HEX
Server: Apache
System: Linux scp1.abinfocom.com 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: confeduphaar (1010)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /lib/python3/dist-packages/twisted/conch/test/__pycache__/
Upload Files
File: //lib/python3/dist-packages/twisted/conch/test/__pycache__/test_checkers.cpython-38.pyc
U


W[
{�@sdZddlmZmZzddlZWnek
r8dZYnXdZddlZddlm	Z	ddl
mZddlm
Z
ddlmZdd	lmZdd
lmZddlmZddlmZdd
lmZddlmZddlmZmZmZm Z ddl!m"Z"m#Z#ddl$m%Z%m&Z&ddl'm(Z(ed��rPed��rPdZ)ddl*m+Z+ddl,m-Z-ddl.m/Z/m0Z0ddl1m2Z2ndZ)e3edd�dk�rldZ4ndZ4Gdd�de�Z5Gdd�de�Z6Gd d!�d!e�Z7Gd"d#�d#e�Z8Gd$d%�d%e�Z9Gd&d'�d'e�Z:Gd(d)�d)e�Z;e	d*d+g�Z<Gd,d-�d-e=�Z>Gd.d/�d/e�Z?dS)0z&
Tests for L{twisted.conch.checkers}.
�)�absolute_import�divisionNzcannot run without crypt module)�
namedtuple)�BytesIO)�verifyObject)�util)�_b64encodebytes)�Failure)�
requireModule)�TestCase)�FilePath)�'InMemoryUsernamePasswordDatabaseDontUse)�UsernamePassword�IUsernamePassword�
SSHPrivateKey�ISSHPrivateKey)�UnhandledCredentials�UnauthorizedLogin)�UserDatabase�ShadowDatabase)�MockOSZcryptographyZpyasn1)�keys)�checkers)�NotEnoughAuthentication�ValidPublicKey)�keydataz)can't run without cryptography and PyASN1�geteuidz0Cannot run without effective UIDs (questionable)c@sXeZdZdZepeZdd�Zdd�Zdd�Z	dd	�Z
d
d�Zdd
�Zdd�Z
dd�ZdS)�HelperTestszl
    Tests for helper functions L{verifyCryptedPassword}, L{_pwdGetByName} and
    L{_shadowGetByName}.
    cCst�|_dS�N)r�mockos��self�r"�B/usr/lib/python3/dist-packages/twisted/conch/test/test_checkers.py�setUp<szHelperTests.setUpcCs4d}d}t�||�}|�t�||�d||f�dS)z�
        L{verifyCryptedPassword} returns C{True} if the plaintext password
        passed to it matches the encrypted password passed to it.
        �
secret stringZsaltyz1%r supposed to be valid encrypted password for %rN��crypt�
assertTruer�verifyCryptedPassword�r!�password�salt�cryptedr"r"r#�test_verifyCryptedPassword@s
��z&HelperTests.test_verifyCryptedPasswordcCs4d}d}t�||�}|�t�||�d||f�dS)z�
        L{verifyCryptedPassword} returns True if the provided cleartext password
        matches the provided MD5 password hash.
        r+z$1$saltz1%r supposed to be valid encrypted password for %sNr&r*r"r"r#�test_verifyCryptedPasswordMD5Ns
��z)HelperTests.test_verifyCryptedPasswordMD5cCs4d}d}t�||�}|�t�||�d||f�dS)z�
        L{verifyCryptedPassword} returns C{False} if the plaintext password
        passed to it does not match the encrypted password passed to it.
        z
string secretr%z5%r not supposed to be valid encrypted password for %sN)r'�assertFalserr))r!r+�wrongr-r"r"r#�test_refuteCryptedPassword\s
��z&HelperTests.test_refuteCryptedPasswordc	CsFt�}|�ddddddd�|�td|�|�t�d�|�d��d	S)
z�
        L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd
        database if the L{pwd} module is present.
        �aliceZsecrit��z
first last�/foo�/bin/sh�pwdN)r�addUser�patchr�assertEqual�
_pwdGetByName�getpwnam�r!�userdbr"r"r#�test_pwdGetByNamejs��zHelperTests.test_pwdGetByNamecCs"|�tdd�|�t�d��dS)zW
        If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}.
        r8Nr3)r:r�assertIsNoner<r r"r"r#�test_pwdGetByNameWithoutPwdwsz'HelperTests.test_pwdGetByNameWithoutPwdcCs�t�}|�ddddddddd	�	|�td
|�d|j_d|j_|�td
|j�|�t�	d�|�
d��|�|jjddg�|�|jjddg�dS)z�
        L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow
        database if the L{spwd} is present.
        �bobZ
passphraser4r5������spwd�)	���osrN)
rr9r:rr�euid�egidrr;�_shadowGetByNameZgetspnam�seteuidCalls�setegidCallsr>r"r"r#�test_shadowGetByNames�z HelperTests.test_shadowGetByNamecCsB|�tdd�|�t�d��|�|jjg�|�|jjg�dS)zP
        L{_shadowGetByName} returns L{None} if C{spwd} is not present.
        rINrC)r:rrArOr;rrPrQr r"r"r#�test_shadowGetByNameWithoutSpwd�sz+HelperTests.test_shadowGetByNameWithoutSpwdN)�__name__�
__module__�__qualname__�__doc__�	cryptSkip�dependencySkip�skipr$r.r/r2r@rBrRrSr"r"r"r#r5s
rc@speZdZdZepeZdd�Zdd�Zdd�Z	dd	�Z
d
d�Zdd
�Zdd�Z
dd�Zdd�Zdd�Zdd�ZdS)�SSHPublicKeyDatabaseTestsz,
    Tests for L{SSHPublicKeyDatabase}.
    c	Cs�t��|_td�|_td�|_d|jd|jd|_t�|_t	|�
��|j_|jj��|�
td|j�|jj�d�|_|j��t�}|�dd	d
dd|jjjd
�||j_dS)N�foobar�eggspamst1 s foo
t2 s egg
rL�.ssh�user�passwordr4r5s
first last�
/bin/shell)r�SSHPublicKeyDatabase�checkerrZkey1Zkey2�contentrrr�mktemp�path�makedirsr:r�child�sshDirrr9Z_userdbr>r"r"r#r$�s.


