lenses/tests/test_sshd.aug

   1 (* Module: Test_sshd *)
   2 module Test_sshd =
   3
   4   let accept_env = "Protocol 2
   5 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
   6 AcceptEnv LC_IDENTIFICATION LC_ALL\n"
   7
   8   test Sshd.lns get accept_env =
   9     { "Protocol" = "2" }
  10     { "AcceptEnv"
  11         { "1" = "LC_PAPER" }
  12         { "2" = "LC_NAME" }
  13         { "3" = "LC_ADDRESS" }
  14         { "4" = "LC_TELEPHONE" }
  15         { "5" = "LC_MEASUREMENT" } }
  16     { "AcceptEnv"
  17         { "6" = "LC_IDENTIFICATION" }
  18         { "7" = "LC_ALL" } }
  19
  20
  21   test Sshd.lns get "HostKey /etc/ssh/ssh_host_rsa_key
  22 HostKey /etc/ssh/ssh_host_dsa_key\n" =
  23     { "HostKey" = "/etc/ssh/ssh_host_rsa_key" }
  24     { "HostKey" = "/etc/ssh/ssh_host_dsa_key" }
  25
  26
  27   test Sshd.lns put accept_env after
  28       rm "AcceptEnv";
  29       rm "AcceptEnv";
  30       set "Protocol" "1.5";
  31       set "X11Forwarding" "yes"
  32    = "Protocol 1.5\nX11Forwarding yes\n"
  33
  34   test Sshd.lns get "AuthorizedKeysFile  %h/.ssh/authorized_keys\n" =
  35     { "AuthorizedKeysFile" = "%h/.ssh/authorized_keys" }
  36
  37   test Sshd.lns get "Subsystem sftp /usr/lib/openssh/sftp-server\n" =
  38     { "Subsystem"
  39         { "sftp" = "/usr/lib/openssh/sftp-server" } }
  40
  41   test Sshd.lns get "Subsystem sftp-test /usr/lib/openssh/sftp-server\n" =
  42     { "Subsystem"
  43         { "sftp-test" = "/usr/lib/openssh/sftp-server" } }
  44
  45
  46
  47   let match_blocks = "X11Forwarding yes
  48 Match User sarko Group pres.*
  49   Banner /etc/bienvenue.txt
  50   X11Forwarding no
  51 Match User bush Group pres.* Host white.house.*
  52 Banner /etc/welcome.txt
  53 Match Group \"Domain users\"
  54   X11Forwarding yes
  55 "
  56   test Sshd.lns get match_blocks =
  57     { "X11Forwarding" = "yes"}
  58       { "Match"
  59           { "Condition" { "User" = "sarko"   }
  60                         { "Group" = "pres.*" } }
  61           { "Settings"  { "Banner" = "/etc/bienvenue.txt" }
  62                         { "X11Forwarding" = "no" } } }
  63       { "Match"
  64           { "Condition" { "User" = "bush"    }
  65                         { "Group" = "pres.*" }
  66                         { "Host"  = "white.house.*" } }
  67           { "Settings"  { "Banner" = "/etc/welcome.txt" } } }
  68       { "Match"
  69           { "Condition" { "Group" = "Domain users" } }
  70           { "Settings"  { "X11Forwarding" = "yes" } } }
  71
  72   test Sshd.lns put match_blocks after
  73     insb "Subsystem" "/Match[1]";
  74     set "/Subsystem/sftp" "/usr/libexec/openssh/sftp-server"
  75   = "X11Forwarding yes
  76 Subsystem sftp /usr/libexec/openssh/sftp-server
  77 Match User sarko Group pres.*
  78   Banner /etc/bienvenue.txt
  79   X11Forwarding no
  80 Match User bush Group pres.* Host white.house.*
  81 Banner /etc/welcome.txt
  82 Match Group \"Domain users\"
  83   X11Forwarding yes\n"
  84
  85 (* Test: Sshd.lns
  86    Indent when adding to a Match group *)
  87   test Sshd.lns put match_blocks after
  88     set "Match[1]/Settings/PermitRootLogin" "yes";
  89     set "Match[1]/Settings/#comment" "a comment" =
  90 "X11Forwarding yes
  91 Match User sarko Group pres.*
  92   Banner /etc/bienvenue.txt
  93   X11Forwarding no
  94   PermitRootLogin yes
  95   # a comment
  96 Match User bush Group pres.* Host white.house.*
  97 Banner /etc/welcome.txt
  98 Match Group \"Domain users\"
  99   X11Forwarding yes\n"
 100
 101
 102 (* Test: Sshd.lns
 103      Parse Ciphers, KexAlgorithms, HostKeyAlgorithms as lists (GH issue #69)
