pax_global_header00006660000000000000000000000064142213723140014511gustar00rootroot0000000000000052 comment=aae6f39972de32733b05fe16635cee42383b7fd0 ssh_config-1.2.0/000077500000000000000000000000001422137231400136335ustar00rootroot00000000000000ssh_config-1.2.0/.gitattributes000066400000000000000000000000341422137231400165230ustar00rootroot00000000000000testdata/dos-lines eol=crlf ssh_config-1.2.0/.github/000077500000000000000000000000001422137231400151735ustar00rootroot00000000000000ssh_config-1.2.0/.github/workflows/000077500000000000000000000000001422137231400172305ustar00rootroot00000000000000ssh_config-1.2.0/.github/workflows/ci.yml000066400000000000000000000013641422137231400203520ustar00rootroot00000000000000on: [push, pull_request] name: Test jobs: test: strategy: matrix: go-version: [1.17.x, 1.18.x] platform: [ubuntu-latest] runs-on: ${{ matrix.platform }} steps: - name: Install Go uses: WillAbides/setup-go-faster@main with: go-version: ${{ matrix.go-version }} - uses: actions/checkout@v2 with: path: './src/github.com/kevinburke/ssh_config' # staticcheck needs this for GOPATH - run: | echo "GO111MODULE=off" >> $GITHUB_ENV echo "GOPATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV echo "PATH=$GITHUB_WORKSPACE/bin:$PATH" >> $GITHUB_ENV - name: Run tests run: make lint race-test working-directory: './src/github.com/kevinburke/ssh_config' ssh_config-1.2.0/.gitignore000066400000000000000000000000001422137231400156110ustar00rootroot00000000000000ssh_config-1.2.0/.mailmap000066400000000000000000000000741422137231400152550ustar00rootroot00000000000000Kevin Burke Kevin Burke ssh_config-1.2.0/AUTHORS.txt000066400000000000000000000005471422137231400155270ustar00rootroot00000000000000Carlos A Becker Dustin Spicuzza Eugene Terentev Kevin Burke Mark Nevill Scott Lessans Sergey Lukjanov Wayne Ashley Berry santosh653 <70637961+santosh653@users.noreply.github.com> ssh_config-1.2.0/CHANGELOG.md000066400000000000000000000010671422137231400154500ustar00rootroot00000000000000# Changes ## Version 1.2 Previously, if a Host declaration or a value had trailing whitespace, that whitespace would have been included as part of the value. This led to unexpected consequences. For example: ``` Host example # A comment HostName example.com # Another comment ``` Prior to version 1.2, the value for Host would have been "example " and the value for HostName would have been "example.com ". Both of these are unintuitive. Instead, we strip the trailing whitespace in the configuration, which leads to more intuitive behavior. ssh_config-1.2.0/LICENSE000066400000000000000000000043751422137231400146510ustar00rootroot00000000000000Copyright (c) 2017 Kevin Burke. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. =================== The lexer and parser borrow heavily from github.com/pelletier/go-toml. The license for that project is copied below. The MIT License (MIT) Copyright (c) 2013 - 2017 Thomas Pelletier, Eric Anderton Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ssh_config-1.2.0/Makefile000066400000000000000000000013011422137231400152660ustar00rootroot00000000000000BUMP_VERSION := $(GOPATH)/bin/bump_version STATICCHECK := $(GOPATH)/bin/staticcheck WRITE_MAILMAP := $(GOPATH)/bin/write_mailmap $(STATICCHECK): go get honnef.co/go/tools/cmd/staticcheck lint: $(STATICCHECK) go vet ./... $(STATICCHECK) test: lint @# the timeout helps guard against infinite recursion go test -timeout=250ms ./... race-test: lint go test -timeout=500ms -race ./... $(BUMP_VERSION): go get -u github.com/kevinburke/bump_version $(WRITE_MAILMAP): go get -u github.com/kevinburke/write_mailmap release: test | $(BUMP_VERSION) $(BUMP_VERSION) --tag-prefix=v minor config.go force: ; AUTHORS.txt: force | $(WRITE_MAILMAP) $(WRITE_MAILMAP) > AUTHORS.txt authors: AUTHORS.txt ssh_config-1.2.0/README.md000066400000000000000000000056041422137231400151170ustar00rootroot00000000000000# ssh_config This is a Go parser for `ssh_config` files. Importantly, this parser attempts to preserve comments in a given file, so you can manipulate a `ssh_config` file from a program, if your heart desires. It's designed to be used with the excellent [x/crypto/ssh](https://golang.org/x/crypto/ssh) package, which handles SSH negotiation but isn't very easy to configure. The `ssh_config` `Get()` and `GetStrict()` functions will attempt to read values from `$HOME/.ssh/config` and fall back to `/etc/ssh/ssh_config`. The first argument is the host name to match on, and the second argument is the key you want to retrieve. ```go port := ssh_config.Get("myhost", "Port") ``` Certain directives can occur multiple times for a host (such as `IdentityFile`), so you should use the `GetAll` or `GetAllStrict` directive to retrieve those instead. ```go files := ssh_config.GetAll("myhost", "IdentityFile") ``` You can also load a config file and read values from it. ```go var config = ` Host *.test Compression yes ` cfg, err := ssh_config.Decode(strings.NewReader(config)) fmt.Println(cfg.Get("example.test", "Port")) ``` Some SSH arguments have default values - for example, the default value for `KeyboardAuthentication` is `"yes"`. If you call Get(), and no value for the given Host/keyword pair exists in the config, we'll return a default for the keyword if one exists. ### Manipulating SSH config files Here's how you can manipulate an SSH config file, and then write it back to disk. ```go f, _ := os.Open(filepath.Join(os.Getenv("HOME"), ".ssh", "config")) cfg, _ := ssh_config.Decode(f) for _, host := range cfg.Hosts { fmt.Println("patterns:", host.Patterns) for _, node := range host.Nodes { // Manipulate the nodes as you see fit, or use a type switch to // distinguish between Empty, KV, and Include nodes. fmt.Println(node.String()) } } // Print the config to stdout: fmt.Println(cfg.String()) ``` ## Spec compliance Wherever possible we try to implement the specification as documented in the `ssh_config` manpage. Unimplemented features should be present in the [issues][issues] list. Notably, the `Match` directive is currently unsupported. [issues]: https://github.com/kevinburke/ssh_config/issues ## Errata This is the second [comment-preserving configuration parser][blog] I've written, after [an /etc/hosts parser][hostsfile]. Eventually, I will write one for every Linux file format. [blog]: https://kev.inburke.com/kevin/more-comment-preserving-configuration-parsers/ [hostsfile]: https://github.com/kevinburke/hostsfile ## Donating I don't get paid to maintain this project. Donations free up time to make improvements to the library, and respond to bug reports. You can send donations via Paypal's "Send Money" feature to kev@inburke.com. Donations are not tax deductible in the USA. You can also reach out about a consulting engagement: https://burke.services ssh_config-1.2.0/config.go000066400000000000000000000540061422137231400154340ustar00rootroot00000000000000// Package ssh_config provides tools for manipulating SSH config files. // // Importantly, this parser attempts to preserve comments in a given file, so // you can manipulate a `ssh_config` file from a program, if your heart desires. // // The Get() and GetStrict() functions will attempt to read values from // $HOME/.ssh/config, falling back to /etc/ssh/ssh_config. The first argument is // the host name to match on ("example.com"), and the second argument is the key // you want to retrieve ("Port"). The keywords are case insensitive. // // port := ssh_config.Get("myhost", "Port") // // You can also manipulate an SSH config file and then print it or write it back // to disk. // // f, _ := os.Open(filepath.Join(os.Getenv("HOME"), ".ssh", "config")) // cfg, _ := ssh_config.Decode(f) // for _, host := range cfg.Hosts { // fmt.Println("patterns:", host.Patterns) // for _, node := range host.Nodes { // fmt.Println(node.String()) // } // } // // // Write the cfg back to disk: // fmt.Println(cfg.String()) // // BUG: the Match directive is currently unsupported; parsing a config with // a Match directive will trigger an error. package ssh_config import ( "bytes" "errors" "fmt" "io" "os" osuser "os/user" "path/filepath" "regexp" "runtime" "strings" "sync" ) const version = "1.2" var _ = version type configFinder func() string // UserSettings checks ~/.ssh and /etc/ssh for configuration files. The config // files are parsed and cached the first time Get() or GetStrict() is called. type UserSettings struct { IgnoreErrors bool systemConfig *Config systemConfigFinder configFinder userConfig *Config userConfigFinder configFinder loadConfigs sync.Once onceErr error } func homedir() string { user, err := osuser.Current() if err == nil { return user.HomeDir } else { return os.Getenv("HOME") } } func userConfigFinder() string { return filepath.Join(homedir(), ".ssh", "config") } // DefaultUserSettings is the default UserSettings and is used by Get and // GetStrict. It checks both $HOME/.ssh/config and /etc/ssh/ssh_config for keys, // and it will return parse errors (if any) instead of swallowing them. var DefaultUserSettings = &UserSettings{ IgnoreErrors: false, systemConfigFinder: systemConfigFinder, userConfigFinder: userConfigFinder, } func systemConfigFinder() string { return filepath.Join("/", "etc", "ssh", "ssh_config") } func findVal(c *Config, alias, key string) (string, error) { if c == nil { return "", nil } val, err := c.Get(alias, key) if err != nil || val == "" { return "", err } if err := validate(key, val); err != nil { return "", err } return val, nil } func findAll(c *Config, alias, key string) ([]string, error) { if c == nil { return nil, nil } return c.GetAll(alias, key) } // Get finds the first value for key within a declaration that matches the // alias. Get returns the empty string if no value was found, or if IgnoreErrors // is false and we could not parse the configuration file. Use GetStrict to // disambiguate the latter cases. // // The match for key is case insensitive. // // Get is a wrapper around DefaultUserSettings.Get. func Get(alias, key string) string { return DefaultUserSettings.Get(alias, key) } // GetAll retrieves zero or more directives for key for the given alias. GetAll // returns nil if no value was found, or if IgnoreErrors is false and we could // not parse the configuration file. Use GetAllStrict to disambiguate the // latter cases. // // In most cases you want to use Get or GetStrict, which returns a single value. // However, a subset of ssh configuration values (IdentityFile, for example) // allow you to specify multiple directives. // // The match for key is case insensitive. // // GetAll is a wrapper around DefaultUserSettings.GetAll. func GetAll(alias, key string) []string { return DefaultUserSettings.GetAll(alias, key) } // GetStrict finds the first value for key within a declaration that matches the // alias. If key has a default value and no matching configuration is found, the // default will be returned. For more information on default values and the way // patterns are matched, see the manpage for ssh_config. // // The returned error will be non-nil if and only if a user's configuration file // or the system configuration file could not be parsed, and u.IgnoreErrors is // false. // // GetStrict is a wrapper around DefaultUserSettings.GetStrict. func GetStrict(alias, key string) (string, error) { return DefaultUserSettings.GetStrict(alias, key) } // GetAllStrict retrieves zero or more directives for key for the given alias. // // In most cases you want to use Get or GetStrict, which returns a single value. // However, a subset of ssh configuration values (IdentityFile, for example) // allow you to specify multiple directives. // // The returned error will be non-nil if and only if a user's configuration file // or the system configuration file could not be parsed, and u.IgnoreErrors is // false. // // GetAllStrict is a wrapper around DefaultUserSettings.GetAllStrict. func GetAllStrict(alias, key string) ([]string, error) { return DefaultUserSettings.GetAllStrict(alias, key) } // Get finds the first value for key within a declaration that matches the // alias. Get returns the empty string if no value was found, or if IgnoreErrors // is false and we could not parse the configuration file. Use GetStrict to // disambiguate the latter cases. // // The match for key is case insensitive. func (u *UserSettings) Get(alias, key string) string { val, err := u.GetStrict(alias, key) if err != nil { return "" } return val } // GetAll retrieves zero or more directives for key for the given alias. GetAll // returns nil if no value was found, or if IgnoreErrors is false and we could // not parse the configuration file. Use GetStrict to disambiguate the latter // cases. // // The match for key is case insensitive. func (u *UserSettings) GetAll(alias, key string) []string { val, _ := u.GetAllStrict(alias, key) return val } // GetStrict finds the first value for key within a declaration that matches the // alias. If key has a default value and no matching configuration is found, the // default will be returned. For more information on default values and the way // patterns are matched, see the manpage for ssh_config. // // error will be non-nil if and only if a user's configuration file or the // system configuration file could not be parsed, and u.IgnoreErrors is false. func (u *UserSettings) GetStrict(alias, key string) (string, error) { u.doLoadConfigs() //lint:ignore S1002 I prefer it this way if u.onceErr != nil && u.IgnoreErrors == false { return "", u.onceErr } val, err := findVal(u.userConfig, alias, key) if err != nil || val != "" { return val, err } val2, err2 := findVal(u.systemConfig, alias, key) if err2 != nil || val2 != "" { return val2, err2 } return Default(key), nil } // GetAllStrict retrieves zero or more directives for key for the given alias. // If key has a default value and no matching configuration is found, the // default will be returned. For more information on default values and the way // patterns are matched, see the manpage for ssh_config. // // The returned error will be non-nil if and only if a user's configuration file // or the system configuration file could not be parsed, and u.IgnoreErrors is // false. func (u *UserSettings) GetAllStrict(alias, key string) ([]string, error) { u.doLoadConfigs() //lint:ignore S1002 I prefer it this way if u.onceErr != nil && u.IgnoreErrors == false { return nil, u.onceErr } val, err := findAll(u.userConfig, alias, key) if err != nil || val != nil { return val, err } val2, err2 := findAll(u.systemConfig, alias, key) if err2 != nil || val2 != nil { return val2, err2 } // TODO: IdentityFile has multiple default values that we should return. if def := Default(key); def != "" { return []string{def}, nil } return []string{}, nil } func (u *UserSettings) doLoadConfigs() { u.loadConfigs.Do(func() { // can't parse user file, that's ok. var filename string if u.userConfigFinder == nil { filename = userConfigFinder() } else { filename = u.userConfigFinder() } var err error u.userConfig, err = parseFile(filename) //lint:ignore S1002 I prefer it this way if err != nil && os.IsNotExist(err) == false { u.onceErr = err return } if u.systemConfigFinder == nil { filename = systemConfigFinder() } else { filename = u.systemConfigFinder() } u.systemConfig, err = parseFile(filename) //lint:ignore S1002 I prefer it this way if err != nil && os.IsNotExist(err) == false { u.onceErr = err return } }) } func parseFile(filename string) (*Config, error) { return parseWithDepth(filename, 0) } func parseWithDepth(filename string, depth uint8) (*Config, error) { b, err := os.ReadFile(filename) if err != nil { return nil, err } return decodeBytes(b, isSystem(filename), depth) } func isSystem(filename string) bool { // TODO: not sure this is the best way to detect a system repo return strings.HasPrefix(filepath.Clean(filename), "/etc/ssh") } // Decode reads r into a Config, or returns an error if r could not be parsed as // an SSH config file. func Decode(r io.Reader) (*Config, error) { b, err := io.ReadAll(r) if err != nil { return nil, err } return decodeBytes(b, false, 0) } // DecodeBytes reads b into a Config, or returns an error if r could not be // parsed as an SSH config file. func DecodeBytes(b []byte) (*Config, error) { return decodeBytes(b, false, 0) } func decodeBytes(b []byte, system bool, depth uint8) (c *Config, err error) { defer func() { if r := recover(); r != nil { if _, ok := r.(runtime.Error); ok { panic(r) } if e, ok := r.(error); ok && e == ErrDepthExceeded { err = e return } err = errors.New(r.