Merge pull request #1284 from tgauth/expand-sshdconfig-parser

SteveL-MSFT · web-flow · commit ccf362857df3 · 2025-12-04T20:36:06.000Z
Expand sshdconfig parser
diff --git a/dsc/tests/dsc_sshdconfig.tests.ps1 b/dsc/tests/dsc_sshdconfig.tests.ps1
@@ -40,13 +40,13 @@ resources:
             $out.resources.count | Should -Be 1
             $out.resources[0].properties | Should -Not -BeNullOrEmpty
             $out.resources[0].properties.port | Should -BeNullOrEmpty
-            $out.resources[0].properties.passwordAuthentication | Should -Be 'no'
+            $out.resources[0].properties.passwordAuthentication | Should -Be $false
             $out.resources[0].properties._inheritedDefaults | Should -BeNullOrEmpty
         } else {
             $out.results.count | Should -Be 1
             $out.results.result.actualState | Should -Not -BeNullOrEmpty
             $out.results.result.actualState.port[0] | Should -Be 22
-            $out.results.result.actualState.passwordAuthentication | Should -Be 'no'
+            $out.results.result.actualState.passwordAuthentication | Should -Be $false
             $out.results.result.actualState._inheritedDefaults | Should -Contain 'port'
         }
     }
@@ -69,7 +69,7 @@ resources:
         $LASTEXITCODE | Should -Be 0
         $out.resources.count | Should -Be 1
         ($out.resources[0].properties.psobject.properties | Measure-Object).count | Should -Be 1
-        $out.resources[0].properties.passwordAuthentication | Should -Be 'no'
+        $out.resources[0].properties.passwordAuthentication | Should -Be $false
     }
 
     It '<command> with _includeDefaults specified works' -TestCases @(
@@ -128,7 +128,7 @@ resources:
                 $out.results.count | Should -Be 1
                 $out.results.result.actualState | Should -Not -BeNullOrEmpty
                 $out.results.result.actualState.port | Should -Be 22
-                $out.results.result.actualState.passwordAuthentication | Should -Be 'yes'
+                $out.results.result.actualState.passwordAuthentication | Should -Be $true
                 $out.results.result.actualState._inheritedDefaults | Should -Not -Contain 'port'
             }
         }
diff --git a/grammars/tree-sitter-ssh-server-config/grammar.js b/grammars/tree-sitter-ssh-server-config/grammar.js
@@ -35,9 +35,9 @@ module.exports = grammar({
     ),
 
     criteria: $ => seq(
-      field('criteria', $.alpha),
+      field('keyword', $.alpha),
       choice(seq(/[ \t]/, optional('=')), '='),
-      field('argument', $._argument)
+      field('argument', alias($._argument, $.argument))
     ),
 
     _argument: $ => choice($.boolean, $.number, $.string, $._commaSeparatedString, $._doublequotedString, $._singlequotedString),
diff --git a/grammars/tree-sitter-ssh-server-config/test/corpus/valid_expressions.txt b/grammars/tree-sitter-ssh-server-config/test/corpus/valid_expressions.txt
@@ -31,7 +31,8 @@ authorizedkeysfile "path to authorized keys file"
   (match
     (criteria
       (alpha)
-      (string))
+      (argument
+        (string)))
     (keyword
       (alphanumeric)
       (arguments
@@ -53,7 +54,8 @@ authorizedkeysfile "path to authorized keys file"
   (match
     (criteria
       (alpha)
-      (string))
+      (argument
+      (string)))
     (keyword
       (alphanumeric)
       (arguments
@@ -229,15 +231,17 @@ passwordauthentication yes
   (match
     (criteria
       (alpha)
-      (string))
+      (argument
+      (string)))
     (keyword
       (alphanumeric)
       (arguments
         (boolean))))
   (match
     (criteria
       (alpha)
-      (string))
+      (argument
+      (string)))
     (keyword
       (alphanumeric)
       (arguments
@@ -307,7 +311,8 @@ passwordauthentication yes
   (match
     (criteria
       (alpha)
-      (string))
+      (argument
+      (string)))
     (keyword
       (alphanumeric)
       (arguments
@@ -320,7 +325,8 @@ passwordauthentication yes
   (match
     (criteria
       (alpha)
-      (string))
+      (argument
+      (string)))
     (keyword
       (alphanumeric)
       (arguments
@@ -412,11 +418,13 @@ passwordauthentication no
   (match
     (criteria
       (alpha)
+      (argument
         (string)
-        (string))
+        (string)))
     (criteria
       (alpha)
-        (string))
+      (argument
+        (string)))
     (keyword
       (alphanumeric)
         (arguments
diff --git a/resources/sshdconfig/locales/en-us.toml b/resources/sshdconfig/locales/en-us.toml
@@ -17,6 +17,7 @@ parser = "Parser"
 parseInt = "Parse Integer"
 persist = "Persist"
 registry = "Registry"
+stringUtf8 = "String UTF-8"
 
