continue default shell changes

Author: tgauth

sshdconfig/Cargo.lock

@@ -16,6 +16,8 @@ lto = true
 [dependencies]
 atty = { version = "0.2" }
 chrono = { version = "0.4" }
+clap = { version = "4.5", features = ["derive"] }
+registry_lib = { path = "../registry_lib" }
 schemars = "0.9"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = { version = "1.0", features = ["preserve_order"] }

sshdconfig/Cargo.toml

@@ -0,0 +1,50 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+use clap::{Parser, Subcommand};
+
+use crate::metadata::RepeatableKeyword;
+
+#[derive(Parser)]
+pub struct Args {
+    #[clap(subcommand)]
+    pub command: Command,
+}
+
+#[derive(Subcommand)]
+pub enum Command {
+    /// Export sshd_config
+    Export,
+    /// Set a value in sshd_config (not yet implemented)
+    Set {
+        /// The input to set
+        #[clap(short = 'i', long, help = "input to set in sshd_config")]
+        input: Option<String>,
+        #[clap(subcommand, help = "set commands")]
+        subcommand: Option<SetCommand>,
+    },
+}
+
+#[derive(Clone, Debug, Eq, PartialEq, Subcommand)]
+pub enum SetCommand {
+    /// Set the default shell
+    DefaultShell {
+        /// The path to the shell executable
+        #[clap(short = 's', long, help = "path to the shell executable")]
+        shell: String,
+        /// Additional command options
+        ///
+        #[clap(short = 'c', long, help = "additional command options", default_value = "-c")]
+        cmd_option: Option<String>,
+        #[clap(short = 'e', long, help = "skip escaping arguments", default_value = "false")]
+        escape_arguments: bool,
+        #[clap(short = 'a', long, help = "additional shell arguments")]
+        shell_arguments: Option<Vec<String>>,
+    },
+    /// Set repeatable keywords
+    RepeatableKeyworld {
+        keyword: RepeatableKeyword,
+        name: String,
+        value: Option<String>,
+    }
+}

sshdconfig/src/args.rs

@@ -7,6 +7,10 @@ use thiserror::Error;
 pub enum SshdConfigError {
     #[error("Command: {0}")]
     CommandError(String),
+    #[error("Invalid Input: {0}")]
+    IoError(String),
+    #[error("IO: {0}")]
+    InvalidInput(String),
     #[error("JSON: {0}")]
     Json(#[from] serde_json::Error),
     #[error("Language: {0}")]
@@ -15,4 +19,6 @@ pub enum SshdConfigError {
     ParserError(String),
     #[error("Parser Int: {0}")]
     ParseIntError(#[from] std::num::ParseIntError),
+    #[error("Registry: {0}")]
+    RegistryError(#[from] registry_lib::error::RegistryError),
 }

sshdconfig/src/error.rs

@@ -1,43 +1,41 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-use schemars::schema_for;
-use serde_json::to_string_pretty;
-use std::{env::args, process::exit};
-
-use crate::export::invoke_export;
-use crate::parser::SshdConfigParser;
+use args::{Args, Command};
+use clap::{Parser};
+use export::invoke_export;
+use set::invoke_set;
 
+mod args;
 mod error;
 mod export;
 mod metadata;
 mod parser;
+mod set;
 mod util;
 
 fn main() {
-
-    // TODO: add support for other commands and use clap for argument parsing
-    let args: Vec<String> = args().collect();
-
-    if args.len() != 2 || (args[1] != "export" && args[1] != "schema") {
-        eprintln!("Usage: {} <export|schema>", args[0]);
-        exit(1);
-    }
-
-    if args[1] == "schema" {
-        // for dsc tests on linux/mac
-        let schema = schema_for!(SshdConfigParser);
-        println!("{}", to_string_pretty(&schema).unwrap());
-        return;
-    }
-
-    // only supports export for sshdconfig for now
-    match invoke_export() {
-        Ok(result) => {
-            println!("{result}");
+    let args = Args::parse();
+    match &args.command {
+        Command::Export => {
+            match invoke_export() {
+                Ok(result) => {
+                    println!("{result}");
+                }
+                Err(e) => {
+                    eprintln!("Error exporting sshd_config: {e:?}");
+                }
+            }
         }
-        Err(e) => {
-            eprintln!("Error exporting SSHD config: {e:?}");
+        Command::Set { input , subcommand} => {
+            match invoke_set(input, subcommand) {
+                Ok(()) => {
+                    println!("success");
+                }
+                Err(e) => {
+                    eprintln!("Error setting sshd_config: {e:?}");
+                }
+            }
         }
     }
 }

sshdconfig/src/main.rs

@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
+use clap::ValueEnum;
+
 // TODO: ensure lists are complete
 
 // keywords that can be repeated over multiple lines and should be represented as arrays
@@ -13,6 +15,16 @@ pub const REPEATABLE_KEYWORDS: [&str; 6] = [
     "subsystem"
 ];
 
