U  W[ {ã@sdZddlmZmZz ddlZWnek r8dZYnXdZddlZddlm Z ddl m Z ddl m Z ddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZmZmZm Z ddl!m"Z"m#Z#ddl$m%Z%m&Z&ddl'm(Z(edƒrPedƒrPdZ)ddl*m+Z+ddl,m-Z-ddl.m/Z/m0Z0ddl1m2Z2ndZ)e3eddƒdkrldZ4ndZ4Gdd„deƒZ5Gdd„deƒZ6Gd d!„d!eƒZ7Gd"d#„d#eƒZ8Gd$d%„d%eƒZ9Gd&d'„d'eƒZ:Gd(d)„d)eƒZ;e d*d+gƒZGd.d/„d/eƒZ?dS)0z& Tests for L{twisted.conch.checkers}. é)Úabsolute_importÚdivisionNzcannot run without crypt module)Ú namedtuple)ÚBytesIO)Ú verifyObject)Úutil)Ú_b64encodebytes)ÚFailure)Ú requireModule)ÚTestCase)ÚFilePath)Ú'InMemoryUsernamePasswordDatabaseDontUse)ÚUsernamePasswordÚIUsernamePasswordÚ SSHPrivateKeyÚISSHPrivateKey)ÚUnhandledCredentialsÚUnauthorizedLogin)Ú UserDatabaseÚShadowDatabase)ÚMockOSZ cryptographyZpyasn1)Úkeys)Úcheckers)ÚNotEnoughAuthenticationÚValidPublicKey)Úkeydataz)can't run without cryptography and PyASN1Úgeteuidz0Cannot run without effective UIDs (questionable)c@sXeZdZdZepeZdd„Zdd„Zdd„Z dd „Z d d „Z d d „Z dd„Z dd„ZdS)Ú HelperTestszl Tests for helper functions L{verifyCryptedPassword}, L{_pwdGetByName} and L{_shadowGetByName}. cCs tƒ|_dS©N)rÚmockos©Úself©r"úB/usr/lib/python3/dist-packages/twisted/conch/test/test_checkers.pyÚsetUp<szHelperTests.setUpcCs4d}d}t ||¡}| t ||¡d||f¡dS)z– L{verifyCryptedPassword} returns C{True} if the plaintext password passed to it matches the encrypted password passed to it. ú secret stringZsaltyz1%r supposed to be valid encrypted password for %rN©ÚcryptÚ assertTruerÚverifyCryptedPassword©r!ÚpasswordÚsaltÚcryptedr"r"r#Útest_verifyCryptedPassword@s  ÿþz&HelperTests.test_verifyCryptedPasswordcCs4d}d}t ||¡}| t ||¡d||f¡dS)zŠ L{verifyCryptedPassword} returns True if the provided cleartext password matches the provided MD5 password hash. r+z$1$saltz1%r supposed to be valid encrypted password for %sNr&r*r"r"r#Útest_verifyCryptedPasswordMD5Ns  ÿþz)HelperTests.test_verifyCryptedPasswordMD5cCs4d}d}t ||¡}| t ||¡d||f¡dS)zž L{verifyCryptedPassword} returns C{False} if the plaintext password passed to it does not match the encrypted password passed to it. z string secretr%z5%r not supposed to be valid encrypted password for %sN)r'Ú assertFalserr))r!r+Úwrongr-r"r"r#Útest_refuteCryptedPassword\s  ÿþz&HelperTests.test_refuteCryptedPasswordc CsFtƒ}| ddddddd¡| td|¡| t d¡| d¡¡d S) z‡ L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. ÚaliceZsecritééz first lastú/fooú/bin/shÚpwdN)rÚaddUserÚpatchrÚ assertEqualÚ _pwdGetByNameÚgetpwnam©r!Úuserdbr"r"r#Útest_pwdGetByNamejsÿÿzHelperTests.test_pwdGetByNamecCs"| tdd¡| t d¡¡dS)zW If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}. r8Nr3)r:rÚ assertIsNoner<r r"r"r#Útest_pwdGetByNameWithoutPwdwsz'HelperTests.test_pwdGetByNameWithoutPwdc Cs’tƒ}| ddddddddd ¡ | td |¡d |j_d |j_| td |j¡| t  d¡|  d¡¡| |jj dd g¡| |jj dd g¡dS)z„ L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow database if the L{spwd} is present. ÚbobZ passphraser4r5éééééÚspwdé) éÒÚosrN) rr9r:rrÚeuidÚegidrr;Ú_shadowGetByNameZgetspnamÚ seteuidCallsÚ setegidCallsr>r"r"r#Útest_shadowGetByNamesÿz HelperTests.test_shadowGetByNamecCsB| tdd¡| t d¡¡| |jjg¡| |jjg¡dS)zP L{_shadowGetByName} returns L{None} if C{spwd} is not present. rINrC)r:rrArOr;rrPrQr r"r"r#Útest_shadowGetByNameWithoutSpwd’sz+HelperTests.test_shadowGetByNameWithoutSpwdN)Ú__name__Ú __module__Ú __qualname__Ú__doc__Ú cryptSkipÚdependencySkipÚskipr$r.r/r2r@rBrRrSr"r"r"r#r5s rc@speZdZdZepeZdd„Zdd„Zdd„Z dd „Z d d „Z d d „Z dd„Z dd„Zdd„Zdd„Zdd„ZdS)ÚSSHPublicKeyDatabaseTestsz, Tests for L{SSHPublicKeyDatabase}. c Cs´t ¡|_tdƒ|_tdƒ|_d|jd|jd|_tƒ|_t |  ¡ƒ|j_ |jj   ¡|  td|j¡|jj  d¡|_|j  ¡tƒ}| dd d d d |jj j d ¡||j_dS)Nófoobaróeggspamst1 s foo t2 s egg rLú.sshóuserópasswordr4r5s first lastó /bin/shell)rÚSSHPublicKeyDatabaseÚcheckerrZkey1Zkey2Úcontentrrr ÚmktempÚpathÚmakedirsr:rÚchildÚsshDirrr9Z_userdbr>r"r"r#r$¤s.   ÿ  þzSSHPublicKeyDatabaseTests.setUpcCsL|j|jgd}| |ddt¡| |ddd¡| t|ƒd¡dS)zJ L{SSHPublicKeyDatabase} is deprecated as of version 15.0 )ZoffendingFunctionsrÚcategoryÚmessagezÜtwisted.conch.checkers.SSHPublicKeyDatabase was deprecated in Twisted 15.0.0: Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.r4N)Z flushWarningsr$r;ÚDeprecationWarningÚlen)r!Z warningsShownr"r"r#Útest_deprecated¹sÿ þz)SSHPublicKeyDatabaseTests.test_deprecatedcCsj|j |¡ |j¡tddƒ}d|_| |j |¡¡d|_| |j |¡¡d|_|  |j |¡¡dS)Nr_r`r\r]s notallowed) rirhÚ setContentrdrÚblobr(rcÚcheckKeyr0)r!ÚfilenameÚuserr"r"r#Ú _testCheckKeyÊs z'SSHPublicKeyDatabaseTests._testCheckKeycCs.| d¡| |jjg¡| |jjg¡dS)z˜ L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys file and check the keys against that file. Úauthorized_keysN©rtr;rrPrQr r"r"r#Ú test_checkKeyÕs z'SSHPublicKeyDatabaseTests.test_checkKeycCs.| d¡| |jjg¡| |jjg¡dS)z™ L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys2 file and check the keys against that file. Úauthorized_keys2Nrvr r"r"r#Útest_checkKey2ßs z(SSHPublicKeyDatabaseTests.test_checkKey2csÈ|j d¡‰ˆ |j¡ˆ d¡| ˆjd¡|jj‰‡‡fdd„}d|j_d|j_ |  |jd|¡|  t d |j¡t d d ƒ}d |_ | |j |¡¡| |jjdd ddg¡| |jjddg¡dS)z˜ If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. ruréÿcsˆ d¡ˆ|ƒS)Nrz)Úchmod)rM©ZkeyFileZ savedSeteuidr"r#Úseteuidõs z>SSHPublicKeyDatabaseTests.test_checkKeyAsRoot..seteuidrJrKr}rLr_r`r\r4r5N)rirhrordr{Z addCleanuprr}rMrNr:rrrpr(rcrqr;rPrQ)r!r}rsr"r|r#Útest_checkKeyAsRootés    z-SSHPublicKeyDatabaseTests.test_checkKeyAsRootcs\dd„}ˆ ˆjd|¡tddtjdtj tj¡  d¡ƒ}ˆj  |¡}‡fdd„}|  |¡S) z L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id passed in if its C{_checkKey} method returns True. cSsdS©NTr"©Zignoredr"r"r#Ú _checkKeyszASSHPublicKeyDatabaseTests.test_requestAvatarId.._checkKeyrqótestóssh-rsaófoocsˆ |d¡dS©Nr‚©r;©ZavatarIdr r"r#Ú_verifysz?SSHPublicKeyDatabaseTests.test_requestAvatarId.._verify) r:rcrrÚpublicRSA_opensshrÚKeyÚ fromStringÚprivateRSA_opensshÚsignÚrequestAvatarIdÚ addCallback)r!rÚ credentialsÚdrˆr"r r#Útest_requestAvatarIdsþ  z.SSHPublicKeyDatabaseTests.test_requestAvatarIdcCsBdd„}| |jd|¡tddtjddƒ}|j |¡}| |t¡S)a( L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey} if the credentials represent a valid key without a signature. This tells the user that the key is valid for login, but does not actually allow that user to do so without a signature. cSsdSrr"r€r"r"r#rszQSSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignature.._checkKeyrqr‚rƒN)r:rcrrr‰rŽÚ assertFailurer©r!rrr‘r"r"r#Ú$test_requestAvatarIdWithoutSignaturesÿ z>SSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignaturecCs0dd„}| |jd|¡|j d¡}| |t¡S)z… If L{SSHPublicKeyDatabase.checkKey} returns False, C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}. cSsdS©NFr"r€r"r"r#r)szKSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey.._checkKeyrqN)r:rcrŽr“r)r!rr‘r"r"r#Útest_requestAvatarIdInvalidKey$s z8SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKeycCsRdd„}| |jd|¡tddtjdtj tj¡  d¡ƒ}|j  |¡}|  |t ¡S)z¡ Valid keys with invalid signatures should cause L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin} failure cSsdSrr"r€r"r"r#r6szQSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature.._checkKeyrqr‚rƒr„) r:rcrrr‰rrŠr‹ÚprivateDSA_opensshrrŽr“rr”r"r"r#Ú$test_requestAvatarIdInvalidSignature0sþ z>SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignaturecsVdd„}ˆ ˆjd|¡tdddddƒ}ˆj |¡}‡fd d „}| |¡ˆ |t¡S) z~ Exceptions raised while verifying the key should be normalized into an C{UnauthorizedLogin} failure. cSsdSrr"r€r"r"r#rEszSSSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._checkKeyrqr‚NsblobssigDatassigcs ˆ tj¡}ˆ t|ƒd¡|S)Nr4)ÚflushLoggedErrorsrÚ BadKeyErrorr;rm)ZfailureÚerrorsr r"r#Ú_verifyLoggedExceptionJs z`SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._verifyLoggedException)r:rcrrŽZ addErrbackr“r)r!rrr‘rr"r r#Ú&test_requestAvatarIdNormalizeException@s   z@SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeExceptionN)rTrUrVrWÚeuidSkiprYrZr$rnrtrwryr~r’r•r—r™ržr"r"r"r#r[žs    r[c@sDeZdZdZeZdd„Zdd„Zdd„Zdd „Z d d „Z d d „Z dS)ÚSSHProtocolCheckerTestsz* Tests for L{SSHProtocolChecker}. cCsLt ¡}| |jg¡| t ¡¡| |jtg¡| |jttj¡dS)z€ L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. N)rÚSSHProtocolCheckerr;ÚcredentialInterfacesÚregisterCheckerrbrÚassertIsInstance©r!rcr"r"r#Útest_registerCheckerZs ÿz,SSHProtocolCheckerTests.test_registerCheckercCsNt ¡}| |jg¡| t ¡t¡| |jtg¡| |jttj¡dS)zÙ If a specific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. N)rr¡r;r¢r£rbrr¤r¥r"r"r#Ú!test_registerCheckerWithInterfacegs ÿ ÿz9SSHProtocolCheckerTests.test_registerCheckerWithInterfacecsJt ¡}tƒ}| dd¡| |¡| tddƒ¡}‡fdd„}| |¡S)z† L{SSHProtocolChecker.requestAvatarId} should defer to one if its registered checkers to authenticate a user. r‚csˆ |d¡dSr…r†r‡r r"r#Ú _callbacksz?SSHProtocolCheckerTests.test_requestAvatarId.._callback)rr¡r r9r£rŽrr)r!rcÚpasswordDatabaser‘r¨r"r r#r’ws   z,SSHProtocolCheckerTests.test_requestAvatarIdcCsVt ¡}dd„}| |d|¡tƒ}| dd¡| |¡| tddƒ¡}| |t ¡S)z If the client indicates that it is never satisfied, by always returning False from _areDone, then L{SSHProtocolChecker} should raise L{NotEnoughAuthentication}. cSsdSr–r"r‡r"r"r#Ú_areDoneszYSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentication.._areDoneÚareDoner‚) rr¡r:r r9r£rŽrr“r)r!rcrªr©r‘r"r"r#Ú/test_requestAvatarIdWithNotEnoughAuthentication†s  zGSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthenticationcCs$t ¡}| tddƒ¡}| |t¡S)z™ If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. r‚)rr¡rŽrr“r)r!rcr‘r"r"r#Ú%test_requestAvatarIdInvalidCredential˜sz=SSHProtocolCheckerTests.test_requestAvatarIdInvalidCredentialcCs| t ¡ d¡¡dS)zV The default L{SSHProcotolChecker.areDone} should simply return True. N)r(rr¡r«r r"r"r#Ú test_areDone¢sz$SSHProtocolCheckerTests.test_areDoneN) rTrUrVrWrYrZr¦r§r’r¬r­r®r"r"r"r#r Ss  r c@s`eZdZdZepeZdd„Zdd„Zdd„Z dd „Z d d „Z d d „Z dd„Z dd„Zdd„ZdS)ÚUNIXPasswordDatabaseTestsz, Tests for L{UNIXPasswordDatabase}. cCsPg}| |j¡| t|ƒdd¡t|dtƒr<|d ¡| |d|¡dS)a± Assert that the L{Deferred} passed in is called back with the value 'username'. This represents a valid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{Deferred} r4zlogin incompleterN)ZaddBothÚappendr;rmÚ isinstancer ZraiseException)r!r‘ÚusernameÚresultr"r"r#ÚassertLoggedIn°s   z(UNIXPasswordDatabaseTests.assertLoggedInc Cs<t ¡}dd„}tƒ}| d|ddƒddddd ¡| d d ddd d d ¡tƒ}| ddddddddd¡ | d |d dƒddddddd¡ | td|¡| td|¡tƒ}| td|¡d|_d|_ t d d!ƒ}|  |  |¡d ¡|  |jg¡|  |jg¡d"|_|  |  |¡d"¡|  |jd#dg¡|  |jd#dg¡d$S)%z L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. cSs t ||¡}t |d|¡}|S)Nz$1$)r')r²r+r,r-r"r"r#r-Ës z?UNIXPasswordDatabaseTests.test_defaultCheckers..cryptedr3r+r4r5Úfoor6r7rCÚxÚbarú/barr1rDrErFrGrHéé é é é é ér8rIrLrJrKóalicer`óbobrN)rÚUNIXPasswordDatabaserr9rr:rrrMrNrr´rŽr;rPrQr²)r!rcr-r8rIrÚcredr"r"r#Útest_defaultCheckersÄsHÿÿ z.UNIXPasswordDatabaseTests.test_defaultCheckerscCs| tj|j|d¡dS)aÅ Asserts that the L{Deferred} passed in is erred back with an L{UnauthorizedLogin} L{Failure}. This reprsents an invalid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{None} z bogus valueN)Z assertRaisesrrr´©r!r‘r"r"r#ÚassertUnauthorizedLoginís ÿz1UNIXPasswordDatabaseTests.assertUnauthorizedLoginc CsRt dd¡}tƒ}| d|ddddd¡t |jg¡}| | tdd ƒ¡d¡d S) zo L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. ZsecretZanybodyr4r5rµr¸r7sanybodyssecretN) r'rr9rrÂr=r´rŽr)r!r+r?rcr"r"r#Útest_passInCheckersþs þz-UNIXPasswordDatabaseTests.test_passInCheckerscCsJdd„}dd„}| td|¡t |g¡}tddƒ}| | |¡d¡dS)zÝ If the encrypted password provided by the getpwnam function is valid (verified by the L{verifyCryptedPassword} function), we callback the C{requestAvatarId} L{Deferred} with the username. cSs||kSrr"©r-Zpwr"r"r#r)szLUNIXPasswordDatabaseTests.test_verifyPassword..verifyCryptedPasswordcSs||gSrr"©r²r"r"r#r=sz?UNIXPasswordDatabaseTests.test_verifyPassword..getpwnamr)óusernameN©r:rrÂrr´rŽ©r!r)r=rcÚ credentialr"r"r#Útest_verifyPassword s   z-UNIXPasswordDatabaseTests.test_verifyPasswordcCs2dd„}t |g¡}tddƒ}| | |¡¡dS)z} If the getpwnam function raises a KeyError, the login fails with an L{UnauthorizedLogin} exception. cSs t|ƒ‚dSr)ÚKeyErrorrÉr"r"r#r=!sz?UNIXPasswordDatabaseTests.test_failOnKeyError..getpwnamrÊN)rrÂrrÆrŽ)r!r=rcrÍr"r"r#Útest_failOnKeyErrors  z-UNIXPasswordDatabaseTests.test_failOnKeyErrorcCsHdd„}dd„}| td|¡t |g¡}tddƒ}| | |¡¡dS)z” If the verifyCryptedPassword function doesn't verify the password, the login fails with an L{UnauthorizedLogin} exception. cSsdSr–r"rÈr"r"r#r)-szOUNIXPasswordDatabaseTests.test_failOnBadPassword..verifyCryptedPasswordcSs||gSrr"rÉr"r"r#r=/szBUNIXPasswordDatabaseTests.test_failOnBadPassword..getpwnamr)rÊN)r:rrÂrrÆrŽrÌr"r"r#Útest_failOnBadPassword(s   z0UNIXPasswordDatabaseTests.test_failOnBadPasswordcCsTdd„}dd„}dd„}| td|¡t ||g¡}tddƒ}| | |¡d¡d S) a UNIXPasswordDatabase.requestAvatarId loops through each getpwnam function associated with it and returns a L{Deferred} which fires with the result of the first one which returns a value other than None. ones do not verify the password. cSs||kSrr"rÈr"r"r#r)>szRUNIXPasswordDatabaseTests.test_loopThroughFunctions..verifyCryptedPasswordcSs|dgS)Nznot the passwordr"rÉr"r"r#Ú getpwnam1@szFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam1cSs||gSrr"rÉr"r"r#Ú getpwnam2BszFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam2r)rÊNrË)r!r)rÒrÓrcrÍr"r"r#Útest_loopThroughFunctions7s z3UNIXPasswordDatabaseTests.test_loopThroughFunctionsc Cs¶tƒ}| ddddddd¡| ddddddd¡| d d ddddd¡| td |¡t tjg¡}td d ƒ}| | |¡¡tddƒ}| | |¡¡tddƒ}| | |¡¡dS)z¨ If the password returned by any function is C{""}, C{"x"}, or C{"*"} it is not compared against the supplied password. Instead it is skipped. r3Úr4r5rµr·rCr¶ZcarolÚ*r8rÀórÁóxscaroló*N) rr9r:rrÂr<rrÆrŽ)r!r8rcrÃr"r"r#Útest_failOnSpecialJs   z,UNIXPasswordDatabaseTests.test_failOnSpecialN)rTrUrVrWrXrYrZr´rÄrÆrÇrÎrÐrÑrÔrÚr"r"r"r#r¯ªs) r¯c@s,eZdZdZeZdd„Zdd„Zdd„ZdS) ÚAuthorizedKeyFileReaderTestsz5 Tests for L{checkers.readAuthorizedKeyFile} cCs0tdƒ}t |dd„¡}| ddgt|ƒ¡dS)zg L{checkers.readAuthorizedKeyFile} does not attempt to turn comments into keys sE# this comment is ignored this is not # this is again and this is notcSs|Srr"©r¶r"r"r#Úqr×zCAuthorizedKeyFileReaderTests.test_ignoresComments..s this is notsand this is notN©rrZreadAuthorizedKeyFiler;Úlist©r!Úfileobjr³r"r"r#Útest_ignoresCommentshsz1AuthorizedKeyFileReaderTests.test_ignoresCommentscCs0tdƒ}tj|dd„d}| dgt|ƒ¡dS)zw L{checkers.readAuthorizedKeyFile} ignores leading whitespace in lines, as well as empty lines sg # ignore not ignored cSs|Srr"rÜr"r"r#rÝ~r×zYAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLines..