def setUp(self, authentication=False):
"This will launch InterceptorPB and provide a client connected to it."
# Launch a client in a disconnected state
# it will be connected on demand through the self.ipb_connect() method
self.ipb_client = InterceptorPBProxy()
yield ProvisionWithoutInterceptorPB.setUp(self)
# Initiating config objects without any filename
# will lead to setting defaults and that's what we
# need to run the tests
InterceptorPBConfigInstance = InterceptorPBConfig()
# Launch the interceptor server
pbInterceptor_factory = InterceptorPB()
pbInterceptor_factory.setConfig(InterceptorPBConfigInstance)
# Configure portal
p = portal.Portal(JasminPBRealm(pbInterceptor_factory))
if not authentication:
p.registerChecker(AllowAnonymousAccess())
else:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser("test_user", md5("test_password").digest())
p.registerChecker(c)
jPBPortalRoot = JasminPBPortalRoot(p)
self.pbInterceptor_server = reactor.listenTCP(0, pb.PBServerFactory(jPBPortalRoot))
self.pbInterceptor_port = self.pbInterceptor_server.getHost().port
def setUp(self, authentication = False):
# Initiating config objects without any filename
# will lead to setting defaults and that's what we
# need to run the tests
self.RouterPBConfigInstance = RouterPBConfig()
# Launch the router server
self.pbRoot_f = RouterPB()
# Mock callbacks
# will be used for assertions
self.pbRoot_f.bill_request_submit_sm_resp_callback = mock.Mock(wraps = self.pbRoot_f.bill_request_submit_sm_resp_callback)
self.pbRoot_f.deliver_sm_callback = mock.Mock(wraps = self.pbRoot_f.deliver_sm_callback)
self.pbRoot_f.setConfig(self.RouterPBConfigInstance)
p = portal.Portal(JasminPBRealm(self.pbRoot_f))
if not authentication:
p.registerChecker(AllowAnonymousAccess())
else:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser('test_user', md5('test_password').digest())
p.registerChecker(c)
jPBPortalRoot = JasminPBPortalRoot(p)
self.PBServer = reactor.listenTCP(0, pb.PBServerFactory(jPBPortalRoot))
self.pbPort = self.PBServer.getHost().port
def startRouterPBService(self):
"Start Router PB server"
RouterPBConfigInstance = RouterPBConfig(self.options['config'])
self.components['router-pb-factory'] = RouterPB()
self.components['router-pb-factory'].setConfig(RouterPBConfigInstance)
# Set authentication portal
p = portal.Portal(JasminPBRealm(self.components['router-pb-factory']))
if RouterPBConfigInstance.authentication:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser(RouterPBConfigInstance.admin_username,
RouterPBConfigInstance.admin_password)
p.registerChecker(c)
else:
p.registerChecker(AllowAnonymousAccess())
jPBPortalRoot = JasminPBPortalRoot(p)
# Add service
self.components['router-pb-server'] = reactor.listenTCP(
RouterPBConfigInstance.port,
pb.PBServerFactory(jPBPortalRoot),
interface=RouterPBConfigInstance.bind)
# AMQP Broker is used to listen to deliver_sm/dlr queues
return self.components['router-pb-factory'].addAmqpBroker(self.components['amqp-broker-factory'])
def setUp(self):
yield SMPPClientTestCases.setUp(self)
# Init SMPPServerPB
SMPPServerPBConfigInstance = SMPPServerPBConfig()
SMPPServerPBInstance = SMPPServerPB(SMPPServerPBConfigInstance)
SMPPServerPBInstance.addSmpps(self.smpps_factory)
p = portal.Portal(JasminPBRealm(SMPPServerPBInstance))
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser('smppsadmin', md5('smppspwd').digest())
p.registerChecker(c)
jPBPortalRoot = JasminPBPortalRoot(p)
self.SMPPServerPBInstanceServer = reactor.listenTCP(SMPPServerPBConfigInstance.port,
pb.PBServerFactory(jPBPortalRoot))
# Init SMPPServerPBClient and connect it to SMPPServerPB
SMPPServerPBClientConfigInstance = SMPPServerPBClientConfig()
self.SMPPServerPBProxyInstance = SMPPServerPBProxy()
yield self.SMPPServerPBProxyInstance.connect(
SMPPServerPBClientConfigInstance.host,
SMPPServerPBClientConfigInstance.port,
SMPPServerPBClientConfigInstance.username,
SMPPServerPBClientConfigInstance.password,
retry=False)
# Lower the timeout config to pass the timeout tests quickly
self.DLRThrower.config.timeout = 2
self.DLRThrower.config.retry_delay = 1
self.DLRThrower.config.max_retries = 2
# Most important thing:
# Swap default direct smpps access to perspectivebroker smpps access:
self.DLRThrower.addSmpps(self.SMPPServerPBProxyInstance)
def manhole_factory(namespace, username, password):
"""
Produces a factory object which can be used to listen for telnet
connections to the manhole.
