init file from sshd_config_default on Windows

tgauth · tgauth · commit 8cd3559436bd · 2026-04-09T16:57:44.000-04:00
diff --git a/resources/sshdconfig/locales/en-us.toml b/resources/sshdconfig/locales/en-us.toml
@@ -99,6 +99,8 @@ writingTempConfig = "Writing temporary sshd_config file"
 [util]
 cleanupFailed = "Failed to clean up temporary file %{path}: %{error}"
 getIgnoresInputFilters = "get command does not support filtering based on input settings, provided input will be ignored"
+seededConfigFromDefault = "Seeded missing sshd_config from '%{source}' to '%{target}'"
+sshdConfigDefaultNotFound = "sshd_config file does not exist and no default source could be found. Checked: %{paths}"
 sshdConfigReadFailed = "failed to read sshd_config at path: '%{path}'"
 sshdElevation = "elevated security context required"
 tempFileCreated = "temporary file created at: %{path}"
diff --git a/resources/sshdconfig/src/set.rs b/resources/sshdconfig/src/set.rs
@@ -24,7 +24,7 @@ use crate::repeat_keyword::{
     RepeatInput, RepeatListInput, NameValueEntry,
     add_or_update_entry, extract_single_keyword, remove_entry, parse_and_validate_entries
 };
-use crate::util::{build_command_info, get_default_sshd_config_path, invoke_sshd_config_validation};
+use crate::util::{build_command_info, ensure_sshd_config_exists, get_default_sshd_config_path, invoke_sshd_config_validation};
 
 /// Invoke the set command.
 ///
@@ -189,16 +189,9 @@ fn set_sshd_config(cmd_info: &mut CommandInfo) -> Result<(), SshdConfigError> {
         let mut get_cmd_info = cmd_info.clone();
         get_cmd_info.include_defaults = false;
         get_cmd_info.input = Map::new();
+        ensure_sshd_config_exists(get_cmd_info.metadata.filepath.clone())?;
 
-        let mut existing_config = match get_sshd_settings(&get_cmd_info, true) {
-            Ok(config) => config,
-            Err(SshdConfigError::FileNotFound(_)) => {
-                return Err(SshdConfigError::InvalidInput(
-                    t!("set.purgeFalseRequiresExistingFile").to_string()
-                ));
-            }
-            Err(e) => return Err(e),
-        };
+        let mut existing_config = get_sshd_settings(&get_cmd_info, true)?;
         for (key, value) in &cmd_info.input {
             if value.is_null() {
                 existing_config.remove(key);
@@ -281,12 +274,6 @@ fn get_existing_config(cmd_info: &CommandInfo) -> Result<Map<String, Value>, Ssh
     let mut get_cmd_info = cmd_info.clone();
     get_cmd_info.include_defaults = false;
     get_cmd_info.input = Map::new();
-    match get_sshd_settings(&get_cmd_info, false) {
-        Ok(config) => Ok(config),
-        Err(SshdConfigError::FileNotFound(_)) => {
-            // If file doesn't exist, create empty config
-            Ok(Map::new())
-        }
-        Err(e) => Err(e),
-    }
+    ensure_sshd_config_exists(get_cmd_info.metadata.filepath.clone())?;
+    get_sshd_settings(&get_cmd_info, false)
 }
diff --git a/resources/sshdconfig/src/util.rs b/resources/sshdconfig/src/util.rs
@@ -107,6 +107,59 @@ pub fn get_default_sshd_config_path(input: Option<PathBuf>) -> Result<PathBuf, S
     }
 }
 
