ignore Match blocks

jc/parsers/sshd_conf.py

@@ -169,6 +169,8 @@ def parse(
 
     modifiers: Set[str] = {'+', '-', '^'}
 
+    match_block_found = False
+
     if jc.utils.has_data(data):
 
         for line in filter(None, data.splitlines()):
@@ -176,7 +178,21 @@ def parse(
             if line.strip().startswith('#'):
                 continue
 
+            # support configuration file by ignoring all lines between
+            # Match xxx and Match any
+            if line.strip().startswith('Match all'):
+                match_block_found = False
+                continue
+
+            if line.strip().startswith('Match'):
+                match_block_found = True
+                continue
+
+            if match_block_found:
+                continue
+
             key, val = line.split(maxsplit=1)
+
             # support configuration file by converting to lower case
             key = key.lower()
 

tests/fixtures/generic/sshd_config

@@ -14,14 +14,27 @@
 # SELinux about this change.
 # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
 #
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
+Port 22
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+Match group chroot
+    this should be ignored
+    this line too should be ignored
+
+	keep ignoring
+Match all
 
 HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
+
+Match group anything
+	ignore this
+        don't look at this
+Match all
+
 HostKey /etc/ssh/ssh_host_ed25519_key
 
 # Ciphers and keying