�
�zSSHPublicKeyDatabaseTests.setUpcCsL|j|jgd�}|�|ddt�|�|ddd�|�t|�d�dS)zJ
        L{SSHPublicKeyDatabase} is deprecated as of version 15.0
        )ZoffendingFunctionsr�category�messagez�twisted.conch.checkers.SSHPublicKeyDatabase was deprecated in Twisted 15.0.0: Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.r4N)Z
flushWarningsr$r;�DeprecationWarning�len)r!Z
warningsShownr"r"r#�test_deprecated�s�
�z)SSHPublicKeyDatabaseTests.test_deprecatedcCsj|j�|��|j�tdd�}d|_|�|j�|��d|_|�|j�|��d|_|�	|j�|��dS)Nr_r`r\r]s
notallowed)
rirh�
setContentrdr�blobr(rc�checkKeyr0)r!�filename�userr"r"r#�
_testCheckKey�s
z'SSHPublicKeyDatabaseTests._testCheckKeycCs.|�d�|�|jjg�|�|jjg�dS)z�
        L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the
        authorized_keys file and check the keys against that file.
        �authorized_keysN�rtr;rrPrQr r"r"r#�
test_checkKey�s
z'SSHPublicKeyDatabaseTests.test_checkKeycCs.|�d�|�|jjg�|�|jjg�dS)z�
        L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the
        authorized_keys2 file and check the keys against that file.
        �authorized_keys2Nrvr r"r"r#�test_checkKey2�s
z(SSHPublicKeyDatabaseTests.test_checkKey2cs�|j�d����|j���d�|��jd�|jj���fdd�}d|j_d|j_	|�
|jd|�|�
td	|j�td
d�}d|_
|�|j�|��|�|jjdd
ddg�|�|jjddg�dS)z�
        If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should
        switch its uid/gid to the ones of the authenticated user.
        rur�cs��d��|�S)Nrz)�chmod)rM�ZkeyFileZsavedSeteuidr"r#�seteuid�s
z>SSHPublicKeyDatabaseTests.test_checkKeyAsRoot.<locals>.seteuidrJrKr}rLr_r`r\r4r5N)rirhrordr{Z
addCleanuprr}rMrNr:rrrpr(rcrqr;rPrQ)r!r}rsr"r|r#�test_checkKeyAsRoot�s

