diff --git a/contrib/win32/openssh/OpenSSHTestHelper.psm1 b/contrib/win32/openssh/OpenSSHTestHelper.psm1 index e90879989..e689335a2 100644 --- a/contrib/win32/openssh/OpenSSHTestHelper.psm1 +++ b/contrib/win32/openssh/OpenSSHTestHelper.psm1 @@ -162,8 +162,14 @@ WARNING: Following changes will be made to OpenSSH configuration New-Item -ItemType Directory -Path $TestDataPath -Force -ErrorAction SilentlyContinue | out-null } - #Backup existing OpenSSH configuration + + if(-not (Test-Path $OpenSSHConfigPath -pathType Container)) + { + #starting the service will create ssh config folder + start-service sshd + } $backupConfigPath = Join-Path $OpenSSHConfigPath sshd_config.ori + #Backup existing OpenSSH configuration if (-not (Test-Path $backupConfigPath -PathType Leaf)) { Copy-Item (Join-Path $OpenSSHConfigPath sshd_config) $backupConfigPath -Force } diff --git a/regress/pesterTests/Authorized_keys_fileperm.Tests.ps1 b/regress/pesterTests/Authorized_keys_fileperm.Tests.ps1 index 885955f25..07346981b 100644 --- a/regress/pesterTests/Authorized_keys_fileperm.Tests.ps1 +++ b/regress/pesterTests/Authorized_keys_fileperm.Tests.ps1 @@ -17,42 +17,22 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { $null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue } - $fileName = "test.txt" - $logName = "sshdlog.txt" + $sshLogName = "test.txt" + $sshdLogName = "sshdlog.txt" $server = $OpenSSHTestInfo["Target"] $port = 47003 $ssouser = $OpenSSHTestInfo["SSOUser"] $PwdUser = $OpenSSHTestInfo["PasswdUser"] $ssouserProfile = $OpenSSHTestInfo["SSOUserProfile"] - Remove-Item -Path (Join-Path $testDir "*$fileName") -Force -ErrorAction SilentlyContinue + $opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath'] + Remove-Item -Path (Join-Path $testDir "*$sshLogName") -Force -ErrorAction SilentlyContinue $platform = Get-Platform $skip = ($platform -eq [PlatformType]::Windows) -and ($PSVersionTable.PSVersion.Major -le 2) if(($platform -eq [PlatformType]::Windows) -and ($psversiontable.BuildVersion.Major -le 6)) { #suppress the firewall blocking dialogue on win7 netsh advfirewall firewall add rule name="sshd" program="$($OpenSSHTestInfo['OpenSSHBinPath'])\sshd.exe" protocol=any action=allow dir=in - } - - $Taskfolder = "\OpenSSHTestTasks\" - $Taskname = "StartTestDaemon" - - function Start-SSHD-TestDaemon - { - param([string] $Arguments) - $opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath'] - - $ac = New-ScheduledTaskAction -Execute (join-path $opensshbinpath "sshd") -WorkingDirectory $opensshbinpath -Argument $Arguments - $task = Register-ScheduledTask -TaskName $Taskname -User system -Action $ac -TaskPath $Taskfolder -Force - Start-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname - } - - function Stop-SSHD-TestDaemon - { - Stop-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname - #stop-scheduledTask does not wait for worker process to end. Kill it if still running. Logic below assume sshd service is running - $svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1] - (gps sshd).id | foreach { if ((-not($_ -eq $svcpid))) {Stop-Process $_ -Force} } - } + } } AfterEach { $tI++ } @@ -78,11 +58,13 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { $authorizedkeyPath = Join-Path $ssouserProfile .testssh\authorized_keys $Source = Join-Path $ssouserProfile .ssh\authorized_keys $testknownhosts = Join-path $PSScriptRoot testdata\test_known_hosts - Copy-Item $Source $ssouserSSHProfilePath -Force -ErrorAction Stop - + Copy-Item $Source $ssouserSSHProfilePath -Force -ErrorAction Stop Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false - - Get-Process -Name sshd -ErrorAction SilentlyContinue | Where-Object {$_.SessionID -ne 0} | Stop-process -force -ErrorAction SilentlyContinue + if(-not $skip) + { + Stop-SSHDTestDaemon + } + #add wrong password so ssh does not prompt password if failed with authorized keys Add-PasswordSetting -Pass "WrongPass" $tI=1 @@ -102,73 +84,73 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { } BeforeEach { - $filePath = Join-Path $testDir "$tC.$tI.$fileName" - $logPath = Join-Path $testDir "$tC.$tI.