From 4fc1eb4c0af955a9458a4b976e742dae20a027e1 Mon Sep 17 00:00:00 2001 From: Dave Re <109117084+dave-re-imprivata@users.noreply.github.com> Date: Wed, 22 Feb 2023 15:58:51 -0600 Subject: [PATCH] Update sshd lens for additional list --- lenses/sshd.aug | 6 ++++-- lenses/tests/test_sshd.aug | 9 ++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lenses/sshd.aug b/lenses/sshd.aug index bb95aa5ec..cb36f6ca2 100644 --- a/lenses/sshd.aug +++ b/lenses/sshd.aug @@ -73,7 +73,7 @@ module Sshd = let indent = del /[ \t]*/ " " let key_re = /[A-Za-z0-9]+/ - - /MACs|Match|AcceptEnv|Subsystem|Ciphers|((GSSAPI|)Kex|HostKey|CASignature)Algorithms|PubkeyAcceptedKeyTypes|(Allow|Deny)(Groups|Users)/i + - /MACs|Match|AcceptEnv|Subsystem|Ciphers|((GSSAPI|)Kex|HostKey|CASignature|PubkeyAccepted)Algorithms|PubkeyAcceptedKeyTypes|(Allow|Deny)(Groups|Users)/i let comment = Util.comment let comment_noindent = Util.comment_noindent @@ -124,12 +124,14 @@ module Sshd = let casignaturealgorithms = list /CASignatureAlgorithms/i "CASignatureAlgorithms" let pubkeyacceptedkeytypes = list /PubkeyAcceptedKeyTypes/i "PubkeyAcceptedKeyTypes" + + let pubkeyacceptedalgorithms = list /PubkeyAcceptedAlgorithms/i "PubkeyAcceptedAlgorithms" let entry = accept_env | allow_groups | allow_users | deny_groups | subsystem | deny_users | macs | ciphers | kexalgorithms | hostkeyalgorithms | gssapikexalgorithms | casignaturealgorithms - | pubkeyacceptedkeytypes | other_entry + | pubkeyacceptedkeytypes | pubkeyacceptedalgorithms | other_entry let condition_entry = let k = /[A-Za-z0-9]+/ in diff --git a/lenses/tests/test_sshd.aug b/lenses/tests/test_sshd.aug index 29e972644..741586c39 100644 --- a/lenses/tests/test_sshd.aug +++ b/lenses/tests/test_sshd.aug @@ -101,12 +101,14 @@ Match Group \"Domain users\" (* Test: Sshd.lns Parse Ciphers, KexAlgorithms, HostKeyAlgorithms as lists (GH issue #69) - Parse GSSAPIKexAlgorithms, PubkeyAcceptedKeyTypes, CASignatureAlgorithms as lists (GH PR #721) *) + Parse GSSAPIKexAlgorithms, PubkeyAcceptedKeyTypes, CASignatureAlgorithms as lists (GH PR #721) + Parse PubkeyAcceptedAlgorithms as a list (GH issue #804) *) test Sshd.lns get "Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256- PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384 +PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384 CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\n" = { "Ciphers" { "1" = "aes256-gcm@openssh.com" } @@ -135,6 +137,11 @@ CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp52 { "2" = "ecdsa-sha2-nistp256-cert-v01@openssh.com" } { "3" = "ecdsa-sha2-nistp384" } } + { "PubkeyAcceptedAlgorithms" + { "1" = "ecdsa-sha2-nistp256" } + { "2" = "ecdsa-sha2-nistp256-cert-v01@openssh.com" } + { "3" = "ecdsa-sha2-nistp384" } + } { "CASignatureAlgorithms" { "1" = "ecdsa-sha2-nistp256" } { "2" = "ecdsa-sha2-nistp384" }