 104      Parse GSSAPIKexAlgorithms, PubkeyAcceptedKeyTypes, CASignatureAlgorithms as lists (GH PR #721)
 105          Parse PubkeyAcceptedAlgorithms as a list (GH issue #804) *)
 106 test Sshd.lns get "Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
 107 KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
 108 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
 109 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-
 110 PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384
 111 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384
 112 CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\n" =
 113   { "Ciphers"
 114     { "1" = "aes256-gcm@openssh.com" }
 115     { "2" = "aes128-gcm@openssh.com" }
 116     { "3" = "aes256-ctr" }
 117     { "4" = "aes128-ctr" }
 118   }
 119   { "KexAlgorithms"
 120     { "1" = "diffie-hellman-group-exchange-sha256" }
 121     { "2" = "diffie-hellman-group14-sha1" }
 122     { "3" = "diffie-hellman-group-exchange-sha1" }
 123   }
 124   { "HostKeyAlgorithms"
 125     { "1" = "ssh-ed25519-cert-v01@openssh.com" }
 126     { "2" = "ssh-rsa-cert-v01@openssh.com" }
 127     { "3" = "ssh-ed25519" }
 128     { "4" = "ssh-rsa" }
 129   }
 130   { "GSSAPIKexAlgorithms"
 131     { "1" = "gss-curve25519-sha256-" }
 132     { "2" = "gss-nistp256-sha256-" }
 133     { "3" = "gss-group14-sha256-" }
 134   }
 135   { "PubkeyAcceptedKeyTypes"
 136     { "1" = "ecdsa-sha2-nistp256" }
 137     { "2" = "ecdsa-sha2-nistp256-cert-v01@openssh.com" }
 138     { "3" = "ecdsa-sha2-nistp384" }
 139   }
 140   { "PubkeyAcceptedAlgorithms"
 141     { "1" = "ecdsa-sha2-nistp256" }
 142     { "2" = "ecdsa-sha2-nistp256-cert-v01@openssh.com" }
 143     { "3" = "ecdsa-sha2-nistp384" }
 144   }
 145   { "CASignatureAlgorithms"
 146     { "1" = "ecdsa-sha2-nistp256" }
 147     { "2" = "ecdsa-sha2-nistp384" }
 148     { "3" = "ecdsa-sha2-nistp521" }
 149   }
 150
 151 (* Test: Sshd.lns
 152      Keys are case-insensitive *)
 153 test Sshd.lns get "ciPheRs aes256-gcm@openssh.com,aes128-ctr
 154 maTcH User foo
 155   x11forwarding no\n" =
 156   { "ciPheRs"
 157     { "1" = "aes256-gcm@openssh.com" }
 158     { "2" = "aes128-ctr" }
 159   }
 160   { "maTcH"
 161     { "Condition"
 162       { "User" = "foo" }
 163     }
 164     { "Settings"
 165       { "x11forwarding" = "no" }
 166     }
 167   }
 168
 169 (* Test: Sshd.lns
 170      Allow AllowGroups in Match groups (GH issue #75) *)
 171 test Sshd.lns get "Match User foo
 172   AllowGroups users\n" =
 173   { "Match" { "Condition" { "User" = "foo" } }
 174     { "Settings" { "AllowGroups" { "1" = "users" } } } }
 175
 176 (* Test: Sshd.lns
 177      Recognize quoted group names with spaces in AllowGroups and similar
 178      (Issue #477) *)
 179 test Sshd.lns get "Match User foo
 180     AllowGroups math-domain-users \"access admins\"\n" =
 181   { "Match" { "Condition" { "User" = "foo" } }
 182     { "Settings"
 183       { "AllowGroups"
 184         { "1" = "math-domain-users" }
 185         { "2" = "access admins" } } } }
 186
 187 test Sshd.lns put "Match User foo\nAllowGroups users\n" after
 188   set "/Match/Settings/AllowGroups/1" "all people" =
 189     "Match User foo\nAllowGroups \"all people\"\n"
 190
 191 test Sshd.lns put "Match User foo\nAllowGroups users\n" after
 192   set "/Match/Settings/AllowGroups/01" "all people" =
 193     "Match User foo\nAllowGroups users \"all people\"\n"
 194
 195 test Sshd.lns put "Match User foo\nAllowGroups users\n" after
 196   set "/Match/Settings/AllowGroups/01" "people" =
 197     "Match User foo\nAllowGroups users people\n"
 198
 199 (* Local Variables: *)
 200 (* mode: caml       *)
 201 (* End:             *)