+#[derive(Clone, Debug, Eq, PartialEq, ValueEnum)]
+pub enum RepeatableKeyword {
+    HostKey,
+    Include,
+    ListenAddress,
+    Port,
+    SetEnv,
+    Subsystem,
+}
+
 // keywords that can have multiple argments per line and should be represented as arrays
 // but cannot be repeated over multiple lines, as subsequent entries are ignored
 pub const MULTI_ARG_KEYWORDS: [&str; 7] = [

sshdconfig/src/metadata.rs

@@ -0,0 +1,92 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+use registry_lib::{config::{Registry, RegistryValueData}, RegistryHelper};
+use serde_json::{json, Value};
+use std::{path::Path, process::Command};
+
+use crate::args::SetCommand;
+use crate::error::SshdConfigError;
+use crate::metadata::RepeatableKeyword;
+
+/// Invoke the set command.
+///
+/// # Errors
+///
+/// This function will return an error if the sshd_config is not updated with the desired settings.
+pub fn invoke_set(input: &Option<String>, subcommand: &Option<SetCommand>) -> Result<(), SshdConfigError> {
+    if let Some(subcommand) = subcommand {
+        match subcommand {
+            SetCommand::DefaultShell { shell, cmd_option, escape_arguments, shell_arguments } => {
+                set_default_shell(shell, cmd_option, escape_arguments, shell_arguments)
+            }
+            SetCommand::RepeatableKeyworld { keyword, name, value } => {
+                set_repeatable_keyword(keyword, name, value)
+            }
+        }
+    } else {
+        set_regular_keywords(input)
+    }
+}
+
+fn set_default_shell(shell: &String, cmd_option: &Option<String>, escape_arguments: &bool, shell_arguments: &Option<Vec<String>>) -> Result<(), SshdConfigError> {
+    let shell_path = Path::new(shell);
+    if shell_path.is_relative() {
+        if shell_path.components().any(|c| c == std::path::Component::ParentDir) {
+            return Err(SshdConfigError::InvalidInput("shell path must not be relative".to_string()));
+        }
+    }
+    // TODO check if binary exists when it is not an absolute path
+    if !shell_path.exists() {
+        return Err(SshdConfigError::InvalidInput(format!("shell path does not exist: {}", shell)));
+    }
+
+    let mut shell_data = shell.clone();
+    if let Some(shell_args) = shell_arguments {
+        let args_str = shell_args.join(" ");
+        shell_data = format!("{} {}", shell, args_str);
+    }
+
+    set_registry_default_shell("DefaultShell", RegistryValueData::String(shell_data))?;
+
+    if let Some(cmd_option) = cmd_option {
+        set_registry_default_shell("DefaultShellCommandOption", RegistryValueData::String(cmd_option.clone()))?;
+    }
+    else {
+        return Err(SshdConfigError::InvalidInput("cmd_option is required".to_string()));
+    }
+
+    let mut escape_data = 0;
+    if *escape_arguments {
+        escape_data = 1;
+    }
+    set_registry_default_shell("DefaultShellEscapeArguments ", RegistryValueData::DWord(escape_data))?;
+
+    Ok(())
+}
+
+pub fn set_repeatable_keyword(_keyword: &RepeatableKeyword, _name: &String, _value: &Option<String>) -> Result<(), SshdConfigError> {
+    // TODO: handle repeat keywords like subsystem
+    Ok(())
+}
+
+pub fn set_regular_keywords(_input: &Option<String>) -> Result<(), SshdConfigError> {
+    // modify or add all values in the input file
+    // have a banner that we are managing the file and check that before modifying
+    // if the file is managed by this tool, we can modify it
+    // if the file is not managed by the tool, we should back it up
+    // get existing sshd_config settings from sshd -T
+    // get default sshd_config settings from sshd -T
+    // save explicit settings
+    // for each of the input keys, update it with the new value
+    // or insert it if it doesn't exist (above any match statements)
+    // write the updated settings back to the sshd_config file
+    // ensure sshd -T is valid after the update?
+    Ok(())
+}
+
+fn set_registry_default_shell(name: &str, data: RegistryValueData) -> Result<(), SshdConfigError> {
+    let registry_helper = RegistryHelper::new("HKLM\\SOFTWARE\\OpenSSH", Some(name.to_string()), Some(data))?;
+    registry_helper.set()?;
+    Ok(())
+}

sshdconfig/src/set.rs

@@ -0,0 +1,26 @@
+{
+    "$schema": "https://aka.ms/dsc/schemas/v3/bundled/resource/manifest.json",
+    "type": "Microsoft.Windows.OpenSSH/SSHD",
+    "description": "Manage SSH Server Configuration Global Settings",
+    "version": "0.1.0",
+    "get": {
+        "executable": "sshdconfig",
+        "args": [
+            "get"
+        ]
+    },
+    "set": {
+        "executable": "sshdconfig",
+        "args": [
+            "set"
+        ]
+    },
+    "schema": {
+        "command": {
+            "executable": "sshdconfig",
+            "args": [
+                "schema"
+            ]
+        }
+    }
+}