File: install-linux_test_configure_openssh.sh

package info (click to toggle)
opkssh 0.10.0-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,440 kB
  • sloc: sh: 2,062; makefile: 11
file content (173 lines) | stat: -rw-r--r-- 8,528 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
 
#!/bin/bash

export SHUNIT_RUNNING=1


# Source install-linux.sh
# shellcheck disable=SC1091
source "$(dirname "${BASH_SOURCE[0]}")/../install-linux.sh"

TEST_TEMP_DIR=""
SSHD_CONFIG=""
SSHD_CONFIG_D=""

setUp() {
    TEST_TEMP_DIR=$(mktemp -d /tmp/opkssh.XXXXXX)
    mkdir -p "$TEST_TEMP_DIR/sshd_config.d"
    SSHD_CONFIG="$TEST_TEMP_DIR/sshd_config"
    SSHD_CONFIG_D="$TEST_TEMP_DIR/sshd_config.d"
    OVERWRITE_ACTIVE_CONFIG=false
    export OVERWRITE_ACTIVE_CONFIG
}

tearDown() {
    /usr/bin/rm -rf "$TEST_TEMP_DIR"
}

# Tests
test_configure_openssh_server_no_existing_config() {
    configure_openssh_server "$TEST_TEMP_DIR"
    result=$?

    assertEquals "Expected return value to be 0" 0 "$result"
    assertTrue "/etc/ssh/sshd_config.d/60-opk-ssh.conf should not be createad" "[ -f \"$SSHD_CONFIG_D\"/60-opk-ssh.conf ]"

    readarray -t conf_file < "$SSHD_CONFIG_D/60-opk-ssh.conf"
    assertEquals "Expected AuthorizedKeysCommand to be configured correctly" "AuthorizedKeysCommand ${INSTALL_DIR}/${BINARY_NAME} verify %u %k %t" "${conf_file[0]}"
    assertEquals "Expected AuthorizedKeysCommandUser to be configured correctly" "AuthorizedKeysCommandUser $AUTH_CMD_USER" "${conf_file[1]}"
}


test_configure_openssh_server_sshd_config_no_include_with_no_directives() {
    echo "FooConfigLine bar" >> "$SSHD_CONFIG"
    echo "BarConfigLine foo" >> "$SSHD_CONFIG"

    configure_openssh_server "$TEST_TEMP_DIR"
    result=$?
    readarray -t conf_file < "$SSHD_CONFIG"

    assertEquals "Expected return value to be 0" 0 "$result"
    assertTrue "sshd_config.d/60-opk-ssh.conf should not be created" "[ ! -f \"$SSHD_CONFIG_D/60-opk-ssh.conf\" ]"
    assertContains "Expected new AuthorizedKeysCommand to be added" "${conf_file[*]}" "AuthorizedKeysCommand ${INSTALL_DIR}/${BINARY_NAME} verify %u %k %t"
    assertContains "Expected new AuthorizedKeysCommandUser to be added" "${conf_file[*]}" "AuthorizedKeysCommandUser $AUTH_CMD_USER"
}

test_configure_openssh_server_sshd_config_no_include_with_directive() {
    echo "AuthorizedKeysCommand /bin/foo" >> "$SSHD_CONFIG"
    echo "AuthorizedKeysCommandUser foo" >> "$SSHD_CONFIG"

    configure_openssh_server "$TEST_TEMP_DIR"
    result=$?
    readarray -t conf_file < "$SSHD_CONFIG"

    assertEquals "Expected return value to be 0" 0 "$result"
    assertTrue "sshd_config.d/60-opk-ssh.conf should not be created" "[ ! -f \"$SSHD_CONFIG_D/60-opk-ssh.conf\" ]"
    assertContains "Expected existing AuthorizedKeysCommand to be commented out" "${conf_file[*]}" "#AuthorizedKeysCommand /bin/foo"
    assertContains "Expected existing AuthorizedKeysCommandUser to be commented out" "${conf_file[*]}" "#AuthorizedKeysCommandUser foo"
    assertContains "Expected new AuthorizedKeysCommand to be added" "${conf_file[*]}" "AuthorizedKeysCommand ${INSTALL_DIR}/${BINARY_NAME} verify %u %k %t"
    assertContains "Expected new AuthorizedKeysCommandUser to be added" "${conf_file[*]}" "AuthorizedKeysCommandUser $AUTH_CMD_USER"
}

test_configure_openssh_server_sshd_config_with_include_no_directive(){
    {
        echo "Include /etc/ssh/sshd_config.d/*.conf"
        echo "FooConfigLine bar"
        echo "BarConfigLine foo"
    } >> "$SSHD_CONFIG"

    configure_openssh_server "$TEST_TEMP_DIR"
    result=$?
    readarray -t conf_file < "$SSHD_CONFIG_D/60-opk-ssh.conf"

    assertEquals "Expected return value to be 0" 0 "$result"
    assertTrue "Expected sshd_config.d/60-opk-ssh.conf file to be created" "[ -f \"$SSHD_CONFIG_D/60-opk-ssh.conf\" ]"
    assertEquals "Expected AuthorizedKeysCommand to be configured correctly" "AuthorizedKeysCommand ${INSTALL_DIR}/${BINARY_NAME} verify %u %k %t" "${conf_file[0]}"
    assertEquals "Expected AuthorizedKeysCommandUser to be configured correctly" "AuthorizedKeysCommandUser $AUTH_CMD_USER" "${conf_file[1]}"
}

test_configure_openssh_server_sshd_config_with_include_with_directive(){
    {
        echo "Include /etc/ssh/sshd_config.d/*.conf"
        echo "FooConfigLine bar"
        echo "BarConfigLine foo"
        echo "AuthorizedKeysCommand /bin/foo"
        echo "AuthorizedKeysCommandUser foo"
    } >> "$SSHD_CONFIG"

