def process_packet(self, data):
"""Handle an incoming SSH packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
self._kex.process_packet(pkttype, packet)
def test_packet(self):
"""Unit test SSH packet module"""
for encode, decode, values in self.tests:
for value, data in values:
data = codecs.decode(data, 'hex')
with self.subTest(msg='encode', value=value):
self.assertEqual(encode(value), data)
with self.subTest(msg='decode', data=data):
packet = SSHPacket(data)
decoded_value = decode(packet)
packet.check_end()
self.assertEqual(decoded_value, value)
self.assertEqual(packet.get_consumed_payload(), data)
self.assertEqual(packet.get_remaining_payload(), b'')
for encode, value, exc in self.encode_errors:
with self.subTest(msg='encode error', encode=encode, value=value):
with self.assertRaises(exc):
encode(value)
for decode, data in self.decode_errors:
with self.subTest(msg='decode error', data=data):
with self.assertRaises(PacketDecodeError):
packet = SSHPacket(codecs.decode(data, 'hex'))
decode(packet)
packet.check_end()
def process_packet(self, data):
"""Process an incoming packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
if pkttype == MSG_USERAUTH_FAILURE:
_ = packet.get_namelist()
partial_success = packet.get_boolean()
packet.check_end()
if partial_success: # pragma: no cover
# Partial success not implemented yet
self._auth.auth_succeeded()
else:
self._auth.auth_failed()
self._auth_waiter.set_result((False, self._password_changed))
self._auth = None
self._auth_waiter = None
elif pkttype == MSG_USERAUTH_SUCCESS:
packet.check_end()
self._auth.auth_succeeded()
self._auth_waiter.set_result((True, self._password_changed))
self._auth = None
self._auth_waiter = None
else:
self._auth.process_packet(pkttype, None, packet)
def process_packet(self, data):
"""Process an incoming packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
if pkttype == MSG_USERAUTH_FAILURE:
_ = packet.get_namelist()
partial_success = packet.get_boolean()
packet.check_end()
if partial_success: # pragma: no cover
# Partial success not implemented yet
self._auth.auth_succeeded()
else:
self._auth.auth_failed()
self._auth_waiter.set_result((False, self._password_changed))
self._auth = None
self._auth_waiter = None
elif pkttype == MSG_USERAUTH_SUCCESS:
packet.check_end()
self._auth.auth_succeeded()
self._auth_waiter.set_result((True, self._password_changed))
self._auth = None
self._auth_waiter = None
else:
try:
self._auth.process_packet(pkttype, packet)
except DisconnectError as exc:
self.connection_lost(exc)
def test_packet(self):
"""Unit test SSH packet module"""
for encode, decode, values in self.tests:
for value, data in values:
data = codecs.decode(data, 'hex')
with self.subTest(msg='encode', value=value):
self.assertEqual(encode(value), data)
with self.subTest(msg='decode', data=data):
packet = SSHPacket(data)
decoded_value = decode(packet)
packet.check_end()
self.assertEqual(decoded_value, value)
self.assertEqual(packet.get_consumed_payload(), data)
self.assertEqual(packet.get_remaining_payload(), b'')
for encode, value, exc in self.encode_errors:
with self.subTest(msg='encode error', encode=encode, value=value):
with self.assertRaises(exc):
encode(value)
for decode, data in self.decode_errors:
with self.subTest(msg='decode error', data=data):
with self.assertRaises(PacketDecodeError):
packet = SSHPacket(codecs.decode(data, 'hex'))
decode(packet)
packet.check_end()
def test_server_auth_methods(self):
"""Test server auth methods"""
with self.subTest('No auth methods'):
server_conn = _AuthServerStub()
self.assertEqual(get_server_auth_methods(server_conn), [])
server_conn.close()
with self.subTest('All auth methods'):
gss_host = '1' if gss_available else None
server_conn = _AuthServerStub(gss_host=gss_host,
public_key_auth=True,
password_auth=True, kbdint_auth=True)
if gss_available: # pragma: no branch
self.assertEqual(get_server_auth_methods(server_conn),
[b'gssapi-keyex', b'gssapi-with-mic',
b'publickey', b'keyboard-interactive',
b'password'])
else: # pragma: no cover
self.assertEqual(get_server_auth_methods(server_conn),
[b'publickey', b'keyboard-interactive',
b'password'])
server_conn.close()
with self.subTest('Unknown auth method'):
server_conn = _AuthServerStub()
self.assertEqual(lookup_server_auth(server_conn, 'user', b'xxx',
SSHPacket(b'')), None)
server_conn.close()
def test_handler(self):
"""Unit test SSH packet handler"""
class _TestPacketHandler(SSHPacketHandler):
"""Class for unit testing SSHPacketHandler"""
def _handler1(self, pkttype, packet):
"""Packet handler for unit testing"""
packet_handlers = {1: _handler1}
handler = _TestPacketHandler()
packet = SSHPacket(b'')
self.assertTrue(handler.process_packet(1, packet))
self.assertFalse(handler.process_packet(2, packet))
def process_packet(self, data):
