From 2ce857248162957a785af61c135ca8433fdbbcde Mon Sep 17 00:00:00 2001 From: Emanuele Giuseppe Esposito Date: Wed, 8 Sep 2021 02:08:36 +0200 Subject: ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007) As specified in #LP 1845552, In cloudinit/ssh_util.py, in parse_ssh_config_lines(), we attempt to parse each line of sshd_config. This function expects each line to be one of the following forms: \# comment key value key=value However, options like DenyGroups and DenyUsers are specified to *optionally* accepts values in sshd_config. Cloud-init should comply to this and skip the option if a value is not provided. Signed-off-by: Emanuele Giuseppe Esposito --- tests/unittests/test_sshutil.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests/unittests') diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py index a66788bf..08e20050 100644 --- a/tests/unittests/test_sshutil.py +++ b/tests/unittests/test_sshutil.py @@ -525,6 +525,14 @@ class TestUpdateSshConfigLines(test_helpers.CiTestCase): self.assertEqual([self.pwauth], result) self.check_line(lines[-1], self.pwauth, "no") + def test_option_without_value(self): + """Implementation only accepts key-value pairs.""" + extended_exlines = self.exlines.copy() + denyusers_opt = "DenyUsers" + extended_exlines.append(denyusers_opt) + lines = ssh_util.parse_ssh_config_lines(list(extended_exlines)) + self.assertNotIn(denyusers_opt, str(lines)) + def test_single_option_updated(self): """A single update should have change made and line updated.""" opt, val = ("UsePAM", "no") -- cgit v1.2.3