    configure_openssh_server "$TEST_TEMP_DIR"
    result=$?
    readarray -t conf_file < "$SSHD_CONFIG_D/60-opk-ssh.conf"

    assertEquals "Expected return value to be 0" 0 "$result"
    assertTrue "Expected sshd_config.d/60-opk-ssh.conf file to be created" "[ -f \"$SSHD_CONFIG_D/60-opk-ssh.conf\" ]"
    assertEquals "Expected AuthorizedKeysCommand to be configured correctly" "AuthorizedKeysCommand ${INSTALL_DIR}/${BINARY_NAME} verify %u %k %t" "${conf_file[0]}"
    assertEquals "Expected AuthorizedKeysCommandUser to be configured correctly" "AuthorizedKeysCommandUser $AUTH_CMD_USER" "${conf_file[1]}"
}

test_configure_openssh_server_existing_sshd_d_no_overwrite() {
    echo "Include /etc/ssh/sshd_config.d/*.conf" >> "$SSHD_CONFIG"
    {
        echo "FooConfigLine bar"
        echo "BarConfigLine foo"
        echo "AuthorizedKeysCommand /bin/foo"
        echo "AuthorizedKeysCommandUser foo"
    } >> "$SSHD_CONFIG_D/50-foo.conf"

    configure_openssh_server "$TEST_TEMP_DIR"
    result=$?

    assertEquals "Expected return value to be 0" 0 "$result"
    readarray -t original_conf < "$SSHD_CONFIG_D/50-foo.conf"
    assertTrue "Expected sshd_config.d/49-opk-ssh.conf file to be created" "[ -f \"$SSHD_CONFIG_D/49-opk-ssh.conf\" ]"
    readarray -t new_conf < "$SSHD_CONFIG_D/49-opk-ssh.conf"
    assertTrue "Expected original config file sshd_config.d/50-foo.conf to be untuched" "[ \"${#original_conf[@]}\" -eq \"4\" ]"
    assertEquals "Expected AuthorizedKeysCommand to be configured correctly" "AuthorizedKeysCommand ${INSTALL_DIR}/${BINARY_NAME} verify %u %k %t" "${new_conf[0]}"
    assertEquals "Expected AuthorizedKeysCommandUser to be configured correctly"  "AuthorizedKeysCommandUser $AUTH_CMD_USER"  "${new_conf[1]}"
}

test_configure_openssh_server_existing_sshd_d_with_overwrite() {
    echo "Include /etc/ssh/sshd_config.d/*.conf" >> "$SSHD_CONFIG"
    {
        echo "FooConfigLine bar"
        echo "BarConfigLine foo"
        echo "AuthorizedKeysCommand /bin/foo"
        echo "AuthorizedKeysCommandUser foo"
    } >> "$SSHD_CONFIG_D/50-foo.conf"
    OVERWRITE_ACTIVE_CONFIG=true

    configure_openssh_server "$TEST_TEMP_DIR"
    result=$?

    assertEquals "Expected return value to be 0" 0 "$result"
    readarray -t original_conf < "$SSHD_CONFIG_D/50-foo.conf"
    assertTrue "Expected sshd_config.d/49-opk-ssh.conf file not to be created" "[ ! -f \"$SSHD_CONFIG_D/49-opk-ssh.conf\" ]"
    assertEquals "Expected the original config to be commented out" "#AuthorizedKeysCommand /bin/foo" "${original_conf[2]}"
    assertEquals "Expected the original config to be commented out" "#AuthorizedKeysCommandUser foo" "${original_conf[3]}"
    assertEquals "Expected AuthorizedKeysCommand to be configured" "AuthorizedKeysCommand ${INSTALL_DIR}/${BINARY_NAME} verify %u %k %t" "${original_conf[4]}"
    assertEquals "Expected AuthorizedKeysCommandUser to be configured" "AuthorizedKeysCommandUser $AUTH_CMD_USER" "${original_conf[5]}"
}

test_configure_openssh_server_existing_sshd_d_no_overwrite_00_config() {
    echo "Include /etc/ssh/sshd_config.d/*.conf" >> "$SSHD_CONFIG"
    {
        echo "FooConfigLine bar"
        echo "BarConfigLine foo"
        echo "AuthorizedKeysCommand /bin/foo"
        echo "AuthorizedKeysCommandUser foo"
    } >> "$SSHD_CONFIG_D/00-foo.conf"

    output=$(configure_openssh_server "$TEST_TEMP_DIR" 2>&1)
    result=$?

    assertEquals "Expected return value to be 1 when failing to create config" 1 "$result"
    readarray -t original_conf < "$SSHD_CONFIG_D/00-foo.conf"
    assertTrue "Expected original config file sshd_config.d/00-foo.conf to be untuched" "[ \"${#original_conf[@]}\" -eq \"4\" ]"
    assertEquals "Expected original config file sshd_config.d/00-foo.conf to be untuched" "FooConfigLine bar" "${original_conf[0]}"
    assertEquals "Expected original config file sshd_config.d/00-foo.conf to be untuched" "BarConfigLine foo" "${original_conf[1]}"
    assertEquals "Expected original config file sshd_config.d/00-foo.conf to be untuched" "AuthorizedKeysCommand /bin/foo" "${original_conf[2]}"
    assertEquals "Expected original config file sshd_config.d/00-foo.conf to be untuched" "AuthorizedKeysCommandUser foo" "${original_conf[3]}"
    assertContains "Expected output to contain reason on failure" "$output" "Cannot create configuration with higher priority"
}

# shellcheck disable=SC1091
source shunit2