From 5f34491c759ac97fed58f25dfd127f04ebd1779a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 28 Nov 2023 15:44:41 +0100
Subject: [PATCH] test: add test that ensures homed logins via SSH work

---
 test/TEST-46-HOMED/test.sh |  3 ++
 test/units/testsuite-46.sh | 57 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)

diff --git a/test/TEST-46-HOMED/test.sh b/test/TEST-46-HOMED/test.sh
index 3bf3891380ca2..923e00229e698 100755
--- a/test/TEST-46-HOMED/test.sh
+++ b/test/TEST-46-HOMED/test.sh
@@ -21,6 +21,9 @@ test_append_files() {
         install_btrfs
         generate_module_dependencies
     fi
+    inst_binary ssh
+    inst_binary sshd
+    inst_binary ssh-keygen
 }
 
 do_test "$@"
diff --git a/test/units/testsuite-46.sh b/test/units/testsuite-46.sh
index a77683b479ecd..cdb65c6b8533f 100755
--- a/test/units/testsuite-46.sh
+++ b/test/units/testsuite-46.sh
@@ -314,6 +314,63 @@ for opt in json multiplexer output synthesize with-dropin with-nss with-varlink;
     (! userdbctl "--$opt=foo" "--$opt=''" "--$opt=🐱")
 done
 
+# Test that SSH logins work with delayed unlocking
+ssh-keygen -N '' -C '' -t rsa -f /tmp/homed.id_rsa
+NEWPASSWORD=hunter4711 homectl create \
+                       --disk-size=min \
+                       --luks-discard=yes \
+                       --luks-pbkdf-type=pbkdf2 \
+                       --luks-pbkdf-time-cost=1ms \
+                       --enforce-password-policy=no \
+                       --ssh-authorized-keys=@/tmp/homed.id_rsa.pub \
+                       --stop-delay=0 \
+                       homedsshtest
+
+mkdir -p /etc/ssh
+test -f /etc/ssh/ssh_host_rsa_key || ssh-keygen -t rsa -C '' -N '' -f /etc/ssh/ssh_host_rsa_key
+
+mkdir -p /usr/share/empty.sshd
+
+cat >> /etc/ssh/sshd_config <<EOF
+AuthorizedKeysCommand /usr/bin/userdbctl ssh-authorized-keys %u
+AuthorizedKeysCommandUser root
+UsePAM yes
+AcceptEnv PASSWORD
+EOF
+
+cat > /run/systemd/system/mysshserver.socket <<EOF
+[Socket]
+ListenStream=4711
+Accept=yes
+EOF
+
+cat > /run/systemd/system/mysshserver@.service <<EOF
+[Service]
+ExecStart=-/usr/sbin/sshd -i -d -e
+StandardInput=socket
+StandardOutput=socket
+StandardError=journal
+EOF
+
+systemctl daemon-reload
+systemctl start mysshserver.socket
+
+userdbctl user -j homedsshtest
+
+ssh -t -v -4 -p 4711 -i /tmp/homed.id_rsa -o "SetEnv PASSWORD=hunter4711" -o "StrictHostKeyChecking no" homedsshtest@localhost echo zzz > /tmp/homedsshtest.out
+cat /tmp/homedsshtest.out
+test "$(cat /tmp/homedsshtest.out)" = "zzz"
+rm /tmp/homedsshtest.out
+
+ssh -t -v -4 -p 4711 -i /tmp/homed.id_rsa -o "SetEnv PASSWORD=hunter4711" -o "StrictHostKeyChecking no" homedsshtest@localhost env
+
+wait_for_state homedsshtest inactive
+homectl remove homedsshtest
+
+systemctl stop mysshserver.socket
+rm /run/systemd/system/mysshserver.socket
+rm /run/systemd/system/mysshserver@.service
+
 systemd-analyze log-level info
 
 touch /testok