$logName" - Get-Process -Name sshd -ErrorAction SilentlyContinue | Where-Object {$_.SessionID -ne 0} | Stop-process -force -ErrorAction SilentlyContinue + $sshlog = Join-Path $testDir "$tC.$tI.$sshLogName" + $sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName" + if(-not $skip) + { + Stop-SSHDTestDaemon + } } - It "$tC.$tI-authorized_keys-positive(pwd user is the owner and running process can access to the file)" { + It "$tC.$tI-authorized_keys-positive(pwd user is the owner and running process can access to the file)" -skip:$skip { #setup to have ssouser as owner and grant ssouser read and write, admins group, and local system full control Repair-FilePermission -Filepath $authorizedkeyPath -Owners $objUserSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false #Run - Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" $o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHD-TestDaemon + Stop-SSHDTestDaemon $o | Should Be "1234" - } - It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by local system)" { + It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by local system)" -skip:$skip { #setup to have system as owner and grant it full control Repair-FilePermission -Filepath $authorizedkeyPath -Owner $systemSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false #Run - Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" $o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHD-TestDaemon + Stop-SSHDTestDaemon $o | Should Be "1234" - } - It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by admins group and pwd does not have explict ACE)" { + It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by admins group and pwd does not have explict ACE)" -skip:$skip { #setup to have admin group as owner and grant it full control Repair-FilePermission -Filepath $authorizedkeyPath -Owner $adminsSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false #Run - Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" $o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHD-TestDaemon + Stop-SSHDTestDaemon $o | Should Be "1234" - } - It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by admins group and pwd have explict ACE)" { + It "$tC.$tI-authorized_keys-positive(authorized_keys is owned by admins group and pwd have explict ACE)" -skip:$skip { #setup to have admin group as owner and grant it full control Repair-FilePermission -Filepath $authorizedkeyPath -Owner $adminsSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false #Run - Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" $o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHD-TestDaemon - $o | Should Be "1234" - + Stop-SSHDTestDaemon + $o | Should Be "1234" } - It "$tC.$tI-authorized_keys-negative(authorized_keys is owned by other admin user)" { + It "$tC.$tI-authorized_keys-negative(authorized_keys is owned by other admin user)" -skip:$skip { #setup to have current user (admin user) as owner and grant it full control Repair-FilePermission -Filepath $authorizedkeyPath -Owner $currentUserSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false #Run - Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath" - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "Authentication refused." + Stop-SSHDTestDaemon + $sshlog | Should Contain "Permission denied" + $sshdlog | Should Contain "Authentication refused." } - It "$tC.$tI-authorized_keys-negative(other account can access private key file)" { + It "$tC.$tI-authorized_keys-negative(other account can access private key file)" -skip:$skip { #setup to have current user as owner and grant it full control Repair-FilePermission -Filepath $authorizedkeyPath -Owner $objUserSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false @@ -177,24 +159,26 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { Set-FilePermission -FilePath $authorizedkeyPath -User $objPwdUserSid -Perm "Read" #Run - Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath" - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 - $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "Authentication refused." + Start-SSHDTestDaemon -workDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 + $LASTEXITCODE | Should Not Be 0 + Stop-SSHDTestDaemon + $sshlog | Should Contain "Permission denied" + $sshdlog | Should Contain "Authentication refused." } - It "$tC.$tI-authorized_keys-negative(authorized_keys is owned by other non-admin user)" { + It "$tC.$tI-authorized_keys-negative(authorized_keys is owned by other non-admin user)" -skip:$skip { #setup to have PwdUser as owner and grant it full control $objPwdUserSid = Get-UserSid -User $PwdUser Repair-FilePermission -Filepath $authorizedkeyPath -Owner $objPwdUserSid -FullAccessNeeded $adminsSid,$systemSid,$objPwdUser -confirm:$false #Run - Start-SSHD-TestDaemon -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $logPath" - ssh -p $port -E $FilePath -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "Authentication refused." + Stop-SSHDTestDaemon + $sshlog | Should Contain "Permission denied" + $sshdlog | Should Contain "Authentication refused." } } } diff --git a/regress/pesterTests/CommonUtils.psm1 b/regress/pesterTests/CommonUtils.psm1 index ffcd1f84d..08911b3d5 100644 --- a/regress/pesterTests/CommonUtils.psm1 +++ b/regress/pesterTests/CommonUtils.psm1 @@ -105,4 +105,52 @@ function Remove-PasswordSetting { if ($env:DISPLAY -eq 1) { Remove-Item env:\DISPLAY } Remove-item "env:SSH_ASKPASS" -ErrorAction SilentlyContinue +} + +$Taskfolder = "\OpenSSHTestTasks\" +$Taskname = "StartTestDaemon" + +function Start-SSHDTestDaemon +{ + param( + [string] $Arguments, + [string] $Workdir) + + $ac = New-ScheduledTaskAction -Execute (join-path $workdir "sshd") -WorkingDirectory $workdir -Argument $Arguments + $task = Register-ScheduledTask -TaskName $Taskname -User system -Action $ac -TaskPath $Taskfolder -Force + Start-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname + $svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1] + #sleep for 1 seconds for process to ready to listener + $num = 0 + while((Get-Process sshd | Where-Object {$_.Id -ne $svcpid}) -eq $null) + { + start-sleep 1 + $num++ + if($num -gt 30) { break } + } +} + +function Stop-SSHDTestDaemon +{ + $task = Get-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname -ErrorAction SilentlyContinue + if($task) + { + if($task.State -eq "Running") + { + Stop-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname + } + Unregister-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname -Confirm:$false + } + #if still running, wait a little while for task to complete + #stop-scheduledTask does not wait for worker process to end. Kill it if still running. Logic below assume sshd service is running + $svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1] + Get-Process sshd -ErrorAction SilentlyContinue | Where-Object {$_.Id -ne $svcpid} | Stop-Process -Force -ErrorAction SilentlyContinue + $num = 0 + while((Get-Process sshd | Where-Object {$_.Id -ne $svcpid})) + { + # sshd process is still running; wait 1 more seconds" + start-sleep 1 + $num++ + if($num -gt 30) { break } + } } \ No newline at end of file diff --git a/regress/pesterTests/SSHDConfig.tests.ps1 b/regress/pesterTests/SSHDConfig.tests.ps1 index 6b1c58343..a6d5bac3a 100644 --- a/regress/pesterTests/SSHDConfig.tests.ps1 +++ b/regress/pesterTests/SSHDConfig.tests.ps1 @@ -14,39 +14,20 @@ Describe "Tests of sshd_config" -Tags "CI" { if( -not (Test-path $testDir -PathType Container)) { $null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue - } + } - $fileName = "test.txt" - $logName = "sshdlog.txt" + $sshLogName = "test.txt" + $sshdLogName = "sshdlog.txt" $server = $OpenSSHTestInfo["Target"] + $opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath'] $port = 47003 - Remove-Item -Path (Join-Path $testDir "*$fileName") -Force -ErrorAction SilentlyContinue + Remove-Item -Path (Join-Path $testDir "*$sshLogName") -Force -ErrorAction SilentlyContinue Add-Type -AssemblyName System.DirectoryServices.AccountManagement $ContextName = $env:COMPUTERNAME $ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine $PrincipalContext = new-object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList @($ContextType, $ContextName) - $IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName - $Taskfolder = "\OpenSSHTestTasks\" - $Taskname = "StartTestDaemon" - - function Start-SSHD-TestDaemon - { - param([string] $Arguments) - $opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath'] - - $ac = New-ScheduledTaskAction -Execute (join-path $opensshbinpath "sshd") -WorkingDirectory $opensshbinpath -Argument $Arguments - $task = Register-ScheduledTask -TaskName $Taskname -User system -Action $ac -TaskPath $Taskfolder -Force - Start-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname - } - - function Stop-SSHD-TestDaemon - { - Stop-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname - #stop-scheduledTask does not wait for worker process to end. Kill it if still running. Logic below assume sshd service is running - $svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1] - (gps sshd).id | foreach { if ((-not($_ -eq $svcpid))) {Stop-Process $_ -Force} } - } + $IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName function Add-LocalUser { @@ -133,6 +114,10 @@ Describe "Tests of sshd_config" -Tags "CI" { } $platform = Get-Platform $skip = ($platform -eq [PlatformType]::Windows) -and ($PSVersionTable.PSVersion.Major -le 2) + if(-not $skip) + { + Stop-SSHDTestDaemon + } if(($platform -eq [PlatformType]::Windows) -and ($psversiontable.BuildVersion.Major -le 6)) { #suppress the firewall blocking dialogue on win7 @@ -142,7 +127,7 @@ Describe "Tests of sshd_config" -Tags "CI" { AfterEach { $tI++ } - AfterAll { + AfterAll { $PrincipalContext.Dispose() if(($platform -eq [PlatformType]::Windows) -and ($psversiontable.BuildVersion.Major -le 6)) { @@ -190,8 +175,12 @@ Describe "Tests of sshd_config" -Tags "CI" { } BeforeEach { - $filePath = Join-Path $testDir "$tC.$tI.$fileName" - $logPath = Join-Path $testDir "$tC.$tI.$logName" + $sshlog = Join-Path $testDir "$tC.$tI.$sshLogName" + $sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName" + if(-not $skip) + { + Stop-SSHDTestDaemon + } } AfterAll { @@ -199,144 +188,144 @@ Describe "Tests of sshd_config" -Tags "CI" { $tC++ } - It "$tC.$tI-User with full name in the list of AllowUsers" { + It "$tC.$tI-User with full name in the list of AllowUsers" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $allowUser1 -Password $password -GroupName $allowGroup1 $o = ssh -p $port $allowUser1@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHD-TestDaemon + Stop-SSHDTestDaemon $o | Should Be "1234" Remove-UserFromLocalGroup -UserName $allowUser1 -GroupName $allowGroup1 } - It "$tC.$tI-User with * wildcard" { + It "$tC.$tI-User with * wildcard" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $allowUser2 -Password $password -GroupName $allowGroup1 $o = ssh -p $port $allowUser2@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHD-TestDaemon + Stop-SSHDTestDaemon $o | Should Be "1234" Remove-UserFromLocalGroup -UserName $allowUser2 -GroupName $allowGroup1 } - It "$tC.$tI-User with ? wildcard" { + It "$tC.$tI-User with ? wildcard" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $allowUser3 -Password $password -GroupName $allowGroup1 $o = ssh -p $port $allowUser3@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHD-TestDaemon + Stop-SSHDTestDaemon $o | Should Be "1234" Remove-UserFromLocalGroup -UserName $allowUser3 -GroupName $allowGroup1 } - It "$tC.$tI-User with full name in the list of AllowUsers but not in any AllowGroups" { + It "$tC.$tI-User with full name in the list of AllowUsers but not in any AllowGroups" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-LocalUser -UserName $allowUser4 -Password $password - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $allowUser4@$server echo 1234 + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $allowUser4@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "not allowed because not in any group" + Stop-SSHDTestDaemon + $sshdlog | Should Contain "not allowed because not in any group" } - It "$tC.$tI-User with full name in the list of DenyUsers" { + It "$tC.