From 9278896adfc12c1b98ae4c7d89e6a74a4254932f Mon Sep 17 00:00:00 2001 From: Cyril Servant Date: Mon, 16 Aug 2021 10:57:14 +0200 Subject: [PATCH] Bugfix: ordering maps of groups and users. Warning: there is a configuration change! Users and groups ar now in a table, so must be prefixed with a "-" --- Makefile | 2 +- config/sshproxy.yaml | 4 ++-- doc/sshproxy.yaml.txt | 20 +++++++++---------- misc/sshproxy.spec | 5 ++++- pkg/utils/config.go | 38 +++++++++++++++++++++--------------- test/centos-image/gateway.sh | 4 ++-- 6 files changed, 40 insertions(+), 33 deletions(-) diff --git a/Makefile b/Makefile index 7044b11b..852abd49 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -SSHPROXY_VERSION ?= 1.3.8 +SSHPROXY_VERSION ?= 1.4.0 SSHPROXY_GIT_URL ?= github.com/cea-hpc/sshproxy prefix ?= /usr diff --git a/config/sshproxy.yaml b/config/sshproxy.yaml index c4d5d3b0..0ae3c214 100644 --- a/config/sshproxy.yaml +++ b/config/sshproxy.yaml @@ -135,7 +135,7 @@ # The parameters defined in a "users" option (see below) will be applied last # and override groups parameters. #groups: -# foo,bar: +# - foo,bar: # debug: true # log: /tmp/sshproxy-foo/{user}.log # # An associative array is used to specify environment, SSH options or @@ -153,7 +153,7 @@ # purpose). Multiple users can be defined on the same line, separated by # commas. #users: -# foo,bar: +# - foo,bar: # debug: true # log: /tmp/sshproxy-{user}.log # dump: /tmp/sshproxy-{user}-{time}.dump diff --git a/doc/sshproxy.yaml.txt b/doc/sshproxy.yaml.txt index 979ead2f..9ac991fd 100644 --- a/doc/sshproxy.yaml.txt +++ b/doc/sshproxy.yaml.txt @@ -190,7 +190,7 @@ Each of the previous parameters can be overridden for a group thanks to the For example if we want to save debug messages for the 'foo' group we define: groups: - foo: + - foo: debug: true It is possible to override the same options for multiple groups in a single @@ -200,17 +200,16 @@ For example, if we want to save debug messages for the 'foo' and 'bar' groups we define: groups: - foo,bar: + - foo,bar: debug: true Routes, environment or SSH options can also be defined: groups: - foo: + - foo: routes: default: dest: [hostx] - ssh: args: ["-vvv", "-Y"] @@ -223,10 +222,9 @@ For example, if a user is in the 'admin' and 'users' groups the logs will be in '/var/log/sshproxy/admin/\{user}.log' with the following configuration: groups: - users: + - users: log: /var/log/sshproxy/users/{user}.log - - admin: + - admin: log: /var/log/sshproxy/admin/{user}.log We can also override the parameters for a specific user with the 'users' @@ -237,13 +235,13 @@ For example if we want to save debug messages for the 'foo' and the 'bar' users we define: users: - foo,bar: + - foo,bar: debug: true As for the groups, we can modify routes, environment or SSH options: users: - foo: + - foo: ssh: args: ["-vvv", "-Y"] @@ -275,13 +273,13 @@ routes: route_select: random groups: - admin: + - admin: routes: default: dest: [login0] users: - user1234: + - user1234: debug: true dump: /var/spool/sshproxy/{user}-{time}-{sid}.dump ------------------------------------------------------------------------------ diff --git a/misc/sshproxy.spec b/misc/sshproxy.spec index 9cae3d1a..3f8d96f7 100644 --- a/misc/sshproxy.spec +++ b/misc/sshproxy.spec @@ -3,7 +3,7 @@ %global debug_package %{nil} Name: sshproxy -Version: 1.3.8 +Version: 1.4.0 Release: 1%{?dist} Summary: SSH proxy License: CeCILL-B @@ -51,6 +51,9 @@ install -p -m 0644 config/sshproxy.yaml %{buildroot}%{_sysconfdir}/sshproxy %{_mandir}/man8/sshproxy-replay.8* %changelog +* Mon Aug 16 2021 Cyril Servant - 1.4.0-1 +- sshproxy 1.4.0 + * Wed Jul 28 2021 Cyril Servant - 1.3.8-1 - sshproxy 1.3.8 diff --git a/pkg/utils/config.go b/pkg/utils/config.go index ed6e8aff..952bf23b 100644 --- a/pkg/utils/config.go +++ b/pkg/utils/config.go @@ -41,8 +41,8 @@ type Config struct { SSH sshConfig Environment map[string]string Routes map[string]*RouteConfig - Users map[string]subConfig - Groups map[string]subConfig + Users []map[string]subConfig + Groups []map[string]subConfig } // RouteConfig represents the configuration of a route. Dest is mandatory, @@ -199,26 +199,32 @@ func LoadConfig(filename, currentUsername, sid string, start time.Time, groups m config.SSH.Args = defaultSSHArgs } - for groupnames, groupconfig := range config.Groups { - for _, groupname := range strings.Split(groupnames, ",") { - if groups[groupname] { - if err := parseSubConfig(&config, &groupconfig); err != nil { - return nil, err + // we have to use a slice of maps in order to have ordered maps + for _, groupconfigs := range config.Groups { + for groupnames, groupconfig := range groupconfigs { + for _, groupname := range strings.Split(groupnames, ",") { + if groups[groupname] { + if err := parseSubConfig(&config, &groupconfig); err != nil { + return nil, err + } + // no need to to parse the same subconfig twice + break } - // no need to to parse the same subconfig twice - break } } } - for usernames, userconfig := range config.Users { - for _, username := range strings.Split(usernames, ",") { - if username == currentUsername { - if err := parseSubConfig(&config, &userconfig); err != nil { - return nil, err + // we have to use a slice of maps in order to have ordered maps + for _, userconfigs := range config.Users { + for usernames, userconfig := range userconfigs { + for _, username := range strings.Split(usernames, ",") { + if username == currentUsername { + if err := parseSubConfig(&config, &userconfig); err != nil { + return nil, err + } + // no need to to parse the same subconfig twice + break } - // no need to to parse the same subconfig twice - break } } } diff --git a/test/centos-image/gateway.sh b/test/centos-image/gateway.sh index 05b85a20..b4565b79 100755 --- a/test/centos-image/gateway.sh +++ b/test/centos-image/gateway.sh @@ -56,14 +56,14 @@ routes: dest: ["server3"] groups: - user1,unknowngroup: + - user1,unknowngroup: routes: service2: source: ["gateway1:2023"] dest: ["server2"] users: - unknownuser,user2: + - unknownuser,user2: routes: service3: source: ["gateway1:2024"]