"""Process an incoming packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
if pkttype == MSG_USERAUTH_REQUEST:
_ = packet.get_string() # username
_ = packet.get_string() # service
method = packet.get_string()
if self._auth:
self._auth.cancel()
if self._override_gss_mech:
self.send_packet(MSG_USERAUTH_GSSAPI_RESPONSE,
String('mismatch'))
elif self._override_pk_ok:
self.send_packet(MSG_USERAUTH_PK_OK, String(''), String(''))
else:
self._auth = lookup_server_auth(self, 'user', method, packet)
else:
self._auth.process_packet(pkttype, None, packet)
def process_packet(self, data):
"""Process an incoming packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
if pkttype == MSG_USERAUTH_REQUEST:
_ = packet.get_string() # username
_ = packet.get_string() # service
method = packet.get_string()
if self._auth:
self._auth.cancel()
if self._override_gss_mech:
self.send_packet(MSG_USERAUTH_GSSAPI_RESPONSE,
String('mismatch'))
elif self._override_pk_ok:
self.send_packet(MSG_USERAUTH_PK_OK, String(''), String(''))
else:
self._auth = lookup_server_auth(self, 'user', method, packet)
else:
self._auth.process_packet(pkttype, None, packet)
def communicate(self, request):
"""Process SSH key signing request"""
# pylint: disable=no-self-use
packet = SSHPacket(request)
request = packet.get_string()
packet.check_end()
packet = SSHPacket(request)
version = packet.get_byte()
_ = packet.get_uint32() # sock_fd
data = packet.get_string()
packet.check_end()
if version == 0:
return b'', b''
elif version == 1:
return b'', b'invalid request'
else:
skey = asyncssh.load_keypairs('skey')[0]
sig = skey.sign(data)
return String(Byte(KEYSIGN_VERSION) + String(sig)), b''
def process_packet(self, data):
"""Process an incoming packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
if pkttype == MSG_USERAUTH_REQUEST:
_ = packet.get_string() # username
_ = packet.get_string() # service
method = packet.get_string()
if self._auth:
self._auth.cancel()
if self._override_pk_ok:
self.send_packet(Byte(MSG_USERAUTH_PK_OK), String(''),
String(''))
else:
self._auth = lookup_server_auth(self, 'user', method, packet)
else:
try:
self._auth.process_packet(pkttype, packet)
except DisconnectError as exc:
self.connection_lost(exc)
def process_packet(self, data):
"""Process an incoming packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
if pkttype == MSG_USERAUTH_REQUEST:
_ = packet.get_string() # username
_ = packet.get_string() # service
method = packet.get_string()
if self._auth:
self._auth.cancel()
if self._override_pk_ok:
self.send_packet(Byte(MSG_USERAUTH_PK_OK),
String(''), String(''))
else:
self._auth = lookup_server_auth(self, 'user', method, packet)
else:
try:
self._auth.process_packet(pkttype, packet)
except DisconnectError as exc:
self.connection_lost(exc)
def test_handler(self):
"""Unit test SSH packet handler"""
class _TestPacketHandler(SSHPacketHandler):
"""Class for unit testing SSHPacketHandler"""
@property
def logger(self):
"""A logger associated with this packet handler"""
return logger
def _handler1(self, pkttype, pktid, packet):
"""Packet handler for unit testing"""
_packet_handlers = {
1: _handler1
}
handler = _TestPacketHandler()
packet = SSHPacket(b'')
self.assertTrue(handler.process_packet(1, 1, packet))
self.assertFalse(handler.process_packet(2, 2, packet))
def test_server_auth_methods(self):
"""Test server auth methods"""
with self.subTest('No auth methods'):
server_conn = _AuthServerStub()
self.assertEqual(get_server_auth_methods(server_conn), [])
server_conn.close()
with self.subTest('All auth methods'):
server_conn = _AuthServerStub(public_key_auth=True,
password_auth=True,
kbdint_auth=True)
self.assertEqual(
get_server_auth_methods(server_conn),
[b'publickey', b'keyboard-interactive', b'password'])
server_conn.close()
with self.subTest('Unknown auth method'):
server_conn = _AuthServerStub()
self.assertEqual(
lookup_server_auth(server_conn, 'user', b'xxx',
SSHPacket(b'')), None)
server_conn.close()
def process_packet(self, data):
"""Process an incoming packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
self._kex.process_packet(pkttype, None, packet)
def process_packet(self, data):
"""Process an incoming packet"""
packet = SSHPacket(data)
pkttype = packet.get_byte()
self._kex.process_packet(pkttype, None, packet)
def communicate(self, request):
"""Process SSH key signing request"""
# pylint: disable=no-self-use
packet = SSHPacket(request)
request = packet.get_string()
packet.check_end()
packet = SSHPacket(request)
version = packet.get_byte()
_ = packet.get_uint32() # sock_fd
data = packet.get_string()
packet.check_end()
if version == 0:
return b'', b''
elif version == 1:
return b'', b'invalid request'
else:
skey = asyncssh.load_keypairs('skey')[0]
sig = skey.sign(data)
return String(Byte(KEYSIGN_VERSION) + String(sig)), b''