66 lines
2.7 KiB
PHP
66 lines
2.7 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
test('mx helper conditionally passes user ip binding to da login-url', function (): void {
|
|
$bin = TEST_TMP . '/fake-da';
|
|
$log = TEST_TMP . '/fake-da.log';
|
|
$audit = TEST_TMP . '/audit.log';
|
|
$state = TEST_TMP . '/state';
|
|
|
|
test_write($bin, "#!/bin/sh\nprintf '%s\\n' \"$@\" >> " . escapeshellarg($log) . "\necho 'URL: https://mx1.domena.pl:2222/api/login/url?key=SECRET'\n");
|
|
chmod($bin, 0755);
|
|
|
|
$script = PLUGIN_ROOT . '/mx-helper/mail-login-authorized-command.sh';
|
|
$cmd = sprintf(
|
|
'MAIL_LOGIN_DA_BIN=%s MAIL_LOGIN_AUDIT_LOG=%s MAIL_LOGIN_STATE_DIR=%s %s %s',
|
|
escapeshellarg($bin),
|
|
escapeshellarg($audit),
|
|
escapeshellarg($state),
|
|
escapeshellarg($script),
|
|
'mail-login-create-url mxtest h4.domena.pl h4 30 1 198.51.100.10 /'
|
|
);
|
|
exec($cmd, $out, $code);
|
|
assert_same(0, $code, implode("\n", $out));
|
|
assert_contains('--ip=198.51.100.10', file_get_contents($log) ?: '');
|
|
assert_contains('autologin-h4-mxtest-', file_get_contents($audit) ?: '');
|
|
|
|
file_put_contents($log, '');
|
|
$cmdNoIp = sprintf(
|
|
'MAIL_LOGIN_DA_BIN=%s MAIL_LOGIN_AUDIT_LOG=%s MAIL_LOGIN_STATE_DIR=%s %s %s',
|
|
escapeshellarg($bin),
|
|
escapeshellarg($audit),
|
|
escapeshellarg($state),
|
|
escapeshellarg($script),
|
|
'mail-login-create-url mxtest h4.domena.pl h4 30 0 198.51.100.10 /'
|
|
);
|
|
exec($cmdNoIp, $outNoIp, $codeNoIp);
|
|
assert_same(0, $codeNoIp, implode("\n", $outNoIp));
|
|
assert_not_contains('--ip=', file_get_contents($log) ?: '');
|
|
assert_contains('ip_bound_disabled', file_get_contents($audit) ?: '');
|
|
});
|
|
|
|
test('mx helper accepts forced command arguments from ssh original command', function (): void {
|
|
$bin = TEST_TMP . '/fake-da-original';
|
|
$log = TEST_TMP . '/fake-da-original.log';
|
|
$audit = TEST_TMP . '/audit-original.log';
|
|
$state = TEST_TMP . '/state-original';
|
|
|
|
test_write($bin, "#!/bin/sh\nprintf '%s\\n' \"$@\" >> " . escapeshellarg($log) . "\necho 'URL: https://mx1.domena.pl:2222/api/login/url?key=SECRET'\n");
|
|
chmod($bin, 0755);
|
|
|
|
$script = PLUGIN_ROOT . '/mx-helper/mail-login-authorized-command.sh';
|
|
$cmd = sprintf(
|
|
'MAIL_LOGIN_DA_BIN=%s MAIL_LOGIN_AUDIT_LOG=%s MAIL_LOGIN_STATE_DIR=%s SSH_ORIGINAL_COMMAND=%s %s',
|
|
escapeshellarg($bin),
|
|
escapeshellarg($audit),
|
|
escapeshellarg($state),
|
|
escapeshellarg('mail-login-create-url mxtest h4.domena.pl h4 30 1 198.51.100.10 /'),
|
|
escapeshellarg($script)
|
|
);
|
|
exec($cmd, $out, $code);
|
|
|
|
assert_same(0, $code, implode("\n", $out));
|
|
assert_contains('--user=mxtest', file_get_contents($log) ?: '');
|
|
assert_contains('autologin-h4-mxtest-', file_get_contents($audit) ?: '');
|
|
});
|