(CommandList children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:tid) op: Equal rhs: {(DQ (AllowUsers/DenyUsers))} spids: [7] ) ] spids: [7] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:me) op: Equal rhs: {(DQ ($ VSub_Name '$LOGNAME'))} spids: [13] ) ] spids: [13] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other '[')} {(DQ (x) ($ VSub_Name '$me'))} {(Lit_Other '=')} {(DQ (x))} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:me) op: Equal rhs: { (CommandSubPart command_list: (CommandList children:[(C {(whoami)})]) left_token: <Left_Backtick '`'> spids: [40 42] ) } spids: [39] ) ] spids: [39] ) ] spids: [-1 36] ) ] spids: [-1 44] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:other) op:Equal rhs:{(DQ (nobody))} spids:[46])] spids: [46] ) (FuncDef name: test_auth body: (BraceGroup children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:deny) op: Equal rhs: {(DQ ($ VSub_Number '$1'))} spids: [59] ) ] spids: [59] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:allow) op: Equal rhs: {(DQ ($ VSub_Number '$2'))} spids: [65] ) ] spids: [65] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:should_succeed) op: Equal rhs: {(DQ ($ VSub_Number '$3'))} spids: [71] ) ] spids: [71] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:failmsg) op: Equal rhs: {(DQ ($ VSub_Number '$4'))} spids: [77] ) ] spids: [77] ) (C {(start_sshd)} {(-oDenyUsers) (Lit_Other '=') (DQ ($ VSub_Name '$deny'))} {(-oAllowUsers) (Lit_Other '=') (DQ ($ VSub_Name '$allow'))} ) (C {(${ VSub_Name SSH)} {(-F)} {($ VSub_Name '$OBJ') (/ssh_config)} {(DQ ($ VSub_Name '$me') ('@somehost'))} {(true)} ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:status) op: Equal rhs: {($ VSub_QMark '$?')} spids: [117] ) ] spids: [117] ) (If arms: [ (if_arm cond: [ (Sentence child: (AndOr children: [ (Subshell child: (AndOr children: [ (C {(test)} {($ VSub_Name '$status')} {(-eq)} {(0)}) (Pipeline children: [(C {($ VSub_Name '$should_succeed')})] negated: True ) ] op_id: Op_DAmp ) spids: [124 138] ) (Subshell child: (AndOr children: [ (C {(test)} {($ VSub_Name '$status')} {(-ne)} {(0)}) (C {($ VSub_Name '$should_succeed')}) ] op_id: Op_DAmp ) spids: [144 156] ) ] op_id: Op_DPipe ) terminator: <Op_Semi ';'> ) ] action: [(C {(fail)} {(DQ ($ VSub_Name '$failmsg'))})] spids: [-1 159] ) ] spids: [-1 169] ) (C {(stop_sshd)}) ] spids: [56] ) spids: [52 55] ) (C {(test_auth)} {(DQ )} {(DQ )} {(true)} {(DQ ('user in neither DenyUsers nor AllowUsers denied'))}) (C {(test_auth)} {(DQ ($ VSub_Name '$other') (' ') ($ VSub_Name '$me'))} {(DQ )} {(false)} {(DQ ('user in DenyUsers allowed'))} ) (C {(test_auth)} {(DQ ($ VSub_Name '$me') (' ') ($ VSub_Name '$other'))} {(DQ )} {(false)} {(DQ ('user in DenyUsers allowed'))} ) (C {(test_auth)} {(DQ )} {(DQ ($ VSub_Name '$other'))} {(false)} {(DQ ('user not in AllowUsers allowed'))} ) (C {(test_auth)} {(DQ )} {(DQ ($ VSub_Name '$other') (' ') ($ VSub_Name '$me'))} {(true)} {(DQ ('user in AllowUsers denied'))} ) (C {(test_auth)} {(DQ )} {(DQ ($ VSub_Name '$me') (' ') ($ VSub_Name '$other'))} {(true)} {(DQ ('user in AllowUsers denied'))} ) (C {(test_auth)} {(DQ ($ VSub_Name '$me') (' ') ($ VSub_Name '$other'))} {(DQ ($ VSub_Name '$me') (' ') ($ VSub_Name '$other'))} {(false)} {(DQ ('user in both DenyUsers and AllowUsers allowed'))} ) (C {(test_auth)} {(DQ ($ VSub_Name '$other') (' ') ($ VSub_Name '$me'))} {(DQ ($ VSub_Name '$other') (' ') ($ VSub_Name '$me'))} {(false)} {(DQ ('user in both DenyUsers and AllowUsers allowed'))} ) ] )