sailesh1993 / rpms / cloud-init

Forked from rpms/cloud-init a year ago
Clone
376cca
From 44b6004ee17cd2ae5930c7d8fd3ecafd7485a4d6 Mon Sep 17 00:00:00 2001
376cca
From: Eduardo Otubo <otubo@redhat.com>
376cca
Date: Mon, 17 Aug 2020 11:14:47 +0200
376cca
Subject: [PATCH 2/2] ssh exit with non-zero status on disabled user (#472)
376cca
376cca
RH-Author: Eduardo Otubo <otubo@redhat.com>
376cca
Message-id: <20200729074459.16096-1-otubo@redhat.com>
376cca
Patchwork-id: 98071
376cca
O-Subject: [RHEL-8.3.0 cloud-init PATCH] ssh exit with non-zero status on disabled user (#472)
376cca
Bugzilla: 1833874
376cca
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
376cca
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
376cca
376cca
commit e161059a18173e2b61c54dba9eab774401fb5f1f
376cca
Author: Eduardo Otubo <otubo@redhat.com>
376cca
Date:   Wed Jul 15 20:21:02 2020 +0200
376cca
376cca
    ssh exit with non-zero status on disabled user (#472)
376cca
376cca
    It is confusing for scripts, where a disabled user has been specified,
376cca
    that ssh exits with a zero status by default without indication anything
376cca
    failed.
376cca
376cca
    I think exitting with a non-zero status would make more clear in scripts
376cca
    and automated setups where things failed, thus making noticing the issue
376cca
    and debugging easier.
376cca
376cca
    Signed-off-by: Eduardo Otubo <otubo@redhat.com>
376cca
    Signed-off-by: Aleksandar Kostadinov <akostadi@redhat.com>
376cca
376cca
    LP: #1170059
376cca
376cca
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
376cca
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
376cca
---
376cca
 cloudinit/ssh_util.py         | 4 +++-
376cca
 doc/examples/cloud-config.txt | 2 +-
376cca
 2 files changed, 4 insertions(+), 2 deletions(-)
376cca
376cca
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
376cca
index bcb23a5..8ff61a2 100644
376cca
--- a/cloudinit/ssh_util.py
376cca
+++ b/cloudinit/ssh_util.py
376cca
@@ -40,11 +40,13 @@ VALID_KEY_TYPES = (
376cca
     "ssh-rsa-cert-v01@openssh.com",
376cca
 )
376cca
 
376cca
+_DISABLE_USER_SSH_EXIT = 142
376cca
 
376cca
 DISABLE_USER_OPTS = (
376cca
     "no-port-forwarding,no-agent-forwarding,"
376cca
     "no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\""
376cca
-    " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10\"")
376cca
+    " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;"
376cca
+    "exit " + str(_DISABLE_USER_SSH_EXIT) + "\"")
376cca
 
376cca
 
376cca
 class AuthKeyLine(object):
376cca
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
376cca
index 0e82b83..f00db68 100644
376cca
--- a/doc/examples/cloud-config.txt
376cca
+++ b/doc/examples/cloud-config.txt
376cca
@@ -235,7 +235,7 @@ disable_root: false
376cca
 # The string '$USER' will be replaced with the username of the default user.
376cca
 # The string '$DISABLE_USER' will be replaced with the username to disable.
376cca
 #
376cca
-# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10"
376cca
+# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit 142"
376cca
 
376cca
 # disable ssh access for non-root-users
376cca
 # To disable ssh access for non-root users, ssh_redirect_user: true can be
376cca
-- 
376cca
1.8.3.1
376cca