+fn get_sshd_config_default_source_candidates() -> Vec<PathBuf> {
+    let mut candidates: Vec<PathBuf> = Vec::new();
+
+    if cfg!(windows) {
+        if let Ok(system_drive) = std::env::var("SystemDrive") {
+            candidates.push(PathBuf::from(format!("{system_drive}\\Windows\\System32\\OpenSSH\\sshd_config_default")));
+        }
+    }
+
+    candidates
+}
+
+/// Ensure the target `sshd_config` exists by seeding it from a platform default source.
+///
+/// # Errors
+///
+/// This function returns an error if the target cannot be created or no source default config is available.
+pub fn ensure_sshd_config_exists(input: Option<PathBuf>) -> Result<PathBuf, SshdConfigError> {
+    let target_path = get_default_sshd_config_path(input)?;
+    if target_path.exists() {
+        return Ok(target_path);
+    }
+
+    if !cfg!(windows) {
+        return Err(SshdConfigError::InvalidInput(
+            t!("util.sshdConfigDefaultNotFound", paths = "Windows seeding is only supported on Windows hosts").to_string()
+        ));
+    }
+
+    let candidates = get_sshd_config_default_source_candidates();
+    let source_path = candidates
+        .iter()
+        .find(|candidate| candidate.is_file())
+        .cloned()
+        .ok_or_else(|| {
+            let paths = candidates
+                .iter()
+                .map(|path| path.display().to_string())
+                .collect::<Vec<String>>()
+                .join(", ");
+            SshdConfigError::InvalidInput(t!("util.sshdConfigDefaultNotFound", paths = paths).to_string())
+        })?;
+
+    if let Some(parent) = target_path.parent() {
+        std::fs::create_dir_all(parent)?;
+    }
+
+    std::fs::copy(&source_path, &target_path)?;
+    debug!("{}", t!("util.seededConfigFromDefault", source = source_path.display(), target = target_path.display()));
+
+    Ok(target_path)
+}
+
 /// Invoke sshd -T.
 ///
 /// # Errors
@@ -118,7 +171,7 @@ pub fn invoke_sshd_config_validation(args: Option<SshdCommandArgs>) -> Result<St
 
     if let Some(args) = args {
         if let Some(filepath) = args.filepath {
-            if !filepath.exists() {
+            let filepath = get_default_sshd_config_path(Some(filepath))?;            if !filepath.exists() {
                 return Err(SshdConfigError::FileNotFound(filepath.display().to_string()));
             }
             command.arg("-f").arg(&filepath);
@@ -244,5 +297,3 @@ pub fn read_sshd_config(input: Option<PathBuf>) -> Result<String, SshdConfigErro
         Err(SshdConfigError::FileNotFound(filepath.display().to_string()))
     }
 }
-
-
diff --git a/resources/sshdconfig/tests/sshdconfig.get.tests.ps1 b/resources/sshdconfig/tests/sshdconfig.get.tests.ps1
@@ -148,7 +148,7 @@ PasswordAuthentication no
         Remove-Item -Path $stderrFile -Force -ErrorAction SilentlyContinue
     }
 
-    It 'Should fail when config file does not exist' {
+    It 'Should fail without creating target config when file does not exist' {
         $nonExistentPath = Join-Path $TestDrive 'nonexistent_sshd_config'
 
         $inputData = @{
@@ -161,6 +161,27 @@ PasswordAuthentication no
         sshdconfig get --input $inputData -s sshd-config 2>$stderrFile
         $LASTEXITCODE | Should -Not -Be 0
 
