1 files changed, 128 insertions, 20 deletions

diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl
index 733414e23a..0a0ab5cdf7 100644
--- a/lib/ssh/test/ssh_basic_SUITE.erl
+++ b/lib/ssh/test/ssh_basic_SUITE.erl
@@ -50,7 +50,12 @@
 	 inet6_option/1,
 	 inet_option/1,
 	 internal_error/1,
-	 known_hosts/1,  
+	 known_hosts/1,
+	 login_bad_pwd_no_retry1/1,
+	 login_bad_pwd_no_retry2/1,
+	 login_bad_pwd_no_retry3/1,
+	 login_bad_pwd_no_retry4/1,
+	 login_bad_pwd_no_retry5/1,
 	 misc_ssh_options/1,
 	 openssh_zlib_basic_test/1,  
 	 packet_size_zero/1, 
@@ -62,7 +67,8 @@
 	 shell_unicode_string/1,
 	 ssh_info_print/1,
 	 key_callback/1,
-	 key_callback_options/1
+	 key_callback_options/1,
+	 shell_exit_status/1
 	]).
 
 %%% Common test callbacks
@@ -100,7 +106,9 @@ all() ->
      daemon_opt_fd,
      multi_daemon_opt_fd,
      packet_size_zero,
-     ssh_info_print
+     ssh_info_print,
+     {group, login_bad_pwd_no_retry},
+     shell_exit_status
     ].
 
 groups() ->
@@ -116,7 +124,13 @@ groups() ->
      {dsa_pass_key, [], [pass_phrase]},
      {rsa_pass_key, [], [pass_phrase]},
      {key_cb, [], [key_callback, key_callback_options]},
-     {internal_error, [], [internal_error]}
+     {internal_error, [], [internal_error]},
+     {login_bad_pwd_no_retry, [], [login_bad_pwd_no_retry1,
+				   login_bad_pwd_no_retry2,
+				   login_bad_pwd_no_retry3,
+				   login_bad_pwd_no_retry4,
+				   login_bad_pwd_no_retry5
+				  ]}
     ].
 
 
@@ -301,9 +315,9 @@ init_per_testcase(TC, Config) when TC==shell_no_unicode ;
 			     {user_passwords, [{"foo", "bar"}]}]),
     ct:sleep(500),
     IO = ssh_test_lib:start_io_server(),
-    Shell = ssh_test_lib:start_shell(Port, IO, UserDir,
-				     [{silently_accept_hosts, true},
-				      {user,"foo"},{password,"bar"}]),
+    Shell = ssh_test_lib:start_shell(Port, IO, [{user_dir,UserDir},
+						{silently_accept_hosts, true},
+						{user,"foo"},{password,"bar"}]),
     ct:log("IO=~p, Shell=~p, self()=~p",[IO,Shell,self()]),
     ct:log("file:native_name_encoding() = ~p,~nio:getopts() = ~p",
 	   [file:native_name_encoding(),io:getopts()]),
@@ -329,14 +343,15 @@ end_per_testcase(TC, Config) when TC==shell_no_unicode ;
 				  TC==shell_unicode_string ->
     case proplists:get_value(sftpd, Config) of
 	{Pid, _, _} ->
-	    ssh:stop_daemon(Pid),
-	    ssh:stop();
+	    catch ssh:stop_daemon(Pid);
 	_ ->
-	    ssh:stop()
-    end;
+	    ok
+    end,
+    end_per_testcase(Config);
 end_per_testcase(_TestCase, Config) ->
     end_per_testcase(Config).
-end_per_testcase(_Config) ->    
+
+end_per_testcase(_Config) ->
     ssh:stop(),
     ok.
 
@@ -510,7 +525,7 @@ shell(Config) when is_list(Config) ->
     ct:sleep(500),
 
     IO = ssh_test_lib:start_io_server(),
-    Shell = ssh_test_lib:start_shell(Port, IO, UserDir),
+    Shell = ssh_test_lib:start_shell(Port, IO, [{user_dir,UserDir}]),
     receive
 	{'EXIT', _, _} ->
 	    ct:fail(no_ssh_connection);  
@@ -548,10 +563,10 @@ exec_key_differs(Config, UserPKAlgs) ->
 	    ct:sleep(500),
 