"""
assert isinstance(namespace, dict)
assert isinstance(username, STRING_TYPES)
assert isinstance(password, STRING_TYPES)
assert TelnetRealm.NAMESPACE is None, "namespace already set"
# TODO: we should try to use the system to authorize users instead
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser(username, password)
# Setup the namespace
namespace = namespace.copy()
namespace.setdefault("pp", pprint)
namespace.setdefault("show", show)
realm = TelnetRealm()
TelnetRealm.NAMESPACE = namespace
portal = Portal(realm, [checker])
factory = ServerFactory()
factory.protocol = TransportProtocolFactory(portal)
return factory
def startSMPPClientManagerPBService(self):
"Start SMPP Client Manager PB server"
SMPPClientPBConfigInstance = SMPPClientPBConfig(self.options["config"])
self.components["smppcm-pb-factory"] = SMPPClientManagerPB()
self.components["smppcm-pb-factory"].setConfig(SMPPClientPBConfigInstance)
# Set authentication portal
p = portal.Portal(JasminPBRealm(self.components["smppcm-pb-factory"]))
if SMPPClientPBConfigInstance.authentication:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser(SMPPClientPBConfigInstance.admin_username, SMPPClientPBConfigInstance.admin_password)
p.registerChecker(c)
else:
p.registerChecker(AllowAnonymousAccess())
jPBPortalRoot = JasminPBPortalRoot(p)
# Add service
self.components["smppcm-pb-server"] = reactor.listenTCP(
SMPPClientPBConfigInstance.port,
pb.PBServerFactory(jPBPortalRoot),
interface=SMPPClientPBConfigInstance.bind,
)
# AMQP Broker is used to listen to submit_sm queues and publish to deliver_sm/dlr queues
self.components["smppcm-pb-factory"].addAmqpBroker(self.components["amqp-broker-factory"])
self.components["smppcm-pb-factory"].addRedisClient(self.components["rc"])
def create_portal(a):
"""I'm responsible for creating the authenticated portal"""
realm = AggregatorRealm(a)
portal = Portal(realm)
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser(version.apiversion, a.getPassword())
portal.registerChecker(checker)
return portal
def main():
from twisted.cred.portal import Portal
from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("benchmark", "benchmark")
portal.registerChecker(checker)
reactor.listenTCP(8787, pb.PBServerFactory(portal))
reactor.run()
def StartServices(username,password):
from md5 import md5
password = md5(password).digest()
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser(username,password)
portal.registerChecker(checker)
reactor.listenTCP(7001,pb.PBServerFactory(portal))
def StartServices():
#fire up the World Stuff
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
from md5 import md5
password = md5("daemon").digest()
for x in range(0,100):
checker.addUser(str(x), password)
portal.registerChecker(checker)
reactor.listenTCP(7000,pb.PBServerFactory(portal))
def main():
from twisted.internet import reactor
from twisted.cred.portal import Portal
from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "guest")
portal.registerChecker(checker)
reactor.listenTCP(pb.portno, pb.PBServerFactory(portal))
reactor.run()
def main():
"""
Start the AMP server and the reactor.
