bkctld-ip: fail when trying to add an IP when there is no AllowUsers
This commit is contained in:
parent
86111acfea
commit
5a90ae8a16
|
@ -17,9 +17,13 @@ jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
|
jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
|
||||||
|
|
||||||
if [ -z "${ip}" ]; then
|
if [ -z "${ip}" ]; then
|
||||||
# parse IP addresses from AllowUsers directives in sshd config
|
# parse IP addresses from AllowUsers directives in sshd config
|
||||||
grep -E "^AllowUsers" "${jail_path}/${SSHD_CONFIG}" | grep -Eo "root@[^ ]+" | while read allow; do
|
grep -E "^AllowUsers" "${jail_sshd_config}" \
|
||||||
|
| grep -E -o "root@[^ ]+" \
|
||||||
|
| while read allow; do
|
||||||
echo "${allow}" | cut -d'@' -f2
|
echo "${allow}" | cut -d'@' -f2
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
|
@ -33,7 +37,11 @@ else
|
||||||
for ip in ${new_ips}; do
|
for ip in ${new_ips}; do
|
||||||
allow_users="${allow_users} root@${ip}"
|
allow_users="${allow_users} root@${ip}"
|
||||||
done
|
done
|
||||||
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_path}/${SSHD_CONFIG}"
|
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
||||||
|
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
||||||
|
else
|
||||||
|
error "${jail_name}: No 'AllowUsers' directive found in '${jail_sshd_config}'"
|
||||||
|
fi
|
||||||
notice "${jail_name}: IP whitelist updated to ${ip}"
|
notice "${jail_name}: IP whitelist updated to ${ip}"
|
||||||
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
|
|
|
@ -58,6 +58,14 @@ load test_helper
|
||||||
assert_success
|
assert_success
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "Missing AllowUsers" {
|
||||||
|
# Remove AllowUsers directive in SSH config
|
||||||
|
sed -i '/^AllowUsers/d' "${JAILPATH}/etc/ssh/sshd_config"
|
||||||
|
# An error should be raised when trying to add an IP restriction
|
||||||
|
run /usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
@test "SSH connectivity" {
|
@test "SSH connectivity" {
|
||||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
||||||
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
|
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
|
||||||
|
|
Loading…
Reference in a new issue