111 lines
5.0 KiB
PowerShell
111 lines
5.0 KiB
PowerShell
If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Path}
|
|
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
|
|
$tC = 1
|
|
$tI = 0
|
|
$suite = "log_fileperm"
|
|
|
|
Describe "Tests for log file permission" -Tags "CI" {
|
|
BeforeAll {
|
|
if($OpenSSHTestInfo -eq $null)
|
|
{
|
|
Throw "`$OpenSSHTestInfo is null. Please run Setup-OpenSSHTestEnvironment to setup test environment."
|
|
}
|
|
|
|
$testDir = "$($OpenSSHTestInfo["TestDataPath"])\$suite"
|
|
if( -not (Test-path $testDir -PathType Container))
|
|
{
|
|
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
|
|
}
|
|
$port = 47003
|
|
$logName = "log.txt"
|
|
|
|
$systemSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::LocalSystemSid)
|
|
$adminsSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid)
|
|
$currentUserSid = Get-UserSID -User "$($env:USERDOMAIN)\$($env:USERNAME)"
|
|
|
|
Remove-Item (Join-Path $testDir "*$logName") -Force -ErrorAction SilentlyContinue
|
|
|
|
$platform = Get-Platform
|
|
if(($platform -eq [PlatformType]::Windows) -and ($psversiontable.BuildVersion.Major -le 6))
|
|
{
|
|
#suppress the firewall blocking dialogue on win7
|
|
netsh advfirewall firewall add rule name="sshd" program="$($OpenSSHTestInfo['OpenSSHBinPath'])\sshd.exe" protocol=any action=allow dir=in
|
|
}
|
|
|
|
#only validate owner and ACEs of the file
|
|
function ValidateLogFilePerm {
|
|
param([string]$FilePath)
|
|
|
|
$myACL = Get-ACL $FilePath
|
|
$currentOwnerSid = Get-UserSid -User $myACL.Owner
|
|
$currentOwnerSid.Equals($currentUserSid) | Should Be $true
|
|
$myACL.Access | Should Not Be $null
|
|
|
|
$ReadWriteAccessPerm = ([System.UInt32] [System.Security.AccessControl.FileSystemRights]::Read.value__) -bor `
|
|
([System.UInt32] [System.Security.AccessControl.FileSystemRights]::ReadAndExecute.value__) -bor `
|
|
([System.UInt32] [System.Security.AccessControl.FileSystemRights]::Write.value__) -bor `
|
|
([System.UInt32] [System.Security.AccessControl.FileSystemRights]::Modify.value__) -bor `
|
|
([System.UInt32] [System.Security.AccessControl.FileSystemRights]::Synchronize.value__)
|
|
|
|
$FullControlPerm = [System.UInt32] [System.Security.AccessControl.FileSystemRights]::FullControl.value__
|
|
|
|
$myACL.Access.Count | Should Be 3
|
|
$identities = @($systemSid, $adminsSid, $currentUserSid)
|
|
|
|
foreach ($a in $myACL.Access) {
|
|
$id = Get-UserSid -User $a.IdentityReference
|
|
$identities -contains $id | Should Be $true
|
|
|
|
switch ($id)
|
|
{
|
|
{@($systemSid, $adminsSid) -contains $_}
|
|
{
|
|
([System.UInt32]$a.FileSystemRights.value__) | Should Be $FullControlPerm
|
|
break;
|
|
}
|
|
$currentUserSid
|
|
{
|
|
([System.UInt32]$a.FileSystemRights.value__) | Should Be $ReadWriteAccessPerm
|
|
break;
|
|
}
|
|
}
|
|
|
|
$a.AccessControlType | Should Be ([System.Security.AccessControl.AccessControlType]::Allow)
|
|
$a.IsInherited | Should Be $false
|
|
$a.InheritanceFlags | Should Be ([System.Security.AccessControl.InheritanceFlags]::None)
|
|
$a.PropagationFlags | Should Be ([System.Security.AccessControl.PropagationFlags]::None)
|
|
}
|
|
}
|
|
}
|
|
|
|
BeforeEach {
|
|
$logPath = Join-Path $testDir "$tC.$tI.$logName"
|
|
}
|
|
|
|
AfterEach {$tI++;}
|
|
AfterAll {
|
|
if(($platform -eq [PlatformType]::Windows) -and ($psversiontable.BuildVersion.Major -le 6))
|
|
{
|
|
netsh advfirewall firewall delete rule name="sshd" program="$($OpenSSHTestInfo['OpenSSHBinPath'])\sshd.exe" protocol=any dir=in
|
|
}
|
|
}
|
|
|
|
Context "$tC-SSHD -E Log file permission" {
|
|
BeforeAll {
|
|
Get-Process -Name sshd -ErrorAction SilentlyContinue | Where-Object {$_.SessionID -ne 0} | Stop-process -force -ErrorAction SilentlyContinue
|
|
$tI=1
|
|
}
|
|
|
|
AfterAll {
|
|
$tC++
|
|
}
|
|
|
|
It "$tC.$tI-SSHD -E Log file permission" {
|
|
#Run
|
|
Start-Process -FilePath sshd.exe -WorkingDirectory $($OpenSSHTestInfo['OpenSSHBinPath']) -ArgumentList @("-d", "-p $port", "-E $logPath") -NoNewWindow
|
|
Start-sleep 1;
|
|
ValidateLogFilePerm -FilePath $logPath
|
|
Get-Process -Name sshd -ErrorAction SilentlyContinue | Where-Object {$_.SessionID -ne 0} | Stop-process -force -ErrorAction SilentlyContinue
|
|
}
|
|
}
|
|
} |