedAcceptedAlgorithms",
sshkey_type(key));
goto done;
}
diff --git a/monitor.c b/monitor.c
index 559eb9f6..6a63aa99 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.220 2021/01/22 02:44:58 dtucker Exp $ */
+/* $OpenBSD: monitor.c,v 1.221 2021/01/26 05:32:21 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -1198,7 +1198,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
if (auth2_key_already_used(authctxt, key))
break;
if (!key_base_type_match(auth_method, key,
- options.hostbased_key_types))
+ options.hostbased_accepted_algos))
break;
allowed = hostbased_key_allowed(ssh, authctxt->pw,
cuser, chost, key);
diff --git a/readconf.c b/readconf.c
index c7df93de..c9cd7f70 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.349 2021/01/22 02:44:58 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.350 2021/01/26 05:32:21 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -170,7 +170,7 @@ typedef enum {
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
- oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
+ oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms,
oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump,
oSecurityKeyProvider, oKnownHostsCommand,
oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
@@ -306,7 +306,8 @@ static struct {
{ "revokedhostkeys", oRevokedHostKeys },
{ "fingerprinthash", oFingerprintHash },
{ "updatehostkeys", oUpdateHostkeys },
- { "hostbasedkeytypes", oHostbasedKeyTypes },
+ { "hostbasedkeytypes", oHostbasedAcceptedAlgorithms }, /* obsolete */
+ { "hostbasedalgorithms", oHostbasedAcceptedAlgorithms },
{ "pubkeyacceptedkeytypes", oPubkeyAcceptedAlgorithms }, /* obsolete */
{ "pubkeyacceptedalgorithms", oPubkeyAcceptedAlgorithms },
{ "ignoreunknown", oIgnoreUnknown },
@@ -1933,8 +1934,8 @@ parse_pubkey_algos:
multistate_ptr = multistate_yesnoask;
goto parse_multistate;
- case oHostbasedKeyTypes:
- charptr = &options->hostbased_key_types;
+ case oHostbasedAcceptedAlgorithms:
+ charptr = &options->hostbased_accepted_algos;
goto parse_pubkey_algos;
case oPubkeyAcceptedAlgorithms:
@@ -2221,7 +2222,7 @@ initialize_options(Options * options)
options->revoked_host_keys = NULL;
options->fingerprint_hash = -1;
options->update_hostkeys = -1;
- options->hostbased_key_types = NULL;
+ options->hostbased_accepted_algos = NULL;
options->pubkey_accepted_algos = NULL;
options->known_hosts_command = NULL;
}
@@ -2440,7 +2441,7 @@ fill_default_options(Options * options)
ASSEMBLE(ciphers, def_cipher, all_cipher);
ASSEMBLE(macs, def_mac, all_mac);
ASSEMBLE(kex_algorithms, def_kex, all_kex);
- ASSEMBLE(hostbased_key_types, def_key, all_key);
+ ASSEMBLE(hostbased_accepted_algos, def_key, all_key);
ASSEMBLE(pubkey_accepted_algos, def_key, all_key);
ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
#undef ASSEMBLE
@@ -2560,7 +2561,7 @@ free_options(Options *o)
free(o->permitted_cnames[i].target_list);
}
free(o->revoked_host_keys);
- free(o->hostbased_key_types);
+ free(o->hostbased_accepted_algos);
free(o->pubkey_accepted_algos);
free(o->jump_user);
free(o->jump_host);
@@ -3087,7 +3088,7 @@ dump_client_config(Options *o, const char *host)
dump_cfg_string(oControlPath, o->control_path);
dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
dump_cfg_string(oHostKeyAlias, o->host_key_alias);
- dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
+ dump_cfg_string(oHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos);
dump_cfg_string(oIdentityAgent, o->identity_agent);
dump_cfg_string(oIgnoreUnknown, o->ignored_unknown);
dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
diff --git a/readconf.h b/readconf.h
index 4ee730b9..6e7e95e7 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.138 2021/01/22 02:44:58 dtucker Exp $ */
+/* $OpenBSD: readconf.h,v 1.139 2021/01/26 05:32:21 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -161,7 +161,7 @@ typedef struct {
int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
- char *hostbased_key_types;
+ char *hostbased_accepted_algos;
char *pubkey_accepted_algos;
char *jump_user;
diff --git a/scp.1 b/scp.1
index c0e0082c..45cffdac 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.93 2021/01/22 02:44:58 dtucker Exp $
+.\" $OpenBSD: scp.1,v 1.94 2021/01/26 05:32:21 dtucker Exp $
.\"
-.Dd $Mdocdate: January 22 2021 $
+.Dd $Mdocdate: January 26 2021 $
.Dt SCP 1
.Os
.Sh NAME
@@ -173,7 +173,7 @@ For full details of the options listed below, and their possible values, see
.It HashKnownHosts
.It Host
.It HostbasedAuthentication