z-SSHPublicKeyDatabaseTests.test_checkKeyAsRootcs\dd�}���jd|�tddtjdtj�tj��	d��}�j�
|�}�fdd�}|�|�S)	z�
        L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id
        passed in if its C{_checkKey} method returns True.
        cSsdS�NTr"�Zignoredr"r"r#�	_checkKeyszASSHPublicKeyDatabaseTests.test_requestAvatarId.<locals>._checkKeyrq�test�ssh-rsa�foocs��|d�dS�Nr��r;�ZavatarIdr r"r#�_verifysz?SSHPublicKeyDatabaseTests.test_requestAvatarId.<locals>._verify)r:rcrr�publicRSA_opensshr�Key�
fromString�privateRSA_openssh�sign�requestAvatarId�addCallback)r!r��credentials�dr�r"r r#�test_requestAvatarIds�z.SSHPublicKeyDatabaseTests.test_requestAvatarIdcCsBdd�}|�|jd|�tddtjdd�}|j�|�}|�|t�S)a(
        L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey}
        if the credentials represent a valid key without a signature.  This
        tells the user that the key is valid for login, but does not actually
        allow that user to do so without a signature.
        cSsdSrr"r�r"r"r#r�szQSSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignature.<locals>._checkKeyrqr�r�N)r:rcrrr�r��
assertFailurer�r!r�r�r�r"r"r#�$test_requestAvatarIdWithoutSignatures�z>SSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignaturecCs0dd�}|�|jd|�|j�d�}|�|t�S)z�
        If L{SSHPublicKeyDatabase.checkKey} returns False,
        C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}.
        cSsdS�NFr"r�r"r"r#r�)szKSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey.<locals>._checkKeyrqN)r:rcr�r�r)r!r�r�r"r"r#�test_requestAvatarIdInvalidKey$sz8SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKeycCsRdd�}|�|jd|�tddtjdtj�tj��	d��}|j�
|�}|�|t�S)z�
        Valid keys with invalid signatures should cause
        L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin}
        failure
        cSsdSrr"r�r"r"r#r�6szQSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature.<locals>._checkKeyrqr�r�r�)
r:rcrrr�rr�r��privateDSA_opensshr�r�r�rr�r"r"r#�$test_requestAvatarIdInvalidSignature0s�z>SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignaturecsVdd�}���jd|�tddddd�}�j�|�}�fd	d
�}|�|���|t�S)z~
        Exceptions raised while verifying the key should be normalized into an
        C{UnauthorizedLogin} failure.
        cSsdSrr"r�r"r"r#r�EszSSSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.<locals>._checkKeyrqr�NsblobssigDatassigcs ��tj�}��t|�d�|S)Nr4)�flushLoggedErrorsr�BadKeyErrorr;rm)Zfailure�errorsr r"r#�_verifyLoggedExceptionJsz`SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.<locals>._verifyLoggedException)r:rcrr�Z
addErrbackr�r)r!r�r�r�r�r"r r#�&test_requestAvatarIdNormalizeException@s
z@SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeExceptionN)rTrUrVrW�euidSkiprYrZr$rnrtrwryr~r�r�r�r�r�r"r"r"r#r[�s

