(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:tid) op: assign_op.Equal rhs: {(DQ <'AllowUsers/DenyUsers'>)} spids: [7] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:me) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_DollarName '$LOGNAME'))} spids: [13] ) ] ) (command.If arms: [ (if_arm cond: (condition.Shell commands: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {(DQ <x> ($ Id.VSub_DollarName '$me'))} {<Id.Lit_Equals '='>} {(DQ <x>)} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] ) action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:me) op: assign_op.Equal rhs: {(command_sub left_token:<Id.Left_Backtick '`'> child:(C {<whoami>}))} spids: [39] ) ] ) ] spids: [18 36] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:other) op: assign_op.Equal rhs: {(DQ <nobody>)} spids: [48] ) ] ) (command.ShFunction name: test_auth body: (BraceGroup children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:deny) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_Number '$1'))} spids: [61] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:allow) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_Number '$2'))} spids: [67] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:should_succeed) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_Number '$3'))} spids: [73] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:failmsg) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_Number '$4'))} spids: [79] ) ] ) (C {<start_sshd>} {<-oDenyUsers> <Id.Lit_Equals '='> (DQ ($ Id.VSub_DollarName '$deny'))} {<-oAllowUsers> <Id.Lit_Equals '='> (DQ ($ Id.VSub_DollarName '$allow'))} ) (C {(${ Id.VSub_Name SSH)} {<-F>} {($ Id.VSub_DollarName '$OBJ') <'/ssh_config'>} {(DQ ($ Id.VSub_DollarName '$me') <'@somehost'>)} {<true>} ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:status) op: assign_op.Equal rhs: {($ Id.VSub_QMark '$?')} spids: [119] ) ] ) (command.If arms: [ (if_arm cond: (condition.Shell commands: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DPipe] children: [ (command.Subshell child: (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<test>} {($ Id.VSub_DollarName '$status')} {<-eq>} {<0>}) (command.Pipeline children: [(C {($ Id.VSub_DollarName '$should_succeed')})] negated: T ) ] ) ) (command.Subshell child: (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<test>} {($ Id.VSub_DollarName '$status')} {<-ne>} {<0>}) (C {($ Id.VSub_DollarName '$should_succeed')}) ] ) ) ] ) terminator: <Id.Op_Semi _> ) ] ) action: [(C {<fail>} {(DQ ($ Id.VSub_DollarName '$failmsg'))})] spids: [124 161] ) ] ) (C {<stop_sshd>}) ] ) ) (C {<test_auth>} {(DQ )} {(DQ )} {<true>} {(DQ <'user in neither DenyUsers nor AllowUsers denied'>)}) (C {<test_auth>} {(DQ ($ Id.VSub_DollarName '$other') <' '> ($ Id.VSub_DollarName '$me'))} {(DQ )} {<false>} {(DQ <'user in DenyUsers allowed'>)} ) (C {<test_auth>} {(DQ ($ Id.VSub_DollarName '$me') <' '> ($ Id.VSub_DollarName '$other'))} {(DQ )} {<false>} {(DQ <'user in DenyUsers allowed'>)} ) (C {<test_auth>} {(DQ )} {(DQ ($ Id.VSub_DollarName '$other'))} {<false>} {(DQ <'user not in AllowUsers allowed'>)} ) (C {<test_auth>} {(DQ )} {(DQ ($ Id.VSub_DollarName '$other') <' '> ($ Id.VSub_DollarName '$me'))} {<true>} {(DQ <'user in AllowUsers denied'>)} ) (C {<test_auth>} {(DQ )} {(DQ ($ Id.VSub_DollarName '$me') <' '> ($ Id.VSub_DollarName '$other'))} {<true>} {(DQ <'user in AllowUsers denied'>)} ) (C {<test_auth>} {(DQ ($ Id.VSub_DollarName '$me') <' '> ($ Id.VSub_DollarName '$other'))} {(DQ ($ Id.VSub_DollarName '$me') <' '> ($ Id.VSub_DollarName '$other'))} {<false>} {(DQ <'user in both DenyUsers and AllowUsers allowed'>)} ) (C {<test_auth>} {(DQ ($ Id.VSub_DollarName '$other') <' '> ($ Id.VSub_DollarName '$me'))} {(DQ ($ Id.VSub_DollarName '$other') <' '> ($ Id.VSub_DollarName '$me'))} {<false>} {(DQ <'user in both DenyUsers and AllowUsers allowed'>)} ) ] )