From 77a5bae8d2f039f32a4cc2fc03e0b35c9d1f9759 Mon Sep 17 00:00:00 2001
From: Michel Jouvin <jouvin@lal.in2p3.fr>
Date: Fri, 14 Jul 2023 09:33:31 +0200
Subject: [PATCH 1/2] ncm-ssh: add option prohibit-password to PermitRootLogin
 parameter

- Mark  `without-password` deprecated

Fixes #1603

Co-authored-by: James Adams <james@bluezen.co.uk>
---
 ncm-ssh/src/main/pan/components/ssh/schema.pan | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/ncm-ssh/src/main/pan/components/ssh/schema.pan b/ncm-ssh/src/main/pan/components/ssh/schema.pan
index f388947ba6..10e1004d20 100644
--- a/ncm-ssh/src/main/pan/components/ssh/schema.pan
+++ b/ncm-ssh/src/main/pan/components/ssh/schema.pan
@@ -127,7 +127,18 @@ type ssh_daemon_options_type = {
     "MaxStartups" ? long
     "NoneEnabled" ? legacy_binary_affirmation_string
     "PermitEmptyPasswords" ? legacy_binary_affirmation_string
-    "PermitRootLogin" ? string with match (SELF, '^(yes|without-password|forced-commands-only|no)$')
+    "PermitRootLogin" ? choice(
+        'yes', 
+        'prohibit-password',
+        'without-password',
+        'forced-commands-only',
+        'no'
+    ) with {
+        if (SELF == 'without-password') {
+            deprecated(0, '"without-password" is deprecated and should be updated to "prohibit-password"');
+        };
+        true;
+    }
     "PermitTunnel" ? string with match (SELF, '^(yes|point-to-point|ethernet|no)$')
     "PermitUserEnvironment" ? legacy_binary_affirmation_string
     "PidFile" ? string

From 820f248fe989083927803b9763903f66895d059b Mon Sep 17 00:00:00 2001
From: Michel Jouvin <michel.jouvin@ijclab.in2p3.fr>
Date: Mon, 24 Jul 2023 11:22:20 +0200
Subject: [PATCH 2/2] Remove trailing spaces

Co-authored-by: James Adams <james@bluezen.co.uk>
---
 ncm-ssh/src/main/pan/components/ssh/schema.pan | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ncm-ssh/src/main/pan/components/ssh/schema.pan b/ncm-ssh/src/main/pan/components/ssh/schema.pan
index 10e1004d20..18f0745c39 100644
--- a/ncm-ssh/src/main/pan/components/ssh/schema.pan
+++ b/ncm-ssh/src/main/pan/components/ssh/schema.pan
@@ -128,7 +128,7 @@ type ssh_daemon_options_type = {
     "NoneEnabled" ? legacy_binary_affirmation_string
     "PermitEmptyPasswords" ? legacy_binary_affirmation_string
     "PermitRootLogin" ? choice(
-        'yes', 
+        'yes',
         'prohibit-password',
         'without-password',
         'forced-commands-only',