o ¯blzã@sødZzddlZWn eydZYnwdZddlZddlmZddlmZddl m Z ddl m Z dd l mZdd lmZmZmZmZdd lmZmZdd lmZdd lmZddlmZmZddlmZddl m!Z!ddl"m#Z#ddl$m%Z%e!dƒre!dƒrdZ&ddl'm(Z(ddl)m*Z*m+Z+ddl,m-Z-ddl.m/Z/ndZ&e0eddƒdurªdZ1ndZ1Gdd„de%ƒZ2Gdd„de%ƒZ3Gd d!„d!e%ƒZ4Gd"d#„d#e%ƒZ5Gd$d%„d%e%ƒZ6Gd&d'„d'e%ƒZ7Gd(d)„d)e%ƒZ8ed*d+gƒZ9Gd,d-„d-e:ƒZ;Gd.d/„d/e%ƒZs zHelperTests.setUpcCó4d}d}t ||¡}| t ||¡d ||¡¡dS)z– L{verifyCryptedPassword} returns C{True} if the plaintext password passed to it matches the encrypted password passed to it. ú secret stringÚsaltyz5{!r} supposed to be valid encrypted password for {!r}N©ÚcryptÚ assertTruerÚverifyCryptedPasswordÚformat©r"ÚpasswordÚsaltÚcryptedr#r#r$Útest_verifyCryptedPasswordAó  ÿþz&HelperTests.test_verifyCryptedPasswordcCr&)zŠ L{verifyCryptedPassword} returns True if the provided cleartext password matches the provided MD5 password hash. r/z$1$saltz3{!r} supposed to be valid encrypted password for {}Nr)r.r#r#r$Útest_verifyCryptedPasswordMD5Pr3z)HelperTests.test_verifyCryptedPasswordMD5cCs4d}d}t ||¡}| t ||¡d ||¡¡dS)zž L{verifyCryptedPassword} returns C{False} if the plaintext password passed to it does not match the encrypted password passed to it. z string secretr'z7{!r} not supposed to be valid encrypted password for {}N)r*Ú assertFalserr,r-)r"r/Úwrongr1r#r#r$Útest_refuteCryptedPassword_r3z&HelperTests.test_refuteCryptedPasswordc CsFtƒ}| ddddddd¡| td|¡| t d¡| d¡¡d S) z‡ L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. ÚaliceÚsecritééz first lastú/fooú/bin/shÚpwdN)rÚaddUserÚpatchrÚ assertEqualÚ _pwdGetByNameÚgetpwnam©r"Úuserdbr#r#r$Útest_pwdGetByNamenszHelperTests.test_pwdGetByNamecCs"| tdd¡| t d¡¡dS)zW If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}. r>Nr8)r@rÚ assertIsNonerBr!r#r#r$Útest_pwdGetByNameWithoutPwdxsz'HelperTests.test_pwdGetByNameWithoutPwdc Cs’tƒ}| ddddddddd ¡ | td |¡d |j_d |j_| td |j¡| t  d¡|  d¡¡| |jj dd g¡| |jj dd g¡dS)z„ L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow database if the L{spwd} is present. ÚbobÚ passphraser:r;éééééÚspwdé) éÒÚosrN) rr?r@rr ÚeuidÚegidrrAÚ_shadowGetByNameÚgetspnamÚ seteuidCallsÚ setegidCallsrDr#r#r$Útest_shadowGetByNamesz HelperTests.test_shadowGetByNamecCsB| tdd¡| t d¡¡| |jjg¡| |jjg¡dS)zP L{_shadowGetByName} returns L{None} if C{spwd} is not present. rPNrI)r@rrGrVrAr rXrYr!r#r#r$Útest_shadowGetByNameWithoutSpwdsz+HelperTests.test_shadowGetByNameWithoutSpwdN)Ú__name__Ú __module__Ú __qualname__Ú__doc__Ú cryptSkipÚdependencySkipÚskipr%r2r4r7rFrHrZr[r#r#r#r$r6s  rc@speZdZdZep eZdd„Zdd„Zdd„Z dd „Z d d „Z d d „Z dd„Z dd„Zdd„Zdd„Zdd„ZdS)ÚSSHPublicKeyDatabaseTestsz, Tests for L{SSHPublicKeyDatabase}. c Cs´t ¡|_tdƒ|_tdƒ|_d|jd|jd|_tƒ|_t |  ¡ƒ|j_ |jj   ¡|  td|j¡|jj  d¡|_|j  ¡tƒ}| dd d d d |jj j d ¡||j_dS)Nófoobaróeggspamst1 s foo t2 s egg rSú.sshóuserópasswordr:r;s first lastó /bin/shell)rÚSSHPublicKeyDatabaseÚcheckerrÚkey1Úkey2Úcontentrr rÚmktempÚpathÚmakedirsr@rÚchildÚsshDirrr?