search

hercules-team / augeas

A configuration editing tool and API
http://augeas.net/
GNU Lesser General Public License v2.1
486 stars 199 forks source link

Ssh: cannot parse Match options #632

Closed ptoscano closed 4 years ago

ptoscano commented 5 years ago

The Ssh lens cannot parse the Match option. A simple example is in a ssh_config.d snipped shipped in Fedora (30), /etc/ssh/ssh_config.d/05-redhat.conf:

# The options here are in the "Match final block" to be applied as the last
# options and could be potentially overwritten by the user configuration
Match final all
        # Follow system-wide Crypto Policy, if defined:
        Include /etc/crypto-policies/back-ends/openssh.config

        GSSAPIAuthentication yes

# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
        ForwardX11Trusted yes

# Send locale-related environment variables
        SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
        SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
        SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
        SendEnv XMODIFIERS

# Uncomment this if you want to use .local domain
# Host *.local

See also the documentation for it: https://man.openbsd.org/ssh_config#Match.

The Sshd (for sshd_config) lens already handles Match options, although it seems they are slightly different than what allowed in ssh_config.

raphink commented 5 years ago

Which version of Augeas are you using?

ptoscano commented 5 years ago

Which version of Augeas are you using?

It does not matter, since this happens with current git master.

raphink commented 5 years ago

I can parse your example fine with current git master.

$ augtool -I lenses/ -At "Sshd.lns incl /tmp/sshd_config" get /files/tmp/sshd_config/Match/Condition/final
/files/tmp/sshd_config/Match/Condition/final = all
ptoscano commented 5 years ago

I can parse your example fine with current git master.

$ augtool -I lenses/ -At "Sshd.lns incl /tmp/sshd_config" get /files/tmp/sshd_config/Match/Condition/final
/files/tmp/sshd_config/Match/Condition/final = all

Yes, the Sshd lens handles it, but not the Ssh lens.

raphink commented 5 years ago

Ah, I was not aware that ssh_config supported Match groups!

granquet commented 4 years ago

I would be interested in getting this issue fixed. I toyed with the idea on top of release-1.8.0

I'm discovering augeas, it seems to parse and generate proper ssh_config files. heavily inspired by sshd.aug

diff --git a/lenses/ssh.aug b/lenses/ssh.aug
index 3210bdd6..092b2dab 100644
--- a/lenses/ssh.aug
+++ b/lenses/ssh.aug
@@ -39,6 +39,7 @@ module Ssh =
     let value_to_eol = store Rx.space_in
     let value_to_spc = store Rx.no_spaces
     let value_to_comma = store /[^, \t\r\n]+/
+    let sep = del /[ \t=]+/ " "

 (************************************************************************
@@ -99,12 +100,26 @@ module Ssh =

     let host = [ key /Host/i . spc . value_to_eol . eol . entry* ]

+   let condition_entry =
+    let value = store  /[^ \t\n=]+/ in
+    [ sep . key /[A-Za-z0-9]+/ . sep . value ]
+
+   let match_cond =
+     [ label "Condition" . condition_entry+ . eol ]
+
+   let match_entry = indent . entry
+
+   let match =
+     [ key /Match/i . match_cond
+        . [ label "Settings" .  match_entry+ ]
+     ]
+

 (************************************************************************
  * Group:                 LENS
  *************************************************************************)

-    let lns = entry* . host*
+    let lns = entry* . (host | match)*

     let xfm = transform lns (incl "/etc/ssh/ssh_config" .
                              incl (Sys.getenv("HOME") . "/.ssh/config") .
raphink commented 4 years ago

Looks like a good start @granquet !

Could you open a PR and add tests please?

raphink commented 4 years ago

Fixed in #695