fix(reboot): probe explicit windows99 ssh users
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 1m3s
CD Pipeline / build-and-deploy (push) Successful in 4m28s
E2E Health Check / e2e-health (push) Failing after 40s
CD Pipeline / post-deploy-checks (push) Has been cancelled

This commit is contained in:
Your Name
2026-07-02 23:56:33 +08:00
parent 1b3b0fd572
commit e3887395cf
2 changed files with 52 additions and 0 deletions

View File

@@ -7,13 +7,19 @@ CONNECT_TIMEOUT="${WINDOWS99_CONNECT_TIMEOUT:-3}"
SSH_TIMEOUT="${WINDOWS99_SSH_TIMEOUT:-3}"
SSH_PORT="${WINDOWS99_SSH_PORT:-22}"
MAX_AUTH_USERS="${WINDOWS99_MAX_AUTH_USERS:-2}"
MAX_AUTH_USERS_EXPLICIT=0
if [[ -n "${WINDOWS99_MAX_AUTH_USERS:-}" ]]; then
MAX_AUTH_USERS_EXPLICIT=1
fi
KNOWN_HOSTS_FILE="${WINDOWS99_KNOWN_HOSTS_FILE:-/tmp/awoooi-windows99-known_hosts}"
REMOTE_VERIFY_COMMAND="${WINDOWS99_REMOTE_VERIFY_COMMAND:-powershell -NoProfile -ExecutionPolicy Bypass -File .\\windows99-vmware-autostart.ps1 -Mode Verify}"
SSH_USERS=(ogt wooo ooo administrator Administrator)
SSH_USERS_EXPLICIT=0
if [[ -n "${WINDOWS99_SSH_USERS:-}" ]]; then
# shellcheck disable=SC2206
SSH_USERS=(${WINDOWS99_SSH_USERS})
SSH_USERS_EXPLICIT=1
fi
is_positive_int() {
@@ -50,6 +56,7 @@ while [[ $# -gt 0 ]]; do
shift
# shellcheck disable=SC2206
SSH_USERS=(${1:-})
SSH_USERS_EXPLICIT=1
;;
--timeout)
shift
@@ -78,6 +85,12 @@ fi
if ! is_positive_int "${MAX_AUTH_USERS}"; then
MAX_AUTH_USERS=2
fi
if [[ "${SSH_USERS_EXPLICIT}" == "1" && "${MAX_AUTH_USERS_EXPLICIT}" != "1" ]]; then
MAX_AUTH_USERS="${#SSH_USERS[@]}"
fi
if ! is_positive_int "${MAX_AUTH_USERS}"; then
MAX_AUTH_USERS=2
fi
if [[ "${MODE}" != "check" && "${MODE}" != "collect" ]]; then
printf '%s\n' "error=invalid_mode:${MODE}" >&2

View File

@@ -111,6 +111,45 @@ def test_check_mode_reports_open_ports_and_missing_publickey_auth(tmp_path: Path
assert values["windows_update_policy_apply_performed"] == "false"
def test_check_mode_probes_all_explicit_users_without_secret_prompt(tmp_path: Path) -> None:
fake_bin = tmp_path / "bin"
fake_bin.mkdir()
_write_executable(
fake_bin / "nc",
"""
#!/usr/bin/env bash
port="${!#}"
if [[ "$port" == "22" || "$port" == "3389" ]]; then
exit 0
fi
exit 1
""",
)
_write_executable(
fake_bin / "ssh",
"""
#!/usr/bin/env bash
exit 255
""",
)
result = _run_collector(
fake_bin,
"--check",
"--users",
"ogt wooo ooo administrator Administrator",
)
assert result.returncode == 0
values = _key_values(result.stdout)
assert values["ssh_auth_probe_user_limit"] == "5"
assert values["ssh_auth_probed_users"] == "5"
assert values["ssh_batchmode_auth_ready"] == "0"
assert values["verify_collection_status"] == "blocked_ssh_publickey_auth_missing"
assert values["secret_value_read"] == "false"
assert values["password_prompt_allowed"] == "false"
def test_collect_mode_blocks_without_publickey_auth(tmp_path: Path) -> None:
fake_bin = tmp_path / "bin"
fake_bin.mkdir()