mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-08-25 03:38:36 +02:00
fb1342f7e0
1. Expand wildcard for input parameters 2. add scp tests with wildcard 3. for debug mode, need to enable the log to local log file. 4. update the path to log file
138 lines
5.9 KiB
PowerShell
138 lines
5.9 KiB
PowerShell
If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Path}
|
|
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
|
$tC = 1
|
|
$tI = 0
|
|
$suite = "Cfginclude"
|
|
Describe "Tests for ssh config" -Tags "CI" {
|
|
BeforeAll {
|
|
if($OpenSSHTestInfo -eq $null)
|
|
{
|
|
Throw "`$OpenSSHTestInfo is null. Please run Set-OpenSSHTestEnvironment to set test environments."
|
|
}
|
|
|
|
if(-not (Test-Path $OpenSSHTestInfo["TestDataPath"]))
|
|
{
|
|
$null = New-Item $OpenSSHTestInfo["TestDataPath"] -ItemType directory -Force -ErrorAction SilentlyContinue
|
|
}
|
|
$testDir = "$($OpenSSHTestInfo["TestDataPath"])\$suite"
|
|
if( -not (Test-path $testDir -PathType Container))
|
|
{
|
|
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
|
|
}
|
|
$logName = "testlog.txt"
|
|
|
|
$server = $OpenSSHTestInfo["Target"]
|
|
$port = $OpenSSHTestInfo["Port"]
|
|
$ssouser = $OpenSSHTestInfo["SSOUser"]
|
|
|
|
# for the first time, delete the existing log files.
|
|
if ($OpenSSHTestInfo['DebugMode'])
|
|
{
|
|
Clear-Content "$env:ProgramData\ssh\logs\ssh-agent.log" -Force -ErrorAction SilentlyContinue
|
|
Clear-Content "$env:ProgramData\ssh\logs\sshd.log" -Force -ErrorAction SilentlyContinue
|
|
Remove-Item -Path (Join-Path $testDir "*log*.log") -Force -ErrorAction SilentlyContinue
|
|
}
|
|
|
|
Remove-Item -Path (Join-Path $testDir "*logName") -Force -ErrorAction SilentlyContinue
|
|
}
|
|
|
|
AfterEach {
|
|
if( $OpenSSHTestInfo["DebugMode"])
|
|
{
|
|
Copy-Item "$env:ProgramData\ssh\logs\ssh-agent.log" "$testDir\agentlog$tC.$tI.log" -Force -ErrorAction SilentlyContinue
|
|
Copy-Item "$env:ProgramData\ssh\logs\sshd.log" "$testDir\sshdlog$tC.$tI.log" -Force -ErrorAction SilentlyContinue
|
|
|
|
#Clear the ssh-agent, sshd logs so that next testcase will get fresh logs.
|
|
Clear-Content "$env:ProgramData\ssh\logs\ssh-agent.log" -Force -ErrorAction SilentlyContinue
|
|
Clear-Content "$env:ProgramData\ssh\logs\sshd.log" -Force -ErrorAction SilentlyContinue
|
|
}
|
|
$tI++
|
|
}
|
|
|
|
Context "$tC-User SSHConfig--ReadConfig" {
|
|
BeforeAll {
|
|
$systemSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::LocalSystemSid)
|
|
$adminsSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid)
|
|
$currentUserSid = Get-UserSID -User "$($env:USERDOMAIN)\$($env:USERNAME)"
|
|
$objUserSid = Get-UserSID -User $ssouser
|
|
|
|
$userConfigFile = Join-Path $home ".ssh\config"
|
|
if( -not (Test-path $userConfigFile) ) {
|
|
Copy-item "$PSScriptRoot\testdata\ssh_config" $userConfigFile -force
|
|
}
|
|
Enable-Privilege SeRestorePrivilege | out-null
|
|
$oldACL = Get-ACL $userConfigFile
|
|
$tI=1
|
|
}
|
|
|
|
BeforeEach {
|
|
$logPath = Join-Path $testDir "$tC.$tI.$logName"
|
|
}
|
|
|
|
AfterEach {
|
|
Set-Acl -Path $userConfigFile -AclObject $oldACL -confirm:$false
|
|
}
|
|
|
|
AfterAll {
|
|
$tC++
|
|
}
|
|
|
|
It "$tC.$tI-User SSHConfig-ReadConfig positive (current logon user is the owner)" {
|
|
#setup
|
|
Repair-FilePermission -Filepath $userConfigFile -Owners $currentUserSid -FullAccessNeeded $adminsSid,$systemSid,$currentUserSid -confirm:$false
|
|
|
|
#Run
|
|
$o = ssh test_target echo 1234
|
|
$o | Should Be "1234"
|
|
}
|
|
|
|
It "$tC.$tI-User SSHConfig-ReadConfig positive (local system is the owner)" {
|
|
#setup
|
|
Repair-FilePermission -Filepath $userConfigFile -Owners $systemSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false
|
|
|
|
#Run
|
|
$o = ssh test_target echo 1234
|
|
$o | Should Be "1234"
|
|
}
|
|
|
|
It "$tC.$tI-User SSHConfig-ReadConfig positive (admin is the owner and current user has no explict ACE)" {
|
|
#setup
|
|
Repair-FilePermission -Filepath $userConfigFile -Owners $adminsSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false
|
|
Set-FilePermission -Filepath $userConfigFile -UserSid $currentUserSid -Action Delete
|
|
|
|
#Run
|
|
$o = ssh test_target echo 1234
|
|
$o | Should Be "1234"
|
|
}
|
|
|
|
It "$tC.$tI-User SSHConfig-ReadConfig positive (admin is the owner and current user has explict ACE)" {
|
|
#setup
|
|
Repair-FilePermission -Filepath $userConfigFile -Owners $adminsSid -FullAccessNeeded $adminsSid,$systemSid,$currentUserSid -confirm:$false
|
|
|
|
#Run
|
|
$o = ssh test_target echo 1234
|
|
$o | Should Be "1234"
|
|
}
|
|
|
|
It "$tC.$tI-User SSHConfig-ReadConfig negative (wrong owner)" {
|
|
#setup
|
|
Repair-FilePermission -Filepath $userConfigFile -Owners $objUserSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false
|
|
|
|
#Run
|
|
cmd /c "ssh test_target echo 1234 2> $logPath"
|
|
$LASTEXITCODE | Should Not Be 0
|
|
Get-Content $logPath | Should Match "^Bad owner or permissions on [a-fA-F]:[/\\]{1,}Users[/\\]{1,}\w+[/\\]{1,}.ssh[/\\]{1,}config$"
|
|
}
|
|
|
|
It "$tC.$tI-User SSHConfig-ReadConfig negative (others has permission)" {
|
|
#setup
|
|
Repair-FilePermission -Filepath $userConfigFile -Owners $currentUserSid -FullAccessNeeded $adminsSid,$systemSid,$currentUserSid -ReadAccessNeeded $objUserSid -confirm:$false
|
|
|
|
#Run
|
|
cmd /c "ssh test_target echo 1234 2> $logPath"
|
|
$LASTEXITCODE | Should Not Be 0
|
|
Get-Content $logPath | Should Match "^Bad owner or permissions on [a-fA-F]:[/\\]{1,}Users[/\\]{1,}\w+[/\\]{1,}.ssh[/\\]{1,}config$"
|
|
}
|
|
}
|
|
}
|