diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 11:13:18 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 11:13:18 +0000 |
commit | 9e7e4ab6617fef1d1681fc2d3e02554264ccc954 (patch) | |
tree | 336445493163aa0370cb7830d97ebd8819b2e2c5 /regress/allow-deny-users.sh | |
parent | Initial commit. (diff) | |
download | openssh-9e7e4ab6617fef1d1681fc2d3e02554264ccc954.tar.xz openssh-9e7e4ab6617fef1d1681fc2d3e02554264ccc954.zip |
Adding upstream version 1:8.4p1.upstream/1%8.4p1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'regress/allow-deny-users.sh')
-rw-r--r-- | regress/allow-deny-users.sh | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh new file mode 100644 index 0000000..5c38951 --- /dev/null +++ b/regress/allow-deny-users.sh @@ -0,0 +1,45 @@ +# Public Domain +# Zev Weiss, 2016 +# $OpenBSD: allow-deny-users.sh,v 1.5 2018/07/13 02:13:50 djm Exp $ + +tid="AllowUsers/DenyUsers" + +me="$LOGNAME" +if [ "x$me" = "x" ]; then + me=`whoami` +fi +other="nobody" + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig + +test_auth() +{ + deny="$1" + allow="$2" + should_succeed="$3" + failmsg="$4" + + cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy + echo DenyUsers="$deny" >> $OBJ/sshd_proxy + echo AllowUsers="$allow" >> $OBJ/sshd_proxy + + start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow" + + ${SSH} -F $OBJ/ssh_proxy "$me@somehost" true + status=$? + + if (test $status -eq 0 && ! $should_succeed) \ + || (test $status -ne 0 && $should_succeed); then + fail "$failmsg" + fi +} + +# DenyUsers AllowUsers should_succeed failure_message +test_auth "" "" true "user in neither DenyUsers nor AllowUsers denied" +test_auth "$other $me" "" false "user in DenyUsers allowed" +test_auth "$me $other" "" false "user in DenyUsers allowed" +test_auth "" "$other" false "user not in AllowUsers allowed" +test_auth "" "$other $me" true "user in AllowUsers denied" +test_auth "" "$me $other" true "user in AllowUsers denied" +test_auth "$me $other" "$me $other" false "user in both DenyUsers and AllowUsers allowed" +test_auth "$other $me" "$other $me" false "user in both DenyUsers and AllowUsers allowed" |