Add sshd pester tests (#789)

* add sshd tests * add test for session child processes * add sleep * Update regress/pesterTests/SSHD.Tests.ps1 Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * update comments in test --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-07-31 01:35:11 +02:00 · 2025-07-21 15:47:19 -04:00 · 2025-07-21 15:47:19 -04:00 · c1a8d54998
commit c1a8d54998
parent a2d4e942df
3 changed files with 157 additions and 68 deletions
--- a/contrib/win32/openssh/OpenSSHTestHelper.psm1
+++ b/contrib/win32/openssh/OpenSSHTestHelper.psm1
@ -72,6 +72,7 @@ function Set-OpenSSHTestEnvironment
    $Global:OpenSSHTestInfo.Add("TestAccountPW", $OpenSSHTestAccountsPassword)         # common password for all test accounts
    $Global:OpenSSHTestInfo.Add("DebugMode", $DebugMode.IsPresent)                     # run openssh E2E in debug mode
    $Global:OpenSSHTestInfo.Add("DelayTime", 3)                                        # delay between stoppig sshd service and trying to access log files
+    $Global:OpenSSHTestInfo.Add("SshdServiceName", $SSHDTestSvcName)                   # sshd service name

    $Script:EnableAppVerifier = -not ($NoAppVerifier.IsPresent)
    if($Script:WindowsInBox = $true)
--- a/regress/pesterTests/SSH.Tests.ps1
+++ b/regress/pesterTests/SSH.Tests.ps1
@ -243,6 +243,13 @@ Describe "E2E scenarios for ssh client" -Tags "CI" {
            $LASTEXITCODE | Should Be 0
            $o | Should Be `$env:computername
        }
+        It "$tC.$tI - exiting ssh session exits sshd session child processes" -skip:$skip {
+            $sshdPidCountBefore = (Get-Process -Name sshd* | Select-Object -ExpandProperty Id).Count
+            ssh test_target "echo '`$env:computername'"
+            Start-Sleep -Seconds 2
+            $sshdPidCountAfter = (Get-Process -Name sshd* | Select-Object -ExpandProperty Id).Count
+            $sshdPidCountAfter | Should Be $sshdPidCountBefore
+        }
    }

    Context "$tC - configure powershell as default shell with admin user" {
--- a/regress/pesterTests/SSHD.Tests.ps1
+++ b/regress/pesterTests/SSHD.Tests.ps1
@ -0,0 +1,81 @@
+Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
+
+Describe "E2E scenarios for sshd" -Tags "CI" {
+    BeforeAll {
+        if($OpenSSHTestInfo -eq $null)
+        {
+            Throw "`$OpenSSHTestInfo is null. Please run Set-OpenSSHTestEnvironment to set test environments."
+        }
+
+        $server = $OpenSSHTestInfo["Target"]
+        $port = $OpenSSHTestInfo["Port"]
+        $user = $OpenSSHTestInfo["PasswdUser"]
+    }
+
+    Context "SSHD scenarios" {
+        BeforeAll {
+            # configure logingracetime to 10 seconds and presrerve the original config
+            $sshdconfig = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config
+            $sshdconfig_temp = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config_temp
+            if (Test-Path $sshdconfig_temp) {
+                Remove-Item $sshdconfig_temp -Force
+            }
+            Copy-Item $sshdconfig $sshdconfig_temp
+            $content = Get-Content -Path $sshdconfig
+            $newContent = $content -replace "#LoginGraceTime 2m", "LoginGraceTime 10"
+            $newContent | Set-Content -Path $sshdconfig
+        }
+
+        BeforeEach {
+            Restart-Service -Name $OpenSSHTestInfo["SshdServiceName"] -Force
+        }
+
+        AfterAll {
+            # restore original config
+            Copy-Item $sshdconfig_temp $sshdconfig -Force
+            Restart-Service -Name $OpenSSHTestInfo["SshdServiceName"] -Force
+            Remove-Item $sshdconfig_temp -Force
+        }
+
+        It "sshd child process ends when LoginGraceTime is exceeded" {
+            # Get a count of any sshd processes before a connection in case there's another service running on the system
+            # should be at least 1 sshd process for the test service
+            $sshdPidCountBefore = (Get-Process -Name sshd* | Select-Object -ExpandProperty Id).Count
+            # Start ssh process (do not authenticate)
+            $sshProc = Start-Process -FilePath ssh -ArgumentList "-l $user test_target" -PassThru
+            Start-Sleep -Seconds 2
+            $sshdPidsCountWithConn = (Get-Process -Name sshd* | Select-Object -ExpandProperty Id).Count
+            # Wait for LoginGraceTime to expire
+            Start-Sleep -Seconds 10
+            $sshdPidsCountAfter = (Get-Process -Name sshd* | Select-Object -ExpandProperty Id).Count
+
+            if ($sshProc -and !$sshProc.HasExited) {
+                $sshProc | Stop-Process -Force
+            }
+
+            # with a connection, there should be two additional session processes
+            $sshdPidsCountWithConn | Should Be (2 + $sshdPidCountBefore)
+            # after LoginGraceTime expires, one of the session processes should exit
+            $sshdPidsCountAfter | Should Be (1 + $sshdPidCountBefore)
+        }
+
+        It "sshd pre-auth process is spawned under runtime generated virtual account" {
+            $sshProc = Start-Process -FilePath ssh -ArgumentList "-l $user test_target" -PassThru
+            Start-Sleep -Seconds 2
+            $sshdProcessUsers = Get-Process -Name sshd* -IncludeUsername | Select-Object -ExpandProperty UserName
+            $foundVirtualAccount = $false
+            foreach ($username in $sshdProcessUsers) {
+                if ($username -match '^VIRTUAL USERS\\sshd_\d+$') {
+                    $foundVirtualAccount = $true
+                    break
+                }
+            }
+
+            if ($sshProc -and !$sshProc.HasExited) {
+                $sshProc | Stop-Process -Force
+            }
+
+            $foundVirtualAccount | Should Be $true
+        }
+    }
+}