Ú_userdbrDr#r#r$r%¢s*     ù zSSHPublicKeyDatabaseTests.setUpcCsL|j|jgd}| |ddt¡| |ddd¡| t|ƒd¡dS)zJ L{SSHPublicKeyDatabase} is deprecated as of version 15.0 )ÚoffendingFunctionsrÚcategoryÚmessagezÜtwisted.conch.checkers.SSHPublicKeyDatabase was deprecated in Twisted 15.0.0: Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.r:N)Ú flushWarningsr%rAÚDeprecationWarningÚlen)r"Ú warningsShownr#r#r$Útest_deprecated»s þz)SSHPublicKeyDatabaseTests.test_deprecatedcCsj|j |¡ |j¡tddƒ}d|_| |j |¡¡d|_| |j |¡¡d|_|  |j |¡¡dS)Nrgrhrdres notallowed) rsrrÚ setContentrnr Úblobr+rkÚcheckKeyr5)r"ÚfilenameÚuserr#r#r$Ú _testCheckKeyËs z'SSHPublicKeyDatabaseTests._testCheckKeycCó.| d¡| |jjg¡| |jjg¡dS)z˜ L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys file and check the keys against that file. Úauthorized_keysN©r‚rAr rXrYr!r#r#r$Ú test_checkKeyÕó z'SSHPublicKeyDatabaseTests.test_checkKeycCrƒ)z™ L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys2 file and check the keys against that file. Úauthorized_keys2Nr…r!r#r#r$Útest_checkKey2Þr‡z(SSHPublicKeyDatabaseTests.test_checkKey2csÄ|j d¡‰ˆ |j¡ˆ d¡| ˆjd¡|jj‰‡‡fdd„}d|j_d|j_ |  |jd|¡|  t d |j¡t d d ƒ}d |_ | |j |¡¡| |jjgd ¢¡| |jjddg¡dS)z˜ If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. r„réÿcsˆ d¡ˆ|ƒS)NrŠ)Úchmod)rT©ÚkeyFileÚ savedSeteuidr#r$Úseteuidôs z>SSHPublicKeyDatabaseTests.test_checkKeyAsRoot..seteuidrQrRrrSrgrhrd)rr:rrQr;N)rsrrr}rnr‹Ú addCleanupr rrTrUr@rr r~r+rkrrArXrY)r"rrr#rŒr$Útest_checkKeyAsRootçs    z-SSHPublicKeyDatabaseTests.test_checkKeyAsRootcs\dd„}ˆ ˆjd|¡tddtjdtj tj¡  d¡ƒ}ˆj  |¡}‡fdd„}|  |¡S) z L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id passed in if its C{_checkKey} method returns True. cSódS©NTr#©Úignoredr#r#r$Ú _checkKeyózASSHPublicKeyDatabaseTests.test_requestAvatarId.._checkKeyrótestóssh-rsaófoocóˆ |d¡dS©Nr˜©rA©ÚavatarIdr!r#r$Ú_verifyóz?SSHPublicKeyDatabaseTests.test_requestAvatarId.._verify) r@rkr rÚpublicRSA_opensshrÚKeyÚ fromStringÚprivateRSA_opensshÚsignÚrequestAvatarIdÚ addCallback)r"r–Ú credentialsÚdr r#r!r$Útest_requestAvatarIdsû   z.SSHPublicKeyDatabaseTests.test_requestAvatarIdcCsBdd„}| |jd|¡tddtjddƒ}|j |¡}| |t¡S)a( L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey} if the credentials represent a valid key without a signature. This tells the user that the key is valid for login, but does not actually allow that user to do so without a signature. cSr’r“r#r”r#r#r$r–"r—zQSSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignature.._checkKeyrr˜r™N)r@rkr rr¢r§Ú assertFailurer©r"r–r©rªr#r#r$Ú$test_requestAvatarIdWithoutSignatures ÿ  z>SSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignaturecCs0dd„}| |jd|¡|j d¡}| |t¡S)z… If L{SSHPublicKeyDatabase.checkKey} returns