Solve issue #113 "Remove unneeded configuration options not supported by OpenSSH anymore"

Remove config options: protocol, mac, cipher, compressionlevel,
gssapikeyexchange,
gssapirenewalforcesrekey,
gssapitrustdns,
rhostsrsaauthentication,
rsaauthentication,
useprivilegedport,
pubkeyacceptedtypes
since they are not supported by OpenSSH

Rename some config options:
hostbasedkeytypes, challengeresponseauthentication and pubkeyacceptedkeytypes
to hosbasedacceptedalgorithms, kdbinteractiveauthentication and pubkeyacceptedalgorithms
to be consistent with the OpenSSH manual https://man.openbsd.org/sshd_config.
Keep pubkeyacceptedkeytypes for backward compatibility.
Rename SOC_PUBKEYACCEPTEDTYPES to SOC_PUBKEYACCEPTEDKEYTYPES in config.h

Update unittests/torture_config.c and unittests/torture_options.c

Signed-off-by: Anh Minh Tran <anhminh@seznam.cz>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

include/libssh/config.h

@@ -42,7 +42,6 @@ enum ssh_config_opcode_e {
     SOC_MACS,
     SOC_COMPRESSION,
     SOC_TIMEOUT,
-    SOC_PROTOCOL,
     SOC_STRICTHOSTKEYCHECK,
     SOC_KNOWNHOSTS,
     SOC_PROXYCOMMAND,
@@ -60,7 +59,7 @@ enum ssh_config_opcode_e {
     SOC_KBDINTERACTIVEAUTHENTICATION,
     SOC_PASSWORDAUTHENTICATION,
     SOC_PUBKEYAUTHENTICATION,
-    SOC_PUBKEYACCEPTEDTYPES,
+    SOC_PUBKEYACCEPTEDKEYTYPES,
     SOC_REKEYLIMIT,
 
     SOC_MAX /* Keep this one last in the list */

src/config.c

@@ -68,7 +68,6 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "macs", SOC_MACS },
   { "compression", SOC_COMPRESSION },
   { "connecttimeout", SOC_TIMEOUT },
-  { "protocol", SOC_PROTOCOL },
   { "stricthostkeychecking", SOC_STRICTHOSTKEYCHECK },
   { "userknownhostsfile", SOC_KNOWNHOSTS },
   { "proxycommand", SOC_PROXYCOMMAND },
@@ -81,7 +80,6 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "loglevel", SOC_LOGLEVEL},
   { "hostkeyalgorithms", SOC_HOSTKEYALGORITHMS},
   { "kexalgorithms", SOC_KEXALGORITHMS},
-  { "mac", SOC_UNSUPPORTED}, /* SSHv1 */
   { "gssapiauthentication", SOC_GSSAPIAUTHENTICATION},
   { "kbdinteractiveauthentication", SOC_KBDINTERACTIVEAUTHENTICATION},
   { "passwordauthentication", SOC_PASSWORDAUTHENTICATION},
@@ -95,20 +93,15 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "canonicalizemaxdots", SOC_UNSUPPORTED},
   { "canonicalizepermittedcnames", SOC_UNSUPPORTED},
   { "certificatefile", SOC_UNSUPPORTED},
-  { "challengeresponseauthentication", SOC_UNSUPPORTED},
+  { "kbdinteractiveauthentication", SOC_UNSUPPORTED},
   { "checkhostip", SOC_UNSUPPORTED},
-  { "cipher", SOC_UNSUPPORTED}, /* SSHv1 */
-  { "compressionlevel", SOC_UNSUPPORTED}, /* SSHv1 */
   { "connectionattempts", SOC_UNSUPPORTED},
   { "enablesshkeysign", SOC_UNSUPPORTED},
   { "fingerprinthash", SOC_UNSUPPORTED},
   { "forwardagent", SOC_UNSUPPORTED},
-  { "gssapikeyexchange", SOC_UNSUPPORTED},
-  { "gssapirenewalforcesrekey", SOC_UNSUPPORTED},
-  { "gssapitrustdns", SOC_UNSUPPORTED},
   { "hashknownhosts", SOC_UNSUPPORTED},
   { "hostbasedauthentication", SOC_UNSUPPORTED},
-  { "hostbasedkeytypes", SOC_UNSUPPORTED},
+  { "hostbasedacceptedalgorithms", SOC_UNSUPPORTED},
   { "hostkeyalias", SOC_UNSUPPORTED},
   { "identitiesonly", SOC_UNSUPPORTED},
   { "identityagent", SOC_UNSUPPORTED},
@@ -120,12 +113,10 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "preferredauthentications", SOC_UNSUPPORTED},
   { "proxyjump", SOC_PROXYJUMP},
   { "proxyusefdpass", SOC_UNSUPPORTED},
-  { "pubkeyacceptedtypes", SOC_PUBKEYACCEPTEDTYPES},
+  { "pubkeyacceptedalgorithms", SOC_PUBKEYACCEPTEDKEYTYPES},
   { "rekeylimit", SOC_REKEYLIMIT},
   { "remotecommand", SOC_UNSUPPORTED},
   { "revokedhostkeys", SOC_UNSUPPORTED},
-  { "rhostsrsaauthentication", SOC_UNSUPPORTED},
-  { "rsaauthentication", SOC_UNSUPPORTED}, /* SSHv1 */
   { "serveralivecountmax", SOC_UNSUPPORTED},
   { "serveraliveinterval", SOC_UNSUPPORTED},
   { "streamlocalbindmask", SOC_UNSUPPORTED},
@@ -133,7 +124,6 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "syslogfacility", SOC_UNSUPPORTED},
   { "tcpkeepalive", SOC_UNSUPPORTED},
   { "updatehostkeys", SOC_UNSUPPORTED},
-  { "useprivilegedport", SOC_UNSUPPORTED},
   { "verifyhostkeydns", SOC_UNSUPPORTED},
   { "visualhostkey", SOC_UNSUPPORTED},
   { "clearallforwardings", SOC_NA},
@@ -157,7 +147,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "tunnel", SOC_NA},
   { "tunneldevice", SOC_NA},
   { "xauthlocation", SOC_NA},
-  { "pubkeyacceptedkeytypes", SOC_PUBKEYACCEPTEDTYPES},
+  { "pubkeyacceptedkeytypes", SOC_PUBKEYACCEPTEDKEYTYPES},
   { NULL, SOC_UNKNOWN }
 };
 
