def test_multiple_authorizedkeys_file_multiuser(self, m_getpwnam): fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby') m_getpwnam.return_value = fpw user_ssh_folder = "%s/.ssh" % fpw.pw_dir # /tmp/home2/bobby/.ssh/authorized_keys2 = rsa authorized_keys = self.tmp_path('authorized_keys2', dir=user_ssh_folder) util.write_file(authorized_keys, VALID_CONTENT['rsa']) # /tmp/home2/bobby/.ssh/user_keys3 = dsa user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder) util.write_file(user_keys, VALID_CONTENT['dsa']) fpw2 = FakePwEnt(pw_name='suzie', pw_dir='/tmp/home/suzie') user_ssh_folder = "%s/.ssh" % fpw2.pw_dir # /tmp/home/suzie/.ssh/authorized_keys2 = [email protected] authorized_keys2 = self.tmp_path('authorized_keys2', dir=user_ssh_folder) util.write_file(authorized_keys2, VALID_CONTENT['*****@*****.**']) # /tmp/etc/ssh/authorized_keys = ecdsa authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys2', dir="/tmp") util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa']) # /tmp/sshd_config sshd_config = self.tmp_path('sshd_config', dir="/tmp") util.write_file( sshd_config, "AuthorizedKeysFile %s %%h/.ssh/authorized_keys2 %s" % (authorized_keys_global, user_keys)) # process first user (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual(user_keys, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content) self.assertTrue(VALID_CONTENT['ecdsa'] in content) self.assertTrue(VALID_CONTENT['dsa'] in content) self.assertFalse(VALID_CONTENT['*****@*****.**'] in content) m_getpwnam.return_value = fpw2 # process second user (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw2.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual(authorized_keys2, auth_key_fn) self.assertTrue(VALID_CONTENT['*****@*****.**'] in content) self.assertTrue(VALID_CONTENT['ecdsa'] in content) self.assertTrue(VALID_CONTENT['dsa'] in content) self.assertFalse(VALID_CONTENT['rsa'] in content)
def test_multiple_authorizedkeys_file_local_global2(self, m_getpwnam): fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby') m_getpwnam.return_value = fpw user_ssh_folder = "%s/.ssh" % fpw.pw_dir # /tmp/home2/bobby/.ssh/authorized_keys2 = rsa authorized_keys = self.tmp_path('authorized_keys2', dir=user_ssh_folder) util.write_file(authorized_keys, VALID_CONTENT['rsa']) # /tmp/home2/bobby/.ssh/user_keys3 = dsa user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder) util.write_file(user_keys, VALID_CONTENT['dsa']) # /tmp/etc/ssh/authorized_keys = ecdsa authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys', dir="/tmp") util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa']) # /tmp/sshd_config sshd_config = self.tmp_path('sshd_config', dir="/tmp") util.write_file( sshd_config, "AuthorizedKeysFile %s %s %s" % (authorized_keys_global, authorized_keys, user_keys)) (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual(user_keys, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content) self.assertTrue(VALID_CONTENT['ecdsa'] in content) self.assertTrue(VALID_CONTENT['dsa'] in content)
def execute_and_check( self, user, sshd_config, solution, keys, delete_keys=True ): (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( user, sshd_config ) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content) self.assertFalse(VALID_CONTENT['dsa'] in content)
def test_new_keys_replace(self): """new entries with the same base64 should replace old.""" orig_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))] new_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ] expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n' parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries]) self.assertEqual(expected, found)
def test_new_keys_replace(self): """new entries with the same base64 should replace old.""" orig_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))] new_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ] expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n' parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries]) self.assertEqual(expected, found)
def test_new_invalid_keys_are_ignored(self): """new entries that are invalid should be skipped.""" orig_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), ' '.join( ('dsa', VALID_CONTENT['dsa'], 'orig_comment2')) ] new_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), 'xxx-invalid-thing1', 'xxx-invalid-blob2' ] expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n' parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries]) self.assertEqual(expected, found)
def test_new_invalid_keys_are_ignored(self): """new entries that are invalid should be skipped.""" orig_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))] new_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), 'xxx-invalid-thing1', 'xxx-invalid-blob2' ] expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n' parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries]) self.assertEqual(expected, found)
def test_multiple_authorizedkeys_file_global(self, m_getpwnam): fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby') m_getpwnam.return_value = fpw # /tmp/etc/ssh/authorized_keys = rsa authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys', dir="/tmp") util.write_file(authorized_keys_global, VALID_CONTENT['rsa']) # /tmp/sshd_config sshd_config = self.tmp_path('sshd_config') util.write_file(sshd_config, "AuthorizedKeysFile %s" % (authorized_keys_global)) (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content)
def test_new_keys_replace(self): """new entries with the same base64 should replace old.""" orig_entries = [ " ".join(("rsa", VALID_CONTENT["rsa"], "orig_comment1")), " ".join(("dsa", VALID_CONTENT["dsa"], "orig_comment2")), ] new_entries = [ " ".join(("rsa", VALID_CONTENT["rsa"], "new_comment1")), ] expected = "\n".join([new_entries[0], orig_entries[1]]) + "\n" parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries], ) self.assertEqual(expected, found)
def test_multiple_authorizedkeys_file_order2(self, m_getpwnam): fpw = FakePwEnt(pw_name='suzie', pw_dir='/home/suzie') m_getpwnam.return_value = fpw authorized_keys = self.tmp_path('authorized_keys') util.write_file(authorized_keys, VALID_CONTENT['rsa']) user_keys = self.tmp_path('user_keys') util.write_file(user_keys, VALID_CONTENT['dsa']) sshd_config = self.tmp_path('sshd_config') util.write_file( sshd_config, "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys)) (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( fpw.pw_name, sshd_config) content = ssh_util.update_authorized_keys(auth_key_entries, []) self.assertEqual(user_keys, auth_key_fn) self.assertTrue(VALID_CONTENT['rsa'] in content) self.assertTrue(VALID_CONTENT['dsa'] in content)
def test_new_invalid_keys_are_ignored(self): """new entries that are invalid should be skipped.""" orig_entries = [ " ".join(("rsa", VALID_CONTENT["rsa"], "orig_comment1")), " ".join(("dsa", VALID_CONTENT["dsa"], "orig_comment2")), ] new_entries = [ " ".join(("rsa", VALID_CONTENT["rsa"], "new_comment1")), "xxx-invalid-thing1", "xxx-invalid-blob2", ] expected = "\n".join([new_entries[0], orig_entries[1]]) + "\n" parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries], ) self.assertEqual(expected, found)