mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-31 01:35:11 +02:00
226 lines
9.7 KiB
PowerShell
226 lines
9.7 KiB
PowerShell
If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Path}
|
|
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
|
Import-Module OpenSSHUtils -Force
|
|
$tC = 1
|
|
$tI = 0
|
|
$suite = "FileBasedLogging"
|
|
Describe "Tests for admin and non-admin file based logs" -Tags "CI" {
|
|
BeforeAll {
|
|
if($OpenSSHTestInfo -eq $null)
|
|
{
|
|
Throw "`$OpenSSHTestInfo is null. Please run Set-OpenSSHTestEnvironment to set test environments."
|
|
}
|
|
|
|
$testDir = "$($OpenSSHTestInfo["TestDataPath"])\$suite"
|
|
if( -not (Test-path $testDir -PathType Container))
|
|
{
|
|
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
|
|
}
|
|
|
|
$sshLogName = "test.txt"
|
|
$sshdLogName = "sshdlog.txt"
|
|
$server = $OpenSSHTestInfo["Target"]
|
|
$opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath']
|
|
$nonadminusername = $OpenSSHTestInfo['NonAdminUser']
|
|
$adminusername = $OpenSSHTestInfo['AdminUser']
|
|
$password = $OpenSSHTestInfo['TestAccountPW']
|
|
$port = 47003
|
|
$sshdDelay = $OpenSSHTestInfo["DelayTime"]
|
|
Remove-Item -Path (Join-Path $testDir "*$sshLogName") -Force -ErrorAction SilentlyContinue
|
|
|
|
<# Setup sshd_config file#>
|
|
|
|
$sshdconfig_ori = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config
|
|
$sshdconfig_custom = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config_custom
|
|
if (Test-Path $sshdconfig_custom) {
|
|
Remove-Item $sshdconfig_custom -Force
|
|
}
|
|
Copy-Item $sshdconfig_ori $sshdconfig_custom
|
|
get-acl $sshdconfig_ori | set-acl $sshdconfig_custom
|
|
$content = Get-Content -Path $sshdconfig_custom
|
|
$newContent = $content -replace "Subsystem sftp sftp-server.exe -l DEBUG3", "Subsystem sftp sftp-server.exe -l DEBUG3 -f LOCAL0"
|
|
$newContent | Set-Content -Path $sshdconfig_custom
|
|
|
|
#skip when the task schedular (*-ScheduledTask) cmdlets does not exist
|
|
$ts = (get-command get-ScheduledTask -ErrorAction SilentlyContinue)
|
|
$skip = $ts -eq $null
|
|
if(-not $skip)
|
|
{
|
|
Stop-SSHDTestDaemon -Port $port
|
|
}
|
|
if($IsWindows -and ([Environment]::OSVersion.Version.Major -le 6))
|
|
{
|
|
#suppress the firewall blocking dialogue on win7
|
|
netsh advfirewall firewall add rule name="sshd" program="$($OpenSSHTestInfo['OpenSSHBinPath'])\sshd.exe" protocol=any action=allow dir=in
|
|
}
|
|
}
|
|
|
|
AfterEach { $tI++ }
|
|
|
|
AfterAll {
|
|
if($IsWindows -and ($psversiontable.BuildVersion.Major -le 6))
|
|
{
|
|
netsh advfirewall firewall delete rule name="sshd" program="$($OpenSSHTestInfo['OpenSSHBinPath'])\sshd.exe" protocol=any dir=in
|
|
}
|
|
}
|
|
|
|
|
|
Context "Tests Logs for SSH connections" {
|
|
BeforeAll {
|
|
$sshdConfigPath = $sshdconfig_custom
|
|
Add-PasswordSetting -Pass $password
|
|
$tI=1
|
|
}
|
|
|
|
BeforeEach {
|
|
$sshlog = Join-Path $testDir "$tC.$tI.$sshLogName"
|
|
$sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName"
|
|
|
|
if (Test-Path $sshdlog -PathType Leaf) {
|
|
Clear-Content $sshdlog
|
|
}
|
|
|
|
if(-not $skip)
|
|
{
|
|
Stop-SSHDTestDaemon -Port $port
|
|
}
|
|
}
|
|
|
|
AfterAll {
|
|
Remove-PasswordSetting
|
|
$tC++
|
|
}
|
|
|
|
It "$tC.$tI-Nonadmin SSH Connection" -skip:$skip {
|
|
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-ddd -f $sshdConfigPath -E $sshdlog" -Port $port
|
|
$o = ssh -vvv -p $port -E $sshlog $nonadminusername@$server echo 1234
|
|
$o | Should Be 1234
|
|
Stop-SSHDTestDaemon -Port $port
|
|
sleep $sshdDelay
|
|
$sshdlog | Should Contain "KEX done \[preauth\]"
|
|
$sshdlog | Should Contain "exec_command: echo 1234"
|
|
}
|
|
|
|
It "$tC.$tI-Admin SSH Connection" -skip:$skip {
|
|
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-ddd -f $sshdConfigPath -E $sshdlog" -Port $port
|
|
$o = ssh -vvv -p $port -E $sshlog $adminusername@$server echo 1234
|
|
$o | Should Be 1234
|
|
Stop-SSHDTestDaemon -Port $port
|
|
sleep $sshdDelay
|
|
$sshdlog | Should Contain "KEX done \[preauth\]"
|
|
$sshdlog | Should Contain "exec_command: echo 1234"
|
|
}
|
|
}
|
|
|
|
Context "Tests Logs for SFTP connections" {
|
|
|
|
BeforeAll {
|
|
$sshdConfigPath = $sshdconfig_custom
|
|
|
|
function Setup-KeyBasedAuth
|
|
{
|
|
param([string] $Username, [string] $KeyFilePath, [string] $UserProfile)
|
|
|
|