r[c@sDeZdZdZeZdd�Zdd�Zdd�Zdd	�Z	d
d�Z
dd
�ZdS)�SSHProtocolCheckerTestsz*
    Tests for L{SSHProtocolChecker}.
    cCsLt��}|�|jg�|�t���|�|jtg�|�|jttj�dS)z�
        L{SSHProcotolChecker.registerChecker} should add the given checker to
        the list of registered checkers.
        N)r�SSHProtocolCheckerr;�credentialInterfaces�registerCheckerrbr�assertIsInstance�r!rcr"r"r#�test_registerCheckerZs�z,SSHProtocolCheckerTests.test_registerCheckercCsNt��}|�|jg�|�t��t�|�|jtg�|�|jttj�dS)z�
        If a specific interface is passed into
        L{SSHProtocolChecker.registerChecker}, that interface should be
        registered instead of what the checker specifies in
        credentialIntefaces.
        N)rr�r;r�r�rbrr�r�r"r"r#�!test_registerCheckerWithInterfacegs
��z9SSHProtocolCheckerTests.test_registerCheckerWithInterfacecsJt��}t�}|�dd�|�|�|�tdd��}�fdd�}|�|�S)z�
        L{SSHProtocolChecker.requestAvatarId} should defer to one if its
        registered checkers to authenticate a user.
        r�cs��|d�dSr�r�r�r r"r#�	_callback�sz?SSHProtocolCheckerTests.test_requestAvatarId.<locals>._callback)rr�r
r9r�r�rr�)r!rc�passwordDatabaser�r�r"r r#r�ws
z,SSHProtocolCheckerTests.test_requestAvatarIdcCsVt��}dd�}|�|d|�t�}|�dd�|�|�|�tdd��}|�|t	�S)z�
        If the client indicates that it is never satisfied, by always returning
        False from _areDone, then L{SSHProtocolChecker} should raise
        L{NotEnoughAuthentication}.
        cSsdSr�r"r�r"r"r#�_areDone�szYSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentication.<locals>._areDone�areDoner�)
rr�r:r
r9r�r�rr�r)r!rcr�r�r�r"r"r#�/test_requestAvatarIdWithNotEnoughAuthentication�s
zGSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthenticationcCs$t��}|�tdd��}|�|t�S)z�
        If the passed credentials aren't handled by any registered checker,
        L{SSHProtocolChecker} should raise L{UnhandledCredentials}.
        r�)rr�r�rr�r)r!rcr�r"r"r#�%test_requestAvatarIdInvalidCredential�sz=SSHProtocolCheckerTests.test_requestAvatarIdInvalidCredentialcCs|�t���d��dS)zV
        The default L{SSHProcotolChecker.areDone} should simply return True.
        N)r(rr�r�r r"r"r#�test_areDone�sz$SSHProtocolCheckerTests.test_areDoneN)rTrUrVrWrYrZr�r�r�r�r�r�r"r"r"r#r�Ss

r�c@s`eZdZdZepeZdd�Zdd�Zdd�Z	dd	�Z
d
d�Zdd
�Zdd�Z
dd�Zdd�ZdS)�UNIXPasswordDatabaseTestsz,
    Tests for L{UNIXPasswordDatabase}.
    cCsPg}|�|j�|�t|�dd�t|dt�r<|d��|�|d|�dS)a�
        Assert that the L{Deferred} passed in is called back with the value
        'username'.  This represents a valid login for this TestCase.

        NOTE: To work, this method's return value must be returned from the
        test method, or otherwise hooked up to the test machinery.