$tI-User with full name in the list of DenyUsers" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $denyUser1 -Password $password -GroupName $allowGroup1 - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $denyUser1@$server echo 1234 + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser1@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "not allowed because listed in DenyUsers" + Stop-SSHDTestDaemon + $sshdlog | Should Contain "not allowed because listed in DenyUsers" Remove-UserFromLocalGroup -UserName $denyUser1 -GroupName $allowGroup1 } - It "$tC.$tI-User with * wildcard in the list of DenyUsers" { + It "$tC.$tI-User with * wildcard in the list of DenyUsers" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $denyUser2 -Password $password -GroupName $allowGroup1 - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $denyUser2@$server echo 1234 + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser2@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "not allowed because listed in DenyUsers" + Stop-SSHDTestDaemon + $sshdlog | Should Contain "not allowed because listed in DenyUsers" Remove-UserFromLocalGroup -UserName $denyUser2 -GroupName $allowGroup1 } - It "$tC.$tI-User with ? wildcard in the list of DenyUsers" { + It "$tC.$tI-User with ? wildcard in the list of DenyUsers" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $denyUser3 -Password $password -GroupName $allowGroup1 - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $denyUser3@$server echo 1234 + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser3@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "not allowed because not listed in AllowUsers" + Stop-SSHDTestDaemon + $sshdlog | Should Contain "not allowed because not listed in AllowUsers" Remove-UserFromLocalGroup -UserName $denyUser3 -GroupName $allowGroup1 } - It "$tC.$tI-User is listed in the list of AllowUsers but also in a full name DenyGroups and AllowGroups" { + It "$tC.$tI-User is listed in the list of AllowUsers but also in a full name DenyGroups and AllowGroups" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $localuser1 -Password $password -GroupName $allowGroup1 Add-UserToLocalGroup -UserName $localuser1 -Password $password -GroupName $denyGroup1 - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $localuser1@$server echo 1234 + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser1@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "not allowed because a group is listed in DenyGroups" + Stop-SSHDTestDaemon + $sshdlog | Should Contain "not allowed because a group is listed in DenyGroups" Remove-UserFromLocalGroup -UserName $localuser1 -GroupName $allowGroup1 Remove-UserFromLocalGroup -UserName $localuser1 -GroupName $denyGroup1 } - It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard * DenyGroups" { + It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard * DenyGroups" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $localuser2 -Password $password -GroupName $denyGroup2 - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $localuser2@$server echo 1234 + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser2@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "not allowed because a group is listed in DenyGroups" + Stop-SSHDTestDaemon + $sshdlog | Should Contain "not allowed because a group is listed in DenyGroups" Remove-UserFromLocalGroup -UserName $localuser2 -GroupName $denyGroup2 } - It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard ? DenyGroups" { + It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard ? DenyGroups" -skip:$skip { #Run - Start-SSHD-TestDaemon -Arguments "-d -f $sshdConfigPath -E $logPath" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" Add-UserToLocalGroup -UserName $localuser3 -Password $password -GroupName $denyGroup3 - ssh -p $port -E $filePath -o "UserKnownHostsFile $testknownhosts" $localuser3@$server echo 1234 + ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser3@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHD-TestDaemon - $logPath | Should Contain "not allowed because a group is listed in DenyGroups" + Stop-SSHDTestDaemon + $sshdlog | Should Contain "not allowed because a group is listed in DenyGroups" Remove-UserFromLocalGroup -UserName $localuser3 -GroupName $denyGroup3