From d7cfa38eeecbb306f4e5bcf83a6d3dd94b3ef9c0 Mon Sep 17 00:00:00 2001 From: Kelly Brazil Date: Fri, 28 Oct 2022 16:36:52 -0700 Subject: [PATCH] ignore Match blocks --- jc/parsers/sshd_conf.py | 16 ++++++++++++++++ tests/fixtures/generic/sshd_config | 21 +++++++++++++++++---- 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/jc/parsers/sshd_conf.py b/jc/parsers/sshd_conf.py index 0d12e475..cef985ff 100644 --- a/jc/parsers/sshd_conf.py +++ b/jc/parsers/sshd_conf.py @@ -169,6 +169,8 @@ def parse( modifiers: Set[str] = {'+', '-', '^'} + match_block_found = False + if jc.utils.has_data(data): for line in filter(None, data.splitlines()): @@ -176,7 +178,21 @@ def parse( if line.strip().startswith('#'): continue + # support configuration file by ignoring all lines between + # Match xxx and Match any + if line.strip().startswith('Match all'): + match_block_found = False + continue + + if line.strip().startswith('Match'): + match_block_found = True + continue + + if match_block_found: + continue + key, val = line.split(maxsplit=1) + # support configuration file by converting to lower case key = key.lower() diff --git a/tests/fixtures/generic/sshd_config b/tests/fixtures/generic/sshd_config index 31949154..8b5d729a 100644 --- a/tests/fixtures/generic/sshd_config +++ b/tests/fixtures/generic/sshd_config @@ -14,14 +14,27 @@ # SELinux about this change. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: +Port 22 +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: + +Match group chroot + this should be ignored + this line too should be ignored + + keep ignoring +Match all HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key + +Match group anything + ignore this + don't look at this +Match all + HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying