diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-06-11 15:57:59 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-06-11 15:57:59 +0200 |
commit | c2c91c4a7c74c851236a40759fa56521f39cd2cc (patch) | |
tree | f5fa3a352a8b66632ea0484269eed2fc1ecb119b | |
parent | 50d1811aa37b3f95c5ea65873e36fb5348496d93 (diff) | |
download | vyos-1x-c2c91c4a7c74c851236a40759fa56521f39cd2cc.tar.gz vyos-1x-c2c91c4a7c74c851236a40759fa56521f39cd2cc.zip |
ssh: T2321: use list over string when working with Config()
-rwxr-xr-x | src/conf_mode/ssh.py | 97 |
1 files changed, 45 insertions, 52 deletions
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index c830497ab..2cc823e21 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -37,77 +37,70 @@ default_config_data = { def get_config(): ssh = default_config_data conf = Config() - if not conf.exists('service ssh'): + base = ['service', 'ssh'] + if not conf.exists(base): return None else: - conf.set_level('service ssh') + conf.set_level(base) - if conf.exists('access-control allow user'): - allow_users = conf.return_values('access-control allow user') - ssh['allow_users'] = allow_users + tmp = ['access-control', 'allow', 'user'] + if conf.exists(tmp): + ssh['allow_users'] = conf.return_values(tmp) - if conf.exists('access-control allow group'): - allow_groups = conf.return_values('access-control allow group') - ssh['allow_groups'] = allow_groups + tmp = ['access-control', 'allow', 'group'] + if conf.exists(tmp): + ssh['allow_groups'] = conf.return_values(tmp) - if conf.exists('access-control deny user'): - deny_users = conf.return_values('access-control deny user') - ssh['deny_users'] = deny_users + tmp = ['access-control', 'deny' 'user'] + if conf.exists(tmp): + ssh['deny_users'] = conf.return_values(tmp) - if conf.exists('access-control deny group'): - deny_groups = conf.return_values('access-control deny group') - ssh['deny_groups'] = deny_groups + tmp = ['access-control', 'deny', 'group'] + if conf.exists(tmp): + ssh['deny_groups'] = conf.return_values(tmp) - if conf.exists('ciphers'): - ciphers = conf.return_values('ciphers') - ssh['ciphers'] = ciphers + tmp = ['ciphers'] + if conf.exists(tmp): + ssh['ciphers'] = conf.return_values(tmp) - if conf.exists('disable-host-validation'): + tmp = ['key-exchange'] + if conf.exists(tmp): + ssh['key_exchange'] = conf.return_values(tmp) + + if conf.exists(['disable-host-validation']): ssh['host_validation'] = 'no' - if conf.exists('disable-password-authentication'): + if conf.exists(['disable-password-authentication']): ssh['password_authentication'] = 'no' - if conf.exists('key-exchange'): - kex = conf.return_values('key-exchange') - ssh['key_exchange'] = kex - - if conf.exists('listen-address'): + tmp = ['listen-address'] + if conf.exists(tmp): # We can listen on both IPv4 and IPv6 addresses # Maybe there could be a check in the future if the configured IP address # is configured on this system at all? - addresses = conf.return_values('listen-address') - listen = [] - - for addr in addresses: - listen.append(addr) - - ssh['listen_on'] = listen + ssh['listen_on'] = conf.return_values(tmp) - if conf.exists('loglevel'): - ssh['log_level'] = conf.return_value('loglevel') + tmp = ['loglevel'] + if conf.exists(tmp): + ssh['log_level'] = conf.return_value(tmp) - if conf.exists('mac'): - mac = conf.return_values('mac') - ssh['mac'] = mac + tmp = ['mac'] + if conf.exists(tmp): + ssh['mac'] = conf.return_values(tmp) - if conf.exists('port'): - ports = conf.return_values('port') - mport = [] + tmp = ['port'] + if conf.exists(tmp): + ssh['port'] = conf.return_values(tmp) - for prt in ports: - mport.append(prt) + tmp = ['client-keepalive-interval'] + if conf.exists(tmp): + ssh['client_keepalive'] = conf.return_value(tmp) - ssh['mport'] = mport - - if conf.exists('client-keepalive-interval'): - client_keepalive = conf.return_value('client-keepalive-interval') - ssh['client_keepalive'] = client_keepalive return ssh def verify(ssh): - if ssh is None: + if not ssh: return None if 'loglevel' in ssh.keys(): @@ -118,20 +111,20 @@ def verify(ssh): return None def generate(ssh): - if ssh is None: + if not ssh: return None render(config_file, 'ssh/sshd_config.tmpl', ssh, trim_blocks=True) return None def apply(ssh): - if ssh is not None and 'port' in ssh.keys(): - call("systemctl restart ssh.service") - else: + if not ssh: # SSH access is removed in the commit - call("systemctl stop ssh.service") + call('systemctl stop ssh.service') if os.path.isfile(config_file): os.unlink(config_file) + else: + call('systemctl restart ssh.service') return None |