tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Test update 

1. Move Start-SSHD-TestDaemon and Stop-SSHD-TestDaemon to commonUtils.psm1
2. Fix the timing issue when trying to read the log while it is still locked by the process.
3, Start the service to create the config fold if it is not there.
4. Skip authorizedkey and sshdconfig tests on win7 since the task scheduler cmdlets are not available on win7.
5. rename variables
This commit is contained in:
Yanbing 2018-01-29 13:49:01 -08:00 committed by GitHub
parent fd580e9d96
commit bad5548188
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 165 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
contrib/win32/openssh/OpenSSHTestHelper.psm1
View File

@ -162,8 +162,14 @@ WARNING: Following changes will be made to OpenSSH configuration
New-Item -ItemType Directory -Path $TestDataPath -Force -ErrorAction SilentlyContinue | out-null
}
#Backup existing OpenSSH configuration
if(-not (Test-Path $OpenSSHConfigPath -pathType Container))
{
#starting the service will create ssh config folder
start-service sshd
}
$backupConfigPath = Join-Path $OpenSSHConfigPath sshd_config.ori
#Backup existing OpenSSH configuration
if (-not (Test-Path $backupConfigPath -PathType Leaf)) {
Copy-Item (Join-Path $OpenSSHConfigPath sshd_config) $backupConfigPath -Force
}