 	    IO = ssh_test_lib:start_io_server(),
-	    Shell = ssh_test_lib:start_shell(Port, IO, UserDir,
-					     [{preferred_algorithms,[{public_key,['ssh-rsa']}]},
-					      {pref_public_key_algs,UserPKAlgs}
-					     ]),
+	    Shell = ssh_test_lib:start_shell(Port, IO, [{user_dir,UserDir},
+							{preferred_algorithms,[{public_key,['ssh-rsa']}]},
+							{pref_public_key_algs,UserPKAlgs}
+						       ]),
 
 
 	    receive
@@ -582,9 +597,9 @@ exec_key_differs_fail(Config) when is_list(Config) ->
     ct:sleep(500),
 
     IO = ssh_test_lib:start_io_server(),
-    ssh_test_lib:start_shell(Port, IO, UserDir,
-			     [{preferred_algorithms,[{public_key,['ssh-rsa']}]},
-			      {pref_public_key_algs,['ssh-dss']}]),
+    ssh_test_lib:start_shell(Port, IO, [{user_dir,UserDir},
+					{preferred_algorithms,[{public_key,['ssh-rsa']}]},
+					{pref_public_key_algs,['ssh-dss']}]),
     receive
 	{'EXIT', _, _} ->
 	    ok;  
@@ -1090,6 +1105,99 @@ ssh_info_print(Config) ->
 
 
 %%--------------------------------------------------------------------
+%% Check that a basd pwd is not tried more times. Could cause lock-out
+%% on server
+
+login_bad_pwd_no_retry1(Config) ->
+    login_bad_pwd_no_retry(Config, "keyboard-interactive,password").
+
+login_bad_pwd_no_retry2(Config) ->
+    login_bad_pwd_no_retry(Config, "password,keyboard-interactive").
+
+login_bad_pwd_no_retry3(Config) ->
+    login_bad_pwd_no_retry(Config, "password,publickey,keyboard-interactive").
+
+login_bad_pwd_no_retry4(Config) ->
+    login_bad_pwd_no_retry(Config, "password,other,keyboard-interactive").
+
+login_bad_pwd_no_retry5(Config) ->
+    login_bad_pwd_no_retry(Config, "password,other,keyboard-interactive,password,password").
+
+
+
+
+
+login_bad_pwd_no_retry(Config, AuthMethods) ->
+    PrivDir = proplists:get_value(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = proplists:get_value(data_dir, Config),
+
+    Parent = self(),
+    PwdFun = fun(_, _, _, undefined) -> {false, 1};
+		(_, _, _,         _) -> Parent ! retry_bad_pwd,
+					false
+	     end,
+
+    {DaemonRef, _Host, Port} = 
+	ssh_test_lib:daemon([{system_dir, SysDir},
+			     {user_dir, UserDir},
+			     {auth_methods, AuthMethods},
+			     {user_passwords, [{"foo","somepwd"}]},
+			     {pwdfun, PwdFun}
+			    ]),
+
+    ConnRes = ssh:connect("localhost", Port,
+			  [{silently_accept_hosts, true},
+			   {user, "foo"},
+			   {password, "badpwd"},
+			   {user_dir, UserDir},
+			   {user_interaction, false}]),
+
+    receive
+	retry_bad_pwd ->
+	    ssh:stop_daemon(DaemonRef),
+	    {fail, "Retry bad password"}
+    after 0 ->
+	    case ConnRes of
+		{error,"Unable to connect using the available authentication methods"} ->
+		    ssh:stop_daemon(DaemonRef),
+		    ok;
+		{ok,Conn} ->
+		    ssh:close(Conn),
+		    ssh:stop_daemon(DaemonRef),
+		    {fail, "Connect erroneosly succeded"}
+	    end
+    end.
+
+
+%%----------------------------------------------------------------------------
+%%% Test that when shell REPL exit with reason normal client receives status 0
+shell_exit_status(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    SystemDir = proplists:get_value(data_dir, Config),
+    UserDir = proplists:get_value(priv_dir, Config),
+
+    ShellFun = fun (_User) -> spawn(fun() -> ok end) end,
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+                                             {user_dir, UserDir},
+                                             {user_passwords, [{"vego", "morot"}]},
+                                             {shell, ShellFun},
+                                             {failfun, fun ssh_test_lib:failfun/2}]),
+    ConnectionRef =
+        ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+                                          {user_dir, UserDir},
+                                          {user, "vego"},
+                                          {password, "morot"},
+                                          {user_interaction, false}]),
+
+    {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity),
+    ok = ssh_connection:shell(ConnectionRef, ChannelId),
+    ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId),
+    ssh:stop_daemon(Pid).
+
+
+%%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
 %%--------------------------------------------------------------------
 %% Due to timing the error message may or may not be delivered to