        @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method.
        @type d: L{Deferred}
        @rtype: L{Deferred}
        r4zlogin incompleterN)ZaddBoth�appendr;rm�
isinstancer	ZraiseException)r!r��username�resultr"r"r#�assertLoggedIn�sz(UNIXPasswordDatabaseTests.assertLoggedIncCs<t��}dd�}t�}|�d|dd�ddddd	�|�d
ddddd
d	�t�}|�ddddddddd�	|�d
|d
d�ddddddd�	|�td|�|�td|�t�}|�td|�d|_d|_	t
d d!�}|�|�|�d �|�
|jg�|�
|jg�d"|_|�|�|�d"�|�
|jd#dg�|�
|jd#dg�d$S)%z�
        L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
        and then the C{spwd} database.
        cSs t�||�}t�|d|�}|S)Nz$1$)r')r�r+r,r-r"r"r#r-�sz?UNIXPasswordDatabaseTests.test_defaultCheckers.<locals>.cryptedr3r+r4r5�foor6r7rC�x�bar�/barr1rDrErFrGrH��	�
���
�r8rIrLrJrK�alicer`�bobrN)r�UNIXPasswordDatabaserr9rr:rrrMrNrr�r�r;rPrQr�)r!rcr-r8rIr�credr"r"r#�test_defaultCheckers�sH��
z.UNIXPasswordDatabaseTests.test_defaultCheckerscCs|�tj|j|d�dS)a�
        Asserts that the L{Deferred} passed in is erred back with an
        L{UnauthorizedLogin} L{Failure}.  This reprsents an invalid login for
        this TestCase.

        NOTE: To work, this method's return value must be returned from the
        test method, or otherwise hooked up to the test machinery.

        @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method.
        @type d: L{Deferred}
        @rtype: L{None}
        zbogus valueN)ZassertRaisesrrr��r!r�r"r"r#�assertUnauthorizedLogin�s
�z1UNIXPasswordDatabaseTests.assertUnauthorizedLoginc	CsRt�dd�}t�}|�d|ddddd�t�|jg�}|�|�tdd	��d�d
S)zo
        L{UNIXPasswordDatabase} takes a list of functions to check for UNIX
        user information.
        ZsecretZanybodyr4r5r�r�r7sanybodyssecretN)	r'rr9rr�r=r�r�r)r!r+r?rcr"r"r#�test_passInCheckers�s�z-UNIXPasswordDatabaseTests.test_passInCheckerscCsJdd�}dd�}|�td|�t�|g�}tdd�}|�|�|�d�dS)z�
        If the encrypted password provided by the getpwnam function is valid
        (verified by the L{verifyCryptedPassword} function), we callback the
        C{requestAvatarId} L{Deferred} with the username.
        cSs||kSrr"�r-Zpwr"r"r#r)szLUNIXPasswordDatabaseTests.test_verifyPassword.<locals>.verifyCryptedPasswordcSs||gSrr"�r�r"r"r#r=sz?UNIXPasswordDatabaseTests.test_verifyPassword.<locals>.getpwnamr)�usernameN�r:rr�rr�r��r!r)r=rc�
credentialr"r"r#�test_verifyPasswords
z-UNIXPasswordDatabaseTests.test_verifyPasswordcCs2dd�}t�|g�}tdd�}|�|�|��dS)z}
        If the getpwnam function raises a KeyError, the login fails with an
        L{UnauthorizedLogin} exception.
        cSst|��dSr)�KeyErrorr�r"r"r#r=!sz?UNIXPasswordDatabaseTests.test_failOnKeyError.<locals>.getpwnamr�N)rr�rr�r�)r!r=rcr�r"r"r#�test_failOnKeyErrors
z-UNIXPasswordDatabaseTests.test_failOnKeyErrorcCsHdd�}dd�}|�td|�t�|g�}tdd�}|�|�|��dS)z�
        If the verifyCryptedPassword function doesn't verify the password, the
        login fails with an L{UnauthorizedLogin} exception.
        cSsdSr�r"r�r"r"r#r)-szOUNIXPasswordDatabaseTests.test_failOnBadPassword.<locals>.verifyCryptedPasswordcSs||gSrr"r�r"r"r#r=/szBUNIXPasswordDatabaseTests.test_failOnBadPassword.<locals>.getpwnamr)r�N)r:rr�rr�r�r�r"r"r#�test_failOnBadPassword(s
z0UNIXPasswordDatabaseTests.test_failOnBadPasswordcCsTdd�}dd�}dd�}|�td|�t�||g�}tdd�}|�|�|�d�d	S)
a
        UNIXPasswordDatabase.requestAvatarId loops through each getpwnam
        function associated with it and returns a L{Deferred} which fires with
        the result of the first one which returns a value other than None.
        ones do not verify the password.
        cSs||kSrr"r�r"r"r#r)>szRUNIXPasswordDatabaseTests.test_loopThroughFunctions.<locals>.verifyCryptedPasswordcSs|dgS)Nznot the passwordr"r�r"r"r#�	getpwnam1@szFUNIXPasswordDatabaseTests.test_loopThroughFunctions.<locals>.getpwnam1cSs||gSrr"r�r"r"r#�	getpwnam2BszFUNIXPasswordDatabaseTests.test_loopThroughFunctions.<locals>.getpwnam2r)r�Nr�)r!r)r�r�rcr�r"r"r#�test_loopThroughFunctions7s
z3UNIXPasswordDatabaseTests.test_loopThroughFunctionsc	Cs�t�}|�ddddddd�|�ddddddd�|�d	d
ddddd�|�td|�t�tjg�}tdd
�}|�|�|��tdd�}|�|�|��tdd�}|�|�|��dS)z�
        If the password returned by any function is C{""}, C{"x"}, or C{"*"} it
        is not compared against the supplied password.  Instead it is skipped.
        r3�r4r5r�r�rCr�Zcarol�*r8r��r��xscarol�*N)	rr9r:rr�r<rr�r�)r!r8rcr�r"r"r#�test_failOnSpecialJs


