summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2016-12-16 03:51:19 +0000
committerDamien Miller <djm@mindrot.org>2016-12-17 09:11:41 +1100
commit0d2f88428487518eea60602bd593989013831dcf (patch)
tree979055085b55472077f5294d1b0e8bd6743c5785
parent3bc8180a008929f6fe98af4a56fb37d04444b417 (diff)
upstream commit
Add regression test for AllowUsers and DenyUsers. Patch from Zev Weiss <zev at bewilderbeest.net> Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
-rw-r--r--regress/Makefile5
-rw-r--r--regress/allow-deny-users.sh37
2 files changed, 40 insertions, 2 deletions
diff --git a/regress/Makefile b/regress/Makefile
index bb880681..c2dba4fd 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.93 2016/11/01 13:43:27 tb Exp $
+# $OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $
REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec
tests: prep $(REGRESS_TARGETS)
@@ -78,7 +78,8 @@ LTESTS= connect \
hostkey-rotate \
principals-command \
cert-file \
- cfginclude
+ cfginclude \
+ allow-deny-users
# dhgex \
diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh
new file mode 100644
index 00000000..217b1594
--- /dev/null
+++ b/regress/allow-deny-users.sh
@@ -0,0 +1,37 @@
+# Public Domain
+# Zev Weiss, 2016
+
+tid="AllowUsers/DenyUsers"
+
+me=`whoami`
+other="nobody"
+
+test_auth()
+{
+ deny="$1"
+ allow="$2"
+ should_succeed="$3"
+ failmsg="$4"
+
+ start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow"
+
+ ${SSH} -F $OBJ/ssh_config "$me@somehost" true
+ status=$?
+
+ if (test $status -eq 0 && ! $should_succeed) \
+ || (test $status -ne 0 && $should_succeed); then
+ fail "$failmsg"
+ fi
+
+ stop_sshd
+}
+
+# DenyUsers AllowUsers should_succeed failure_message
+test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied"
+test_auth "$other $me" "" false "user in DenyUsers allowed"
+test_auth "$me $other" "" false "user in DenyUsers allowed"
+test_auth "" "$other" false "user not in AllowUsers allowed"
+test_auth "" "$other $me" true "user in AllowUsers denied"
+test_auth "" "$me $other" true "user in AllowUsers denied"
+test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed"
+test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed"