From f3b7ef785dcd13707f864d72efc2759b309a47b6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 16 Dec 2016 03:51:20 +0000 Subject: Add regression test for AllowUsers and DenyUsers. Patch from Zev Weiss --- regress/usr.bin/ssh/Makefile | 5 +++-- regress/usr.bin/ssh/allow-deny-users.sh | 37 +++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 regress/usr.bin/ssh/allow-deny-users.sh (limited to 'regress/usr.bin/ssh') diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile index 6b650de3d0b..8a9cb58e5ca 100644 --- a/regress/usr.bin/ssh/Makefile +++ b/regress/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.93 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $ .ifndef SKIP_UNIT SUBDIR= unittests @@ -71,7 +71,8 @@ LTESTS= connect \ hostkey-rotate \ principals-command \ cert-file \ - cfginclude + cfginclude \ + allow-deny-users INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp diff --git a/regress/usr.bin/ssh/allow-deny-users.sh b/regress/usr.bin/ssh/allow-deny-users.sh new file mode 100644 index 00000000000..217b15940a7 --- /dev/null +++ b/regress/usr.bin/ssh/allow-deny-users.sh @@ -0,0 +1,37 @@ +# Public Domain +# Zev Weiss, 2016 + +tid="AllowUsers/DenyUsers" + +me=`whoami` +other="nobody" + +test_auth() +{ + deny="$1" + allow="$2" + should_succeed="$3" + failmsg="$4" + + start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow" + + ${SSH} -F $OBJ/ssh_config "$me@somehost" true + status=$? + + if (test $status -eq 0 && ! $should_succeed) \ + || (test $status -ne 0 && $should_succeed); then + fail "$failmsg" + fi + + stop_sshd +} + +# DenyUsers AllowUsers should_succeed failure_message +test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied" +test_auth "$other $me" "" false "user in DenyUsers allowed" +test_auth "$me $other" "" false "user in DenyUsers allowed" +test_auth "" "$other" false "user not in AllowUsers allowed" +test_auth "" "$other $me" true "user in AllowUsers denied" +test_auth "" "$me $other" true "user in AllowUsers denied" +test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed" +test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed" -- cgit v1.2.3