From 63a6b71ec74cd3dfca28c6c25b5d488543db7b55 Mon Sep 17 00:00:00 2001 From: Tess Gauthier Date: Tue, 20 May 2025 15:29:56 -0400 Subject: [PATCH 1/5] add pester test for event viewer scenarios --- .azdo/ci.yml | 12 +- regress/pesterTests/EventLogging.Tests.ps1 | 175 +++++++++++++++++++++ 2 files changed, 181 insertions(+), 6 deletions(-) create mode 100644 regress/pesterTests/EventLogging.Tests.ps1 diff --git a/.azdo/ci.yml b/.azdo/ci.yml index be8d2b761ce..b7681fc216e 100644 --- a/.azdo/ci.yml +++ b/.azdo/ci.yml @@ -30,7 +30,7 @@ stages: Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" displayName: Install PowerShell Core - + - pwsh: | Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force Invoke-AzDOBuild @@ -133,12 +133,12 @@ stages: - pwsh: | Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force - Install-OpenSSH -SourceDir "$(System.ArtifactsDirectory)/Win32-OpenSSH/x64/Release" -OpenSSHDir "$env:SystemDrive/OpenSSH" -Verbose + Install-OpenSSH -SourceDir "$(System.ArtifactsDirectory)/Win32-OpenSSH/x64/Release" -OpenSSHDir "$env:ProgramFiles/OpenSSH" -Verbose displayName: Install Win32-OpenSSH - pwsh: | Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force - Install-UnitTests -SourceDir "$(System.ArtifactsDirectory)/UnitTests/x64/Release" -OpenSSHDir "$env:SystemDrive/OpenSSH" -Verbose + Install-UnitTests -SourceDir "$(System.ArtifactsDirectory)/UnitTests/x64/Release" -OpenSSHDir "$env:ProgramFiles/OpenSSH" -Verbose displayName: Install Unit Tests - pwsh: | @@ -155,7 +155,7 @@ stages: displayName: Capture source repo directory for test - pwsh: | - $installedOpenSSHDir = "$env:SystemDrive/OpenSSH" + $installedOpenSSHDir = "$env:ProgramFiles/OpenSSH" Write-Verbose -Verbose -Message "Installed OpenSSH directory: $installedOpenSSHDir" Get-ChildItem -Path $installedOpenSSHDir -Recurse displayName: Capture installed OpenSSH directory @@ -163,11 +163,11 @@ stages: - pwsh: | # Run OpenSSH tests Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force - Invoke-OpenSSHTests -OpenSSHBinPath "$env:SystemDrive/OpenSSH" + Invoke-OpenSSHTests -OpenSSHBinPath "$env:ProgramFiles/OpenSSH" displayName: Run tests - pwsh: | - Write-Host "##vso[task.setvariable variable=testFilesDrivePath;]$env:SystemDrive" + Write-Host "##vso[task.setvariable variable=testFilesDrivePath;]$env:ProgramFiles" displayName: Set variable - task: PublishTestResults@2 diff --git a/regress/pesterTests/EventLogging.Tests.ps1 b/regress/pesterTests/EventLogging.Tests.ps1 new file mode 100644 index 00000000000..f1da2905a75 --- /dev/null +++ b/regress/pesterTests/EventLogging.Tests.ps1 @@ -0,0 +1,175 @@ +If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Path} +Import-Module $PSScriptRoot\CommonUtils.psm1 -Force +Import-Module OpenSSHUtils -Force +$tC = 1 +$tI = 0 +$suite = "EventLogging" +Describe "Tests for admin and non-admin event logs" -Tags "CI" { + BeforeAll { + if($OpenSSHTestInfo -eq $null) + { + Throw "`$OpenSSHTestInfo is null. Please run Set-OpenSSHTestEnvironment to set test environments." + } + + $testDir = "$($OpenSSHTestInfo["TestDataPath"])\$suite" + if( -not (Test-path $testDir -PathType Container)) + { + $null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue + } + + $server = $OpenSSHTestInfo["Target"] + $nonadminusername = $OpenSSHTestInfo['NonAdminUser'] + $adminusername = $OpenSSHTestInfo['AdminUser'] + $opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath'] + $password = $OpenSSHTestInfo['TestAccountPW'] + $port = 47003 + $sshdDelay = $OpenSSHTestInfo["DelayTime"] + + # Register OpenSSH events in Event Viewer + $etwman = Join-Path $opensshbinpath "openssh-events.man" + if (-not (Test-Path $etwman -PathType Leaf)) { + throw "openssh events manifest is not present in OpenSSH binary path" + } + wevtutil im "$etwman" | Out-Null + } + + AfterEach { $tI++ } + + AfterAll { + # Unregister etw provider + wevtutil um "$etwman" + } + + Context "Tests Logs for SSH connections" { + BeforeAll { + Add-PasswordSetting -Pass $password + $tI=1 + } + + BeforeEach { + wevtutil sl "OpenSSH/Debug" /e:false /q:true | Out-Null + wevtutil cl "OpenSSH/Debug" | Out-Null + wevtutil sl "OpenSSH/Debug" /e:true /q:true | Out-Null + wevtutil sl "OpenSSH/Operational" /e:false /q:true | Out-Null + wevtutil cl "OpenSSH/Operational" | Out-Null + wevtutil sl "OpenSSH/Operational" /e:true /q:true | Out-Null + } + + AfterAll { + Remove-PasswordSetting + $tC++ + } + + It "$tC.$tI-Nonadmin SSH Connection" -skip:$skip { + $o = ssh -l $nonadminusername test_target echo 1234 + $o | Should Be 1234 + Start-Sleep $sshdDelay + $eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text + $eventLogDebug | Should Not Be $null + $eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text + $eventLogOperational | Should Not Be $null + } + + It "$tC.$tI-Admin SSH Connection" -skip:$skip { + $o = ssh -l $adminusername test_target echo 1234 + $o | Should Be 1234 + Start-Sleep $sshdDelay + $eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text + $eventLogDebug | Should Not Be $null + $eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text + $eventLogOperational | Should Not Be $null + } + } + + Context "Tests Logs for SFTP connections" { + + BeforeAll { + + function Setup-KeyBasedAuth + { + param([string] $Username, [string] $KeyFilePath, [string] $UserProfile) + + $userSSHProfilePath = Join-Path $UserProfile .ssh + + if (-not (Test-Path $userSSHProfilePath -PathType Container)) { + New-Item $userSSHProfilePath -ItemType directory -Force -ErrorAction Stop | Out-Null + } + + $authorizedkeyPath = Join-Path $userSSHProfilePath authorized_keys + + if($OpenSSHTestInfo["NoLibreSSL"]) + { + ssh-keygen.exe -t ed25519 -f $KeyFilePath -Z -P "" aes128-ctr + } + else + { + ssh-keygen.exe -t ed25519 -f $KeyFilePath -P "" + } + Copy-Item "$keyFilePath.pub" $authorizedkeyPath -Force -ErrorAction SilentlyContinue + Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false + } + + $AdminUserProfile = $OpenSSHTestInfo['AdminUserProfile'] + $NonAdminUserProfile = $OpenSSHTestInfo['NonAdminUserProfile'] + + $KeyFileName = $nonadminusername + "_sshtest_EventLog_ed25519" + $NonadminKeyFilePath = Join-Path $testDir $keyFileName + Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue + Setup-KeyBasedAuth -Username $nonadminusername -KeyFilePath $NonadminKeyFilePath -UserProfile $NonAdminUserProfile + + $KeyFileName = $adminusername + "_sshtest_EventLog_ed25519" + $AdminKeyFilePath = Join-Path $testDir $keyFileName + Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue + Setup-KeyBasedAuth -Username $adminusername -KeyFilePath $AdminKeyFilePath -UserProfile $AdminUserProfile + + #create batch file + $commands = +"ls +exit" + $batchFilePath = Join-Path $testDir "$tC.