diff --git a/libexec/nuageinit/tests/Makefile b/libexec/nuageinit/tests/Makefile index 4c99f8e31ce..fc776526866 100644 --- a/libexec/nuageinit/tests/Makefile +++ b/libexec/nuageinit/tests/Makefile @@ -21,5 +21,6 @@ ${PACKAGE}FILES+= addfile.lua ${PACKAGE}FILES+= decode_base64.lua ${PACKAGE}FILES+= addsudo.lua ${PACKAGE}FILES+= adddoas.lua +${PACKAGE}FILES+= update_sshd_config.lua .include diff --git a/libexec/nuageinit/tests/nuage.sh b/libexec/nuageinit/tests/nuage.sh index 01c4612eb8e..348a8d93ba0 100644 --- a/libexec/nuageinit/tests/nuage.sh +++ b/libexec/nuageinit/tests/nuage.sh @@ -17,6 +17,7 @@ atf_test_case addfile atf_test_case decode_base64 atf_test_case addsudo atf_test_case adddoas +atf_test_case update_sshd_config settimezone_body() { @@ -109,6 +110,12 @@ adddoas_body() atf_check /usr/libexec/flua $(atf_get_srcdir)/adddoas.lua } +update_sshd_config_body() +{ + mkdir -p etc/ssh + atf_check /usr/libexec/flua $(atf_get_srcdir)/update_sshd_config.lua +} + atf_init_test_cases() { atf_add_test_case sethostname @@ -120,4 +127,5 @@ atf_init_test_cases() atf_add_test_case decode_base64 atf_add_test_case addsudo atf_add_test_case adddoas + atf_add_test_case update_sshd_config } diff --git a/libexec/nuageinit/tests/update_sshd_config.lua b/libexec/nuageinit/tests/update_sshd_config.lua new file mode 100644 index 00000000000..ac56c29986a --- /dev/null +++ b/libexec/nuageinit/tests/update_sshd_config.lua @@ -0,0 +1,73 @@ +#!/usr/libexec/flua +--- +-- SPDX-License-Identifier: BSD-2-Clause +-- +-- Copyright (c) 2026 Baptiste Daroussin + +local n = require("nuage") + +local root = os.getenv("NUAGE_FAKE_ROOTDIR") +if not root then + root = "" +end + +local sshd_config = root .. "/etc/ssh/sshd_config" + +local function setup(content) + local dir = root .. "/etc/ssh" + n.mkdir_p(dir) + local f = assert(io.open(sshd_config, "w")) + f:write(content) + f:close() +end + +local function read_config() + local f = assert(io.open(sshd_config, "r")) + local content = f:read("*a") + f:close() + return content +end + +-- Key not found: appended +setup("SomeOtherKey yes\n") +n.update_sshd_config("PasswordAuthentication", "yes") +if read_config() ~= "SomeOtherKey yes\nPasswordAuthentication yes\n" then + n.err("Key not found: should be appended") +end + +-- Key with same value: no change +setup("PasswordAuthentication yes\n") +n.update_sshd_config("PasswordAuthentication", "yes") +if read_config() ~= "PasswordAuthentication yes\n" then + n.err("Same value: should not change") +end + +-- Key with different value: changed +setup("PasswordAuthentication no\n") +n.update_sshd_config("PasswordAuthentication", "yes") +if read_config() ~= "PasswordAuthentication yes\n" then + n.err("Different value: should change") +end + +-- Key with comment +setup("PasswordAuthentication no # keep this\n") +n.update_sshd_config("PasswordAuthentication", "yes") +if read_config() ~= "PasswordAuthentication yes\n" then + n.err("Comment stripped: '" .. read_config() .. "'") +end + +-- Case insensitive key matching +setup("passwordauthentication no\n") +n.update_sshd_config("PasswordAuthentication", "yes") +if read_config() ~= "PasswordAuthentication yes\n" then + n.err("Case insensitive matching failed") +end + +-- Extra spaces +setup(" PasswordAuthentication no \n") +n.update_sshd_config("PasswordAuthentication", "yes") +if read_config() ~= "PasswordAuthentication yes\n" then + n.err("Extra spaces handling failed: '" .. read_config() .. "'") +end + +os.exit(0)