# Public Domain
# Zev Weiss, 2016

setglobal tid = '"AllowUsers/DenyUsers'"

setglobal me = $LOGNAME
if test "x$me" = "x" {
	setglobal me = $[whoami]
}
setglobal other = '"nobody'"

proc test_auth
{
	setglobal deny = $1
	setglobal allow = $2
	setglobal should_succeed = $3
	setglobal failmsg = $4

	start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow"

	$(SSH) -F $OBJ/ssh_config "$me@somehost" true
	setglobal status = $Status

	if shell {test $status -eq 0 && ! $should_succeed} \
	    || shell {test $status -ne 0 && $should_succeed} {
		fail $failmsg
	}

	stop_sshd
}

#         DenyUsers     AllowUsers    should_succeed  failure_message
test_auth ""            ""            true            "user in neither DenyUsers nor AllowUsers denied"
test_auth "$other $me"  ""            false           "user in DenyUsers allowed"
test_auth "$me $other"  ""            false           "user in DenyUsers allowed"
test_auth ""            $other      false           "user not in AllowUsers allowed"
test_auth ""            "$other $me"  true            "user in AllowUsers denied"
test_auth ""            "$me $other"  true            "user in AllowUsers denied"
test_auth "$me $other"  "$me $other"  false           "user in both DenyUsers and AllowUsers allowed"
test_auth "$other $me"  "$other $me"  false           "user in both DenyUsers and AllowUsers allowed"