def test_no_keys_for_unauthorized_user(self): """ If the user is not in the user database provided to L{UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{UNIXAuthorizedKeysFiles.getAuthorizedKeys} """ keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x) self.assertEqual([], list(keydb.getAuthorizedKeys('bob')))
def test_ignores_nonexistant_file(self): """ L{AuthorizedKeysFilesMapping.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist """ keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x) self.assertEqual(['key 1', 'key 2'], list(keydb.getAuthorizedKeys('alice')))
def test_ignores_unreadable_file(self): """ L{AuthorizedKeysFilesMapping.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable """ self.sshDir.child('authorized_keys2').makedirs() keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x, runas=None) self.assertEqual(['key 1', 'key 2'], list(keydb.getAuthorizedKeys('alice')))
def test_all_keys_in_all_authorized_files_for_authorized_user(self): """ If the user is in the user database provided to L{UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{UNIXAuthorizedKeysFiles.getAuthorizedKeys} """ self.sshDir.child('authorized_keys2').setContent('key 3') keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x) self.assertEqual(['key 1', 'key 2', 'key 3'], list(keydb.getAuthorizedKeys('alice')))
def test_opens_unreadable_file_as_user_given_runas(self): """ L{AuthorizedKeysFilesMapping.getAuthorizedKeys}, if unable to read an C{authorized_keys} file, will attempt to open it as the user """ self.sshDir.child('authorized_keys2').makedirs() def runas(uid, gid, callable): self.assertEqual((1, 2), (uid, gid)) return StringIO('key 3') keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x, runas=runas) self.assertEqual(['key 1', 'key 2', 'key 3'], list(keydb.getAuthorizedKeys('alice')))
def makeService(self, options): """ Construct a TCPServer from a factory defined in myproject. """ _portal = portal.Portal( essftp.EssFTPRealm(essftp.FilePath(options['root']).path), options.get('credCheckers', [SSHPublicKeyChecker(UNIXAuthorizedKeysFiles())])) if options['keyDirectory']: factory = OpenSSHFactory() factory.portal = _portal factory.dataRoot = options['keyDirectory'] factory.moduliRoot = options['moduli'] else: factory = ConchFactory(_portal) return internet.TCPServer(int(options["port"]), factory)
def test_implements_interface(self): """ L{AuthorizedKeysFilesMapping} implements L{IAuthorizedKeysDB} """ keydb = UNIXAuthorizedKeysFiles(self.userdb) verifyObject(IAuthorizedKeysDB, keydb)