Univention Bugzilla – Bug 39704
reorder configuration in template sshd_config
Last modified: 2018-06-27 14:37:20 CEST
The UCRV 'sshd/config/.*' is expanded at the end of the configuration file. Previous configuration entries do not overwrite already existing entries (only tested with LogLevel). If the configuration entries would be reordered so that 'sshd/config/.*' is immediately below all other used UCRVs (and any mandatory configuration?) but above other "static" configuration entries, 'sshd/config/.*' could overwrite those. Forum: http://forum.univention.de/viewtopic.php?f=48&t=4489#p17021
The Enterprise Customer affected flag is set but neither a Ticket number is referenced nor a Customer ID is set. Please set a Ticket number or a Customer ID. Otherwise the Enterprise Customer affected flag will be reset.
https://github.com/univention/univention-corporate-server/pull/4
*** Bug 42254 has been marked as a duplicate of this bug. ***
With the pull request form Lutz Willek, mentioned in comment #2, there are no more "static" configuration entries. Thus the problem is solved. I have made some changes to the pull request and merged it into the 4.3-0 branch. Since all possible configuration entries seem to be covered now, the 'sshd/config/.*' UCR variable could be removed. I still left it in, to make the configuration of values, which are added in the future, possible. As a side note: Everything the pull request introduces could have been done previously via the 'sshd/config/.*' UCR variable. univention-base-files (7.0.0-13) 6ddbddbcfa14 | Bug #39704: Refactor for readability d5c0e0a5601a | Bug #39704: Re-introduce the TCPKeepAlive configuration value e067d1d0281e | Bug #39704: Fix printing of comment for the AcceptEnv configuration value 5181cac769fb | Bug #39704: Fix default for the PasswordAuthentication configuration value ff4ca3b5122f | Bug #39704: Remove deprecated UseLogin configuration value 3dbb7300d624 | Bug #39704: Improve the ListenAddress UCRV 68eb61c8a08e | Bug #39704: Fix non-tab indentation eb3d9c08a1d8 | [openssh-server config] Patch for Bug #42254, Bug #39704, Bug #28195 a87dd1112021 | Patch for Bug #42254, Bug #39704, Bug #28195 57938f66fb6a | Bug #39704: Merge branch 'rulmer/39704' into 4.3-0 4802b1d71e78 | Bug #39704: Add changelog entry univention-base-files.yaml bb24cf5e7a99 | Bug #39704: Add yaml file
@QA: Please close the GitHub pull request, if the changes are OK: https://github.com/univention/univention-corporate-server/pull/4
The following UCR variables are used in the template but are not registered for UCR and don't have a description. Bug 28195 Comment 1 has a description for the first one. sshd/AllowAgentForwarding sshd/AllowTcpForwarding sshd/GatewayPorts On the other hand sshd/ChallengeResponseAuthentication and sshd/Subsystem are registered and documented but not used in the template. The first looks like a typo and probably refers to sshd/challengeresponse. The last point brings be to the point that the case spelling of the options is now mixed. I don't know if we can improve this to obtain a consistent result, but can't we have something like sshd_keywords = ['AllowAgentForwarding', 'AllowTcpForwarding', ...] sshd_keywords_lower = map(str.lower, sshd_keywords) sshd_ucrkeywords = [x[5:] for x in configRegistry if x.startswidth('sshd/')] seen = [] for ucrkey in sshd_ucrkeywords: for keyword in sshd_keywords: if keyword.lower() in seen: msg = "ERROR: sshd/%s set twice in different case spelling" % keyword print >>sys.stderr, msg break if keyword.lower() == ucrkey.lower(): print "%s %s" % (keyword, configRegistry['sshd/%s' % ucrkey]) seen.append(keyword.lower()) break
I have temprarily reverted all changes, so that a clean 4.3-1 branch can be created on 2018-06-06. commit 9371c2dab8fe3c62826df23117281abcac9f3732
Thanks, i verified the revert (with git diff 8b454196..9371c2da). Setting milestone to 4.3-1-errata
I have re-applied the changes of the temporary revert and also addressed the problems mentioned in Comment #6. All variables are now available in the mixed case spelling. The user will be warned, when a variable is set in lower- and mixed case spelling. Remark: The sshd/config/.* variables could also contain duplicates, about which the user would not be warned. f0f7ccaab3 Bug #39704: Update version number in yaml file univention-base-files (7.0.0-14): de00e0c6b7 Bug #39704: Add changelog entry f0fac4b602 Bug #39704: Enable camel- and lowercase for legacy UCR variables c803f9eb12 Bug #39704: Register and describe missing UCR variables ea347ff05a Re-apply changes for Bug #39704
34f7f9d360 Bug #39704: Merge branch 'rulmer/39704' into 4.3-1
Created attachment 9559 [details] bug39704_qa.patch Ok, looks good, I'd just suggest this change in wording to clarify the purpose of the message.
OK, I've applied the patch. univention-base-files (7.0.0-16) bd3cf76dada0 | Bug #39704: Improve some wording 482b0e739ff7 | Bug #39704: Update yaml file
Ok, thanks, looks good and works.
*** Bug 28195 has been marked as a duplicate of this bug. ***
<http://errata.software-univention.de/ucs/4.3/122.html>