+        Test-Path $nonExistentPath | Should -Be $false
+
+        $stderr = Get-Content -Path $stderrFile -Raw -ErrorAction SilentlyContinue
+        $stderr | Should -Match "File not found"
+
+        Remove-Item -Path $stderrFile -Force -ErrorAction SilentlyContinue
+    }
+
+    It 'Should fail when config file does not exist even when default source is missing' {
+        $nonExistentPath = Join-Path $TestDrive 'nonexistent_sshd_config'
+
+        $inputData = @{
+            _metadata = @{
+                filepath = $nonExistentPath
+            }
+        } | ConvertTo-Json
+
+        $stderrFile = Join-Path $TestDrive "stderr_missing_default_source.txt"
+        sshdconfig get --input $inputData -s sshd-config 2>$stderrFile
+        $LASTEXITCODE | Should -Not -Be 0
+
         $stderr = Get-Content -Path $stderrFile -Raw -ErrorAction SilentlyContinue
         $stderr | Should -Match "File not found"
         Remove-Item -Path $stderrFile -Force -ErrorAction SilentlyContinue
diff --git a/resources/sshdconfig/tests/sshdconfig.set.tests.ps1 b/resources/sshdconfig/tests/sshdconfig.set.tests.ps1
@@ -21,6 +21,9 @@ Describe 'sshd_config Set Tests' -Skip:($skipTest) {
         $TestDir = Join-Path $TestDrive "sshd_test"
         New-Item -Path $TestDir -ItemType Directory -Force | Out-Null
         $TestConfigPath = Join-Path $TestDir "sshd_config"
+
+        $script:DefaultSourceExists = $IsWindows -and
+            (Test-Path -Path "$env:SystemDrive\Windows\System32\OpenSSH\sshd_config_default" -PathType Leaf -ErrorAction SilentlyContinue)
     }
 
     AfterEach {
@@ -180,7 +183,7 @@ Describe 'sshd_config Set Tests' -Skip:($skipTest) {
             sshdconfig set --input $validConfig -s sshd-config
         }
 
-        It 'Should fail with purge=false when file does not exist' {
+        It 'Should seed missing file from default source when available on Windows, or fail otherwise' {
             $nonExistentPath = Join-Path $TestDrive "nonexistent_sshd_config"
 
             $inputConfig = @{
@@ -193,12 +196,26 @@ Describe 'sshd_config Set Tests' -Skip:($skipTest) {
 
             $stderrFile = Join-Path $TestDrive "stderr_purgefalse_nofile.txt"
             sshdconfig set --input $inputConfig -s sshd-config 2>$stderrFile
-            $LASTEXITCODE | Should -Not -Be 0
 
-            $stderr = Get-Content -Path $stderrFile -Raw -ErrorAction SilentlyContinue
-            $stderr | Should -Match "_purge=false requires an existing sshd_config file"
-            $stderr | Should -Match "Use _purge=true to create a new configuration file"
+            if ($IsWindows -and $script:DefaultSourceExists) {
+                $LASTEXITCODE | Should -Be 0
+                Test-Path $nonExistentPath | Should -Be $true
+
+                $getInput = @{
+                    _metadata = @{
+                        filepath = $nonExistentPath
+                    }
+                } | ConvertTo-Json
+                $result = sshdconfig get --input $getInput -s sshd-config 2>$null | ConvertFrom-Json
+                $result.Port | Should -Be "8888"
+            } else {
+                $LASTEXITCODE | Should -Not -Be 0
+                $stderr = Get-Content -Path $stderrFile -Raw -ErrorAction SilentlyContinue
+                $stderr | Should -Match "no default source could be found"
+            }
+
             Remove-Item -Path $stderrFile -Force -ErrorAction SilentlyContinue
+            Remove-Item -Path $nonExistentPath -Force -ErrorAction SilentlyContinue
         }
 
         It 'Should fail with invalid keyword and not modify file' {
diff --git a/resources/sshdconfig/tests/sshdconfigRepeat.tests.ps1 b/resources/sshdconfig/tests/sshdconfigRepeat.tests.ps1
@@ -33,6 +33,9 @@ Describe 'sshd-config-repeat Set Tests' -Skip:($skipTest) {
             $script:DefaultSftpPath = "/usr/lib/openssh/sftp-server"
             $script:AlternatePath = "/usr/libexec/sftp-server"
         }
+
+        $script:DefaultSourceExists = $IsWindows -and
+            (Test-Path -Path "$env:SystemDrive\Windows\System32\OpenSSH\sshd_config_default" -PathType Leaf -ErrorAction SilentlyContinue)
     }
 
