Listing 6. edit_sshd.cf

# Parameters are:
# file: file to edit
# params: an array indexed by parameter name, containing
# the corresponding values. For example:
# "sshd[Protocol]" string => "2";
# "sshd[X11Forwarding]" string => "yes";
# "sshd[UseDNS]" string => "no";
# Diego Zamboni, November 2010
bundle agent edit_sshd(file,params)
{
files:
  "$(file)"
  handle => "edit_sshd",
  comment => "Set desired sshd_config parameters",
  edit_line => set_config_values("$(params)"),
  classes => if_repaired("restart_sshd");

# set_config_values is a bundle Diego wrote based on
# set_variable_values from Cfengine_stdlib.cf.

commands:
  restart_sshd.!no_restarts::
    "/etc/init.d/sshd restart"
    handle => "sshd_restart",
    comment => "Restart sshd if the configuration file was modified";
}

bundle edit_line set_config_values(v)

 # Sets the RHS of configuration items in the file of the form
 # LHS RHS
 # If the line is commented out with #, it gets uncommented first.
 # Adds a new line if none exists.
 # The argument is an associative array containing v[LHS]="rhs"

 # Based on set_variable_values from Cfengine_stdlib.cf, modified to
 # use whitespace as separator, and to handle commented-out lines.

{
vars:
  "index" slist => getindices("$(v)");

  # Be careful if the index string contains funny chars
  "cindex[$(index)]" string => canonify("$(index)");

field_edits:

  # If the line is there, but commented out, first uncomment it
  "#+$(index)\s+.*"
     edit_field => col("\s+","1","$(index)","set");

  # match a line starting like the key something
  "$(index)\s+.*"
     edit_field => col("\s+","2","$($(v)[$(index)])","set"),
        classes => if_ok("not_$(cindex[$(index)])");

insert_lines:

  "$(index) $($(v)[$(index)])",
      ifvarclass => "!not_$(cindex[$(index)])";
}