$tI.commands.txt" + Set-Content $batchFilePath -Encoding UTF8 -value $commands + + $tI = 1 + } + + BeforeEach { + wevtutil sl "OpenSSH/Debug" /e:false /q:true | Out-Null + wevtutil cl "OpenSSH/Debug" | Out-Null + wevtutil sl "OpenSSH/Debug" /e:true /q:true | Out-Null + wevtutil sl "OpenSSH/Operational" /e:false /q:true | Out-Null + wevtutil cl "OpenSSH/Operational" | Out-Null + wevtutil sl "OpenSSH/Operational" /e:true /q:true | Out-Null + } + + AfterAll { + Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue + Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue + + $authorized_key = Join-Path .ssh authorized_keys + $AdminAuthKeysPath = Join-Path $AdminUserProfile $authorized_key + $NonAdminAuthKeysPath = Join-Path $NonAdminUserProfile $authorized_key + Remove-Item -path "$AdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue + Remove-Item -path "$NonAdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue + + $tC++ + } + + It "$tC.$tI-Nonadmin SFTP Connection" -skip:$skip { + sftp -i $NonadminKeyFilePath -b $batchFilePath -o User=$nonadminusername test_target + Start-Sleep $sshdDelay + $eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text + $eventLogDebug | Should Not Be $null + $eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text + $eventLogOperational | Should Not Be $null + } + + It "$tC.$tI-Admin SFTP Connection" -skip:$skip { + sftp -i $AdminKeyFilePath -b $batchFilePath -o User=$adminusername test_target + Start-Sleep $sshdDelay + $eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text + $eventLogDebug | Should Not Be $null + $eventLogOperational = wevtutil qe "OpenSSH/Operational" /c:5 /f:text + $eventLogOperational | Should Not Be $null + } + } +} From e59f22619431ee60d98d84649a08a0ac2b451fd9 Mon Sep 17 00:00:00 2001 From: Tess Gauthier Date: Tue, 20 May 2025 16:24:13 -0400 Subject: [PATCH 2/5] revert ci changes --- .azdo/ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.azdo/ci.yml b/.azdo/ci.yml index b7681fc216e..be8d2b761ce 100644 --- a/.azdo/ci.yml +++ b/.azdo/ci.yml @@ -30,7 +30,7 @@ stages: Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" displayName: Install PowerShell Core - + - pwsh: | Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force Invoke-AzDOBuild @@ -133,12 +133,12 @@ stages: - pwsh: | Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force - Install-OpenSSH -SourceDir "$(System.ArtifactsDirectory)/Win32-OpenSSH/x64/Release" -OpenSSHDir "$env:ProgramFiles/OpenSSH" -Verbose + Install-OpenSSH -SourceDir "$(System.ArtifactsDirectory)/Win32-OpenSSH/x64/Release" -OpenSSHDir "$env:SystemDrive/OpenSSH" -Verbose displayName: Install Win32-OpenSSH - pwsh: | Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force - Install-UnitTests -SourceDir "$(System.ArtifactsDirectory)/UnitTests/x64/Release" -OpenSSHDir "$env:ProgramFiles/OpenSSH" -Verbose + Install-UnitTests -SourceDir "$(System.ArtifactsDirectory)/UnitTests/x64/Release" -OpenSSHDir "$env:SystemDrive/OpenSSH" -Verbose displayName: Install Unit Tests - pwsh: | @@ -155,7 +155,7 @@ stages: displayName: Capture source repo directory for test - pwsh: | - $installedOpenSSHDir = "$env:ProgramFiles/OpenSSH" + $installedOpenSSHDir = "$env:SystemDrive/OpenSSH" Write-Verbose -Verbose -Message "Installed OpenSSH directory: $installedOpenSSHDir" Get-ChildItem -Path $installedOpenSSHDir -Recurse displayName: Capture installed OpenSSH directory @@ -163,11 +163,11 @@ stages: - pwsh: | # Run OpenSSH tests Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force - Invoke-OpenSSHTests -OpenSSHBinPath "$env:ProgramFiles/OpenSSH" + Invoke-OpenSSHTests -OpenSSHBinPath "$env:SystemDrive/OpenSSH" displayName: Run tests - pwsh: | - Write-Host "##vso[task.setvariable variable=testFilesDrivePath;]$env:ProgramFiles" + Write-Host "##vso[task.setvariable variable=testFilesDrivePath;]$env:SystemDrive" displayName: Set variable - task: PublishTestResults@2 From 4e4500c3627aa3e9c85f80f875d87ea1d7dd35a1 Mon Sep 17 00:00:00 2001 From: Tess Gauthier Date: Thu, 5 Jun 2025 14:39:29 -0400 Subject: [PATCH 3/5] Update regress/pesterTests/EventLogging.Tests.ps1 Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- regress/pesterTests/EventLogging.