114
regress/pesterTests/Authorized_keys_fileperm.Tests.ps1
View File

@ -17,42 +17,22 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
}
$fileName = "test.txt"
$logName = "sshdlog.txt"
$sshLogName = "test.txt"
$sshdLogName = "sshdlog.txt"
$server = $OpenSSHTestInfo["Target"]
$port = 47003
$ssouser = $OpenSSHTestInfo["SSOUser"]
$PwdUser = $OpenSSHTestInfo["PasswdUser"]
$ssouserProfile = $OpenSSHTestInfo["SSOUserProfile"]
Remove-Item -Path (Join-Path $testDir "*$fileName") -Force -ErrorAction SilentlyContinue
$opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath']
Remove-Item -Path (Join-Path $testDir "*$sshLogName") -Force -ErrorAction SilentlyContinue
$platform = Get-Platform
$skip = ($platform -eq [PlatformType]::Windows) -and ($PSVersionTable.PSVersion.Major -le 2)
if(($platform -eq [PlatformType]::Windows) -and ($psversiontable.BuildVersion.Major -le 6))
{
#suppress the firewall blocking dialogue on win7
netsh advfirewall firewall add rule name="sshd" program="$($OpenSSHTestInfo['OpenSSHBinPath'])\sshd.exe" protocol=any action=allow dir=in
}
$Taskfolder = "\OpenSSHTestTasks\"
$Taskname = "StartTestDaemon"
function Start-SSHD-TestDaemon
{
param([string] $Arguments)
$opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath']
$ac = New-ScheduledTaskAction -Execute (join-path $opensshbinpath "sshd") -WorkingDirectory $opensshbinpath -Argument $Arguments
$task = Register-ScheduledTask -TaskName $Taskname -User system -Action $ac -TaskPath $Taskfolder -Force
Start-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname
}
function Stop-SSHD-TestDaemon
{
Stop-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname
#stop-scheduledTask does not wait for worker process to end. Kill it if still running. Logic below assume sshd service is running
$svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1]
(gps sshd).id | foreach { if ((-not($_ -eq $svcpid))) {Stop-Process $_ -Force} }
}
}
}
AfterEach { $tI++ }
@ -78,11 +58,13 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
$authorizedkeyPath = Join-Path $ssouserProfile .testssh\authorized_keys
$Source = Join-Path $ssouserProfile .ssh\authorized_keys
$testknownhosts = Join-path $PSScriptRoot testdata\test_known_hosts
Copy-Item $Source $ssouserSSHProfilePath -Force -ErrorAction Stop
Copy-Item $Source $ssouserSSHProfilePath -Force -ErrorAction Stop
Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false
Get-Process -Name sshd -ErrorAction SilentlyContinue | Where-Object {$_.SessionID -ne 0} | Stop-process -force -ErrorAction SilentlyContinue
if(-not $skip)
{
Stop-SSHDTestDaemon
}
#add wrong password so ssh does not prompt password if failed with authorized keys
Add-PasswordSetting -Pass "WrongPass"
$tI=1
@ -102,73 +84,73 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
}
BeforeEach {
$filePath = Join-Path $testDir "$tC.$tI.$fileName"
$logPath = Join-Path $testDir "$tC.$tI.$logName"
Get-Process -Name sshd -ErrorAction SilentlyContinue | Where-Object {$_.SessionID -ne 0} | Stop-process -force -ErrorAction SilentlyContinue
$sshlog = Join-Path $testDir "$tC.$tI.$sshLogName"
$sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName"
if(-not $skip)
{
Stop-SSHDTestDaemon
}
}
It "$tC.$tI-authorized_keys-positive(pwd user is the owner and running process can access to the file)" {
It "$tC.$tI-authorized_keys-positive(pwd user is the owner and running process can access to the file)" -skip:$skip {
#setup to have ssouser as owner and grant ssouser read and write, admins group, and local system full control
Repair-FilePermission -Filepath $authorizedkeyPath -Owners $objUserSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false
#Run
Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
$o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
Stop-SSHD-TestDaemon
Stop-SSHDTestDaemon
$o | Should Be "1234"
}
It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by local system)" {
It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by local system)" -skip:$skip {
#setup to have system as owner and grant it full control
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $systemSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false
#Run
Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
$o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
Stop-SSHD-TestDaemon
Stop-SSHDTestDaemon
$o | Should Be "1234"
}
It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by admins group and pwd does not have explict ACE)" {
It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by admins group and pwd does not have explict ACE)" -skip:$skip {
#setup to have admin group as owner and grant it full control
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $adminsSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false
#Run
Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
$o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
Stop-SSHD-TestDaemon
Stop-SSHDTestDaemon
$o | Should Be "1234"
}
It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by admins group and pwd have explict ACE)" {
It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by admins group and pwd have explict ACE)" -skip:$skip {
#setup to have admin group as owner and grant it full control
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $adminsSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false
#Run
Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
$o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
Stop-SSHD-TestDaemon
$o | Should Be "1234"
Stop-SSHDTestDaemon
$o | Should Be "1234"
}
It "$tC.$tI-authorized_keys-negative(authorized_keys is owned by other admin user)" {
It "$tC.$tI-authorized_keys-negative(authorized_keys is owned by other admin user)" -skip:$skip {
#setup to have current user (admin user) as owner and grant it full control
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $currentUserSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false
#Run
Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath"
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "Authentication refused."
Stop-SSHDTestDaemon
$sshlog | Should Contain "Permission denied"
$sshdlog | Should Contain "Authentication refused."
}
It "$tC.$tI-authorized_keys-negative(other account can access private key file)" {
It "$tC.$tI-authorized_keys-negative(other account can access private key file)" -skip:$skip {
#setup to have current user as owner and grant it full control
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $objUserSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false
@ -177,24 +159,26 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
Set-FilePermission -FilePath $authorizedkeyPath -User $objPwdUserSid -Perm "Read"
#Run
Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath"
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "Authentication refused."
Start-SSHDTestDaemon -workDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHDTestDaemon
$sshlog | Should Contain "Permission denied"
$sshdlog | Should Contain "Authentication refused."
}
It "$tC.$tI-authorized_keys-negative(authorized_keys is owned by other non-admin user)" {
It "$tC.$tI-authorized_keys-negative(authorized_keys is owned by other non-admin user)" -skip:$skip {
#setup to have PwdUser as owner and grant it full control
$objPwdUserSid = Get-UserSid -User $PwdUser
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $objPwdUserSid -FullAccessNeeded $adminsSid,$systemSid,$objPwdUser -confirm:$false
#Run
Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath"
ssh -p $port -E $FilePath -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "Authentication refused."
Stop-SSHDTestDaemon
$sshlog | Should Contain "Permission denied"
$sshdlog | Should Contain "Authentication refused."
}
}
}

48
regress/pesterTests/CommonUtils.psm1
View File

@ -105,4 +105,52 @@ function Remove-PasswordSetting
{
if ($env:DISPLAY -eq 1) { Remove-Item env:\DISPLAY }
Remove-item "env:SSH_ASKPASS" -ErrorAction SilentlyContinue
}
$Taskfolder = "\OpenSSHTestTasks\"
$Taskname = "StartTestDaemon"
function Start-SSHDTestDaemon
{
param(
[string] $Arguments,
[string] $Workdir)
$ac = New-ScheduledTaskAction -Execute (join-path $workdir "sshd") -WorkingDirectory $workdir -Argument $Arguments
$task = Register-ScheduledTask -TaskName $Taskname -User system -Action $ac -TaskPath $Taskfolder -Force
Start-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname
$svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1]
#sleep for 1 seconds for process to ready to listener
$num = 0
while((Get-Process sshd | Where-Object {$_.Id -ne $svcpid}) -eq $null)
{
start-sleep 1
$num++
if($num -gt 30) { break }
}
}
function Stop-SSHDTestDaemon
{
$task = Get-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname -ErrorAction SilentlyContinue
if($task)
{
if($task.State -eq "Running")
{
Stop-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname
}
Unregister-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname -Confirm:$false
}
#if still running, wait a little while for task to complete
#stop-scheduledTask does not wait for worker process to end. Kill it if still running. Logic below assume sshd service is running
$svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1]
Get-Process sshd -ErrorAction SilentlyContinue | Where-Object {$_.Id -ne $svcpid} | Stop-Process -Force -ErrorAction SilentlyContinue
$num = 0
while((Get-Process sshd | Where-Object {$_.Id -ne $svcpid}))
{
# sshd process is still running; wait 1 more seconds"
start-sleep 1
$num++
if($num -gt 30) { break }
}
}

