tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-08-25 03:38:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
openssh-portable/regress/pesterTests/Uninstall.Tests.ps1
Yanbing ec3eb7a088
Fix issue install-sshd.ps1 failed on Nano, update it to match inbox manifest, and add setup and uninstall tests (#305) 
1. Fix issue install-sshd.ps1 failed on Nano
2. Update settings of services in install-sshd.ps1 to match windows inbox
3. added setup tests and update the test helper scripts to run setup tests before changing configurations on the machine
4. added uninstallation tests
2018-04-24 11:50:44 -07:00

197 lines
7.2 KiB
PowerShell
Raw Permalink Blame History

If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Path}
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
$suite = "Uninstall"
$tC = 1
$tI = 0
Describe "Uninstall Tests" -Tags "Uninstall" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{
Throw "`$OpenSSHTestInfo is null. Please run Set-OpenSSHTestEnvironment to set test environments."
}
$windowsInBox = $OpenSSHTestInfo["WindowsInBox"]
$binPath = $OpenSSHTestInfo["OpenSSHBinPath"]
$dataPath = Join-path $env:ProgramData ssh
Stop-Service sshd -ErrorAction SilentlyContinue
Stop-Service ssh-agent -ErrorAction SilentlyContinue
if(Get-Service sshd -ErrorAction SilentlyContinue)
{
if($windowsInBox) {
Remove-WindowsCapability -online -name OpenSSH.Server~~~~0.0.1.0
}
else {
& (Join-Path $binPath "uninstall-sshd.ps1")
}
}
if(Get-Service ssh-agent -ErrorAction SilentlyContinue)
{
if($windowsInBox) {
Remove-WindowsCapability -online -name OpenSSH.Client~~~~0.0.1.0
}
else
{
& (Join-Path $binPath "uninstall-sshd.ps1")
}
}
$systemSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::LocalSystemSid)
$adminsSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid)
$authenticatedUserSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::AuthenticatedUserSid)
$RegReadKeyPerm = ([System.UInt32] [System.Security.AccessControl.RegistryRights]::ReadKey.value__)
$RegFullControlPerm = [System.UInt32] [System.Security.AccessControl.RegistryRights]::FullControl.value__
#only validate owner and ACEs of the registry
function ValidateRegistryACL {
param([string]$RegPath, $Ownersid = $adminsSid, $IdAcls)
Test-Path -Path $RegPath | Should Be $true
$myACL = Get-ACL $RegPath
$OwnerSid = Get-UserSid -User $myACL.Owner
$OwnerSid.Equals($Ownersid) | Should Be $true
$myACL.Access | Should Not Be $null
$CAPABILITY_SID = "S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681"
$nonPropagate = $myACL.Access | ? {($_.PropagationFlags -eq ([System.Security.AccessControl.PropagationFlags]::None)) -and ($_.IdentityReference -ine $CAPABILITY_SID)}
foreach ($a in $nonPropagate) {
$findItem = $IdAcls | ? {
($a.IdentityReference -eq (Get-UserAccount -UserSid ($_.Identity))) -and `
($a.IsInherited -eq $_.IsInherited) -and `
($a.AccessControlType -eq ([System.Security.AccessControl.AccessControlType]::Allow)) -and `
($a.PropagationFlags -eq ([System.Security.AccessControl.PropagationFlags]::None) -and `
(([System.Int32]$a.RegistryRights.value__) -eq ($_.RegistryRights)))
}
$findItem | Should Not Be $null
}
}
}
Context "$tC - Validate Openssh binary files" {
BeforeAll {
if(-not $Windowsbox)
{
$binaries = $null
return
}
$tI=1
$binaries = @(
@{
Name = 'sshd.exe'
},
@{
Name = 'ssh.exe'
},
@{
Name = 'ssh-agent.exe'
},
@{
Name = 'ssh-add.exe'
},
@{
Name = 'sftp.exe'
},
@{
Name = 'sftp-server.exe'
},
@{
Name = 'scp.exe'
},
@{
Name = 'ssh-shellhost.exe'
},
@{
Name = 'ssh-agent.exe'
},
@{
Name = 'ssh-keyscan.exe'
}
)
}
AfterAll{$tC++}
AfterEach { $tI++ }
It "$tC.$tI - Validate Openssh binary files--<Name> is removed" -TestCases:$binaries{
param([string]$Name, [boolean]$IsDirectory = $false)
if(-not [string]::IsNullOrWhiteSpace($Name)) {
(join-path $binPath $Name) | Should Not Exist
}
}
}
Context "$tC - Validate Openssh registry entries" {
BeforeAll {
$tI=1
$servicePath = "HKLM:\SYSTEM\ControlSet001\Services"
$opensshRegPath = "HKLM:\SOFTWARE\OpenSSH"
$opensshACLs = @(
@{
Identity=$systemSid
IsInherited = $false
RegistryRights = $RegFullControlPerm
PropagationFlags = "None"
},
@{
Identity=$adminsSid
IsInherited = $false
RegistryRights = $RegFullControlPerm
PropagationFlags = "None"
},
@{
Identity=$authenticatedUserSid
IsInherited = $false
RegistryRights = $RegReadKeyPerm -bor ([System.UInt32] [System.Security.AccessControl.RegistryRights]::SetValue.value__)
PropagationFlags = "None"
}
)
}
AfterAll{$tC++}
AfterEach { $tI++ }
It "$tC.$tI - Validate Registry key ssh-agent is removed" {
(Join-Path $servicePath "ssh-agent") | Should Not Exist
}
It "$tC.$tI - Validate Registry key sshd is removed" {
(Join-Path $servicePath "sshd") | Should Not Exist
}
It "$tC.$tI - Validate Registry openssh entry" {
ValidateRegistryACL -RegPath $opensshRegPath -IdAcls $opensshACLs
}
}
Context "$tC - Validate service is removed" {
BeforeAll {
$tI=1
}
AfterAll{$tC++}
AfterEach { $tI++ }
It "$tC.$tI - Validate ssh-agent is removed" {
Get-Service ssh-agent -ErrorAction SilentlyContinue | Should Be $null
}
It "$tC.$tI - Validate sshd is removed" {
Get-Service sshd -ErrorAction SilentlyContinue | Should Be $null
}
}
Context "$tC - Validate Firewall settings" {
BeforeAll {
$firwallRuleName = "OpenSSH-Server-In-TCP"
$tI=1
}
AfterAll{$tC++}
AfterEach { $tI++ }
It "$tC.$tI - Validate Firewall settings" -skip:(!$windowsInBox) {
Get-NetFirewallRule -Name $firwallRuleName -ErrorAction SilentlyContinue | Should Be $null
}
}
}
Reference in New Issue View Git Blame Copy Permalink