False, C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}. cSr’©NFr#r”r#r#r$r–2r—zKSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey.._checkKeyrN)r@rkr§r¬r )r"r–rªr#r#r$Útest_requestAvatarIdInvalidKey,s  z8SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKeycCsRdd„}| |jd|¡tddtjdtj tj¡  d¡ƒ}|j  |¡}|  |t ¡S)z¡ Valid keys with invalid signatures should cause L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin} failure cSr’r“r#r”r#r#r$r–@r—zQSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature.._checkKeyrr˜r™rš) r@rkr rr¢rr£r¤ÚprivateDSA_opensshr¦r§r¬r r­r#r#r$Ú$test_requestAvatarIdInvalidSignature9sû  z>SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignaturecsVdd„}ˆ ˆjd|¡tdddddƒ}ˆj |¡}‡fd d „}| |¡ˆ |t¡S) z~ Exceptions raised while verifying the key should be normalized into an C{UnauthorizedLogin} failure. cSr’r“r#r”r#r#r$r–Tr—zSSSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._checkKeyrr˜NsblobssigDatassigcs ˆ tj¡}ˆ t|ƒd¡|S)Nr:)ÚflushLoggedErrorsrÚ BadKeyErrorrArz)ÚfailureÚerrorsr!r#r$Ú_verifyLoggedException[ó z`SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._verifyLoggedException)r@rkr r§Ú addErrbackr¬r )r"r–r©rªr·r#r!r$Ú&test_requestAvatarIdNormalizeExceptionNs    z@SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeExceptionN)r\r]r^r_ÚeuidSkiprarbr%r|r‚r†r‰r‘r«r®r°r²rºr#r#r#r$rc›s    rcc@óDeZdZdZeZdd„Zdd„Zdd„Zdd „Z d d „Z d d „Z dS)ÚSSHProtocolCheckerTestsz* Tests for L{SSHProtocolChecker}. cCsLt ¡}| |jg¡| t ¡¡| |jtg¡| |jttj¡dS)z€ L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. N)rÚSSHProtocolCheckerrAÚcredentialInterfacesÚregisterCheckerrjrÚassertIsInstance©r"rkr#r#r$Útest_registerCheckerksÿ ÿz,SSHProtocolCheckerTests.test_registerCheckercCsNt ¡}| |jg¡| t ¡t¡| |jtg¡| |jttj¡dS)zÙ If a specific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. N)rr¾rAr¿rÀrjr rÁrÂr#r#r$Ú!test_registerCheckerWithInterfacezs ÿz9SSHProtocolCheckerTests.test_registerCheckerWithInterfacecsJt ¡}tƒ}| dd¡| |¡| tddƒ¡}‡fdd„}| |¡S)z† L{SSHProtocolChecker.requestAvatarId} should defer to one if its registered checkers to authenticate a user. r˜cr›rœrržr!r#r$Ú _callback”r¡z?SSHProtocolCheckerTests.test_requestAvatarId.._callback)rr¾rr?rÀr§r r¨)r"rkÚpasswordDatabaserªrÅr#r!r$r«‰s    z,SSHProtocolCheckerTests.test_requestAvatarIdcCsVt ¡}dd„}| |d|¡tƒ}| dd¡| |¡| tddƒ¡}| |t ¡S)z If the client indicates that it is never satisfied, by always returning False from _areDone, then L{SSHProtocolChecker} should raise L{NotEnoughAuthentication}. cSr’r¯r#ržr#r#r$Ú_areDone¡r—zYSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentication.._areDoneÚareDoner˜) rr¾r@rr?rÀr§r r¬r)r"rkrÇrÆrªr#r#r$Ú/test_requestAvatarIdWithNotEnoughAuthentication™s   zGSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthenticationcCs$t ¡}| tddƒ¡}| |t¡S)z™ If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. r˜)rr¾r§r r¬r )r"rkrªr#r#r$Ú%test_requestAvatarIdInvalidCredential¬s z=SSHProtocolCheckerTests.test_requestAvatarIdInvalidCredentialcCs| t ¡ d¡¡dS)zV The default L{SSHProcotolChecker.areDone} should simply return True. N)r+rr¾rÈr!r#r#r$Ú test_areDoneµsz$SSHProtocolCheckerTests.test_areDoneN) r\r]r^r_rarbrÃrÄr«rÉrÊrËr#r#r#r$r½ds r½c@s`eZdZdZep eZdd„Zdd„Zdd„Z dd „Z d d „Z d d „Z dd„Z dd„Zdd„ZdS)ÚUNIXPasswordDatabaseTestsz, Tests for L{UNIXPasswordDatabase}. cCsPg}| |j¡| t|ƒdd¡t|dtƒr|d ¡| |d|¡dS)a± Assert that the L{Deferred} passed in is called back with the value 'username'. This represents a valid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{Deferred} r:zlogin incompleterN)ÚaddBothÚappendrArzÚ isinstancerÚraiseException)r"rªÚusernameÚresultr#r#r$ÚassertLoggedInÃs   z(UNIXPasswordDatabaseTests.assertLoggedInc Cs<t ¡}dd„}tƒ}| d|ddƒddddd ¡| d d ddd d d ¡tƒ}| ddddddddd¡ | d |d dƒddddddd¡ | td|¡| td|¡tƒ}| td|¡d|_d|_ t d d!ƒ}|  |  |¡d ¡|  |jg¡|  |jg¡d"|_|  |  |¡d"¡|  |jd#dg¡|  |jd#dg¡d$S)%z L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. cSs t ||¡}t |d|¡}|S)Nz$1$)r*)rÑr/r0r1r#r#r$r1Ýr¸z?UNIXPasswordDatabaseTests.test_defaultCheckers..cryptedr8r/r:r;Úfoor<r=rIÚxÚbarú/barr6rKrLrMrNrOéé é é é é ér>rPrSrQrRóalicerhóbobrN)rÚUNIXPasswordDatabaserr?rr@rrrTrUr rÓr§rArXrYrÑ)r"rkr1r>rPr Úcredr#r#r$Útest_defaultCheckersÖs0ÿ  z.UNIXPasswordDatabaseTests.test_defaultCheckerscCs| tj|j|d¡dS)aÅ Asserts that the L{Deferred} passed in is erred back with an L{UnauthorizedLogin} L{Failure}. This reprsents an invalid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{None} z bogus valueN)Ú assertRaisesrr rÓ©r"rªr#r#r$ÚassertUnauthorizedLoginþs ÿz1UNIXPasswordDatabaseTests.assertUnauthorizedLoginc CsRt dd¡}tƒ}| d|ddddd¡t |jg¡}| | tdd ƒ¡d¡d S) zo L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. ÚsecretÚanybodyr:r;rÔr×r=sanybodyssecretN) r*rr?rrárCrÓr§r )r"r/rErkr#r#r$Útest_passInCheckerss ÿz-UNIXPasswordDatabaseTests.test_passInCheckerscCsJdd„}dd„}| td|¡t |g¡}tddƒ}| | |¡d¡dS)zÝ If the encrypted password provided by the getpwnam function is valid (verified by the L{verifyCryptedPassword} function), we callback the C{requestAvatarId} L{Deferred} with the username. cSó||kSrr#©r1Úpwr#r#r$r,#ózLUNIXPasswordDatabaseTests.test_verifyPassword..verifyCryptedPasswordcSó||gSrr#©rÑr#r#r$rC&ríz?UNIXPasswordDatabaseTests.test_verifyPassword..getpwnamr,óusernameN©r@rrár rÓr§©r"r,rCrkÚ credentialr#r#r$Útest_verifyPasswords   z-UNIXPasswordDatabaseTests.test_verifyPasswordcCs2dd„}t |g¡}tddƒ}| | |¡¡dS)z} If the getpwnam function raises a KeyError, the login fails with an L{UnauthorizedLogin} exception. cSst|ƒ‚r)ÚKeyErrorrïr#r#r$rC4ríz?UNIXPasswordDatabaseTests.test_failOnKeyError..getpwnamrðN)rrár