From c100fc88a3fbe001281d0d39a335c092186b5e23 Mon Sep 17 00:00:00 2001 From: Robert Fairburn Date: Fri, 19 Sep 2014 10:47:35 -0500 Subject: [PATCH] allow for "Match" inside of an sshd_config --- openssh/files/sshd_config | 55 +++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 22 deletions(-) diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config index a3756bc..91e534e 100644 --- a/openssh/files/sshd_config +++ b/openssh/files/sshd_config @@ -2,15 +2,10 @@ {#- present in sshd_config and known in actual file options -#} {%- set processed_options = [] -%} -{#- macros for render option according to present -#} -{%- macro option_impl(keyword, default, present) -%} - {%- if present -%} - {%- do processed_options.append(keyword) -%} - {%- set prefix='' -%} - {%- else -%} - {%- set prefix='#' -%} - {%- endif -%} - {%- set value = sshd_config.get(keyword, default) -%} +{#- generic renderer used for sshd matches, known options, -#} +{#- and unknown options -#} +{%- macro render_option(keyword, default, config_dict=sshd_config) -%} + {%- set value = config_dict.get(keyword, default) -%} {%- if value is sameas true -%} {{ prefix }}{{ keyword }} yes {%- elif value is sameas false -%} @@ -24,6 +19,20 @@ {%- endif -%} {%- endmacro -%} +{#- macros for render option according to present -#} +{%- macro option_impl(keyword, default, present) -%} + {%- if present -%} + {%- do processed_options.append(keyword) -%} + {%- set prefix='' -%} + {%- else -%} + {%- set prefix='#' -%} + {%- endif -%} + {#- add prefix to keyword and/or default -#} + {%- set keyword = prefix ~ default -%} + {%- set default = prefix ~ default -%} +{{ render_option(keyword, default) }} +{%- endmacro -%} + {#- macros for render option commented by default -#} {%- macro option(keyword, default, present) -%} {{ option_impl(keyword, default, keyword in sshd_config) }} @@ -129,18 +138,20 @@ {{ option('UseDNS', 'yes') }} {# Handling unknown in salt template options #} -{%- for keyword, argument in sshd_config.iteritems() %} - {%- if not keyword in processed_options -%} - {%- if argument is sameas true %} -{{ keyword }} yes - {%- elif argument is sameas false %} -{{ keyword }} no - {%- elif argument is string or argument is number %} -{{ keyword }} {{ argument }} - {%- else %} - {%- for item in argument %} -{{ keyword }} {{ item }} - {%- endfor %} - {%- endif %} +{%- for keyword in sshd_config.keys() %} + {#- Matches have to be at the bottem and should be handled differently -#} + {%- if not keyword in processed_options and keyword != 'matches' -%} +{#- send a blank default as it doesn't matter -#} +{{ render_option(keyword, '') }} {%- endif -%} {%- endfor %} + +{# Handle matches last as they need to go at the bottom #} +{%- if 'matches' in sshd_config %} + {%- for match in sshd_config['matches'].values() %} +Match {{ match['type'].keys()[0] match['type'].values()[0] }} + {%- for keyword in match['options'].keys() %} + {{ render_option(keyword, '', config_dict=match['type']) }} + {%- endfor %} + {%- endfor %} +{%- endif %}