diff options
| author | Emanuele Giuseppe Esposito <eesposit@redhat.com> | 2021-09-08 02:08:36 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-07 19:08:36 -0500 |
| commit | 2ce857248162957a785af61c135ca8433fdbbcde (patch) | |
| tree | 1d8d7b3abe0f73fceef2e5b227c04a8e398cf236 | |
| parent | e69a88745e37061e0ab0a1e67ad11015cca610c1 (diff) | |
| download | vyos-cloud-init-2ce857248162957a785af61c135ca8433fdbbcde.tar.gz vyos-cloud-init-2ce857248162957a785af61c135ca8433fdbbcde.zip | |
ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007)
As specified in #LP 1845552,
In cloudinit/ssh_util.py, in parse_ssh_config_lines(), we attempt to
parse each line of sshd_config. This function expects each line to
be one of the following forms:
\# comment
key value
key=value
However, options like DenyGroups and DenyUsers are specified to
*optionally* accepts values in sshd_config.
Cloud-init should comply to this and skip the option if a value
is not provided.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
| -rw-r--r-- | cloudinit/ssh_util.py | 8 | ||||
| -rw-r--r-- | tests/unittests/test_sshutil.py | 8 |
2 files changed, 15 insertions, 1 deletions
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py index 9ccadf09..33679dcc 100644 --- a/cloudinit/ssh_util.py +++ b/cloudinit/ssh_util.py @@ -484,7 +484,13 @@ def parse_ssh_config_lines(lines): try: key, val = line.split(None, 1) except ValueError: - key, val = line.split('=', 1) + try: + key, val = line.split('=', 1) + except ValueError: + LOG.debug( + "sshd_config: option \"%s\" has no key/value pair," + " skipping it", line) + continue ret.append(SshdConfigLine(line, key, val)) return ret diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py index a66788bf..08e20050 100644 --- a/tests/unittests/test_sshutil.py +++ b/tests/unittests/test_sshutil.py @@ -525,6 +525,14 @@ class TestUpdateSshConfigLines(test_helpers.CiTestCase): self.assertEqual([self.pwauth], result) self.check_line(lines[-1], self.pwauth, "no") + def test_option_without_value(self): + """Implementation only accepts key-value pairs.""" + extended_exlines = self.exlines.copy() + denyusers_opt = "DenyUsers" + extended_exlines.append(denyusers_opt) + lines = ssh_util.parse_ssh_config_lines(list(extended_exlines)) + self.assertNotIn(denyusers_opt, str(lines)) + def test_single_option_updated(self): """A single update should have change made and line updated.""" opt, val = ("UsePAM", "no") |