sshd_config lens patch (was: [config-model-users] [augeas-devel] Re: Semantic problem in augeas sshd lens ?)
Dominique Dumont
dominique.dumont at hp.com
Mon Sep 8 16:36:36 UTC 2008
David Lutterkort <lutter at redhat.com> writes:
>> I'm somewhat reluctant to mix Augeas defined keyword with OpenSSH
>> keywords at the same structural level. How about :
>>
>> { "Match"
>> { "Condition" { "User" = "sarko" }}
>> { "Condition" { "Group" = "pres.*" }}
>> { "Payload" { "Banner" = "/etc/bienvenue.txt" }
>> { "X11Forwarding" = "no" }
>> }
>>
>> Then, the effect of the Match'ed condition are explicit in the Payload
>> lens.
>
> Can we call that 'Settings' or similar ? Though I quite liked the
> '.Condition', especially since I came up with it ;)
I'm fine with "Settings".
Here's the first attempt for a better sshd lens.
All the best
diff -r 09dcb70fa724 lenses/sshd.aug
--- a/lenses/sshd.aug Thu Aug 28 21:38:11 2008 -0700
+++ b/lenses/sshd.aug Mon Sep 08 18:33:42 2008 +0200
@@ -7,7 +7,7 @@
let sep = Util.del_ws_spc
let key_re = /[A-Za-z0-9]+/
- - /MACs|Match|AcceptEnv|(Allow|Deny)(Groups|Users)/
+ - /MACs|Match|AcceptEnv|Subsystem|(Allow|Deny)(Groups|Users)/
let comment = [ del /(#.*|[ \t]*)\n/ "\n" ]
@@ -26,6 +26,14 @@
let deny_groups = array_entry "DenyGroups"
let deny_users = array_entry "DenyUsers"
+ let subsystemvalue =
+ let value = store /[^ \t\n]+/ in
+ [ key /[A-Za-z0-9]+/ . sep . value . eol ]
+
+ let subsystem =
+ let value = store /[^ \t\n]+([ \t]+[^ \t\n]+)*/ in
+ [ key "Subsystem" . sep . subsystemvalue ]
+
let macs =
let mac_value = store /[^, \t\n]+/ in
[ key "MACs" . sep .
@@ -33,17 +41,21 @@
([ seq "macs" . Util.del_str "," . mac_value])* .
eol ]
+ let match_cond =
+ [ label "Condition" . sep . [ key /[A-Za-z0-9]+/ . sep .
+ store /[^ \t\n]+/ ] ]
+
+ let match_entry =
+ ( comment | other_entry )
+
let match =
- let value = store /[^ \t\n]+([ \t]+[^ \t\n]+)*/ in
- [ key "Match" . sep .
- [ seq "match" .
- [ label "cond" . value . eol ] .
- (sep . other_entry) *
- ]
+ [ key "Match" . match_cond+ . del / */ "" . del "\n" "\n"
+ . [ label "Settings" . match_entry+ ]
]
let lns = (comment | accept_env | allow_groups | allow_users
- | deny_groups | deny_users | macs | match | other_entry ) *
+ | deny_groups | subsystem | deny_users | macs
+ | other_entry ) * . match*
let xfm = transform lns (incl "/etc/ssh/sshd_config")
diff -r 09dcb70fa724 lenses/tests/test_sshd.aug
--- a/lenses/tests/test_sshd.aug Thu Aug 28 21:38:11 2008 -0700
+++ b/lenses/tests/test_sshd.aug Mon Sep 08 18:33:42 2008 +0200
@@ -1,5 +1,8 @@
module Test_sshd =
- let accept_env = "Protocol 2\nAcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT \nAcceptEnv LC_IDENTIFICATION LC_ALL\n"
+
+ let accept_env = "Protocol 2
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL\n"
test Sshd.lns get accept_env =
{ "Protocol" = "2" }
@@ -9,9 +12,16 @@
{ "3" = "LC_ADDRESS" }
{ "4" = "LC_TELEPHONE" }
{ "5" = "LC_MEASUREMENT" } }
- { "AcceptEnv"
+ { "AcceptEnv"
{ "6" = "LC_IDENTIFICATION" }
{ "7" = "LC_ALL" } }
+
+
+ test Sshd.lns get "HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key\n" =
+ { "HostKey" = "/etc/ssh/ssh_host_rsa_key" }
+ { "HostKey" = "/etc/ssh/ssh_host_dsa_key" }
+
test Sshd.lns put accept_env after
rm "AcceptEnv";
@@ -20,6 +30,37 @@
set "X11Forwarding" "yes"
= "Protocol 1.5\nX11Forwarding yes\n"
+ test Sshd.lns get "AuthorizedKeysFile %h/.ssh/authorized_keys\n" =
+ { "AuthorizedKeysFile" = "%h/.ssh/authorized_keys" }
+
+ test Sshd.lns get "Subsystem sftp /usr/lib/openssh/sftp-server\n" =
+ { "Subsystem"
+ { "sftp" = "/usr/lib/openssh/sftp-server" } }
+
+
+
+ let match_blocks = "X11Forwarding yes
+Match User sarko Group pres.*
+Banner /etc/bienvenue.txt
+X11Forwarding no
+Match User bush Group pres.* Host white.house.*
+Banner /etc/welcome.txt
+"
+ test Sshd.lns get match_blocks =
+ { "X11Forwarding" = "yes"}
+ { "Match"
+ { "Condition" { "User" = "sarko" } }
+ { "Condition" { "Group" = "pres.*" } }
+ { "Settings" { "Banner" = "/etc/bienvenue.txt" }
+ { "X11Forwarding" = "no" } } }
+ { "Match"
+ { "Condition" { "User" = "bush" } }
+ { "Condition" { "Group" = "pres.*" } }
+ { "Condition" { "Host" = "white.house.*" } }
+ { "Settings" { "Banner" = "/etc/welcome.txt" } } }
+
+
+
(* Local Variables: *)
(* mode: caml *)
(* End: *)
--
Dominique Dumont
"Delivering successful solutions requires giving people what they
need, not what they want." Kurt Bittner
More information about the augeas-devel
mailing list