$userSSHProfilePath = Join-Path $UserProfile .ssh
|
|
|
|
if (-not (Test-Path $userSSHProfilePath -PathType Container)) {
|
|
New-Item $userSSHProfilePath -ItemType directory -Force -ErrorAction Stop | Out-Null
|
|
}
|
|
|
|
$authorizedkeyPath = Join-Path $userSSHProfilePath authorized_keys
|
|
|
|
if($OpenSSHTestInfo["NoLibreSSL"])
|
|
{
|
|
ssh-keygen.exe -t ed25519 -f $KeyFilePath -Z -P "" aes128-ctr
|
|
}
|
|
else
|
|
{
|
|
ssh-keygen.exe -t ed25519 -f $KeyFilePath -P ""
|
|
}
|
|
Copy-Item "$keyFilePath.pub" $authorizedkeyPath -Force -ErrorAction SilentlyContinue
|
|
Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false
|
|
}
|
|
|
|
$AdminUserProfile = $OpenSSHTestInfo['AdminUserProfile']
|
|
$NonAdminUserProfile = $OpenSSHTestInfo['NonAdminUserProfile']
|
|
|
|
$KeyFileName = $nonadminusername + "_sshtest_fileBasedLog_ed25519"
|
|
$NonadminKeyFilePath = Join-Path $testDir $keyFileName
|
|
Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue
|
|
Setup-KeyBasedAuth -Username $nonadminusername -KeyFilePath $NonadminKeyFilePath -UserProfile $NonAdminUserProfile
|
|
|
|
$KeyFileName = $adminusername + "_sshtest_fileBasedLog_ed25519"
|
|
$AdminKeyFilePath = Join-Path $testDir $keyFileName
|
|
Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue
|
|
Setup-KeyBasedAuth -Username $adminusername -KeyFilePath $AdminKeyFilePath -UserProfile $AdminUserProfile
|
|
|
|
#create batch file
|
|
$commands =
|
|
"ls
|
|
exit"
|
|
$batchFilePath = Join-Path $testDir "$tC.$tI.commands.txt"
|
|
Set-Content $batchFilePath -Encoding UTF8 -value $commands
|
|
|
|
$tI = 1
|
|
}
|
|
|
|
BeforeEach {
|
|
Clear-Content "$env:ProgramData\ssh\logs\sftp-server.log" -Force -ErrorAction SilentlyContinue
|
|
$sshlog = Join-Path $testDir "$tC.$tI.$sshLogName"
|
|
$sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName"
|
|
if (Test-Path $sshdlog -PathType Leaf) {
|
|
Clear-Content $sshdlog
|
|
}
|
|
if(-not $skip)
|
|
{
|
|
Stop-SSHDTestDaemon -Port $port
|
|
}
|
|
}
|
|
|
|
AfterAll {
|
|
Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue
|
|
Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue
|
|
|
|
$authorized_key = Join-Path .ssh authorized_keys
|
|
$AdminAuthKeysPath = Join-Path $AdminUserProfile $authorized_key
|
|
$NonAdminAuthKeysPath = Join-Path $NonAdminUserProfile $authorized_key
|
|
Remove-Item -path "$AdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue
|
|
Remove-Item -path "$NonAdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue
|
|
|
|
$tC++
|
|
}
|
|
|
|
It "$tC.$tI-Nonadmin SFTP Connection" -skip:$skip {
|
|
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-ddd -f $sshdConfigPath -E $sshdlog" -Port $port
|
|
sftp -P $port -i $NonadminKeyFilePath -b $batchFilePath $nonadminusername@$server
|
|
Stop-SSHDTestDaemon -Port $port
|
|
sleep $sshdDelay
|
|
$sftplog = Join-Path $testDir "$tC.$tI.sftp-server.log"
|
|
Copy-Item "$env:ProgramData\ssh\logs\sftp-server.log" $sftplog -Force -ErrorAction SilentlyContinue
|
|
|
|
$sshdlog | Should Contain "Accepted publickey for $nonadminusername"
|
|
$sshdlog | Should Contain "KEX done \[preauth\]"
|
|
$sshdlog | Should Contain "debug2: subsystem request for sftp by user $nonadminusername"
|
|
$sftplog | Should Contain "session opened for local user $nonadminusername"
|
|
$sftplog | Should Contain "debug3: request 3: opendir"
|
|
$sftplog | Should Contain "session closed for local user $nonadminusername"
|
|
}
|
|
|
|
It "$tC.$tI-Admin SFTP Connection" -skip:$skip {
|
|
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-ddd -f $sshdConfigPath -E $sshdlog" -Port $port
|
|
sftp -P $port -i $AdminKeyFilePath -b $batchFilePath $adminusername@$server
|
|
Stop-SSHDTestDaemon -Port $port
|
|
sleep $sshdDelay
|
|
$sftplog = Join-Path $testDir "$tC.$tI.sftp-server.log"
|
|
Copy-Item "$env:ProgramData\ssh\logs\sftp-server.log" $sftplog -Force -ErrorAction SilentlyContinue
|
|
|
|
$sshdlog | Should Contain "Accepted publickey for $adminusername"
|
|
$sshdlog | Should Contain "KEX done \[preauth\]"
|
|
$sshdlog | Should Contain "debug2: subsystem request for sftp by user $adminusername"
|
|
$sftplog | Should Contain "session opened for local user $adminusername"
|
|
$sftplog | Should Contain "debug3: request 3: opendir"
|
|
$sftplog | Should Contain "session closed for local user $adminusername"
|
|
}
|
|
}
|
|
}
|