xref: /freebsd/crypto/openssh/regress/allow-deny-users.sh (revision 19261079b74319502c6ffa1249920079f0f69a72) 
1ca86bcf2SDag-Erling Smørgrav# Public Domain
2ca86bcf2SDag-Erling Smørgrav# Zev Weiss, 2016
3*19261079SEd Maste# $OpenBSD: allow-deny-users.sh,v 1.6 2021/06/07 00:00:50 djm Exp $
4ca86bcf2SDag-Erling Smørgrav
5ca86bcf2SDag-Erling Smørgravtid="AllowUsers/DenyUsers"
6ca86bcf2SDag-Erling Smørgrav
7ca86bcf2SDag-Erling Smørgravme="$LOGNAME"
8d93a896eSDag-Erling Smørgravif [ "x$me" = "x" ]; then
9ca86bcf2SDag-Erling Smørgrav	me=`whoami`
10ca86bcf2SDag-Erling Smørgravfi
11ca86bcf2SDag-Erling Smørgravother="nobody"
12ca86bcf2SDag-Erling Smørgrav
13190cef3dSDag-Erling Smørgravcp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
14190cef3dSDag-Erling Smørgrav
15ca86bcf2SDag-Erling Smørgravtest_auth()
16ca86bcf2SDag-Erling Smørgrav{
17ca86bcf2SDag-Erling Smørgrav	deny="$1"
18ca86bcf2SDag-Erling Smørgrav	allow="$2"
19ca86bcf2SDag-Erling Smørgrav	should_succeed="$3"
20ca86bcf2SDag-Erling Smørgrav	failmsg="$4"
21ca86bcf2SDag-Erling Smørgrav
22190cef3dSDag-Erling Smørgrav	cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
23*19261079SEd Maste	test -z "$deny" || echo DenyUsers="$deny" >> $OBJ/sshd_proxy
24*19261079SEd Maste	test -z "$allow" || echo AllowUsers="$allow" >> $OBJ/sshd_proxy
25ca86bcf2SDag-Erling Smørgrav
26190cef3dSDag-Erling Smørgrav	${SSH} -F $OBJ/ssh_proxy "$me@somehost" true
27ca86bcf2SDag-Erling Smørgrav	status=$?
28ca86bcf2SDag-Erling Smørgrav
29ca86bcf2SDag-Erling Smørgrav	if (test $status -eq 0 && ! $should_succeed) \
30ca86bcf2SDag-Erling Smørgrav	    || (test $status -ne 0 && $should_succeed); then
31ca86bcf2SDag-Erling Smørgrav		fail "$failmsg"
32ca86bcf2SDag-Erling Smørgrav	fi
33ca86bcf2SDag-Erling Smørgrav}
34ca86bcf2SDag-Erling Smørgrav
35ca86bcf2SDag-Erling Smørgrav#         DenyUsers     AllowUsers    should_succeed  failure_message
36ca86bcf2SDag-Erling Smørgravtest_auth ""            ""            true            "user in neither DenyUsers nor AllowUsers denied"
37ca86bcf2SDag-Erling Smørgravtest_auth "$other $me"  ""            false           "user in DenyUsers allowed"
38ca86bcf2SDag-Erling Smørgravtest_auth "$me $other"  ""            false           "user in DenyUsers allowed"
39ca86bcf2SDag-Erling Smørgravtest_auth ""            "$other"      false           "user not in AllowUsers allowed"
40ca86bcf2SDag-Erling Smørgravtest_auth ""            "$other $me"  true            "user in AllowUsers denied"
41ca86bcf2SDag-Erling Smørgravtest_auth ""            "$me $other"  true            "user in AllowUsers denied"
42ca86bcf2SDag-Erling Smørgravtest_auth "$me $other"  "$me $other"  false           "user in both DenyUsers and AllowUsers allowed"
43ca86bcf2SDag-Erling Smørgravtest_auth "$other $me"  "$other $me"  false           "user in both DenyUsers and AllowUsers allowed"
44