(string)) } }() c = parseSSH(lexSSH(b), system, depth) return c, err } // Config represents an SSH config file. type Config struct { // A list of hosts to match against. The file begins with an implicit // "Host *" declaration matching all hosts. Hosts []*Host depth uint8 position Position } // Get finds the first value in the configuration that matches the alias and // contains key. Get returns the empty string if no value was found, or if the // Config contains an invalid conditional Include value. // // The match for key is case insensitive. func (c *Config) Get(alias, key string) (string, error) { lowerKey := strings.ToLower(key) for _, host := range c.Hosts { if !host.Matches(alias) { continue } for _, node := range host.Nodes { switch t := node.(type) { case *Empty: continue case *KV: // "keys are case insensitive" per the spec lkey := strings.ToLower(t.Key) if lkey == "match" { panic("can't handle Match directives") } if lkey == lowerKey { return t.Value, nil } case *Include: val := t.Get(alias, key) if val != "" { return val, nil } default: return "", fmt.Errorf("unknown Node type %v", t) } } } return "", nil } // GetAll returns all values in the configuration that match the alias and // contains key, or nil if none are present. func (c *Config) GetAll(alias, key string) ([]string, error) { lowerKey := strings.ToLower(key) all := []string(nil) for _, host := range c.Hosts { if !host.Matches(alias) { continue } for _, node := range host.Nodes { switch t := node.(type) { case *Empty: continue case *KV: // "keys are case insensitive" per the spec lkey := strings.ToLower(t.Key) if lkey == "match" { panic("can't handle Match directives") } if lkey == lowerKey { all = append(all, t.Value) } case *Include: val, _ := t.GetAll(alias, key) if len(val) > 0 { all = append(all, val...) } default: return nil, fmt.Errorf("unknown Node type %v", t) } } } return all, nil } // String returns a string representation of the Config file. func (c Config) String() string { return marshal(c).String() } func (c Config) MarshalText() ([]byte, error) { return marshal(c).Bytes(), nil } func marshal(c Config) *bytes.Buffer { var buf bytes.Buffer for i := range c.Hosts { buf.WriteString(c.Hosts[i].String()) } return &buf } // Pattern is a pattern in a Host declaration. Patterns are read-only values; // create a new one with NewPattern(). type Pattern struct { str string // Its appearance in the file, not the value that gets compiled. regex *regexp.Regexp not bool // True if this is a negated match } // String prints the string representation of the pattern. func (p Pattern) String() string { return p.str } // Copied from regexp.go with * and ? removed. var specialBytes = []byte(`\.+()|[]{}^$`) func special(b byte) bool { return bytes.IndexByte(specialBytes, b) >= 0 } // NewPattern creates a new Pattern for matching hosts. NewPattern("*") creates // a Pattern that matches all hosts. // // From the manpage, a pattern consists of zero or more non-whitespace // characters, `*' (a wildcard that matches zero or more characters), or `?' (a // wildcard that matches exactly one character). For example, to specify a set // of declarations for any host in the ".co.uk" set of domains, the following // pattern could be used: // // Host *.co.uk // // The following pattern would match any host in the 192.168.0.[0-9] network range: // // Host 192.168.0.? func NewPattern(s string) (*Pattern, error) { if s == "" { return nil, errors.New("ssh_config: empty pattern") } negated := false if s[0] == '!' { negated = true s = s[1:] } var buf bytes.Buffer buf.WriteByte('^') for i := 0; i < len(s); i++ { // A byte loop is correct because all metacharacters are ASCII. switch b := s[i]; b { case '*': buf.WriteString(".*") case '?': buf.WriteString(".?") default: // borrowing from QuoteMeta here. if special(b) { buf.WriteByte('\\') } buf.WriteByte(b) } } buf.WriteByte('$') r, err := regexp.Compile(buf.String()) if err != nil { return nil, err } return &Pattern{str: s, regex: r, not: negated}, nil } // Host describes a Host directive and the keywords that follow it. type Host struct { // A list of host patterns that should match this host. Patterns []*Pattern // A Node is either a key/value pair or a comment line. Nodes []Node // EOLComment is the comment (if any) terminating the Host line. EOLComment string // Whitespace if any between the Host declaration and a trailing comment. spaceBeforeComment string hasEquals bool leadingSpace int // TODO: handle spaces vs tabs here. // The file starts with an implicit "Host *" declaration. implicit bool } // Matches returns true if the Host matches for the given alias. For // a description of the rules that provide a match, see the manpage for // ssh_config. func (h *Host) Matches(alias string) bool { found := false for i := range h.Patterns { if h.Patterns[i].regex.MatchString(alias) { if h.Patterns[i].not { // Negated match. "A pattern entry may be negated by prefixing // it with an exclamation mark (`!'). If a negated entry is // matched, then the Host entry is ignored, regardless of // whether any other patterns on the line match. Negated matches // are therefore useful to provide exceptions for wildcard // matches." return false } found = true } } return found } // String prints h as it would appear in a config file. Minor tweaks may be // present in the whitespace in the printed file. func (h *Host) String() string { var buf strings.Builder //lint:ignore S1002 I prefer to write it this way if h.implicit == false { buf.WriteString(strings.Repeat(" ", int(h.leadingSpace))) buf.WriteString("Host") if h.hasEquals { buf.WriteString(" = ") } else { buf.WriteString(" ") } for i, pat := range h.Patterns { buf.WriteString(pat.String()) if i < len(h.Patterns)-1 { buf.WriteString(" ") } } buf.WriteString(h.spaceBeforeComment) if h.EOLComment != "" { buf.WriteByte('#') buf.WriteString(h.EOLComment) } buf.WriteByte('\n') } for i := range h.Nodes { buf.WriteString(h.Nodes[i].String()) buf.WriteByte('\n') } return buf.String() } // Node represents a line in a Config. type Node interface { Pos() Position String() string } // KV is a line in the config file that contains a key, a value, and possibly // a comment. type KV struct { Key string Value string // Whitespace after the value but before any comment spaceAfterValue string Comment string hasEquals bool leadingSpace int // Space before the key. TODO handle spaces vs tabs. position Position } // Pos returns k's Position. func (k *KV) Pos() Position { return k.position } // String prints k as it was parsed in the config file. func (k *KV) String() string { if k == nil { return "" } equals := " " if k.hasEquals { equals = " = " } line := strings.Repeat(" ", int(k.leadingSpace)) + k.Key + equals + k.Value + k.spaceAfterValue if k.Comment != "" { line += "#" + k.Comment } return line } // Empty is a line in the config file that contains only whitespace or comments. type Empty struct { Comment string leadingSpace int // TODO handle spaces vs tabs. position Position } // Pos returns e's Position. func (e *Empty) Pos() Position { return e.position } // String prints e as it was parsed in the config file. func (e *Empty) String() string { if e == nil { return "" } if e.Comment == "" { return "" } return fmt.Sprintf("%s#%s", strings.Repeat(" ", int(e.leadingSpace)), e.Comment) } // Include holds the result of an Include directive, including the config files // that have been parsed as part of that directive. At most 5 levels of Include // statements will be parsed. type Include struct { // Comment is the contents of any comment at the end of the Include // statement. Comment string // an include directive can include several different files, and wildcards directives []string mu sync.Mutex // 1:1 mapping between matches and keys in files array; matches preserves // ordering matches []string // actual filenames are listed here files map[string]*Config leadingSpace int position Position depth uint8 hasEquals bool } const maxRecurseDepth = 5 // ErrDepthExceeded is returned if too many Include directives are parsed. // Usually this indicates a recursive loop (an Include directive pointing to the // file it contains). var ErrDepthExceeded = errors.New("ssh_config: max recurse depth exceeded") func removeDups(arr []string) []string { // Use map to record duplicates as we find them. encountered := make(map[string]bool, len(arr)) result := make([]string, 0) for v := range arr { //lint:ignore S1002 I prefer it this way if encountered[arr[v]] == false { encountered[arr[v]] = true result = append(result, arr[v]) } } return result } // NewInclude creates a new Include with a list of file globs to include. // Configuration