133
regress/pesterTests/SSHDConfig.tests.ps1
View File

@ -14,39 +14,20 @@ Describe "Tests of sshd_config" -Tags "CI" {
if( -not (Test-path $testDir -PathType Container))
{
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
}
}
$fileName = "test.txt"
$logName = "sshdlog.txt"
$sshLogName = "test.txt"
$sshdLogName = "sshdlog.txt"
$server = $OpenSSHTestInfo["Target"]
$opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath']
$port = 47003
Remove-Item -Path (Join-Path $testDir "*$fileName") -Force -ErrorAction SilentlyContinue
Remove-Item -Path (Join-Path $testDir "*$sshLogName") -Force -ErrorAction SilentlyContinue
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ContextName = $env:COMPUTERNAME
$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine
$PrincipalContext = new-object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList @($ContextType, $ContextName)
$IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName
$Taskfolder = "\OpenSSHTestTasks\"
$Taskname = "StartTestDaemon"
function Start-SSHD-TestDaemon
{
param([string] $Arguments)
$opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath']
$ac = New-ScheduledTaskAction -Execute (join-path $opensshbinpath "sshd") -WorkingDirectory $opensshbinpath -Argument $Arguments
$task = Register-ScheduledTask -TaskName $Taskname -User system -Action $ac -TaskPath $Taskfolder -Force
Start-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname
}
function Stop-SSHD-TestDaemon
{
Stop-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname
#stop-scheduledTask does not wait for worker process to end. Kill it if still running. Logic below assume sshd service is running
$svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1]
(gps sshd).id | foreach { if ((-not($_ -eq $svcpid))) {Stop-Process $_ -Force} }
}
$IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName
function Add-LocalUser
{
@ -133,6 +114,10 @@ Describe "Tests of sshd_config" -Tags "CI" {
}
$platform = Get-Platform
$skip = ($platform -eq [PlatformType]::Windows) -and ($PSVersionTable.PSVersion.Major -le 2)
if(-not $skip)
{
Stop-SSHDTestDaemon
}
if(($platform -eq [PlatformType]::Windows) -and ($psversiontable.BuildVersion.Major -le 6))
{
#suppress the firewall blocking dialogue on win7
@ -142,7 +127,7 @@ Describe "Tests of sshd_config" -Tags "CI" {
AfterEach { $tI++ }
AfterAll {
AfterAll {
$PrincipalContext.Dispose()
if(($platform -eq [PlatformType]::Windows) -and ($psversiontable.BuildVersion.Major -le 6))
{
@ -190,8 +175,12 @@ Describe "Tests of sshd_config" -Tags "CI" {
}
BeforeEach {
$filePath = Join-Path $testDir "$tC.$tI.$fileName"
$logPath = Join-Path $testDir "$tC.$tI.$logName"
$sshlog = Join-Path $testDir "$tC.$tI.$sshLogName"
$sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName"
if(-not $skip)
{
Stop-SSHDTestDaemon
}
}
AfterAll {
@ -199,144 +188,144 @@ Describe "Tests of sshd_config" -Tags "CI" {
$tC++
}
It "$tC.$tI-User with full name in the list of AllowUsers" {
It "$tC.$tI-User with full name in the list of AllowUsers" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $allowUser1 -Password $password -GroupName $allowGroup1
$o = ssh -p $port $allowUser1@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
Stop-SSHD-TestDaemon
Stop-SSHDTestDaemon
$o | Should Be "1234"
Remove-UserFromLocalGroup -UserName $allowUser1 -GroupName $allowGroup1
}
It "$tC.$tI-User with * wildcard" {
It "$tC.$tI-User with * wildcard" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $allowUser2 -Password $password -GroupName $allowGroup1
$o = ssh -p $port $allowUser2@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
Stop-SSHD-TestDaemon
Stop-SSHDTestDaemon
$o | Should Be "1234"
Remove-UserFromLocalGroup -UserName $allowUser2 -GroupName $allowGroup1
}
It "$tC.$tI-User with ? wildcard" {
It "$tC.$tI-User with ? wildcard" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $allowUser3 -Password $password -GroupName $allowGroup1
$o = ssh -p $port $allowUser3@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
Stop-SSHD-TestDaemon
Stop-SSHDTestDaemon
$o | Should Be "1234"
Remove-UserFromLocalGroup -UserName $allowUser3 -GroupName $allowGroup1
}
It "$tC.$tI-User with full name in the list of AllowUsers but not in any AllowGroups" {
It "$tC.$tI-User with full name in the list of AllowUsers but not in any AllowGroups" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-LocalUser -UserName $allowUser4 -Password $password
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $allowUser4@$server echo 1234
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $allowUser4@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "not allowed because not in any group"
Stop-SSHDTestDaemon
$sshdlog | Should Contain "not allowed because not in any group"
}
It "$tC.$tI-User with full name in the list of DenyUsers" {
It "$tC.$tI-User with full name in the list of DenyUsers" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $denyUser1 -Password $password -GroupName $allowGroup1
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $denyUser1@$server echo 1234
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser1@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "not allowed because listed in DenyUsers"
Stop-SSHDTestDaemon
$sshdlog | Should Contain "not allowed because listed in DenyUsers"
Remove-UserFromLocalGroup -UserName $denyUser1 -GroupName $allowGroup1
}
It "$tC.$tI-User with * wildcard in the list of DenyUsers" {
It "$tC.$tI-User with * wildcard in the list of DenyUsers" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $denyUser2 -Password $password -GroupName $allowGroup1
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $denyUser2@$server echo 1234
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser2@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "not allowed because listed in DenyUsers"
Stop-SSHDTestDaemon
$sshdlog | Should Contain "not allowed because listed in DenyUsers"
Remove-UserFromLocalGroup -UserName $denyUser2 -GroupName $allowGroup1
}
It "$tC.$tI-User with ? wildcard in the list of DenyUsers" {
It "$tC.$tI-User with ? wildcard in the list of DenyUsers" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $denyUser3 -Password $password -GroupName $allowGroup1
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $denyUser3@$server echo 1234
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser3@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "not allowed because not listed in AllowUsers"
Stop-SSHDTestDaemon
$sshdlog | Should Contain "not allowed because not listed in AllowUsers"
Remove-UserFromLocalGroup -UserName $denyUser3 -GroupName $allowGroup1
}
It "$tC.$tI-User is listed in the list of AllowUsers but also in a full name DenyGroups and AllowGroups" {
It "$tC.$tI-User is listed in the list of AllowUsers but also in a full name DenyGroups and AllowGroups" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $localuser1 -Password $password -GroupName $allowGroup1
Add-UserToLocalGroup -UserName $localuser1 -Password $password -GroupName $denyGroup1
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $localuser1@$server echo 1234
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser1@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "not allowed because a group is listed in DenyGroups"
Stop-SSHDTestDaemon
$sshdlog | Should Contain "not allowed because a group is listed in DenyGroups"
Remove-UserFromLocalGroup -UserName $localuser1 -GroupName $allowGroup1
Remove-UserFromLocalGroup -UserName $localuser1 -GroupName $denyGroup1
}
It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard * DenyGroups" {
It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard * DenyGroups" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $localuser2 -Password $password -GroupName $denyGroup2
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $localuser2@$server echo 1234
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser2@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "not allowed because a group is listed in DenyGroups"
Stop-SSHDTestDaemon
$sshdlog | Should Contain "not allowed because a group is listed in DenyGroups"
Remove-UserFromLocalGroup -UserName $localuser2 -GroupName $denyGroup2
}
It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard ? DenyGroups" {
It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard ? DenyGroups" -skip:$skip {
#Run
Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath"
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
Add-UserToLocalGroup -UserName $localuser3 -Password $password -GroupName $denyGroup3
ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $localuser3@$server echo 1234
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser3@$server echo 1234
$LASTEXITCODE | Should Not Be 0
Stop-SSHD-TestDaemon
$logPath | Should Contain "not allowed because a group is listed in DenyGroups"
Stop-SSHDTestDaemon
$sshdlog | Should Contain "not allowed because a group is listed in DenyGroups"
Remove-UserFromLocalGroup -UserName $localuser3 -GroupName $denyGroup3