"""
startLogging(stdout)
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("testuser", "examplepass")
realm = AdditionRealm()
factory = CredAMPServerFactory(Portal(realm, [checker]))
reactor.listenTCP(7805, factory)
reactor.run()
class WrapResourceTestCase(TestCase):
def setUp(self):
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser("joe", "blow")
def test_wrapResourceWeb(self):
from twisted.web.resource import IResource, Resource
root = Resource()
wrapped = wrapResource(root, [self.checker])
self.assertTrue(IResource.providedBy(wrapped))
def setUp(self):
ch1 = InMemoryUsernamePasswordDatabaseDontUse()
ch2 = InMemoryUsernamePasswordDatabaseDontUse()
self.cach = CascadingChecker()
ch1.addUser('foo', 'bar')
ch1.addUser('boo', 'far')
ch2.addUser('for', 'bao')
self.cach.registerChecker(ch1)
self.cach.registerChecker(ch2)
def setup():
from twisted.internet import reactor
from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "password")
portal.registerChecker(checker)
reactor.listenTCP(7777, ConsoleSMTPFactory(portal))
def setServiceParent(self, parent):
service.MultiService.setServiceParent(self, parent)
portal = Portal(PbRealm(parent))
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "guest")
portal.registerChecker(checker)
s = strports.service("unix:%s" % self.socket, pb.PBServerFactory(portal))
s.setServiceParent(self)
def test_setupSiteWithProtectedHook(self):
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "password")
self.svc.setupSite(self.makeConfig(change_hook_dialects={"base": True}, change_hook_auth=[checker]))
site = self.svc.site
# check that it has the right kind of resources attached to its
# root
root = site.resource
req = mock.Mock()
self.assertIsInstance(root.getChildWithDefault("change_hook", req), HTTPAuthSessionWrapper)
def __init__(self, port=8787):
BaseService.__init__(self)
boiler = None
portal = Portal(PbRealm(boiler))
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "guest")
portal.registerChecker(checker)
service = strports.service("tcp:%d" % port, pb.PBServerFactory(portal))
service.setServiceParent(self)
def StartServices(callback):
global IMPCONNECTED_CALLBACK
IMPCONNECTED_CALLBACK = callback
# fire up the World Stuff
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
from md5 import md5
password = md5("imp").digest()
for x in range(0, 100):
checker.addUser(str(x), password)
portal.registerChecker(checker)
reactor.listenTCP(7005, pb.PBServerFactory(portal))
def test_requestAvatarId(self):
"""
L{SSHProtocolChecker.requestAvatarId} should defer to one if its
registered checkers to authenticate a user.
"""
checker = SSHProtocolChecker()
passwordDatabase = InMemoryUsernamePasswordDatabaseDontUse()
passwordDatabase.addUser('test', 'test')
checker.registerChecker(passwordDatabase)
d = checker.requestAvatarId(UsernamePassword('test', 'test'))
def _callback(avatarId):
self.assertEquals(avatarId, 'test')
return d.addCallback(_callback)
def protectResource(resource, accessKey, secretKey, realm=None):
from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
from twisted.web.guard import HTTPAuthSessionWrapper
from twisted.cred.portal import Portal
portal_realm = _SingleResourceRealm(resource)
cred_checker = InMemoryUsernamePasswordDatabaseDontUse()
cred_checker.addUser(accessKey, secretKey)
portal = Portal(portal_realm, [cred_checker])
cred_factory = AuthHMACCredentialFactory(realm or 'twoost-app')
return HTTPAuthSessionWrapper(portal, [cred_factory])
def main():
from twisted.application import internet
from twisted.application import service
portal = Portal(SimpleRealm())
# initiate a simple checker
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "password")
portal.registerChecker(checker)
a = service.Application("Console SMTP Server")
internet.TCPServer(2500, ConsoleSMTPFactory(portal)).setServiceParent(a)
return a
def setUp(self):
self.service_calls = []
self.encoder = pdu_encoding.PDUEncoder()
self.smpp_config = SMPPServerConfig(msgHandler=self._serviceHandler,
systems={'userA': {"max_bindings": 2}}
)
portal = Portal(self.SmppRealm())
credential_checker = InMemoryUsernamePasswordDatabaseDontUse()
credential_checker.addUser('userA', 'valid')
portal.registerChecker(credential_checker)
self.factory = SMPPServerFactory(self.smpp_config, auth_portal=portal)
self.proto = self.factory.buildProtocol(('127.0.0.1', 0))
self.tr = proto_helpers.StringTransport()
self.proto.makeConnection(self.tr)
def test_requestAvatarIdWithNotEnoughAuthentication(self):
"""
If the client indicates that it is never satisfied, by always returning
False from _areDone, then L{SSHProtocolChecker} should raise
L{NotEnoughAuthentication}.
"""
checker = SSHProtocolChecker()
def _areDone(avatarId):
return False
self.patch(checker, 'areDone', _areDone)
passwordDatabase = InMemoryUsernamePasswordDatabaseDontUse()
passwordDatabase.addUser('test', 'test')
checker.registerChecker(passwordDatabase)
d = checker.requestAvatarId(UsernamePassword('test', 'test'))
return self.assertFailure(d, NotEnoughAuthentication)
def new_restricted_server_resource(app, dhcp_request_processing_service,
credentials, realm_name=REALM_NAME):
"""Create and return a new server resource that will be accessible only
if the given credentials are present in the HTTP requests.
credentials is a (username, password) tuple.
"""
server_resource = ServerResource(app, dhcp_request_processing_service)
pwd_checker = InMemoryUsernamePasswordDatabaseDontUse()
pwd_checker.addUser(*credentials)
realm = _SimpleRealm(server_resource)
portal = Portal(realm, [pwd_checker])
credentialFactory = DigestCredentialFactory('MD5', realm_name)
wrapper = HTTPAuthSessionWrapper(portal, [credentialFactory])
return wrapper
def setUp(self, authentication = False):
# Initiating config objects without any filename
# will lead to setting defaults and that's what we
# need to run the tests
self.SMPPClientPBConfigInstance = SMPPClientPBConfig()
self.SMPPClientPBConfigInstance.authentication = authentication
AMQPServiceConfigInstance = AmqpConfig()
AMQPServiceConfigInstance.reconnectOnConnectionLoss = False
# Launch AMQP Broker
self.amqpBroker = AmqpFactory(AMQPServiceConfigInstance)
self.amqpBroker.preConnect()
self.amqpClient = reactor.connectTCP(AMQPServiceConfigInstance.host, AMQPServiceConfigInstance.port, self.amqpBroker)
# Wait for AMQP Broker connection to get ready
yield self.amqpBroker.getChannelReadyDeferred()
# Launch the client manager server
pbRoot = SMPPClientManagerPB()
pbRoot.setConfig(self.SMPPClientPBConfigInstance)
yield pbRoot.addAmqpBroker(self.amqpBroker)
p = portal.Portal(JasminPBRealm(pbRoot))
if not authentication:
p.registerChecker(AllowAnonymousAccess())
else:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser('test_user', md5('test_password').digest())
p.registerChecker(c)
jPBPortalRoot = JasminPBPortalRoot(p)
self.PBServer = reactor.listenTCP(0, pb.PBServerFactory(jPBPortalRoot))
self.pbPort = self.PBServer.getHost().port
# Launch the router server
self.RouterPBInstance = RouterPB()
self.RouterPBInstance.setConfig(RouterPBConfig())
pbRoot.addRouterPB(self.RouterPBInstance)
# Default SMPPClientConfig
defaultSMPPClientId = '001-testconnector'
self.defaultConfig = SMPPClientConfig(id=defaultSMPPClientId,
username='******',
reconnectOnConnectionFailure=True,
port=9002,
)
def get_service(self):
"""
Creates a service object that can be used by twistd init code to start the server
"""
realm = ClusterRealm()
realm.server = self
# create security - Twisted does not support ssh in the pb so were doing our
# own authentication until it is implmented, leaving in the memory
# checker just so we dont have to rip out the authentication code
from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser('master','1234')
p = portal.Portal(realm, [checker])
factory = pb.PBServerFactory(p)
return internet.TCPServer(self.port, factory)
def runConcurrentThread(self):
port = int(self.pluginPrefs.get('smtpPort', '2525'))
user = self.pluginPrefs.get('smtpUser', 'guest')
password = self.pluginPrefs.get('smtpPassword', 'password')
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser(user, password)
portal.registerChecker(checker)
try:
self.smtpFactory = MySMTPFactory(portal)
self.listeningPort = reactor.listenTCP(port, self.smtpFactory)
reactor.run()
except self.StopThread:
pass # Optionally catch the StopThread exception and do any needed cleanup.