files are parsed greedily (e.g. as soon as this function runs). // Any error encountered while parsing nested configuration files will be // returned. func NewInclude(directives []string, hasEquals bool, pos Position, comment string, system bool, depth uint8) (*Include, error) { if depth > maxRecurseDepth { return nil, ErrDepthExceeded } inc := &Include{ Comment: comment, directives: directives, files: make(map[string]*Config), position: pos, leadingSpace: pos.Col - 1, depth: depth, hasEquals: hasEquals, } // no need for inc.mu.Lock() since nothing else can access this inc matches := make([]string, 0) for i := range directives { var path string if filepath.IsAbs(directives[i]) { path = directives[i] } else if system { path = filepath.Join("/etc/ssh", directives[i]) } else { path = filepath.Join(homedir(), ".ssh", directives[i]) } theseMatches, err := filepath.Glob(path) if err != nil { return nil, err } matches = append(matches, theseMatches...) } matches = removeDups(matches) inc.matches = matches for i := range matches { config, err := parseWithDepth(matches[i], depth) if err != nil { return nil, err } inc.files[matches[i]] = config } return inc, nil } // Pos returns the position of the Include directive in the larger file. func (i *Include) Pos() Position { return i.position } // Get finds the first value in the Include statement matching the alias and the // given key. func (inc *Include) Get(alias, key string) string { inc.mu.Lock() defer inc.mu.Unlock() // TODO: we search files in any order which is not correct for i := range inc.matches { cfg := inc.files[inc.matches[i]] if cfg == nil { panic("nil cfg") } val, err := cfg.Get(alias, key) if err == nil && val != "" { return val } } return "" } // GetAll finds all values in the Include statement matching the alias and the // given key. func (inc *Include) GetAll(alias, key string) ([]string, error) { inc.mu.Lock() defer inc.mu.Unlock() var vals []string // TODO: we search files in any order which is not correct for i := range inc.matches { cfg := inc.files[inc.matches[i]] if cfg == nil { panic("nil cfg") } val, err := cfg.GetAll(alias, key) if err == nil && len(val) != 0 { // In theory if SupportsMultiple was false for this key we could // stop looking here. But the caller has asked us to find all // instances of the keyword (and could use Get() if they wanted) so // let's keep looking. vals = append(vals, val...) } } return vals, nil } // String prints out a string representation of this Include directive. Note // included Config files are not printed as part of this representation. func (inc *Include) String() string { equals := " " if inc.hasEquals { equals = " = " } line := fmt.Sprintf("%sInclude%s%s", strings.Repeat(" ", int(inc.leadingSpace)), equals, strings.Join(inc.directives, " ")) if inc.Comment != "" { line += " #" + inc.Comment } return line } var matchAll *Pattern func init() { var err error matchAll, err = NewPattern("*") if err != nil { panic(err) } } func newConfig() *Config { return &Config{ Hosts: []*Host{ &Host{ implicit: true, Patterns: []*Pattern{matchAll}, Nodes: make([]Node, 0), }, }, depth: 0, } } ssh_config-1.2.0/config_test.go000066400000000000000000000261051422137231400164720ustar00rootroot00000000000000package ssh_config import ( "bytes" "log" "os" "path/filepath" "strings" "testing" ) func loadFile(t *testing.T, filename string) []byte { t.Helper() data, err := os.ReadFile(filename) if err != nil { t.Fatal(err) } return data } var files = []string{ "testdata/config1", "testdata/config2", "testdata/eol-comments", } func TestDecode(t *testing.T) { for _, filename := range files { data := loadFile(t, filename) cfg, err := Decode(bytes.NewReader(data)) if err != nil { t.Fatal(err) } out := cfg.String() if out != string(data) { t.Errorf("%s out != data: got:\n%s\nwant:\n%s\n", filename, out, string(data)) } } } func testConfigFinder(filename string) func() string { return func() string { return filename } } func nullConfigFinder() string { return "" } func TestGet(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config1"), } val := us.Get("wap", "User") if val != "root" { t.Errorf("expected to find User root, got %q", val) } } func TestGetWithDefault(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config1"), } val, err := us.GetStrict("wap", "PasswordAuthentication") if err != nil { t.Fatalf("expected nil err, got %v", err) } if val != "yes" { t.Errorf("expected to get PasswordAuthentication yes, got %q", val) } } func TestGetAllWithDefault(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config1"), } val, err := us.GetAllStrict("wap", "PasswordAuthentication") if err != nil { t.Fatalf("expected nil err, got %v", err) } if len(val) != 1 || val[0] != "yes" { t.Errorf("expected to get PasswordAuthentication yes, got %q", val) } } func TestGetIdentities(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/identities"), } val, err := us.GetAllStrict("hasidentity", "IdentityFile") if err != nil { t.Errorf("expected nil err, got %v", err) } if len(val) != 1 || val[0] != "file1" { t.Errorf(`expected ["file1"], got %v`, val) } val, err = us.GetAllStrict("has2identity", "IdentityFile") if err != nil { t.Errorf("expected nil err, got %v", err) } if len(val) != 2 || val[0] != "f1" || val[1] != "f2" { t.Errorf(`expected [\"f1\", \"f2\"], got %v`, val) } val, err = us.GetAllStrict("randomhost", "IdentityFile") if err != nil { t.Errorf("expected nil err, got %v", err) } if len(val) != len(defaultProtocol2Identities) { // TODO: return the right values here. log.Printf("expected defaults, got %v", val) } else { for i, v := range defaultProtocol2Identities { if val[i] != v { t.Errorf("invalid %d in val, expected %s got %s", i, v, val[i]) } } } val, err = us.GetAllStrict("protocol1", "IdentityFile") if err != nil { t.Errorf("expected nil err, got %v", err) } if len(val) != 1 || val[0] != "~/.ssh/identity" { t.Errorf("expected [\"~/.ssh/identity\"], got %v", val) } } func TestGetInvalidPort(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/invalid-port"), } val, err := us.GetStrict("test.test", "Port") if err == nil { t.Fatalf("expected non-nil err, got nil") } if val != "" { t.Errorf("expected to get '' for val, got %q", val) } if err.Error() != `ssh_config: strconv.ParseUint: parsing "notanumber": invalid syntax` { t.Errorf("wrong error: got %v", err) } } func TestGetNotFoundNoDefault(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config1"), } val, err := us.GetStrict("wap", "CanonicalDomains") if err != nil { t.Fatalf("expected nil err, got %v", err) } if val != "" { t.Errorf("expected to get CanonicalDomains '', got %q", val) } } func TestGetAllNotFoundNoDefault(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config1"), } val, err := us.GetAllStrict("wap", "CanonicalDomains") if err != nil { t.Fatalf("expected nil err, got %v", err) } if len(val) != 0 { t.Errorf("expected to get CanonicalDomains '', got %q", val) } } func TestGetWildcard(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config3"), } val := us.Get("bastion.stage.i.us.example.net", "Port") if val != "22" { t.Errorf("expected to find Port 22, got %q", val) } val = us.Get("bastion.net", "Port") if val != "25" { t.Errorf("expected to find Port 24, got %q", val) } val = us.Get("10.2.3.4", "Port") if val != "23" { t.Errorf("expected to find Port 23, got %q", val) } val = us.Get("101.2.3.4", "Port") if val != "25" { t.Errorf("expected to find Port 24, got %q", val) } val = us.Get("20.20.20.4", "Port") if val != "24" { t.Errorf("expected to find Port 24, got %q", val) } val = us.Get("20.20.20.20", "Port") if val != "25" { t.Errorf("expected to find Port 25, got %q", val) } } func TestGetExtraSpaces(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/extraspace"), } val := us.Get("test.test", "Port") if val != "1234" { t.Errorf("expected to find Port 1234, got %q", val) } } func TestGetCaseInsensitive(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config1"), } val := us.Get("wap", "uSER") if val != "root" { t.Errorf("expected to find User root, got %q", val) } } func TestGetEmpty(t *testing.T) { us := &UserSettings{ userConfigFinder: nullConfigFinder, systemConfigFinder: nullConfigFinder, } val, err := us.GetStrict("wap", "User") if err != nil { t.Errorf("expected nil error, got %v", err) } if val != "" { t.Errorf("expected to get empty string, got %q", val) } } func