diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2016-12-16 03:51:19 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-12-17 09:11:41 +1100 |
| commit | 0d2f88428487518eea60602bd593989013831dcf (patch) | |
| tree | 979055085b55472077f5294d1b0e8bd6743c5785 | |
| parent | 3bc8180a008929f6fe98af4a56fb37d04444b417 (diff) | |
upstream commit
Add regression test for AllowUsers and DenyUsers. Patch from
Zev Weiss <zev at bewilderbeest.net>
Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
| -rw-r--r-- | regress/Makefile | 5 | ||||
| -rw-r--r-- | regress/allow-deny-users.sh | 37 |
2 files changed, 40 insertions, 2 deletions
diff --git a/regress/Makefile b/regress/Makefile index bb880681..c2dba4fd 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.93 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -78,7 +78,8 @@ LTESTS= connect \ hostkey-rotate \ principals-command \ cert-file \ - cfginclude + cfginclude \ + allow-deny-users # dhgex \ diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh new file mode 100644 index 00000000..217b1594 --- /dev/null +++ b/regress/allow-deny-users.sh @@ -0,0 +1,37 @@ +# Public Domain +# Zev Weiss, 2016 + +tid="AllowUsers/DenyUsers" + +me=`whoami` +other="nobody" + +test_auth() +{ + deny="$1" + allow="$2" + should_succeed="$3" + failmsg="$4" + + start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow" + + ${SSH} -F $OBJ/ssh_config "$me@somehost" true + status=$? + + if (test $status -eq 0 && ! $should_succeed) \ + || (test $status -ne 0 && $should_succeed); then + fail "$failmsg" + fi + + stop_sshd +} + +# DenyUsers AllowUsers should_succeed failure_message +test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied" +test_auth "$other $me" "" false "user in DenyUsers allowed" +test_auth "$me $other" "" false "user in DenyUsers allowed" +test_auth "" "$other" false "user not in AllowUsers allowed" +test_auth "" "$other $me" true "user in AllowUsers denied" +test_auth "" "$me $other" true "user in AllowUsers denied" +test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed" +test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed" |