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regress/pesterTests/EventLogging.Tests.ps1 b/regress/pesterTests/EventLogging.Tests.ps1 index f1da2905a75..ea9502ce486 100644 --- a/regress/pesterTests/EventLogging.Tests.ps1 +++ b/regress/pesterTests/EventLogging.Tests.ps1 @@ -145,7 +145,7 @@ exit" Remove-Item -path "$NonadminKeyFilePath*" -Force -ErrorAction SilentlyContinue Remove-Item -path "$AdminKeyFilePath*" -Force -ErrorAction SilentlyContinue - $authorized_key = Join-Path .ssh authorized_keys + $authorized_key = Join-Path '.ssh' authorized_keys $AdminAuthKeysPath = Join-Path $AdminUserProfile $authorized_key $NonAdminAuthKeysPath = Join-Path $NonAdminUserProfile $authorized_key Remove-Item -path "$AdminAuthKeysPath*" -Force -ErrorAction SilentlyContinue From 5bf0c486ac6b86c4618eac02e8f94a34eb2f4645 Mon Sep 17 00:00:00 2001 From: Tess Gauthier Date: Thu, 5 Jun 2025 14:40:13 -0400 Subject: [PATCH 4/5] Update regress/pesterTests/EventLogging.Tests.ps1 Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- regress/pesterTests/EventLogging.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regress/pesterTests/EventLogging.Tests.ps1 b/regress/pesterTests/EventLogging.Tests.ps1 index ea9502ce486..b55b34eb720 100644 --- a/regress/pesterTests/EventLogging.Tests.ps1 +++ b/regress/pesterTests/EventLogging.Tests.ps1 @@ -105,7 +105,7 @@ Describe "Tests for admin and non-admin event logs" -Tags "CI" { { ssh-keygen.exe -t ed25519 -f $KeyFilePath -P "" } - Copy-Item "$keyFilePath.pub" $authorizedkeyPath -Force -ErrorAction SilentlyContinue + Copy-Item "$KeyFilePath.pub" $authorizedkeyPath -Force -ErrorAction SilentlyContinue Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false } From 3039917b68bc1c5dfd8a4493f3c997f103574da1 Mon Sep 17 00:00:00 2001 From: Tess Gauthier Date: Thu, 5 Jun 2025 14:42:28 -0400 Subject: [PATCH 5/5] Update EventLogging.Tests.ps1 --- regress/pesterTests/EventLogging.Tests.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/regress/pesterTests/EventLogging.Tests.ps1 b/regress/pesterTests/EventLogging.Tests.ps1 index b55b34eb720..5711074e0cf 100644 --- a/regress/pesterTests/EventLogging.Tests.ps1 +++ b/regress/pesterTests/EventLogging.Tests.ps1 @@ -60,7 +60,7 @@ Describe "Tests for admin and non-admin event logs" -Tags "CI" { $tC++ } - It "$tC.$tI-Nonadmin SSH Connection" -skip:$skip { + It "$tC.$tI-Nonadmin SSH Connection" { $o = ssh -l $nonadminusername test_target echo 1234 $o | Should Be 1234 Start-Sleep $sshdDelay @@ -70,7 +70,7 @@ Describe "Tests for admin and non-admin event logs" -Tags "CI" { $eventLogOperational | Should Not Be $null } - It "$tC.$tI-Admin SSH Connection" -skip:$skip { + It "$tC.$tI-Admin SSH Connection" { $o = ssh -l $adminusername test_target echo 1234 $o | Should Be 1234 Start-Sleep $sshdDelay @@ -154,7 +154,7 @@ exit" $tC++ } - It "$tC.$tI-Nonadmin SFTP Connection" -skip:$skip { + It "$tC.$tI-Nonadmin SFTP Connection" { sftp -i $NonadminKeyFilePath -b $batchFilePath -o User=$nonadminusername test_target Start-Sleep $sshdDelay $eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text @@ -163,7 +163,7 @@ exit" $eventLogOperational | Should Not Be $null } - It "$tC.$tI-Admin SFTP Connection" -skip:$skip { + It "$tC.$tI-Admin SFTP Connection" { sftp -i $AdminKeyFilePath -b $batchFilePath -o User=$adminusername test_target Start-Sleep $sshdDelay $eventLogDebug = wevtutil qe "OpenSSH/Debug" /c:5 /f:text