TestGetEqsign(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/eqsign"), } val := us.Get("test.test", "Port") if val != "1234" { t.Errorf("expected to find Port 1234, got %q", val) } val = us.Get("test.test", "Port2") if val != "5678" { t.Errorf("expected to find Port2 5678, got %q", val) } } var includeFile = []byte(` # This host should not exist, so we can use it for test purposes / it won't # interfere with any other configurations. Host kevinburke.ssh_config.test.example.com Port 4567 `) func TestInclude(t *testing.T) { if testing.Short() { t.Skip("skipping fs write in short mode") } testPath := filepath.Join(homedir(), ".ssh", "kevinburke-ssh-config-test-file") err := os.WriteFile(testPath, includeFile, 0644) if err != nil { t.Skipf("couldn't write SSH config file: %v", err.Error()) } defer os.Remove(testPath) us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/include"), } val := us.Get("kevinburke.ssh_config.test.example.com", "Port") if val != "4567" { t.Errorf("expected to find Port=4567 in included file, got %q", val) } } func TestIncludeSystem(t *testing.T) { if testing.Short() { t.Skip("skipping fs write in short mode") } testPath := filepath.Join("/", "etc", "ssh", "kevinburke-ssh-config-test-file") err := os.WriteFile(testPath, includeFile, 0644) if err != nil { t.Skipf("couldn't write SSH config file: %v", err.Error()) } defer os.Remove(testPath) us := &UserSettings{ systemConfigFinder: testConfigFinder("testdata/include"), } val := us.Get("kevinburke.ssh_config.test.example.com", "Port") if val != "4567" { t.Errorf("expected to find Port=4567 in included file, got %q", val) } } var recursiveIncludeFile = []byte(` Host kevinburke.ssh_config.test.example.com Include kevinburke-ssh-config-recursive-include `) func TestIncludeRecursive(t *testing.T) { if testing.Short() { t.Skip("skipping fs write in short mode") } testPath := filepath.Join(homedir(), ".ssh", "kevinburke-ssh-config-recursive-include") err := os.WriteFile(testPath, recursiveIncludeFile, 0644) if err != nil { t.Skipf("couldn't write SSH config file: %v", err.Error()) } defer os.Remove(testPath) us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/include-recursive"), } val, err := us.GetStrict("kevinburke.ssh_config.test.example.com", "Port") if err != ErrDepthExceeded { t.Errorf("Recursive include: expected ErrDepthExceeded, got %v", err) } if val != "" { t.Errorf("non-empty string value %s", val) } } func TestIncludeString(t *testing.T) { if testing.Short() { t.Skip("skipping fs write in short mode") } data, err := os.ReadFile("testdata/include") if err != nil { log.Fatal(err) } c, err := Decode(bytes.NewReader(data)) if err != nil { t.Fatal(err) } s := c.String() if s != string(data) { t.Errorf("mismatch: got %q\nwant %q", s, string(data)) } } var matchTests = []struct { in []string alias string want bool }{ {[]string{"*"}, "any.test", true}, {[]string{"a", "b", "*", "c"}, "any.test", true}, {[]string{"a", "b", "c"}, "any.test", false}, {[]string{"any.test"}, "any1test", false}, {[]string{"192.168.0.?"}, "192.168.0.1", true}, {[]string{"192.168.0.?"}, "192.168.0.10", false}, {[]string{"*.co.uk"}, "bbc.co.uk", true}, {[]string{"*.co.uk"}, "subdomain.bbc.co.uk", true}, {[]string{"*.*.co.uk"}, "bbc.co.uk", false}, {[]string{"*.*.co.uk"}, "subdomain.bbc.co.uk", true}, {[]string{"*.example.com", "!*.dialup.example.com", "foo.dialup.example.com"}, "foo.dialup.example.com", false}, {[]string{"test.*", "!test.host"}, "test.host", false}, } func TestMatches(t *testing.T) { for _, tt := range matchTests { patterns := make([]*Pattern, len(tt.in)) for i := range tt.in { pat, err := NewPattern(tt.in[i]) if err != nil { t.Fatalf("error compiling pattern %s: %v", tt.in[i], err) } patterns[i] = pat } host := &Host{ Patterns: patterns, } got := host.Matches(tt.alias) if got != tt.want { t.Errorf("host(%q).Matches(%q): got %v, want %v", tt.in, tt.alias, got, tt.want) } } } func TestMatchUnsupported(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/match-directive"), } _, err := us.GetStrict("test.test", "Port") if err == nil { t.Fatal("expected Match directive to error, didn't") } if !strings.Contains(err.Error(), "ssh_config: Match directive parsing is unsupported") { t.Errorf("wrong error: %v", err) } } func TestIndexInRange(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config4"), } user, err := us.GetStrict("wap", "User") if err != nil { t.Fatal(err) } if user != "root" { t.Errorf("expected User to be %q, got %q", "root", user) } } func TestDosLinesEndingsDecode(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/dos-lines"), } user, err := us.GetStrict("wap", "User") if err != nil { t.Fatal(err) } if user != "root" { t.Errorf("expected User to be %q, got %q", "root", user) } host, err := us.GetStrict("wap2", "HostName") if err != nil { t.Fatal(err) } if host != "8.8.8.8" { t.Errorf("expected HostName to be %q, got %q", "8.8.8.8", host) } } func TestNoTrailingNewline(t *testing.T) { us := &UserSettings{ userConfigFinder: testConfigFinder("testdata/config-no-ending-newline"), systemConfigFinder: nullConfigFinder, } port, err := us.GetStrict("example", "Port") if err != nil { t.Fatal(err) } if port != "4242" { t.Errorf("wrong port: got %q want 4242", port) } } ssh_config-1.2.0/example_test.go000066400000000000000000000017641422137231400166640ustar00rootroot00000000000000package ssh_config_test import ( "fmt" "strings" "github.com/kevinburke/ssh_config" ) func ExampleHost_Matches() { pat, _ := ssh_config.NewPattern("test.*.example.com") host := &ssh_config.Host{Patterns: []*ssh_config.Pattern{pat}} fmt.Println(host.Matches("test.stage.example.com")) fmt.Println(host.Matches("othersubdomain.example.com")) // Output: // true // false } func ExamplePattern() { pat, _ := ssh_config.NewPattern("*") host := &ssh_config.Host{Patterns: []*ssh_config.Pattern{pat}} fmt.Println(host.Matches("test.stage.example.com")) fmt.Println(host.Matches("othersubdomain.any.any")) // Output: // true // true } func ExampleDecode() { var config = ` Host *.example.com Compression yes ` cfg, _ := ssh_config.Decode(strings.NewReader(config)) val, _ := cfg.Get("test.example.com", "Compression") fmt.Println(val) // Output: yes } func ExampleDefault() { fmt.Println(ssh_config.Default("Port")) fmt.Println(ssh_config.Default("UnknownVar")) // Output: // 22 // } ssh_config-1.2.0/fuzz_test.go000066400000000000000000000004161422137231400162200ustar00rootroot00000000000000//go:build 1.18 // +build 1.18 package ssh_config import ( "bytes" "testing" ) func FuzzDecode(f *testing.F) { f.Fuzz(func(t *testing.T, in []byte) { _, err := Decode(bytes.NewReader(in)) if err != nil { t.Fatalf("decode %q: %v", string(in), err) } }) } ssh_config-1.2.0/lexer.go000066400000000000000000000077521422137231400153140ustar00rootroot00000000000000package ssh_config import ( "bytes" ) // Define state functions type sshLexStateFn func() sshLexStateFn type sshLexer struct { inputIdx int input []rune // Textual source buffer []rune // Runes composing the current token tokens chan token line int col int endbufferLine int endbufferCol int } func (s *sshLexer) lexComment(previousState sshLexStateFn) sshLexStateFn { return func() sshLexStateFn { growingString := "" for next := s.peek(); next != '\n' && next != eof; next = s.peek() { if next == '\r' && s.follow("\r\n") { break } growingString += string(next) s.next() } s.emitWithValue(tokenComment, growingString) s.skip() return previousState } } // lex the space after an equals sign in a function func (s *sshLexer) lexRspace() sshLexStateFn { for { next := s.peek() if !isSpace(next) { break } s.skip() } return s.lexRvalue } func (s *sshLexer) lexEquals() sshLexStateFn { for { next := s.peek() if next == '=' { s.emit(tokenEquals) s.skip() return s.lexRspace } // TODO error handling here; newline eof etc. if !isSpace(next) { break } s.skip() } return s.lexRvalue } func (s *sshLexer) lexKey() sshLexStateFn { growingString := "" for r := s.peek(); isKeyChar(r); r = s.peek() { // simplified a lot here if isSpace(r) || r == '=' { s.emitWithValue(tokenKey, growingString) s.skip() return s.lexEquals } growingString += string(r) s.next() } s.emitWithValue(tokenKey, growingString) return s.lexEquals } func (s *sshLexer) lexRvalue() sshLexStateFn { growingString := "" for { next := s.peek() switch next { case '\r': if s.follow("\r\n") { s.emitWithValue(tokenString, growingString) s.skip() return s.lexVoid } case '\n': s.emitWithValue(tokenString, growingString) s.skip() return s.lexVoid case '#': s.emitWithValue(tokenString, growingString) s.skip() return s.lexComment(s.lexVoid) case eof: s.next() } if next == eof { break } growingString += string(next) s.next() } s.emit(tokenEOF) return nil } func (s *sshLexer) read() rune { r := s.peek() if r == '\n' { s.endbufferLine++ s.endbufferCol = 1 } else { s.endbufferCol++ } s.inputIdx++ return r } func (s *sshLexer) next() rune { r := s.read() if r != eof { s.buffer = append(s.buffer, r) } return r } func (s *sshLexer) lexVoid() sshLexStateFn { for { next := s.peek() switch next { case '#': s.skip() return s.lexComment(s.lexVoid) case '\r': fallthrough case '\n': s.emit(tokenEmptyLine) s.skip() continue } if isSpace(next) { s.skip() } if isKeyStartChar(next) { return s.lexKey } // removed IsKeyStartChar and lexKey. probably will need to readd if next == eof { s.next() break } } s.emit(tokenEOF) return nil } func (s *sshLexer) ignore() { s.buffer = make([]rune, 0) s.line = s.endbufferLine s.col = s.endbufferCol } func (s *sshLexer) skip() { s.next() s.ignore() } func (s *sshLexer) emit(t tokenType) { s.emitWithValue(t, string(s.buffer)) } func (s *sshLexer) emitWithValue(t tokenType, value string) { tok := token{ Position: Position{s.line, s.col}, typ: t, val: value, } s.tokens <- tok s.ignore() } func (s *sshLexer) peek() rune { if s.inputIdx >= len(s.input) { return eof } r := s.input[s.inputIdx] return r } func (s *sshLexer) follow(next string) bool { inputIdx := s.inputIdx for _, expectedRune := range next { if inputIdx >= len(s.input) { return false } r := s.input[inputIdx] inputIdx++ if expectedRune != r { return false } } return true } func (s *sshLexer) run() { for state := s.lexVoid; state != nil; { state = state() } close(s.tokens) } func lexSSH(input []byte) chan token { runes := bytes.Runes(input) l := &sshLexer{ input: runes, tokens: make(chan token), line: 1, col: 1, endbufferLine: 1, endbufferCol: 1, } go l.run() return l.tokens } ssh_config-1.2.0/parser.go000066400000000000000000000113171422137231400154610ustar00rootroot00000000000000package ssh_config import ( "fmt" "strings" "unicode" ) type sshParser struct { flow chan token config *Config tokensBuffer []token currentTable []string seenTableKeys []string // /etc/ssh parser or local parser - used to find the default for relative // filepaths in the Include directive system bool depth uint8 } type sshParserStateFn func() sshParserStateFn // Formats and panics an error message based on a token func (p *sshParser) raiseErrorf(tok *token, msg string, args ...interface{}) { // TODO this format is ugly panic(tok.Position.String() + ": " + fmt.Sprintf(msg, args...)) } func (p *sshParser) raiseError(tok *token, err error) { if err == ErrDepthExceeded { panic(err) } // TODO this format is ugly panic(tok.Position.String() + ": " + err.Error()) } func (p *sshParser) run() { for state := p.parseStart; state != nil; { state = state() } } func (p *sshParser) peek() *token { if len(p.tokensBuffer) != 0 { return &(p.tokensBuffer[0]) } tok, ok := <-p.flow if !ok { return nil } p.tokensBuffer = append(p.tokensBuffer, tok) return &tok } func (p *sshParser) getToken() *token { if len(p.tokensBuffer) != 0 { tok := p.tokensBuffer[0] p.tokensBuffer = p.tokensBuffer[1:] return &tok } tok, ok := <-p.flow if !ok { return nil } return &tok } func (p *sshParser) parseStart() sshParserStateFn { tok := p.peek() // end of stream, parsing is finished if tok == nil { return nil } switch tok.typ { case tokenComment, tokenEmptyLine: return p.parseComment case tokenKey: return p.parseKV case tokenEOF: return nil default: p.raiseErrorf(tok, fmt.Sprintf("unexpected token %q\n", tok)) } return nil } func (p *sshParser) parseKV() sshParserStateFn { key := p.getToken() hasEquals := false val := p.getToken() if val.typ == tokenEquals { hasEquals = true val = p.getToken() } comment := "" tok := p.peek() if tok == nil { tok = &token{typ: tokenEOF} } if tok.typ == tokenComment && tok.Position.Line == val.Position.Line { tok = p.getToken() comment = tok.val } if strings.ToLower(key.val) == "match" { // https://github.com/kevinburke/ssh_config/issues/6 p.raiseErrorf(val, "ssh_config: Match directive parsing is unsupported") return nil } if strings.ToLower(key.val) == "host" { strPatterns := strings.Split(val.val, " ") patterns := make([]*Pattern, 0) for i := range strPatterns { if strPatterns[i] == "" { continue } pat, err := NewPattern(strPatterns[i]) if err != nil { p.raiseErrorf(val, "Invalid host pattern: %v", err) return nil } patterns = append(patterns, pat) } // val.val at this point could be e.g. "example.com " hostval := strings.TrimRightFunc(val.val, unicode.IsSpace) spaceBeforeComment := val.val[len(hostval):] val.val = hostval p.config.Hosts = append(p.config.Hosts, &Host{ Patterns: patterns, Nodes: make([]Node, 0), EOLComment: comment, spaceBeforeComment: spaceBeforeComment, hasEquals: hasEquals, }) return p.parseStart } lastHost := p.config.Hosts[len(p.config.Hosts)-1] if strings.ToLower(key.val) == "include" { inc, err := NewInclude(strings.Split(val.val, " "), hasEquals, key.Position, comment, p.system, p.depth+1) if err == ErrDepthExceeded { p.raiseError(val, err) return nil } if err != nil { p.raiseErrorf(val, "Error parsing Include directive: %v", err) return nil } lastHost.Nodes = append(lastHost.Nodes, inc) return p.parseStart } shortval := strings.TrimRightFunc(val.val, unicode.IsSpace) spaceAfterValue := val.val[len(shortval):] kv := &KV{ Key: key.val, Value: shortval, spaceAfterValue: spaceAfterValue, Comment: comment, hasEquals: hasEquals, leadingSpace: key.Position.Col - 1, position: key.Position, } lastHost.Nodes = append(lastHost.Nodes, kv) return p.parseStart } func (p *sshParser) parseComment() sshParserStateFn { comment := p.getToken() lastHost := p.config.Hosts[len(p.config.Hosts)-1] lastHost.Nodes = append(lastHost.Nodes, &Empty{ Comment: comment.val, // account for the "#" as well leadingSpace: comment.Position.Col - 2, position: comment.Position, }) return p.parseStart } func parseSSH(flow chan token, system bool, depth uint8) *Config { // Ensure we consume tokens to completion even if parser exits early defer func() { for range flow { } }() result := newConfig() result.position = Position{1, 1} parser := &sshParser{ flow: flow, config: result, tokensBuffer: make([]token, 0), currentTable: make([]string, 0), seenTableKeys: make([]string, 0), system: system, depth: depth, } parser.run() return result } ssh_config-1.2.0/parser_test.go000066400000000000000000000006471422137231400165240ustar00rootroot00000000000000package ssh_config import ( "errors" "testing" ) type errReader struct { } func (b *errReader) Read(p []byte) (n int, err error) { return 0, errors.New("read error occurred") } func TestIOError(t *testing.T) { buf := &errReader{} _, err := Decode(buf) if err == nil { t.Fatal("expected non-nil err, got nil") } if err.Error() != "read error occurred" { t.Errorf("expected read error msg, got %v", err) } } ssh_config-1.2.0/position.go000066400000000000000000000013071422137231400160270ustar00rootroot00000000000000package ssh_config import "fmt" // Position of a document element within a SSH document. // // Line and Col are both 1-indexed positions for the element's line number and // column number, respectively. Values of zero or less will cause Invalid(), // to return true. type Position struct { Line int // line within the document Col int // column within the line } // String representation of the position. // Displays 1-indexed line and column numbers. func (p Position) String() string { return fmt.Sprintf("(%d, %d)", p.Line, p.Col) } // Invalid returns whether or not the position is valid (i.e. with negative or // null values) func (p Position) Invalid() bool { return p.Line <= 0 || p.Col <= 0 } ssh_config-1.2.0/testdata/000077500000000000000000000000001422137231400154445ustar00rootroot00000000000000ssh_config-1.2.0/testdata/anotherfile000066400000000000000000000001601422137231400176640ustar00rootroot00000000000000# Not sure that this actually works; Include might need to be relative to the # load directory. Compression yes ssh_config-1.2.0/testdata/config-no-ending-newline000066400000000000000000000000631422137231400221460ustar00rootroot00000000000000Host example HostName example.com Port 4242ssh_config-1.2.0/testdata/config1000066400000000000000000000016061422137231400167200ustar00rootroot00000000000000Host localhost 127.0.0.1 # A comment at the end of a host line. NoHostAuthenticationForLocalhost yes # A comment # A comment with leading spaces. Host wap User root KexAlgorithms diffie-hellman-group1-sha1 Host [some stuff behind a NAT] Compression yes ProxyCommand ssh -qW %h:%p [NATrouter] Host wopr # there are 2 proxies available for this one... User root ProxyCommand sh -c "ssh proxy1 -qW %h:22 || ssh proxy2 -qW %h:22" Host dhcp-?? UserKnownHostsFile /dev/null StrictHostKeyChecking no User root Host [my boxes] [*.mydomain] ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes Host * #ControlMaster auto #ControlPath /tmp/ssh-master-%C #ControlPath /tmp/ssh-%u-%r@%h:%p #ControlPersist yes ForwardX11Timeout 52w XAuthLocation /usr/bin/xauth SendEnv LANG LC_* HostKeyAlgorithms ssh-ed25519,ssh-rsa AddressFamily inet #UpdateHostKeys ask ssh_config-1.2.0/testdata/config2000066400000000000000000000031521422137231400167170ustar00rootroot00000000000000# $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h ssh_config-1.2.0/testdata/config3000066400000000000000000000013721422137231400167220ustar00rootroot00000000000000Host bastion.