     AfterEach {
@@ -212,5 +215,35 @@ PasswordAuthentication yes
 
             Remove-Item -Path $stderrFile -Force -ErrorAction SilentlyContinue
         }
+
+        It 'Should seed missing file from default source when available on Windows, or fail otherwise' {
+            $nonExistentPath = Join-Path $TestDrive "nonexistent_sshd_config"
+
+            $inputConfig = @{
+                _metadata = @{
+                    filepath = $nonExistentPath
+                }
+                _exist = $true
+                subsystem = @{
+                    name = "powershell"
+                    value = "/usr/bin/pwsh -sshs"
+                }
+            } | ConvertTo-Json
+
+            $stderrFile = Join-Path $TestDrive "stderr_missing_default_repeat.txt"
+            sshdconfig set --input $inputConfig -s sshd-config-repeat 2>$stderrFile
+
+            if ($IsWindows -and $script:DefaultSourceExists) {
+                $LASTEXITCODE | Should -Be 0
+                Test-Path $nonExistentPath | Should -Be $true
+            } else {
+                $LASTEXITCODE | Should -Not -Be 0
+                $stderr = Get-Content -Path $stderrFile -Raw -ErrorAction SilentlyContinue
+                $stderr | Should -Match "no default source could be found"
+            }
+
+            Remove-Item -Path $stderrFile -Force -ErrorAction SilentlyContinue
+            Remove-Item -Path $nonExistentPath -Force -ErrorAction SilentlyContinue
+        }
     }
 }
diff --git a/resources/sshdconfig/tests/sshdconfigRepeatList.tests.ps1 b/resources/sshdconfig/tests/sshdconfigRepeatList.tests.ps1
@@ -33,6 +33,9 @@ Describe 'sshd-config-repeat-list Set Tests' -Skip:($skipTest) {
             $script:DefaultSftpPath = "/usr/lib/openssh/sftp-server"
             $script:AlternatePath = "/usr/libexec/sftp-server"
         }
+
+        $script:DefaultSourceExists = $IsWindows -and
+            (Test-Path -Path "$env:SystemDrive\Windows\System32\OpenSSH\sshd_config_default" -PathType Leaf -ErrorAction SilentlyContinue)
     }
 
     AfterEach {
@@ -320,5 +323,37 @@ PasswordAuthentication yes
             $subsystems = Get-Content $TestConfigPath | Where-Object { $_ -match '^\s*subsystem\s+' }
             $subsystems.Count | Should -Be 0
         }
+
+        It 'Should seed missing file from default source when available on Windows, or fail otherwise' {
+            $nonExistentPath = Join-Path $TestDrive "nonexistent_sshd_config"
+
+            $inputConfig = @{
+                _metadata = @{
+                    filepath = $nonExistentPath
+                }
+                _purge = $false
+                subsystem = @(
+                    @{
+                        name = "powershell"
+                        value = "/usr/bin/pwsh -sshs"
+                    }
+                )
+            } | ConvertTo-Json -Depth 10
+
+            $stderrFile = Join-Path $TestDrive "stderr_missing_default_repeat_list.txt"
+            sshdconfig set --input $inputConfig -s sshd-config-repeat-list 2>$stderrFile
+
+            if ($IsWindows -and $script:DefaultSourceExists) {
+                $LASTEXITCODE | Should -Be 0
+                Test-Path $nonExistentPath | Should -Be $true
+            } else {
+                $LASTEXITCODE | Should -Not -Be 0
+                $stderr = Get-Content -Path $stderrFile -Raw -ErrorAction SilentlyContinue
+                $stderr | Should -Match "no default source could be found"
+            }
+
+            Remove-Item -Path $stderrFile -Force -ErrorAction SilentlyContinue
+            Remove-Item -Path $nonExistentPath -Force -ErrorAction SilentlyContinue
+        }
     }
 }