rær§)r"rCrkrór#r#r$Útest_failOnKeyError.s  z-UNIXPasswordDatabaseTests.test_failOnKeyErrorcCsHdd„}dd„}| td|¡t |g¡}tddƒ}| | |¡¡dS)z” If the verifyCryptedPassword function doesn't verify the password, the login fails with an L{UnauthorizedLogin} exception. cSr’r¯r#rër#r#r$r,Ar—zOUNIXPasswordDatabaseTests.test_failOnBadPassword..verifyCryptedPasswordcSrîrr#rïr#r#r$rCDrízBUNIXPasswordDatabaseTests.test_failOnBadPassword..getpwnamr,rðN)r@rrár rær§ròr#r#r$Útest_failOnBadPassword;s   z0UNIXPasswordDatabaseTests.test_failOnBadPasswordcCsTdd„}dd„}dd„}| td|¡t ||g¡}tddƒ}| | |¡d¡d S) a UNIXPasswordDatabase.requestAvatarId loops through each getpwnam function associated with it and returns a L{Deferred} which fires with the result of the first one which returns a value other than None. ones do not verify the password. cSrêrr#rër#r#r$r,TrízRUNIXPasswordDatabaseTests.test_loopThroughFunctions..verifyCryptedPasswordcSs|dgS)Nznot the passwordr#rïr#r#r$Ú getpwnam1WrízFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam1cSrîrr#rïr#r#r$Ú getpwnam2ZrízFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam2r,rðNrñ)r"r,rørùrkrór#r#r$Útest_loopThroughFunctionsLs z3UNIXPasswordDatabaseTests.test_loopThroughFunctionsc Cs¶tƒ}| ddddddd¡| ddddddd¡| d d ddddd¡| td |¡t tjg¡}td d ƒ}| | |¡¡tddƒ}| | |¡¡tddƒ}| | |¡¡dS)z¨ If the password returned by any function is C{""}, C{"x"}, or C{"*"} it is not compared against the supplied password. Instead it is skipped. r8rr:r;rÔrÖrIrÕÚcarolÚ*r>rßóràóxscaroló*N) rr?r@rrárBr rær§)r"r>rkrâr#r#r$Útest_failOnSpecialbs   z,UNIXPasswordDatabaseTests.test_failOnSpecialN)r\r]r^r_r`rarbrÓrãrærérôrör÷rúrr#r#r#r$r̼s(   rÌc@ó,eZdZdZeZdd„Zdd„Zdd„ZdS) ÚAuthorizedKeyFileReaderTestsz5 Tests for L{checkers.readAuthorizedKeyFile} cCs0tdƒ}t |dd„¡}| ddgt|ƒ¡dS)zg L{checkers.readAuthorizedKeyFile} does not attempt to turn comments into keys sE# this comment is ignored this is not # this is again and this is notcSó|Srr#©rÕr#r#r$ÚŠózCAuthorizedKeyFileReaderTests.test_ignoresComments..s this is notsand this is notN©rrÚreadAuthorizedKeyFilerAÚlist©r"ÚfileobjrÒr#r#r$Útest_ignoresCommentss ÿz1AuthorizedKeyFileReaderTests.test_ignoresCommentscCs0tdƒ}tj|dd„d}| dgt|ƒ¡dS)zw L{checkers.readAuthorizedKeyFile} ignores leading whitespace in lines, as well as empty lines sg # ignore not ignored cSrrr#rr#r#r$r˜rzYAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLines..©ÚparseKeys not ignoredNrr r#r#r$Ú*test_ignoresLeadingWhitespaceAndEmptyLiness ÿzGAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLinescCs4dd„}tdƒ}tj||d}| dgt|ƒ¡dS)zÇ L{checkers.readAuthorizedKeyFile} does not raise an exception when a key fails to parse (raises a L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going cSs| d¡r t d¡‚|S)Nófzfailed to parse)Ú startswithrr´)Úliner#r#r$Ú failOnSome¢s  zKAuthorizedKeyFileReaderTests.test_ignoresUnparsableKeys..failOnSomesfailed key good keyr sgood keyNr)r"rr rÒr#r#r$Útest_ignoresUnparsableKeys›sz7AuthorizedKeyFileReaderTests.test_ignoresUnparsableKeysN) r\r]r^r_rarbr rrr#r#r#r$rxs  rc@r) ÚInMemorySSHKeyDBTestsz0 Tests for L{checkers.InMemorySSHKeyDB} cCs t ddgi¡}ttj|ƒdS)z_ L{checkers.InMemorySSHKeyDB} implements L{checkers.IAuthorizedKeysDB} rßskeyN)rÚInMemorySSHKeyDBrÚIAuthorizedKeysDB©r"Úkeydbr#r#r$Útest_implementsInterface³sz.InMemorySSHKeyDBTests.test_implementsInterfacecCs*t ddgi¡}| gt| d¡ƒ¡dS)z½ If the user is not in the mapping provided to L{checkers.InMemorySSHKeyDB}, an empty iterator is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rßskeysràN©rrrAr ÚgetAuthorizedKeysrr#r#r$Útest_noKeysForUnauthorizedUser»sz4InMemorySSHKeyDBTests.test_noKeysForUnauthorizedUsercCs0t dddgi¡}| ddgt| d¡ƒ¡dS)zÅ If the user is in the mapping provided to L{checkers.InMemorySSHKeyDB}, an iterator with all the keys is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rßóaóbNrrr#r#r$Útest_allKeysForAuthorizedUserÄsz3InMemorySSHKeyDBTests.test_allKeysForAuthorizedUserN) r\r]r^r_rarbrrr r#r#r#r$r¬s  rc@r¼)ÚUNIXAuthorizedKeysFilesTestsz8 Tests for L{checkers.UNIXAuthorizedKeysFiles}. c Cs~tƒ}t| ¡ƒ|_|j ¡tƒ|_|j ddddd|jjd¡|j d¡|_ |j  ¡|j  d¡}|  d ¡d d g|_ dS) Nrßrhr:r;salice lastnamerirfr„s key 1 key 2skey 1skey 2) rrrorprqrrEr?rrrsr}Ú expectedKeys)r"r ÚauthorizedKeysr#r#r$r%Õs$ ù   z"UNIXAuthorizedKeysFilesTests.setUpcCst |j¡}ttj|ƒdS)zg L{checkers.UNIXAuthorizedKeysFiles} implements L{checkers.IAuthorizedKeysDB}. N)rÚUNIXAuthorizedKeysFilesrErrrr#r#r$rìs z5UNIXAuthorizedKeysFilesTests.test_implementsInterfacecCs.tj|jdd„d}| gt| d¡ƒ¡dS)zÒ If the user is not in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. cSrrr#rr#r#r$rúrzMUNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUser..r rIN)rr$rErAr rrr#r#r$rôsz;UNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUsercCsH|j d¡ d¡tj|jdd„d}| |jdgt|  d¡ƒ¡dS)a If the user is in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. rˆskey 3cSrrr#rr#r#r$rrz`UNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUser..r rßN) rsrrr}rr$rErAr"r rrr#r#r$Ú1test_allKeysInAllAuthorizedFilesForAuthorizedUserýs ÿzNUNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUsercCs0tj|jdd„d}| |jt| d¡ƒ¡dS)z¸ L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist. cSrrr#rr#r#r$rrzJUNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFile..r rßN)rr$rErAr"r rrr#r#r$Útest_ignoresNonexistantFile sz8UNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFilecCs@|j d¡ ¡tj|jdd„d}| |jt|  d¡ƒ¡dS)z¿ L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable. rˆcSrrr#rr#r#r$rrzIUNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile..r rßN) rsrrrqrr$rErAr"r rrr#r#r$Útest_ignoresUnreadableFilesz7UNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFileN) r\r]r^r_rarbr%rrr%r&r'r#r#r#r$r!