-.It HostbasedKeyTypes
+.It HostbasedAcceptedAlgorithms
.It HostKeyAlgorithms
.It HostKeyAlias
.It Hostname
diff --git a/servconf.c b/servconf.c
index a28918e2..7f336a12 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.374 2021/01/22 02:44:58 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.375 2021/01/26 05:32:21 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -126,7 +126,7 @@ initialize_server_options(ServerOptions *options)
options->log_verbose = NULL;
options->hostbased_authentication = -1;
options->hostbased_uses_name_from_packet_only = -1;
- options->hostbased_key_types = NULL;
+ options->hostbased_accepted_algos = NULL;
options->hostkeyalgorithms = NULL;
options->pubkey_authentication = -1;
options->pubkey_auth_options = -1;
@@ -232,7 +232,7 @@ assemble_algorithms(ServerOptions *o)
ASSEMBLE(macs, def_mac, all_mac);
ASSEMBLE(kex_algorithms, def_kex, all_kex);
ASSEMBLE(hostkeyalgorithms, def_key, all_key);
- ASSEMBLE(hostbased_key_types, def_key, all_key);
+ ASSEMBLE(hostbased_accepted_algos, def_key, all_key);
ASSEMBLE(pubkey_accepted_algos, def_key, all_key);
ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
#undef ASSEMBLE
@@ -530,7 +530,7 @@ typedef enum {
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms,
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
- sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
+ sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms,
sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@@ -585,7 +585,8 @@ static struct {
{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
- { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
+ { "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
+ { "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL },
{ "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
{ "rsaauthentication", sDeprecated, SSHCFG_ALL },
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
@@ -1500,8 +1501,8 @@ process_server_config_line_depth(ServerOptions *options, char *line,
intptr = &options->hostbased_uses_name_from_packet_only;
goto parse_flag;
- case sHostbasedAcceptedKeyTypes:
- charptr = &options->hostbased_key_types;
+ case sHostbasedAcceptedAlgorithms:
+ charptr = &options->hostbased_accepted_algos;
parse_pubkey_algos:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
@@ -2920,7 +2921,7 @@ dump_config(ServerOptions *o)
dump_cfg_string(sHostKeyAgent, o->host_key_agent);
dump_cfg_string(sKexAlgorithms, o->kex_algorithms);
dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms);
- dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types);
+ dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos);
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms);
dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos);
#if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
diff --git a/servconf.h b/servconf.h
index 364cd947..4f4fd9ba 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.150 2021/01/22 02:44:58 dtucker Exp $ */
+/* $OpenBSD: servconf.h,v 1.151 2021/01/26 05:32:21 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -122,7 +122,7 @@ typedef struct {
char **log_verbose;
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
int hostbased_uses_name_from_packet_only; /* experimental */
- char *hostbased_key_types; /* Key types allowed for hostbased */
+ char *hostbased_accepted_algos; /* Algos allowed for hostbased */
char *hostkeyalgorithms; /* SSH2 server key types */
char *ca_sign_algorithms; /* Allowed CA signature algorithms */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
@@ -271,7 +271,7 @@ TAILQ_HEAD(include_list, include_item);
M_CP_STROPT(authorized_principals_file); \
M_CP_STROPT(authorized_principals_command); \
M_CP_STROPT(authorized_principals_command_user); \
- M_CP_STROPT(hostbased_key_types); \
+ M_CP_STROPT(hostbased_accepted_algos); \
M_CP_STROPT(pubkey_accepted_algos); \
M_CP_STROPT(ca_sign_algorithms); \
M_CP_STROPT(routing_domain); \
diff --git a/sftp.1 b/sftp.1
index 685b3ff9..6e713e64 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.134 2021/01/22 02:44:58 dtucker Exp $
+.\" $OpenBSD: sftp.1,v 1.135 2021/01/26 05:32:21 dtucker Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: January 22 2021 $
+.Dd $Mdocdate: January 26 2021 $
.Dt SFTP 1
.Os
.Sh NAME
@@ -247,7 +247,7 @@ For full details of the options listed below, and their possible values, see
.It HashKnownHosts
.It Host
.It HostbasedAuthentication
-.It HostbasedKeyTypes
+.It HostbasedAcceptedAlgorithms
.It HostKeyAlgorithms