z,UNIXPasswordDatabaseTests.test_failOnSpecialN)rTrUrVrWrXrYrZr�r�r�r�r�r�r�r�r�r"r"r"r#r��s)r�c@s,eZdZdZeZdd�Zdd�Zdd�ZdS)	�AuthorizedKeyFileReaderTestsz5
    Tests for L{checkers.readAuthorizedKeyFile}
    cCs0td�}t�|dd��}|�ddgt|��dS)zg
        L{checkers.readAuthorizedKeyFile} does not attempt to turn comments
        into keys
        sE# this comment is ignored
this is not
# this is again
and this is notcSs|Srr"�r�r"r"r#�<lambda>qr�zCAuthorizedKeyFileReaderTests.test_ignoresComments.<locals>.<lambda>sthis is notsand this is notN�rrZreadAuthorizedKeyFiler;�list�r!�fileobjr�r"r"r#�test_ignoresCommentshsz1AuthorizedKeyFileReaderTests.test_ignoresCommentscCs0td�}tj|dd�d�}|�dgt|��dS)zw
        L{checkers.readAuthorizedKeyFile} ignores leading whitespace in
        lines, as well as empty lines
        sg
                           # ignore
                           not ignored
                           cSs|Srr"r�r"r"r#r�~r�zYAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLines.<locals>.<lambda>�ZparseKeysnot ignoredNr�r�r"r"r#�*test_ignoresLeadingWhitespaceAndEmptyLinesuszGAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLinescCs4dd�}td�}tj||d�}|�dgt|��dS)z�
        L{checkers.readAuthorizedKeyFile} does not raise an exception
        when a key fails to parse (raises a
        L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going
        cSs|�d�rt�d��|S)N�fzfailed to parse)�
startswithrr�)�liner"r"r#�
failOnSome�s

zKAuthorizedKeyFileReaderTests.test_ignoresUnparsableKeys.<locals>.failOnSomesfailed key
good keyr�sgood keyNr�)r!r�r�r�r"r"r#�test_ignoresUnparsableKeys�s�z7AuthorizedKeyFileReaderTests.test_ignoresUnparsableKeysN)	rTrUrVrWrYrZr�r�r�r"r"r"r#r�as