Îs  r!Ú_KeyDBrc@seZdZdZdS)Ú_DummyExceptionz0 Fake exception to be used for testing. N)r\r]r^r_r#r#r#r$r)!sr)c@sLeZdZdZeZdd„Zdd„Zdd„Zdd „Z d d „Z d d „Z dd„Z dS)ÚSSHPublicKeyCheckerTestsz4 Tests for L{checkers.SSHPublicKeyChecker}. cCsDtddtjdtj tj¡ d¡ƒ|_t dd„ƒ|_ t   |j ¡|_ dS)Nrßr™ršcSstj tj¡gSr)rr£r¤rr¢)Ú_r#r#r$r8sz0SSHPublicKeyCheckerTests.setUp..)r rr¢rr£r¤r¥r¦r©r(rrÚSSHPublicKeyCheckerrkr!r#r#r$r%0sûzSSHPublicKeyCheckerTests.setUpcCs"d|j_| |j |j¡t¡dS)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that do not have a signature fails with L{ValidPublicKey}. N)r©Ú signatureÚfailureResultOfrkr§rr!r#r#r$Ú test_credentialsWithoutSignature;sÿz9SSHPublicKeyCheckerTests.test_credentialsWithoutSignaturecCs$d|j_| |j |j¡tj¡dS)z– Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that have a bad key fails with L{keys.BadKeyError}. rýN)r©r~r.rkr§rr´r!r#r#r$Útest_credentialsWithBadKeyEsÿz3SSHPublicKeyCheckerTests.test_credentialsWithBadKeycCs$tj|j_| |j |j¡t¡dS)zÙ If L{checkers.IAuthorizedKeysDB.getAuthorizedKeys} returns no keys that match the credentials, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. N)rÚpublicDSA_opensshr©r~r.rkr§r r!r#r#r$Útest_credentialsNoMatchingKeyOs ÿz6SSHPublicKeyCheckerTests.test_credentialsNoMatchingKeycCs2tj tj¡ d¡|j_| |j   |j¡t ¡dS)z§ Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that are incorrectly signed fails with L{UnauthorizedLogin}. ršN) rr£r¤rr±r¦r©r-r.rkr§r r!r#r#r$Ú test_credentialsInvalidSignature[sÿþÿz9SSHPublicKeyCheckerTests.test_credentialsInvalidSignaturecCs<dd„}| tjd|¡| |j |j¡t¡| t ¡dS)z If L{keys.Key.verify} raises an exception, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. c_stƒ‚r)r))ÚargsÚkwargsr#r#r$Úfailosz?SSHPublicKeyCheckerTests.test_failureVerifyingKey..failÚverifyN) r@rr£r.rkr§r©r r³r))r"r6r#r#r$Útest_failureVerifyingKeyhs ÿz1SSHPublicKeyCheckerTests.test_failureVerifyingKeycCs$|j |j¡}| d| |¡¡dS)zu L{checker.SSHPublicKeyChecker.requestAvatarId}, if successful, callbacks with the username. rßN)rkr§r©rAÚsuccessResultOfrår#r#r$Útest_usernameReturnedOnSuccessysz7SSHPublicKeyCheckerTests.test_usernameReturnedOnSuccessN) r\r]r^r_rarbr%r/r0r2r3r8r:r#r#r#r$r*)s     r*)=r_r*Ú ImportErrorr`rSÚbase64rÚ collectionsrÚiorÚzope.interface.verifyrÚtwisted.cred.checkersrÚtwisted.cred.credentialsrr r r Útwisted.cred.errorr r Útwisted.pythonrÚtwisted.python.failurerÚtwisted.python.fakepwdrrÚtwisted.python.filepathrÚtwisted.python.reflectrÚtwisted.test.test_processrÚtwisted.trial.unittestrraÚ twisted.conchrÚtwisted.conch.errorrrÚtwisted.conch.sshrÚtwisted.conch.testrÚgetattrr»rrcr½rÌrrr!r(Ú Exceptionr)r*r#r#r#r$ÚsX  ÿ             eJX=4" P