Merge pull request #18 from rfairburn/master
Support the 'match' syntax in sshd_config
This commit is contained in:
commit
d27e4c94bf
@ -2,6 +2,23 @@
|
|||||||
{#- present in sshd_config and known in actual file options -#}
|
{#- present in sshd_config and known in actual file options -#}
|
||||||
{%- set processed_options = [] -%}
|
{%- set processed_options = [] -%}
|
||||||
|
|
||||||
|
{#- generic renderer used for sshd matches, known options, -#}
|
||||||
|
{#- and unknown options -#}
|
||||||
|
{%- macro render_option(keyword, default, config_dict=sshd_config) -%}
|
||||||
|
{%- set value = config_dict.get(keyword, default) -%}
|
||||||
|
{%- if value is sameas true -%}
|
||||||
|
{{ keyword }} yes
|
||||||
|
{%- elif value is sameas false -%}
|
||||||
|
{{ keyword }} no
|
||||||
|
{%- elif value is string or value is number -%}
|
||||||
|
{{ keyword }} {{ value }}
|
||||||
|
{%- else -%}
|
||||||
|
{%- for single_value in value -%}
|
||||||
|
{{ keyword }} {{ single_value }}
|
||||||
|
{% endfor -%}
|
||||||
|
{%- endif -%}
|
||||||
|
{%- endmacro -%}
|
||||||
|
|
||||||
{#- macros for render option according to present -#}
|
{#- macros for render option according to present -#}
|
||||||
{%- macro option_impl(keyword, default, present) -%}
|
{%- macro option_impl(keyword, default, present) -%}
|
||||||
{%- if present -%}
|
{%- if present -%}
|
||||||
@ -10,18 +27,9 @@
|
|||||||
{%- else -%}
|
{%- else -%}
|
||||||
{%- set prefix='#' -%}
|
{%- set prefix='#' -%}
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{%- set value = sshd_config.get(keyword, default) -%}
|
{#- add prefix to keyword -#}
|
||||||
{%- if value is sameas true -%}
|
{%- set keyword = prefix ~ keyword -%}
|
||||||
{{ prefix }}{{ keyword }} yes
|
{{ render_option(keyword, default) }}
|
||||||
{%- elif value is sameas false -%}
|
|
||||||
{{ prefix }}{{ keyword }} no
|
|
||||||
{%- elif value is string or value is number -%}
|
|
||||||
{{ prefix }}{{ keyword }} {{ value }}
|
|
||||||
{%- else -%}
|
|
||||||
{%- for single_value in value -%}
|
|
||||||
{{ prefix }}{{ keyword }} {{ single_value }}
|
|
||||||
{% endfor -%}
|
|
||||||
{%- endif -%}
|
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
|
|
||||||
{#- macros for render option commented by default -#}
|
{#- macros for render option commented by default -#}
|
||||||
@ -129,18 +137,20 @@
|
|||||||
{{ option('UseDNS', 'yes') }}
|
{{ option('UseDNS', 'yes') }}
|
||||||
|
|
||||||
{# Handling unknown in salt template options #}
|
{# Handling unknown in salt template options #}
|
||||||
{%- for keyword, argument in sshd_config.iteritems() %}
|
{%- for keyword in sshd_config.keys() %}
|
||||||
{%- if not keyword in processed_options -%}
|
{#- Matches have to be at the bottem and should be handled differently -#}
|
||||||
{%- if argument is sameas true %}
|
{%- if not keyword in processed_options and keyword != 'matches' -%}
|
||||||
{{ keyword }} yes
|
{#- send a blank default as it doesn't matter -#}
|
||||||
{%- elif argument is sameas false %}
|
{{ render_option(keyword, '') }}
|
||||||
{{ keyword }} no
|
|
||||||
{%- elif argument is string or argument is number %}
|
|
||||||
{{ keyword }} {{ argument }}
|
|
||||||
{%- else %}
|
|
||||||
{%- for item in argument %}
|
|
||||||
{{ keyword }} {{ item }}
|
|
||||||
{%- endfor %}
|
|
||||||
{%- endif %}
|
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
{# Handle matches last as they need to go at the bottom #}
|
||||||
|
{%- if 'matches' in sshd_config %}
|
||||||
|
{%- for match in sshd_config['matches'].values() %}
|
||||||
|
Match {{ match['type'].keys()[0] }} {{ match['type'].values()[0] }}
|
||||||
|
{%- for keyword in match['options'].keys() %}
|
||||||
|
{{ render_option(keyword, '', config_dict=match['options']) }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
@ -30,6 +30,15 @@ sshd_config:
|
|||||||
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
||||||
UsePAM: 'yes'
|
UsePAM: 'yes'
|
||||||
UseDNS: 'yes'
|
UseDNS: 'yes'
|
||||||
|
matches:
|
||||||
|
sftp_chroot:
|
||||||
|
type:
|
||||||
|
Group: sftpusers
|
||||||
|
options:
|
||||||
|
ChrootDirectory: /sftp-chroot/%u
|
||||||
|
X11Forwarding: no
|
||||||
|
AllowTcpForwarding: no
|
||||||
|
ForceCommand: internal-sftp
|
||||||
|
|
||||||
openssh:
|
openssh:
|
||||||
auth:
|
auth:
|
||||||
|
Loading…
Reference in New Issue
Block a user