@@ -887,34 +877,6 @@ ssh_config_parse_line(ssh_session session,
         }
       }
       break;
-    case SOC_PROTOCOL:
-      p = ssh_config_get_str_tok(&s, NULL);
-      if (p && *parsing) {
-        char *a, *b, *save = NULL;
-        b = strdup(p);
-        if (b == NULL) {
-          SAFE_FREE(x);
-          ssh_set_error_oom(session);
-          return -1;
-        }
-        i = 0;
-        ssh_options_set(session, SSH_OPTIONS_SSH2, &i);
-
-        for (a = strtok_r(b, ",", &save); a; a = strtok_r(NULL, ",", &save)) {
-          switch (atoi(a)) {
-            case 1:
-              break;
-            case 2:
-              i = 1;
-              ssh_options_set(session, SSH_OPTIONS_SSH2, &i);
-              break;
-            default:
-              break;
-          }
-        }
-        SAFE_FREE(b);
-      }
-      break;
     case SOC_TIMEOUT:
       l = ssh_config_get_long(&s, -1);
       if (l >= 0 && *parsing) {
@@ -1015,7 +977,7 @@ ssh_config_parse_line(ssh_session session,
             ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, p);
         }
         break;
-    case SOC_PUBKEYACCEPTEDTYPES:
+    case SOC_PUBKEYACCEPTEDKEYTYPES:
         p = ssh_config_get_str_tok(&s, NULL);
         if (p && *parsing) {
             ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, p);

tests/unittests/torture_config.c

@@ -37,6 +37,7 @@ extern LIBSSH_THREAD int ssh_log_level;
 #define LIBSSH_TESTCONFIG12 "libssh_testconfig12.tmp"
 #define LIBSSH_TESTCONFIGGLOB "libssh_testc*[36].tmp"
 #define LIBSSH_TEST_PUBKEYTYPES "libssh_test_PubkeyAcceptedKeyTypes.tmp"
+#define LIBSSH_TEST_PUBKEYALGORITHMS "libssh_test_PubkeyAcceptedAlgorithms.tmp"
 #define LIBSSH_TEST_NONEWLINEEND "libssh_test_NoNewLineEnd.tmp"
 #define LIBSSH_TEST_NONEWLINEONELINE "libssh_test_NoNewLineOneline.tmp"
 #define LIBSSH_TEST_RECURSIVE_INCLUDE "libssh_test_recursive_include.tmp"
@@ -52,7 +53,7 @@ extern LIBSSH_THREAD int ssh_log_level;
     "\n\nIdentityFile "ID_FILE"\n" \
     "\n\nKexAlgorithms "KEXALGORITHMS"\n" \
     "\n\nHostKeyAlgorithms "HOSTKEYALGORITHMS"\n" \
-    "\n\nPubkeyAcceptedTypes "PUBKEYACCEPTEDTYPES"\n" \
+    "\n\nPubkeyAcceptedAlgorithms "PUBKEYACCEPTEDTYPES"\n" \
     "\n\nMACs "MACS"\n"
 