*.i.*.example.net User simon.thulbourn Port 22 ForwardAgent yes IdentityFile /Users/%u/.ssh/example.net/%r/id_rsa UseKeychain yes Host 10.* User simon.thulbourn Port 23 ForwardAgent yes StrictHostKeyChecking no UserKnownHostsFile /dev/null IdentityFile /Users/%u/.ssh/example.net/%r/id_rsa UseKeychain yes ProxyCommand >&1; h="%h"; exec ssh -q $(ssh-bastion -ip $h) nc %h %p Host 20.20.20.? User simon.thulbourn Port 24 ForwardAgent yes StrictHostKeyChecking no UserKnownHostsFile /dev/null IdentityFile /Users/%u/.ssh/example.net/%r/id_rsa UseKeychain yes ProxyCommand >&1; h="%h"; exec ssh -q $(ssh-bastion -ip $h) nc %h %p Host * IdentityFile /Users/%u/.ssh/%h/%r/id_rsa UseKeychain yes Port 25 ssh_config-1.2.0/testdata/config4000066400000000000000000000001601422137231400167150ustar00rootroot00000000000000# Extra space at end of line is important. Host wap User root KexAlgorithms diffie-hellman-group1-sha1 ssh_config-1.2.0/testdata/dos-lines000066400000000000000000000003011422137231400172560ustar00rootroot00000000000000# Config file with dos line endings Host wap HostName wap.example.org Port 22 User root KexAlgorithms diffie-hellman-group1-sha1 Host wap2 HostName 8.8.8.8 User google ssh_config-1.2.0/testdata/eol-comments000066400000000000000000000005311422137231400177700ustar00rootroot00000000000000Host example # this comment terminates a Host line HostName example.com # aligned eol comment 1 ForwardX11Timeout 52w # aligned eol comment 2 # This comment takes up a whole line # This comment is offset and takes up a whole line AddressFamily inet # aligned eol comment 3 Port 4242 #compact comment ssh_config-1.2.0/testdata/eqsign000066400000000000000000000000741422137231400166560ustar00rootroot00000000000000Host=test.test Port =1234 Port2= 5678 Compression yes ssh_config-1.2.0/testdata/extraspace000066400000000000000000000000401422137231400175200ustar00rootroot00000000000000Host test.test Port 1234 ssh_config-1.2.0/testdata/fuzz/000077500000000000000000000000001422137231400164425ustar00rootroot00000000000000ssh_config-1.2.0/testdata/fuzz/FuzzDecode/000077500000000000000000000000001422137231400205045ustar00rootroot000000000000003cfc035ae4867ca13fa7bfaf2793731f05fd4d59c3af8761ea365c7485c752fd000066400000000000000000000032671422137231400314220ustar00rootroot00000000000000ssh_config-1.2.0/testdata/fuzz/FuzzDecodego test fuzz v1 []byte("#\t$OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $\n\n# This is the ssh client system-wide configuration file. See\n# ssh_config(5) for more information. This file provides defaults for\n# users, and the values can be changed in per-user configuration files\n# or on the command line.\n\n# Configuration data is parsed as follows:\n# 1. command line options\n# 2. user-specific file\n# 3. system-wide file\n# Any configuration value is only changed the first time it is set.\n# Thus, host-specific definitions should be at the beginning of the\n# configuration file, and defaults at the end.\n\n# Site-wide defaults for some commonly used options. For a comprehensive\n# list of available options, their meanings and defaults, please see the\n# ssh_config(5) man page.\n\n# Host *\n# ForwardAgent no\n# ForwardX11 no\n# RhostsRSAAuthentication no\n# RSAAuthentication yes\n# PasswordAuthentication yes\n# HostbasedAuthentication no\n# GSSAPIAuthentication no\n# GSSAPIDelegateCredentials no\n# BatchMode no\n# CheckHostIP yes\n# AddressFamily any\n# ConnectTimeout 0\n# StrictHostKeyChecking ask\n# IdentityFile ~/.ssh/identity\n# IdentityFile ~/.ssh/id_rsa\n# IdentityFile ~/.ssh/id_dsa\n# IdentityFile ~/.ssh/id_ecdsa\n# IdentityFile ~/.ssh/id_ed25519\n# Port 22\n# Protocol 2\n# Cipher 3des\n# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc\n# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160\n# EscapeChar ~\n# Tunnel no\n# TunnelDevice any:any\n# PermitLocalCommand no\n# VisualHostKey no\n# ProxyCommand ssh -q -W %h:%p gateway.example.com\n# RekeyLimit 1G 1h\n")4f8b378d89916e9b4fd796f74f5b12efb5cd85faaba9fea8fbe419d6af63add8000066400000000000000000000017111422137231400321130ustar00rootroot00000000000000ssh_config-1.2.0/testdata/fuzz/FuzzDecodego test fuzz v1 []byte("Host localhost 127.0.0.1 # A comment at the end of a host line.\n NoHostAuthenticationForLocalhost yes\n\n# A comment\n # A comment with leading spaces.\n\nHost wap\n User root\n KexAlgorithms diffie-hellman-group1-sha1\n\nHost [some stuff behind a NAT]\n Compression yes\n ProxyCommand ssh -qW %h:%p [NATrouter]\n\nHost wopr # there are 2 proxies available for this one...\n User root\n ProxyCommand sh -c \"ssh proxy1 -qW %h:22 || ssh proxy2 -qW %h:22\"\n\nHost dhcp-??\n UserKnownHostsFile /dev/null\n StrictHostKeyChecking no\n User root\n\nHost [my boxes] [*.mydomain]\n ForwardAgent yes\n ForwardX11 yes\n ForwardX11Trusted yes\n\nHost *\n #ControlMaster auto\n #ControlPath /tmp/ssh-master-%C\n #ControlPath /tmp/ssh-%u-%r@%h:%p\n #ControlPersist yes\n ForwardX11Timeout 52w\n XAuthLocation /usr/bin/xauth\n SendEnv LANG LC_*\n HostKeyAlgorithms ssh-ed25519,ssh-rsa\n AddressFamily inet\n #UpdateHostKeys ask\n")ssh_config-1.2.0/testdata/identities000066400000000000000000000001741422137231400175320ustar00rootroot00000000000000 Host hasidentity IdentityFile file1 Host has2identity IdentityFile f1 IdentityFile f2 Host protocol1 Protocol 1 ssh_config-1.2.0/testdata/include000066400000000000000000000002661422137231400170160ustar00rootroot00000000000000Host kevinburke.ssh_config.test.example.com # This file (or files) needs to be found in ~/.ssh or /etc/ssh, depending on # the test. Include kevinburke-ssh-config-*-file ssh_config-1.2.0/testdata/include-recursive000066400000000000000000000003221422137231400210140ustar00rootroot00000000000000Host kevinburke.ssh_config.test.example.com # This file (or files) needs to be found in ~/.ssh or /etc/ssh, depending on # the test. It should include itself. Include kevinburke-ssh-config-recursive-include ssh_config-1.2.0/testdata/invalid-port000066400000000000000000000000411422137231400177720ustar00rootroot00000000000000Host test.test Port notanumber ssh_config-1.2.0/testdata/match-directive000066400000000000000000000000251422137231400204340ustar00rootroot00000000000000Match all Port 4567 ssh_config-1.2.0/testdata/negated000066400000000000000000000001111422137231400167670ustar00rootroot00000000000000Host *.example.com !*.dialup.example.com Port 1234 Host * Port 5678 ssh_config-1.2.0/testdata/system-include000066400000000000000000000000001422137231400203220ustar00rootroot00000000000000ssh_config-1.2.0/token.go000066400000000000000000000015171422137231400153060ustar00rootroot00000000000000package ssh_config import "fmt" type token struct { Position typ tokenType val string } func (t token) String() string { switch t.typ { case tokenEOF: return "EOF" } return fmt.Sprintf("%q", t.val) } type tokenType int const ( eof = -(iota + 1) ) const ( tokenError tokenType = iota tokenEOF tokenEmptyLine tokenComment tokenKey tokenEquals tokenString ) func isSpace(r rune) bool { return r == ' ' || r == '\t' } func isKeyStartChar(r rune) bool { return !