From 7d4e16bfc1cefbdd4d1477480b02b1d6c1399e4d Mon Sep 17 00:00:00 2001

From: Emanuele Giuseppe Esposito <eesposit@redhat.com>

Date: Mon, 20 Sep 2021 12:16:36 +0200

Subject: [PATCH] ssh_utils.py: ignore when sshd_config options are not

 key/value pairs (#1007)

RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>

RH-MergeRequest: 31: ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007)

RH-Commit: [1/1] 9007fb8a116e98036ff17df0168a76e9a5843671 (eesposit/cloud-init)

RH-Bugzilla: 1862933

RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>

RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>

TESTED: by me

BREW: 39832462

commit 2ce857248162957a785af61c135ca8433fdbbcde

Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>

Date:   Wed Sep 8 02:08:36 2021 +0200

    ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007)

    As specified in #LP 1845552,

    In cloudinit/ssh_util.py, in parse_ssh_config_lines(), we attempt to

    parse each line of sshd_config. This function expects each line to

    be one of the following forms:

        \# comment

        key value

        key=value

    However, options like DenyGroups and DenyUsers are specified to

    *optionally* accepts values in sshd_config.

    Cloud-init should comply to this and skip the option if a value

    is not provided.

    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>

Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>

---

 cloudinit/ssh_util.py           | 8 +++++++-

 tests/unittests/test_sshutil.py | 8 ++++++++

 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py

index 9ccadf09..33679dcc 100644

--- a/cloudinit/ssh_util.py

+++ b/cloudinit/ssh_util.py

@@ -484,7 +484,13 @@ def parse_ssh_config_lines(lines):

         try:

             key, val = line.split(None, 1)

         except ValueError:

-            key, val = line.split('=', 1)

+            try:

+                key, val = line.split('=', 1)

+            except ValueError:

+                LOG.debug(

+                    "sshd_config: option \"%s\" has no key/value pair,"

+                    " skipping it", line)

+                continue

         ret.append(SshdConfigLine(line, key, val))

     return ret

diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py

index a66788bf..08e20050 100644

--- a/tests/unittests/test_sshutil.py

+++ b/tests/unittests/test_sshutil.py

@@ -525,6 +525,14 @@ class TestUpdateSshConfigLines(test_helpers.CiTestCase):

         self.assertEqual([self.pwauth], result)

         self.check_line(lines[-1], self.pwauth, "no")

+    def test_option_without_value(self):

+        """Implementation only accepts key-value pairs."""

+        extended_exlines = self.exlines.copy()

+        denyusers_opt = "DenyUsers"

+        extended_exlines.append(denyusers_opt)

+        lines = ssh_util.parse_ssh_config_lines(list(extended_exlines))

+        self.assertNotIn(denyusers_opt, str(lines))

+

     def test_single_option_updated(self):

         """A single update should have change made and line updated."""

         opt, val = ("UsePAM", "no")

-- 

2.27.0