def __init__(self, config):
self._config = config
self._emails = deque([])
self._authorisedHelo = config.get("AuthorisedHosts", ["127.0.0.1"])
self.noisy = config.get("LogNoisy", True)
self.portal = Portal(SimpleRealm(self))
if self._config.get("Authentication", False):
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "password")
print "Checking Authentication"
else:
checker = AllowAnonymousAccess()
print "Allowing anonymous access"
self.portal.registerChecker(checker)
def setUp(self, authentication = False):
# Initiating config objects without any filename
# will lead to setting defaults and that's what we
# need to run the tests
self.InterceptorPBConfigInstance = InterceptorPBConfig()
self.InterceptorPBConfigInstance.authentication = authentication
# Launch the interceptor pb server
pbRoot = InterceptorPB()
pbRoot.setConfig(self.InterceptorPBConfigInstance)
p = portal.Portal(JasminPBRealm(pbRoot))
if not authentication:
p.registerChecker(AllowAnonymousAccess())
else:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser('test_user', md5('test_password').digest())
p.registerChecker(c)
jPBPortalRoot = JasminPBPortalRoot(p)
self.IPBServer = reactor.listenTCP(0, pb.PBServerFactory(jPBPortalRoot))
self.ipbPort = self.IPBServer.getHost().port
# Test fixtures
self.SubmitSMPDU = SubmitSM(
source_addr='20203060',
destination_addr='20203060',
short_message='MT hello world',
)
self.DeliverSMPDU = DeliverSM(
source_addr='20203060',
destination_addr='20203060',
short_message='MO hello world',
)
self.connector = Connector('abc')
self.user = User(1, Group(100), 'username', 'password')
# Routables fixtures
self.routable_simple = SimpleRoutablePDU(self.connector, self.SubmitSMPDU, self.user, datetime.now())
# Scripts fixtures
self.script_generic = InterceptorScript('somevar = "something in MOIS"')
self.script_3_second = InterceptorScript('import time;time.sleep(3)')
self.script_syntax_error = InterceptorScript('somevar = sssss')
self.script_http_status = InterceptorScript('http_status = 404')
self.script_smpp_status = InterceptorScript('smpp_status = 64')
def setUp(self):
self.service_calls = []
self.clock = task.Clock()
self.encoder = pdu_encoding.PDUEncoder()
self.smpp_config = SMPPServerConfig(msgHandler=self._serviceHandler,
systems={'userA': {"max_bindings": 2}},
enquireLinkTimerSecs=0.1,
responseTimerSecs=0.1
)
portal = Portal(self.SmppRealm())
credential_checker = InMemoryUsernamePasswordDatabaseDontUse()
credential_checker.addUser('userA', 'valid')
portal.registerChecker(credential_checker)
self.factory = SMPPServerFactory(self.smpp_config, auth_portal=portal)
self.proto = self.factory.buildProtocol(('127.0.0.1', 0))
self.proto.callLater = self.clock.callLater
self.tr = proto_helpers.StringTransport()
self.proto.makeConnection(self.tr)
def main():
from twisted.application import internet
from twisted.application import service
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "password")
portal.registerChecker(checker)
a = service.Application("Console SMTP Server")
internet.TCPServer(2500, ConsoleSMTPFactory(portal)).setServiceParent(a)
# Tell the reactor to just totally stop in a few seconds.
WAIT_TIME = 10
reactor.callLater(WAIT_TIME, reactor.stop)
# OK, configure is complete.
return a
def generateChecker(self, argstring):
"""
This checker factory expects to get a list of
username:password pairs, with each pair also separated by a
colon. For example, the string 'alice:f:bob:g' would generate
two users, one named 'alice' and one named 'bob'.