 [get]
 debugSetting = "Get setting:"
@@ -35,17 +36,18 @@ set = "Set command: '%{input}'"
 [parser]
 failedToParse = "failed to parse: '%{input}'"
 failedToParseAsArray = "value is not an array"
-failedToParseChildNode = "failed to parse child node: '%{input}'"
 failedToParseNode = "failed to parse '%{input}'"
 failedToParseRoot = "failed to parse root: '%{input}'"
 invalidConfig = "invalid config: '%{input}'"
 invalidMultiArgNode = "multi-arg node '%{input}' is not valid"
-invalidValue = "operator is an invalid value for node"
 keyNotFound = "key '%{key}' not found"
 keyNotRepeatable = "key '%{key}' is not repeatable"
-keywordDebug = "Parsing keyword: '%{text}'"
-missingValueInChildNode = "missing value in child node: '%{input}'"
+missingCriteriaInMatch = "missing criteria field in match block: '%{input}'"
 missingKeyInChildNode = "missing key in child node: '%{input}'"
+missingKeyInCriteria = "missing key in criteria node: '%{input}'"
+missingValueInCriteria = "missing value in criteria node: '%{input}'"
+missingValueInChildNode = "missing value in child node: '%{input}'"
+noArgumentsFound = "no arguments found in node: '%{input}'"
 valueDebug = "Parsed argument value:"
 unknownNode = "unknown node: '%{kind}'"
 unknownNodeType = "unknown node type: '%{node}'"
diff --git a/resources/sshdconfig/src/error.rs b/resources/sshdconfig/src/error.rs
@@ -9,6 +9,8 @@ use thiserror::Error;
 pub enum SshdConfigError {
     #[error("{t}: {0}", t = t!("error.command"))]
     CommandError(String),
+    #[error("{t}: {0}", t = t!("error.envVar"))]
+    EnvVarError(#[from] std::env::VarError),
     #[error("{t}: {0}", t = t!("error.fmt"))]
     FmtError(#[from] std::fmt::Error),
     #[error("{t}: {0}", t = t!("error.invalidInput"))]
@@ -28,6 +30,6 @@ pub enum SshdConfigError {
     #[cfg(windows)]
     #[error("{t}: {0}", t = t!("error.registry"))]
     RegistryError(#[from] dsc_lib_registry::error::RegistryError),
-    #[error("{t}: {0}", t = t!("error.envVar"))]
-    EnvVarError(#[from] std::env::VarError),
+    #[error("{t}: {0}", t = t!("error.stringUtf8"))]
+    StringUtf8Error(#[from] std::str::Utf8Error),
 }
diff --git a/resources/sshdconfig/src/metadata.rs b/resources/sshdconfig/src/metadata.rs
@@ -1,14 +1,20 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-// keywords that can have multiple arguments per line but cannot be repeated over multiple lines,
-// as subsequent entries are ignored, should be represented as arrays
-pub const MULTI_ARG_KEYWORDS: [&str; 17] = [
+// note that it is possible for a keyword to be in one, neither, or both of the multi-arg and repeatable lists below.
+
+// keywords that can have multiple comma-separated arguments per line and should be represented as arrays.
+pub const MULTI_ARG_KEYWORDS: [&str; 22] = [
+    "acceptenv",
+    "allowgroups",
+    "allowusers",
     "authenticationmethods",
     "authorizedkeysfile",
     "casignaturealgorithms",
     "channeltimeout",
     "ciphers",
+    "denygroups",
+    "denyusers",
     "hostbasedacceptedalgorithms",
     "hostkeyalgorithms",
     "ipqos",
@@ -24,7 +30,6 @@ pub const MULTI_ARG_KEYWORDS: [&str; 17] = [
 ];
 
 // keywords that can be repeated over multiple lines and should be represented as arrays.
-// note that some keywords can be both multi-arg and repeatable, in which case they only need to be listed here
 pub const REPEATABLE_KEYWORDS: [&str; 12] = [
     "acceptenv",
     "allowgroups",
diff --git a/resources/sshdconfig/src/parser.rs b/resources/sshdconfig/src/parser.rs
