mhameed
/
cdist
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
cdist/cdist/conf/type/__sshd_config/explorer/state

122 lines
3.2 KiB
Plaintext
Raw Normal View History

__sshd config: New type
2020-11-19 18:33:47 +00:00
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Determines the current state of the config option.
# Possible output:
# - present: "should" option present in config file
# - default: the "should" option is the default -> dont know if present
# - absent: no such option present in config file
#
joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; }
trlower() { tr '[:upper:]' '[:lower:]'; }
tolower() { printf '%s' "$*" | trlower; }
default_value() {
sshd -T -f /dev/null -C "$(make_conn_spec)" \
| sed -n -e 's/^'"$(tolower "${1:?}")"'[[:blank:]]\{1,\}//p'
}
make_conn_spec() {
if test -s "${__object:?}/parameter/match"
then
_match_file="${__object:?}/parameter/match"
else
_match_file='/dev/null'
fi
for _kw in \
addr=Address \
user=User \
host=Host \
laddr=LocalAddress \
lport=LocalPort \
rdomain=RDomain
do
_specname=${_kw%%=*}
_confname=$(tolower "${_kw#*=}")
while read -r _k _v
do
if test "$(tolower "${_k}")" = "${_confname}"
then
printf '%s=%s\n' "${_specname}" "${_v}"
continue 2
fi
done <"${_match_file}"
# NOTE: Print test spec even for empty keys to suppress errors like:
# 'Match User' in configuration but 'user' not in connection test specification.
# except lport:
# Invalid port '' in test mode specification lport=
test "${_specname}" = 'lport' || printf '%s=\n' "${_specname}"
done \
| joinlines ','
unset _match_file
}
sshd_config_file=$(cat "${__object:?}/parameter/file")
state_should=$(cat "${__object:?}/parameter/state")
if test -s "${__object:?}/parameter/option"
then
option_name=$(cat "${__object:?}/parameter/option")
else
option_name=${__object_id:?}
fi
value_should=$(cat "${__object:?}/parameter/value" 2>/dev/null) \
|| test "${state_should}" = absent || exit 0 # param optional if --state absent
command -v sshd >/dev/null 2>&1 || {
echo 'Cannot find sshd.' >&2
exit 1
}
test -e "${sshd_config_file}" || {
echo 'absent'
exit 0
}
value_is=$(
sshd -T -f "${sshd_config_file}" -C "$(make_conn_spec)" \
| sed -n -e 's/^'"$(tolower "${option_name}")"'[[:blank:]]\{1,\}//p')
if printf '%s\n' "${value_is}" | {
if test -n "${value_should}"
then
grep -q -x -F "${value_should}"
else
# if no value provided, assume "any" value
grep -q -e .
fi
}
then
if default_value "${option_name}" | grep -q -x -F "${value_is}"
then
# Might produce false positives for default values.
# TODO: Manual checking should be done, but for simplicity, this case is
# currently ignored here.
echo default
else
echo present
fi
else
echo absent
fi