©ZparseKeys not ignoredNrÞràr"r"r#Ú*test_ignoresLeadingWhitespaceAndEmptyLinesuszGAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLinescCs4dd„}tdƒ}tj||d}| dgt|ƒ¡dS)zÇ L{checkers.readAuthorizedKeyFile} does not raise an exception when a key fails to parse (raises a L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going cSs| d¡rt d¡‚|S)Nófzfailed to parse)Ú startswithrr›)Úliner"r"r#Ú failOnSomeˆs  zKAuthorizedKeyFileReaderTests.test_ignoresUnparsableKeys..failOnSomesfailed key good keyrãsgood keyNrÞ)r!rèrár³r"r"r#Útest_ignoresUnparsableKeys‚s ÿz7AuthorizedKeyFileReaderTests.test_ignoresUnparsableKeysN) rTrUrVrWrYrZrârärér"r"r"r#rÛas   rÛc@s,eZdZdZeZdd„Zdd„Zdd„ZdS) ÚInMemorySSHKeyDBTestsz0 Tests for L{checkers.InMemorySSHKeyDB} cCs t ddgi¡}ttj|ƒdS)z_ L{checkers.InMemorySSHKeyDB} implements L{checkers.IAuthorizedKeysDB} rÀskeyN)rÚInMemorySSHKeyDBrÚIAuthorizedKeysDB©r!Úkeydbr"r"r#Útest_implementsInterface›sz.InMemorySSHKeyDBTests.test_implementsInterfacecCs*t ddgi¡}| gt| d¡ƒ¡dS)z½ If the user is not in the mapping provided to L{checkers.InMemorySSHKeyDB}, an empty iterator is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rÀskeysrÁN©rrër;rßÚgetAuthorizedKeysrír"r"r#Útest_noKeysForUnauthorizedUser¤sz4InMemorySSHKeyDBTests.test_noKeysForUnauthorizedUsercCs0t dddgi¡}| ddgt| d¡ƒ¡dS)zÅ If the user is in the mapping provided to L{checkers.InMemorySSHKeyDB}, an iterator with all the keys is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rÀóaóbNrðrír"r"r#Útest_allKeysForAuthorizedUser®sz3InMemorySSHKeyDBTests.test_allKeysForAuthorizedUserN) rTrUrVrWrYrZrïròrõr"r"r"r#rê”s   rêc@sDeZdZdZeZdd„Zdd„Zdd„Zdd „Z d d „Z d d „Z dS)ÚUNIXAuthorizedKeysFilesTestsz8 Tests for L{checkers.UNIXAuthorizedKeysFiles}. c Cs~tƒ}t| ¡ƒ|_|j ¡tƒ|_|j ddddd|jjd¡|j d¡|_ |j  ¡|j  d¡}|  d ¡d d g|_ dS) NrÀr`r4r5salice lastnamerar^rus key 1 key 2skey 1skey 2) rr rerfrgrr?r9rhriroÚ expectedKeys)r!rZauthorizedKeysr"r"r#r$Às ÿ   z"UNIXAuthorizedKeysFilesTests.setUpcCst |j¡}ttj|ƒdS)zg L{checkers.UNIXAuthorizedKeysFiles} implements L{checkers.IAuthorizedKeysDB}. N)rÚUNIXAuthorizedKeysFilesr?rrìrír"r"r#rïÑs z5UNIXAuthorizedKeysFilesTests.test_implementsInterfacecCs.tj|jdd„d}| gt| d¡ƒ¡dS)zÒ If the user is not in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. cSs|Srr"rÜr"r"r#rÝár×zMUNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUser..rãrCN)rrør?r;rßrñrír"r"r#ròÚsÿz;UNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUsercCsH|j d¡ d¡tj|jdd„d}| |jdgt|  d¡ƒ¡dS)a If the user is in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. rxskey 3cSs|Srr"rÜr"r"r#rÝîr×z`UNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUser..rãrÀN) rirhrorrør?r;r÷rßrñrír"r"r#Ú1test_allKeysInAllAuthorizedFilesForAuthorizedUseråsÿ ÿzNUNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUsercCs0tj|jdd„d}| |jt| d¡ƒ¡dS)z¸ L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist. cSs|Srr"rÜr"r"r#rÝúr×zJUNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFile..rãrÀN)rrør?r;r÷rßrñrír"r"r#Útest_ignoresNonexistantFileós ÿ ÿz8UNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFilecCs@|j d¡ ¡tj|jdd„d}| |jt|  d¡ƒ¡dS)z¿ L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable. rxcSs|Srr"rÜr"r"r#rÝr×zIUNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile..rãrÀN) rirhrgrrør?r;r÷rßrñrír"r"r#Útest_ignoresUnreadableFileÿsÿ ÿz7UNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFileN) rTrUrVrWrYrZr$rïròrùrúrûr"r"r"r#rö¹s   röZKeyDBrñc@seZdZdZdS)Ú_DummyExceptionz0 Fake exception to be used for testing. N)rTrUrVrWr"r"r"r#rüsrüc@sLeZdZdZeZdd„Zdd„Zdd„Zdd „Z d d „Z d d „Z dd„Z dS)ÚSSHPublicKeyCheckerTestsz4 Tests for L{checkers.SSHPublicKeyChecker}. cCsDtddtjdtj tj¡ d¡ƒ|_t dd„ƒ|_ t   |j ¡|_ dS)NrÀrƒr„cSstj tj¡gSr)rrŠr‹rr‰)Ú_r"r"r#rÝ$s ÿz0SSHPublicKeyCheckerTests.setUp..)rrr‰rrŠr‹rŒrrÚ_KeyDBrîrZSSHPublicKeyCheckerrcr r"r"r#r$ sþzSSHPublicKeyCheckerTests.setUpcCs"d|j_| |j |j¡t¡dS)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that do not have a signature fails with L{ValidPublicKey}. N)rÚ signatureÚfailureResultOfrcrŽrr r"r"r#Ú test_credentialsWithoutSignature)sÿz9SSHPublicKeyCheckerTests.test_credentialsWithoutSignaturecCs$d|j_| |j |j¡tj¡dS)z– Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that have a bad key fails with L{keys.BadKeyError}. r×N)rrprrcrŽrr›r r"r"r#Útest_credentialsWithBadKey3sÿz3SSHPublicKeyCheckerTests.test_credentialsWithBadKeycCs$tj|j_| |j |j¡t¡dS)zÙ If L{checkers.IAuthorizedKeysDB.getAuthorizedKeys} returns no keys that match the credentials, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. N)rZpublicDSA_opensshrrprrcrŽrr r"r"r#Útest_credentialsNoMatchingKey=s ÿz6SSHPublicKeyCheckerTests.test_credentialsNoMatchingKeycCs2tj tj¡ d¡|j_| |j   |j¡t ¡dS)z§ Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that are incorrectly signed fails with L{UnauthorizedLogin}. r„N) rrŠr‹rr˜rrrrrcrŽrr r"r"r#Ú test_credentialsInvalidSignatureIs ÿÿz9SSHPublicKeyCheckerTests.test_credentialsInvalidSignaturecCs<dd„}| tjd|¡| |j |j¡t¡| t ¡dS)z If L{keys.Key.verify} raises an exception, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. c_s tƒ‚dSr)rü)ÚargsÚkwargsr"r"r#Úfail[sz?SSHPublicKeyCheckerTests.test_failureVerifyingKey..failZverifyN) r:rrŠrrcrŽrrršrü)r!rr"r"r#Útest_failureVerifyingKeyUs ÿz1SSHPublicKeyCheckerTests.test_failureVerifyingKeycCs$|j |j¡}| d| |¡¡dS)zu L{checker.SSHPublicKeyChecker.requestAvatarId}, if successful, callbacks with the username. rÀN)rcrŽrr;ZsuccessResultOfrÅr"r"r#Útest_usernameReturnedOnSuccessesz7SSHPublicKeyCheckerTests.test_usernameReturnedOnSuccessN) rTrUrVrWrYrZr$rrrrr r r"r"r"r#rýs     rý)@rWZ __future__rrr'Ú ImportErrorrXrLÚ collectionsrÚiorZzope.interface.verifyrZtwisted.pythonrZtwisted.python.compatrZtwisted.python.failurer Ztwisted.python.reflectr Ztwisted.trial.unittestr Ztwisted.python.filepathr Ztwisted.cred.checkersr Ztwisted.cred.credentialsrrrrZtwisted.cred.errorrrZtwisted.python.fakepwdrrZtwisted.test.test_processrrYZtwisted.conch.sshrZ twisted.conchrZtwisted.conch.errorrrZtwisted.conch.testrÚgetattrrŸrr[r r¯rÛrêrörÿÚ Exceptionrürýr"r"r"r#ÚsV               i6W83%T