 /* Multiple Port settings -> parsing returns early. */
@@ -178,6 +179,9 @@ extern LIBSSH_THREAD int ssh_log_level;
 #define LIBSSH_TEST_PUBKEYTYPES_STRING \
     "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n"
 
+#define LIBSSH_TEST_PUBKEYALGORITHMS_STRING \
+    "PubkeyAcceptedAlgorithms "PUBKEYACCEPTEDTYPES"\n"
+
 #define LIBSSH_TEST_NONEWLINEEND_STRING \
     "ConnectTimeout 30\n" \
     "LogLevel DEBUG3"
@@ -230,6 +234,7 @@ static int setup_config_files(void **state)
     unlink(LIBSSH_TESTCONFIG11);
     unlink(LIBSSH_TESTCONFIG12);
     unlink(LIBSSH_TEST_PUBKEYTYPES);
+    unlink(LIBSSH_TEST_PUBKEYALGORITHMS);
     unlink(LIBSSH_TEST_NONEWLINEEND);
     unlink(LIBSSH_TEST_NONEWLINEONELINE);
 
@@ -278,6 +283,9 @@ static int setup_config_files(void **state)
     torture_write_file(LIBSSH_TEST_PUBKEYTYPES,
                        LIBSSH_TEST_PUBKEYTYPES_STRING);
 
+    torture_write_file(LIBSSH_TEST_PUBKEYALGORITHMS,
+                       LIBSSH_TEST_PUBKEYALGORITHMS_STRING);
+
     torture_write_file(LIBSSH_TEST_NONEWLINEEND,
                        LIBSSH_TEST_NONEWLINEEND_STRING);
 
@@ -304,6 +312,7 @@ static int teardown_config_files(void **state)
     unlink(LIBSSH_TESTCONFIG11);
     unlink(LIBSSH_TESTCONFIG12);
     unlink(LIBSSH_TEST_PUBKEYTYPES);
+    unlink(LIBSSH_TEST_PUBKEYALGORITHMS);
 
     return 0;
 }
@@ -1291,6 +1300,22 @@ static void torture_config_pubkeytypes_string(void **state)
     torture_config_pubkeytypes(state, NULL, LIBSSH_TEST_PUBKEYTYPES_STRING);
 }
 
+/**
+ * @brief test parsing PubkeyAcceptedKAlgorithms from file
+ */
+static void torture_config_pubkeyalgorithms_file(void **state)
+{
+    torture_config_pubkeytypes(state, LIBSSH_TEST_PUBKEYALGORITHMS, NULL);
+}
+
+/**
+ * @brief test parsing PubkeyAcceptedAlgorithms from string
+ */
+static void torture_config_pubkeyalgorithms_string(void **state)
+{
+    torture_config_pubkeytypes(state, NULL, LIBSSH_TEST_PUBKEYALGORITHMS_STRING);
+}
+
 /**
  * @brief Verify the configuration parser handles
  * missing newline in the end
@@ -1777,6 +1802,10 @@ int torture_run_tests(void)
                                         setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_pubkeytypes_string,
                                         setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_pubkeyalgorithms_file,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_pubkeyalgorithms_string,
+                                        setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_nonewlineend_file,
                                         setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_nonewlineend_string,

tests/unittests/torture_options.c

@@ -837,7 +837,7 @@ static void torture_options_copy(void **state)
           "MACs hmac-sha2-256\n"
           "HostKeyAlgorithms ssh-ed25519,ecdsa-sha2-nistp521\n"
           "Compression yes\n"
-          "PubkeyAcceptedTypes ssh-ed25519,ecdsa-sha2-nistp521\n"
+          "PubkeyAcceptedAlgorithms ssh-ed25519,ecdsa-sha2-nistp521\n"
           "ProxyCommand nc 127.0.0.10 22\n"
           /* ops.custombanner */
           "ConnectTimeout 42\n"