.It HostKeyAlias
.It Hostname
diff --git a/ssh.1 b/ssh.1
index 0716177c..a9f67b4b 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.416 2021/01/22 02:46:40 dtucker Exp $
-.Dd $Mdocdate: January 22 2021 $
+.\" $OpenBSD: ssh.1,v 1.417 2021/01/26 05:32:21 dtucker Exp $
+.Dd $Mdocdate: January 26 2021 $
.Dt SSH 1
.Os
.Sh NAME
@@ -510,7 +510,7 @@ For full details of the options listed below, and their possible values, see
.It HashKnownHosts
.It Host
.It HostbasedAuthentication
-.It HostbasedKeyTypes
+.It HostbasedAcceptedAlgorithms
.It HostKeyAlgorithms
.It HostKeyAlias
.It Hostname
diff --git a/ssh.c b/ssh.c
index ccba1831..dc6bd16d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.547 2021/01/22 02:44:58 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.548 2021/01/26 05:32:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -802,8 +802,9 @@ main(int ac, char **av)
strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */
strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 ||
strcasecmp(optarg, "HostKeyAlgorithms") == 0 ||
- strcasecmp(optarg, "HostbasedKeyTypes") == 0 ||
- strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0)
+ strcasecmp(optarg, "HostbasedKeyTypes") == 0 || /* deprecated name */
+ strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0 || /* deprecated name */
+ strcasecmp(optarg, "HostbasedAcceptedAlgorithms") == 0)
cp = sshkey_alg_list(0, 0, 1, '\n');
else if (strcmp(optarg, "sig") == 0)
cp = sshkey_alg_list(0, 1, 1, '\n');
diff --git a/ssh_config.5 b/ssh_config.5
index 96d6f658..d099903f 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.343 2021/01/22 02:44:58 dtucker Exp $
-.Dd $Mdocdate: January 22 2021 $
+.\" $OpenBSD: ssh_config.5,v 1.344 2021/01/26 05:32:22 dtucker Exp $
+.Dd $Mdocdate: January 26 2021 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -808,7 +808,7 @@ The argument must be
or
.Cm no
(the default).
-.It Cm HostbasedKeyTypes
+.It Cm HostbasedAcceptedAlgorithms
Specifies the key types that will be used for hostbased authentication
as a comma-separated list of patterns.
Alternately if the specified list begins with a
@@ -846,6 +846,7 @@ The
option of
.Xr ssh 1
may be used to list supported key types.
+This was formerly named HostbasedKeyTypes.
.It Cm HostKeyAlgorithms
Specifies the host key algorithms
that the client wants to use in order of preference.
diff --git a/sshconnect2.c b/sshconnect2.c
index 0883a367..4bbe8d34 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.343 2021/01/25 06:00:17 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.344 2021/01/26 05:32:22 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -2100,12 +2100,12 @@ userauth_hostbased(struct ssh *ssh)
int i, r, success = 0;
if (authctxt->ktypes == NULL) {
- authctxt->oktypes = xstrdup(options.hostbased_key_types);
+ authctxt->oktypes = xstrdup(options.hostbased_accepted_algos);
authctxt->ktypes = authctxt->oktypes;
}
/*
- * Work through each listed type pattern in HostbasedKeyTypes,
+ * Work through each listed type pattern in HostbasedAcceptedAlgorithms,
* trying each hostkey that matches the type in turn.
*/
for (;;) {
diff --git a/sshd_config.5 b/sshd_config.5
index 9b7a8916..76109ab4 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.324 2021/01/22 02:44:58 dtucker Exp $
-.Dd $Mdocdate: January 22 2021 $
+.\" $OpenBSD: sshd_config.5,v 1.325 2021/01/26 05:32:22 dtucker Exp $
+.Dd $Mdocdate: January 26 2021 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -658,7 +658,7 @@ machine's default store.
This facility is provided to assist with operation on multi homed machines.
The default is
.Cm yes .
-.It Cm HostbasedAcceptedKeyTypes
+.It Cm HostbasedAcceptedAlgorithms
Specifies the key types that will be accepted for hostbased authentication
as a list of comma-separated patterns.
Alternately if the specified list begins with a
@@ -692,7 +692,8 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
.Ed
.Pp
The list of available key types may also be obtained using
-.Qq ssh -Q HostbasedAcceptedKeyTypes .
+.Qq ssh -Q HostbasedAcceptedAlgorithms .
+This was formerly named HostbasedAcceptedKeyTypes.
.It Cm HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
@@ -1190,7 +1191,7 @@ Available keywords are
.Cm ForceCommand ,
.Cm GatewayPorts ,
.Cm GSSAPIAuthentication ,
-.Cm HostbasedAcceptedKeyTypes ,
+.Cm HostbasedAcceptedAlgorithms ,
.Cm HostbasedAuthentication ,
.Cm HostbasedUsesNameFromPacketOnly ,
.Cm IgnoreRhosts ,
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list