r�c@s,eZdZdZeZdd�Zdd�Zdd�ZdS)	�InMemorySSHKeyDBTestsz0
    Tests for L{checkers.InMemorySSHKeyDB}
    cCs t�ddgi�}ttj|�dS)z_
        L{checkers.InMemorySSHKeyDB} implements
        L{checkers.IAuthorizedKeysDB}
        r�skeyN)r�InMemorySSHKeyDBr�IAuthorizedKeysDB�r!�keydbr"r"r#�test_implementsInterface�sz.InMemorySSHKeyDBTests.test_implementsInterfacecCs*t�ddgi�}|�gt|�d���dS)z�
        If the user is not in the mapping provided to
        L{checkers.InMemorySSHKeyDB}, an empty iterator is returned
        by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys}
        r�skeysr�N�rr�r;r��getAuthorizedKeysr�r"r"r#�test_noKeysForUnauthorizedUser�sz4InMemorySSHKeyDBTests.test_noKeysForUnauthorizedUsercCs0t�dddgi�}|�ddgt|�d���dS)z�
        If the user is in the mapping provided to
        L{checkers.InMemorySSHKeyDB}, an iterator with all the keys
        is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys}
        r��a�bNr�r�r"r"r#�test_allKeysForAuthorizedUser�sz3InMemorySSHKeyDBTests.test_allKeysForAuthorizedUserN)	rTrUrVrWrYrZr�r�r�r"r"r"r#r��s
	
r�c@sDeZdZdZeZdd�Zdd�Zdd�Zdd	�Z	d
d�Z
dd
�ZdS)�UNIXAuthorizedKeysFilesTestsz8
    Tests for L{checkers.UNIXAuthorizedKeysFiles}.
    c	Cs~t�}t|���|_|j��t�|_|j�ddddd|jjd�|j�d�|_	|j	��|j	�d�}|�
d	�d
dg|_dS)Nr�r`r4r5salice lastnamerar^ruskey 1
key 2skey 1skey 2)rrrerfrgrr?r9rhriro�expectedKeys)r!rZauthorizedKeysr"r"r#r$�s
�

z"UNIXAuthorizedKeysFilesTests.setUpcCst�|j�}ttj|�dS)zg
        L{checkers.UNIXAuthorizedKeysFiles} implements
        L{checkers.IAuthorizedKeysDB}.
        N)r�UNIXAuthorizedKeysFilesr?rr�r�r"r"r#r��sz5UNIXAuthorizedKeysFilesTests.test_implementsInterfacecCs.tj|jdd�d�}|�gt|�d���dS)z�
        If the user is not in the user database provided to
        L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned
        by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}.
        cSs|Srr"r�r"r"r#r��r�zMUNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUser.<locals>.<lambda>r�rCN)rr�r?r;r�r�r�r"r"r#r��s�z;UNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUsercCsH|j�d��d�tj|jdd�d�}|�|jdgt|�	d���dS)a
        If the user is in the user database provided to
        L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in
        C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned
        by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}.
        rxskey 3cSs|Srr"r�r"r"r#r��r�z`UNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUser.<locals>.<lambda>r�r�N)
rirhrorr�r?r;r�r�r�r�r"r"r#�1test_allKeysInAllAuthorizedFilesForAuthorizedUser�s��zNUNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUsercCs0tj|jdd�d�}|�|jt|�d���dS)z�
        L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only
        the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2}
        if they exist.
        cSs|Srr"r�r"r"r#r��r�zJUNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFile.<locals>.<lambda>r�r�N)rr�r?r;r�r�r�r�r"r"r#�test_ignoresNonexistantFile�s��z8UNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFilecCs@|j�d���tj|jdd�d�}|�|jt|�	d���dS)z�
        L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only
        the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2}
        if they are readable.
        rxcSs|Srr"r�r"r"r#r�r�zIUNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile.<locals>.<lambda>r�r�N)
rirhrgrr�r?r;r�r�r�r�r"r"r#�test_ignoresUnreadableFile�s��z7UNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFileN)rTrUrVrWrYrZr$r�r�r�r�r�r"r"r"r#r��s	r�ZKeyDBr�c@seZdZdZdS)�_DummyExceptionz0
    Fake exception to be used for testing.
    N)rTrUrVrWr"r"r"r#r�sr�c@sLeZdZdZeZdd�Zdd�Zdd�Zdd	�Z	d
d�Z
dd
�Zdd�ZdS)�SSHPublicKeyCheckerTestsz4
    Tests for L{checkers.SSHPublicKeyChecker}.
    cCsDtddtjdtj�tj��d��|_t	dd��|_
t�|j
�|_
dS)Nr�r�r�cSstj�tj�gSr)rr�r�rr�)�_r"r"r#r�$s�z0SSHPublicKeyCheckerTests.setUp.<locals>.<lambda>)rrr�rr�r�r�r�r��_KeyDBr�rZSSHPublicKeyCheckerrcr r"r"r#r$ s�zSSHPublicKeyCheckerTests.setUpcCs"d|j_|�|j�|j�t�dS)z�
        Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with
        credentials that do not have a signature fails with L{ValidPublicKey}.
        N)r��	signature�failureResultOfrcr�rr r"r"r#� test_credentialsWithoutSignature)s�z9SSHPublicKeyCheckerTests.test_credentialsWithoutSignaturecCs$d|j_|�|j�|j�tj�dS)z�
        Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with
        credentials that have a bad key fails with L{keys.BadKeyError}.
        r�N)r�rprrcr�rr�r r"r"r#�test_credentialsWithBadKey3s�z3SSHPublicKeyCheckerTests.test_credentialsWithBadKeycCs$tj|j_|�|j�|j�t�dS)z�
        If L{checkers.IAuthorizedKeysDB.getAuthorizedKeys} returns no keys
        that match the credentials,
        L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with
        L{UnauthorizedLogin}.
        N)rZpublicDSA_opensshr�rprrcr�rr r"r"r#�test_credentialsNoMatchingKey=s
�z6SSHPublicKeyCheckerTests.test_credentialsNoMatchingKeycCs2tj�tj��d�|j_|�|j	�
|j�t�dS)z�
        Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with
        credentials that are incorrectly signed fails with
        L{UnauthorizedLogin}.
        r�N)rr�r�rr�r�r�rrrcr�rr r"r"r#� test_credentialsInvalidSignatureIs
��z9SSHPublicKeyCheckerTests.test_credentialsInvalidSignaturecCs<dd�}|�tjd|�|�|j�|j�t�|�t	�dS)z�
        If L{keys.Key.verify} raises an exception,
        L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with
        L{UnauthorizedLogin}.
        c_s
t��dSr)r�)�args�kwargsr"r"r#�fail[sz?SSHPublicKeyCheckerTests.test_failureVerifyingKey.<locals>.failZverifyN)
r:rr�rrcr�r�rr�r�)r!rr"r"r#�test_failureVerifyingKeyUs�z1SSHPublicKeyCheckerTests.test_failureVerifyingKeycCs$|j�|j�}|�d|�|��dS)zu
        L{checker.SSHPublicKeyChecker.requestAvatarId}, if successful,
        callbacks with the username.
        r�N)rcr�r�r;ZsuccessResultOfr�r"r"r#�test_usernameReturnedOnSuccessesz7SSHPublicKeyCheckerTests.test_usernameReturnedOnSuccessN)
rTrUrVrWrYrZr$rrrrr	r
r"r"r"r#r�s	

r�)@rWZ
__future__rrr'�ImportErrorrXrL�collectionsr�iorZzope.interface.verifyrZtwisted.pythonrZtwisted.python.compatrZtwisted.python.failurer	Ztwisted.python.reflectr
Ztwisted.trial.unittestrZtwisted.python.filepathrZtwisted.cred.checkersr
Ztwisted.cred.credentialsrrrrZtwisted.cred.errorrrZtwisted.python.fakepwdrrZtwisted.test.test_processrrYZtwisted.conch.sshrZ
twisted.conchrZtwisted.conch.errorrrZtwisted.conch.testr�getattrr�rr[r�r�r�r�r�r��	Exceptionr�r�r"r"r"r#�<module>sV
i6W83%T
@ Telegram