diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2016-12-16 03:51:20 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2016-12-16 03:51:20 +0000 |
| commit | f3b7ef785dcd13707f864d72efc2759b309a47b6 (patch) | |
| tree | 5f38d3e9092ecdd2808aaaf57f13291e379f7987 /regress/usr.bin/ssh | |
| parent | b6d946408d17c247c43ef817b08ece2e5b83842a (diff) | |
Add regression test for AllowUsers and DenyUsers. Patch from Zev Weiss
<zev at bewilderbeest.net>
Diffstat (limited to 'regress/usr.bin/ssh')
| -rw-r--r-- | regress/usr.bin/ssh/Makefile | 5 | ||||
| -rw-r--r-- | regress/usr.bin/ssh/allow-deny-users.sh | 37 |
2 files changed, 40 insertions, 2 deletions
diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index 6b650de3d0b..8a9cb58e5ca 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.93 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $ .ifndef SKIP_UNIT SUBDIR= unittests @@ -71,7 +71,8 @@ LTESTS= connect \ hostkey-rotate \ principals-command \ cert-file \ - cfginclude + cfginclude \ + allow-deny-users INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp diff --git a/regress/usr.bin/ssh/allow-deny-users.sh b/regress/usr.bin/ssh/allow-deny-users.sh new file mode 100644 index 00000000000..217b15940a7 --- /dev/null +++ b/regress/usr.bin/ssh/allow-deny-users.sh @@ -0,0 +1,37 @@ +# Public Domain +# Zev Weiss, 2016 + +tid="AllowUsers/DenyUsers" + +me=`whoami` +other="nobody" + +test_auth() +{ + deny="$1" + allow="$2" + should_succeed="$3" + failmsg="$4" + + start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow" + + ${SSH} -F $OBJ/ssh_config "$me@somehost" true + status=$? + + if (test $status -eq 0 && ! $should_succeed) \ + || (test $status -ne 0 && $should_succeed); then + fail "$failmsg" + fi + + stop_sshd +} + +# DenyUsers AllowUsers should_succeed failure_message +test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied" +test_auth "$other $me" "" false "user in DenyUsers allowed" +test_auth "$me $other" "" false "user in DenyUsers allowed" +test_auth "" "$other" false "user not in AllowUsers allowed" +test_auth "" "$other $me" true "user in AllowUsers denied" +test_auth "" "$me $other" true "user in AllowUsers denied" +test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed" +test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed" |