xref: /freebsd/crypto/openssh/regress/allow-deny-users.sh (revision f81cdf24ba5436367377f7c8e8f51f6df2a75ca7) 
1# Public Domain
2# Zev Weiss, 2016
3# $OpenBSD: allow-deny-users.sh,v 1.6 2021/06/07 00:00:50 djm Exp $
4
5tid="AllowUsers/DenyUsers"
6
7me="$LOGNAME"
8if [ "x$me" = "x" ]; then
9	me=`whoami`
10fi
11other="nobody"
12
13cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
14
15test_auth()
16{
17	deny="$1"
18	allow="$2"
19	should_succeed="$3"
20	failmsg="$4"
21
22	cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
23	test -z "$deny" || echo DenyUsers="$deny" >> $OBJ/sshd_proxy
24	test -z "$allow" || echo AllowUsers="$allow" >> $OBJ/sshd_proxy
25
26	${SSH} -F $OBJ/ssh_proxy "$me@somehost" true
27	status=$?
28
29	if (test $status -eq 0 && ! $should_succeed) \
30	    || (test $status -ne 0 && $should_succeed); then
31		fail "$failmsg"
32	fi
33}
34
35#         DenyUsers     AllowUsers    should_succeed  failure_message
36test_auth ""            ""            true            "user in neither DenyUsers nor AllowUsers denied"
37test_auth "$other $me"  ""            false           "user in DenyUsers allowed"
38test_auth "$me $other"  ""            false           "user in DenyUsers allowed"
39test_auth ""            "$other"      false           "user not in AllowUsers allowed"
40test_auth ""            "$other $me"  true            "user in AllowUsers denied"
41test_auth ""            "$me $other"  true            "user in AllowUsers denied"
42test_auth "$me $other"  "$me $other"  false           "user in both DenyUsers and AllowUsers allowed"
43test_auth "$other $me"  "$other $me"  false           "user in both DenyUsers and AllowUsers allowed"
44