"""
checker = InMemoryUsernamePasswordDatabaseDontUse()
if argstring:
pieces = argstring.split(":")
if len(pieces) % 2:
from twisted.cred.strcred import InvalidAuthArgumentString
raise InvalidAuthArgumentString("argstring must be in format U:P:...")
for i in range(0, len(pieces), 2):
username, password = pieces[i], pieces[i + 1]
checker.addUser(username, password)
return checker
def test_requestAvatarIdWithNotEnoughAuthentication(self):
"""
If the client indicates that it is never satisfied, by always returning
False from _areDone, then L{SSHProtocolChecker} should raise
L{NotEnoughAuthentication}.
"""
checker = checkers.SSHProtocolChecker()
def _areDone(avatarId):
return False
self.patch(checker, 'areDone', _areDone)
passwordDatabase = InMemoryUsernamePasswordDatabaseDontUse()
passwordDatabase.addUser('test', 'test')
checker.registerChecker(passwordDatabase)
d = checker.requestAvatarId(UsernamePassword('test', 'test'))
return self.assertFailure(d, NotEnoughAuthentication)
def setUp(self, authentication=False):
# Initiating config objects without any filename
# will lead to setting defaults and that's what we
# need to run the tests
self.SMPPClientPBConfigInstance = SMPPClientPBConfig()
self.SMPPClientPBConfigInstance.authentication = authentication
AMQPServiceConfigInstance = AmqpConfig()
AMQPServiceConfigInstance.reconnectOnConnectionLoss = False
# Launch AMQP Broker
self.amqpBroker = AmqpFactory(AMQPServiceConfigInstance)
self.amqpBroker.preConnect()
self.amqpClient = reactor.connectTCP(AMQPServiceConfigInstance.host,
AMQPServiceConfigInstance.port,
self.amqpBroker)
# Wait for AMQP Broker connection to get ready
yield self.amqpBroker.getChannelReadyDeferred()
# Launch the client manager server
pbRoot = SMPPClientManagerPB()
pbRoot.setConfig(self.SMPPClientPBConfigInstance)
yield pbRoot.addAmqpBroker(self.amqpBroker)
p = portal.Portal(JasminPBRealm(pbRoot))
if not authentication:
p.registerChecker(AllowAnonymousAccess())
else:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser('test_user', md5('test_password').digest())
p.registerChecker(c)
jPBPortalRoot = JasminPBPortalRoot(p)
self.PBServer = reactor.listenTCP(0, pb.PBServerFactory(jPBPortalRoot))
self.pbPort = self.PBServer.getHost().port
# Default SMPPClientConfig
defaultSMPPClientId = '001-testconnector'
self.defaultConfig = SMPPClientConfig(
id=defaultSMPPClientId,
username='******',
reconnectOnConnectionFailure=True,
port=9002,
)
def setupProtectedResource(self, resource_obj):
class SimpleRealm(object):
"""
A realm which gives out L{ChangeHookResource} instances for authenticated
users.
