diff options
-rw-r--r-- | regress/Makefile | 5 | ||||
-rw-r--r-- | regress/allow-deny-users.sh | 37 |
2 files changed, 40 insertions, 2 deletions
diff --git a/regress/Makefile b/regress/Makefile index bb8806818..c2dba4fdf 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.93 2016/11/01 13:43:27 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.94 2016/12/16 03:51:19 dtucker Exp $ |
2 | 2 | ||
3 | REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec | 3 | REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec |
4 | tests: prep $(REGRESS_TARGETS) | 4 | tests: prep $(REGRESS_TARGETS) |
@@ -78,7 +78,8 @@ LTESTS= connect \ | |||
78 | hostkey-rotate \ | 78 | hostkey-rotate \ |
79 | principals-command \ | 79 | principals-command \ |
80 | cert-file \ | 80 | cert-file \ |
81 | cfginclude | 81 | cfginclude \ |
82 | allow-deny-users | ||
82 | 83 | ||
83 | 84 | ||
84 | # dhgex \ | 85 | # dhgex \ |
diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh new file mode 100644 index 000000000..217b15940 --- /dev/null +++ b/regress/allow-deny-users.sh | |||
@@ -0,0 +1,37 @@ | |||
1 | # Public Domain | ||
2 | # Zev Weiss, 2016 | ||
3 | |||
4 | tid="AllowUsers/DenyUsers" | ||
5 | |||
6 | me=`whoami` | ||
7 | other="nobody" | ||
8 | |||
9 | test_auth() | ||
10 | { | ||
11 | deny="$1" | ||
12 | allow="$2" | ||
13 | should_succeed="$3" | ||
14 | failmsg="$4" | ||
15 | |||
16 | start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow" | ||
17 | |||
18 | ${SSH} -F $OBJ/ssh_config "$me@somehost" true | ||
19 | status=$? | ||
20 | |||
21 | if (test $status -eq 0 && ! $should_succeed) \ | ||
22 | || (test $status -ne 0 && $should_succeed); then | ||
23 | fail "$failmsg" | ||
24 | fi | ||
25 | |||
26 | stop_sshd | ||
27 | } | ||
28 | |||
29 | # DenyUsers AllowUsers should_succeed failure_message | ||
30 | test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied" | ||
31 | test_auth "$other $me" "" false "user in DenyUsers allowed" | ||
32 | test_auth "$me $other" "" false "user in DenyUsers allowed" | ||
33 | test_auth "" "$other" false "user not in AllowUsers allowed" | ||
34 | test_auth "" "$other $me" true "user in AllowUsers denied" | ||
35 | test_auth "" "$me $other" true "user in AllowUsers denied" | ||
36 | test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed" | ||
37 | test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed" | ||