(isSpace(r) || r == '\r' || r == '\n' || r == eof) } // I'm not sure that this is correct func isKeyChar(r rune) bool { // Keys start with the first character that isn't whitespace or [ and end // with the last non-whitespace character before the equals sign. Keys // cannot contain a # character." return !(r == '\r' || r == '\n' || r == eof || r == '=') } ssh_config-1.2.0/validators.go000066400000000000000000000214231422137231400163340ustar00rootroot00000000000000package ssh_config import ( "fmt" "strconv" "strings" ) // Default returns the default value for the given keyword, for example "22" if // the keyword is "Port". Default returns the empty string if the keyword has no // default, or if the keyword is unknown. Keyword matching is case-insensitive. // // Default values are provided by OpenSSH_7.4p1 on a Mac. func Default(keyword string) string { return defaults[strings.ToLower(keyword)] } // Arguments where the value must be "yes" or "no" and *only* yes or no. var yesnos = map[string]bool{ strings.ToLower("BatchMode"): true, strings.ToLower("CanonicalizeFallbackLocal"): true, strings.ToLower("ChallengeResponseAuthentication"): true, strings.ToLower("CheckHostIP"): true, strings.ToLower("ClearAllForwardings"): true, strings.ToLower("Compression"): true, strings.ToLower("EnableSSHKeysign"): true, strings.ToLower("ExitOnForwardFailure"): true, strings.ToLower("ForwardAgent"): true, strings.ToLower("ForwardX11"): true, strings.ToLower("ForwardX11Trusted"): true, strings.ToLower("GatewayPorts"): true, strings.ToLower("GSSAPIAuthentication"): true, strings.ToLower("GSSAPIDelegateCredentials"): true, strings.ToLower("HostbasedAuthentication"): true, strings.ToLower("IdentitiesOnly"): true, strings.ToLower("KbdInteractiveAuthentication"): true, strings.ToLower("NoHostAuthenticationForLocalhost"): true, strings.ToLower("PasswordAuthentication"): true, strings.ToLower("PermitLocalCommand"): true, strings.ToLower("PubkeyAuthentication"): true, strings.ToLower("RhostsRSAAuthentication"): true, strings.ToLower("RSAAuthentication"): true, strings.ToLower("StreamLocalBindUnlink"): true, strings.ToLower("TCPKeepAlive"): true, strings.ToLower("UseKeychain"): true, strings.ToLower("UsePrivilegedPort"): true, strings.ToLower("VisualHostKey"): true, } var uints = map[string]bool{ strings.ToLower("CanonicalizeMaxDots"): true, strings.ToLower("CompressionLevel"): true, // 1 to 9 strings.ToLower("ConnectionAttempts"): true, strings.ToLower("ConnectTimeout"): true, strings.ToLower("NumberOfPasswordPrompts"): true, strings.ToLower("Port"): true, strings.ToLower("ServerAliveCountMax"): true, strings.ToLower("ServerAliveInterval"): true, } func mustBeYesOrNo(lkey string) bool { return yesnos[lkey] } func mustBeUint(lkey string) bool { return uints[lkey] } func validate(key, val string) error { lkey := strings.ToLower(key) if mustBeYesOrNo(lkey) && (val != "yes" && val != "no") { return fmt.Errorf("ssh_config: value for key %q must be 'yes' or 'no', got %q", key, val) } if mustBeUint(lkey) { _, err := strconv.ParseUint(val, 10, 64) if err != nil { return fmt.Errorf("ssh_config: %v", err) } } return nil } var defaults = map[string]string{ strings.ToLower("AddKeysToAgent"): "no", strings.ToLower("AddressFamily"): "any", strings.ToLower("BatchMode"): "no", strings.ToLower("CanonicalizeFallbackLocal"): "yes", strings.ToLower("CanonicalizeHostname"): "no", strings.ToLower("CanonicalizeMaxDots"): "1", strings.ToLower("ChallengeResponseAuthentication"): "yes", strings.ToLower("CheckHostIP"): "yes", // TODO is this still the correct cipher strings.ToLower("Cipher"): "3des", strings.ToLower("Ciphers"): "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc", strings.ToLower("ClearAllForwardings"): "no", strings.ToLower("Compression"): "no", strings.ToLower("CompressionLevel"): "6", strings.ToLower("ConnectionAttempts"): "1", strings.ToLower("ControlMaster"): "no", strings.ToLower("EnableSSHKeysign"): "no", strings.ToLower("EscapeChar"): "~", strings.ToLower("ExitOnForwardFailure"): "no", strings.ToLower("FingerprintHash"): "sha256", strings.ToLower("ForwardAgent"): "no", strings.ToLower("ForwardX11"): "no", strings.ToLower("ForwardX11Timeout"): "20m", strings.ToLower("ForwardX11Trusted"): "no", strings.ToLower("GatewayPorts"): "no", strings.ToLower("GlobalKnownHostsFile"): "/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2", strings.ToLower("GSSAPIAuthentication"): "no", strings.ToLower("GSSAPIDelegateCredentials"): "no", strings.ToLower("HashKnownHosts"): "no", strings.ToLower("HostbasedAuthentication"): "no", strings.ToLower("HostbasedKeyTypes"): "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa", strings.ToLower("HostKeyAlgorithms"): "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa", // HostName has a dynamic default (the value passed at the command line). strings.ToLower("IdentitiesOnly"): "no", strings.ToLower("IdentityFile"): "~/.ssh/identity", // IPQoS has a dynamic default based on interactive or non-interactive // sessions. strings.ToLower("KbdInteractiveAuthentication"): "yes", strings.ToLower("KexAlgorithms"): "curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1", strings.ToLower("LogLevel"): "INFO", strings.ToLower("MACs"): "umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1", strings.ToLower("NoHostAuthenticationForLocalhost"): "no", strings.ToLower("NumberOfPasswordPrompts"): "3", strings.ToLower("PasswordAuthentication"): "yes", strings.ToLower("PermitLocalCommand"): "no", strings.ToLower("Port"): "22", strings.ToLower("PreferredAuthentications"): "gssapi-with-mic,hostbased,publickey,keyboard-interactive,password", strings.ToLower("Protocol"): "2", strings.ToLower("ProxyUseFdpass"): "no", strings.ToLower("PubkeyAcceptedKeyTypes"): "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa", strings.ToLower("PubkeyAuthentication"): "yes", strings.ToLower("RekeyLimit"): "default none", strings.ToLower("RhostsRSAAuthentication"): "no", strings.ToLower("RSAAuthentication"): "yes", strings.ToLower("ServerAliveCountMax"): "3", strings.ToLower("ServerAliveInterval"): "0", strings.ToLower("StreamLocalBindMask"): "0177", strings.ToLower("StreamLocalBindUnlink"): "no", strings.ToLower("StrictHostKeyChecking"): "ask", strings.ToLower("TCPKeepAlive"): "yes", strings.ToLower("Tunnel"): "no", strings.ToLower("TunnelDevice"): "any:any", strings.ToLower("UpdateHostKeys"): "no", strings.ToLower("UseKeychain"): "no", strings.ToLower("UsePrivilegedPort"): "no", strings.ToLower("UserKnownHostsFile"): "~/.ssh/known_hosts ~/.ssh/known_hosts2", strings.ToLower("VerifyHostKeyDNS"): "no", strings.ToLower("VisualHostKey"): "no", strings.ToLower("XAuthLocation"): "/usr/X11R6/bin/xauth", } // these identities are used for SSH protocol 2 var defaultProtocol2Identities = []string{ "~/.ssh/id_dsa", "~/.ssh/id_ecdsa", "~/.ssh/id_ed25519", "~/.ssh/id_rsa", } // these directives support multiple items that can be collected // across multiple files var pluralDirectives = map[string]bool{ "CertificateFile": true, "IdentityFile": true, "DynamicForward": true, "RemoteForward": true, "SendEnv": true, "SetEnv": true, } // SupportsMultiple reports whether a directive can be specified multiple times. func SupportsMultiple(key string) bool { return pluralDirectives[strings.ToLower(key)] } ssh_config-1.2.0/validators_test.go000066400000000000000000000022501422137231400173700ustar00rootroot00000000000000package ssh_config import ( "testing" ) var validateTests = []struct { key string val string err string }{ {"IdentitiesOnly", "yes", ""}, {"IdentitiesOnly", "Yes", `ssh_config: value for key "IdentitiesOnly" must be 'yes' or 'no', got "Yes"`}, {"Port", "22", ``}, {"Port", "yes", `ssh_config: strconv.ParseUint: parsing "yes": invalid syntax`}, } func TestValidate(t *testing.T) { for _, tt := range validateTests { err := validate(tt.key, tt.val) if tt.err == "" && err != nil { t.Errorf("validate(%q, %q): got %v, want nil", tt.key, tt.val, err) } if tt.err != "" { if err == nil { t.Errorf("validate(%q, %q): got nil error, want %v", tt.key, tt.val, tt.err) } else if err.Error() != tt.err { t.Errorf("validate(%q, %q): got err %v, want %v", tt.key, tt.val, err, tt.err) } } } } func TestDefault(t *testing.T) { if v := Default("VisualHostKey"); v != "no" { t.Errorf("Default(%q): got %v, want 'no'", "VisualHostKey", v) } if v := Default("visualhostkey"); v != "no" { t.Errorf("Default(%q): got %v, want 'no'", "visualhostkey", v) } if v := Default("notfound"); v != "" { t.Errorf("Default(%q): got %v, want ''", "notfound", v) } }