"""
implements(IRealm)
def requestAvatar(self, avatarId, mind, *interfaces):
if resource.IResource in interfaces:
return (resource.IResource, resource_obj, lambda: None)
raise NotImplementedError()
login, password = self.change_hook_auth
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser(login, password)
portal = Portal(SimpleRealm(), [checker])
credentialFactory = guard.BasicCredentialFactory('Protected area')
wrapper = guard.HTTPAuthSessionWrapper(portal, [credentialFactory])
return wrapper
def setUp(self, authentication=False):
SMPPServerTestCases.setUp(self)
# Initiating config objects without any filename
self.SMPPServerPBConfigInstance = SMPPServerPBConfig()
self.SMPPServerPBConfigInstance.authentication = authentication
# Launch the SMPPServerPB
pbRoot = SMPPServerPB(self.SMPPServerPBConfigInstance)
pbRoot.addSmpps(self.smpps_factory)
p = portal.Portal(JasminPBRealm(pbRoot))
if not authentication:
p.registerChecker(AllowAnonymousAccess())
else:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser('test_user', md5('test_password').digest())
p.registerChecker(c)
jPBPortalRoot = JasminPBPortalRoot(p)
self.PBServer = reactor.listenTCP(0, pb.PBServerFactory(jPBPortalRoot))
self.pbPort = self.PBServer.getHost().port
def startInterceptorPBService(self):
"""Start Interceptor PB server"""
InterceptorPBConfigInstance = InterceptorPBConfig(self.options['config'])
self.components['interceptor-pb-factory'] = InterceptorPB(InterceptorPBConfigInstance)
# Set authentication portal
p = portal.Portal(JasminPBRealm(self.components['interceptor-pb-factory']))
if InterceptorPBConfigInstance.authentication:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser(InterceptorPBConfigInstance.admin_username,
InterceptorPBConfigInstance.admin_password)
p.registerChecker(c)
else:
p.registerChecker(AllowAnonymousAccess())
jPBPortalRoot = JasminPBPortalRoot(p)
# Add service
self.components['interceptor-pb-server'] = reactor.listenTCP(
InterceptorPBConfigInstance.port,
pb.PBServerFactory(jPBPortalRoot),
interface=InterceptorPBConfigInstance.bind)
def startSMPPClientManagerPBService(self):
"Start SMPP Client Manager PB server"
SMPPClientPBConfigInstance = SMPPClientPBConfig(self.options['config'])
self.components['smppcm-pb-factory'] = SMPPClientManagerPB()
self.components['smppcm-pb-factory'].setConfig(
SMPPClientPBConfigInstance)
# Set authentication portal
p = portal.Portal(JasminPBRealm(self.components['smppcm-pb-factory']))
if SMPPClientPBConfigInstance.authentication:
c = InMemoryUsernamePasswordDatabaseDontUse()
c.addUser(SMPPClientPBConfigInstance.admin_username,
SMPPClientPBConfigInstance.admin_password)
p.registerChecker(c)
else:
p.registerChecker(AllowAnonymousAccess())
jPBPortalRoot = JasminPBPortalRoot(p)
# Add service
self.components['smppcm-pb-server'] = reactor.listenTCP(
SMPPClientPBConfigInstance.port,
pb.PBServerFactory(jPBPortalRoot),
interface=SMPPClientPBConfigInstance.bind)
# AMQP Broker is used to listen to submit_sm queues and publish to deliver_sm/dlr queues
self.components['smppcm-pb-factory'].addAmqpBroker(
self.components['amqp-broker-factory'])
self.components['smppcm-pb-factory'].addRedisClient(
self.components['rc'])
self.components['smppcm-pb-factory'].addRouterPB(
self.components['router-pb-factory'])
# Add interceptor if enabled:
if 'interceptor-pb-client' in self.components:
self.components['smppcm-pb-factory'].addInterceptorPBClient(
self.components['interceptor-pb-client'])
def __init__(self, map, total_players):
import player
players = [player.PlayerCacheable(i) for i in range(total_players)]
import game
self.game = game.Game(players=players, server=self)
map.setup()
self.game.set_map(map)
self.ai_players = []
from twisted.cred.portal import Portal
from twisted.cred.checkers import (
AllowAnonymousAccess,
InMemoryUsernamePasswordDatabaseDontUse,
)
portal = Portal(RequestClientRealm(self))
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "guest")
# checker = AllowAnonymousAccess()
portal.registerChecker(checker)
self.listening_port = reactor.listenTCP(pb.portno,
pb.PBServerFactory(portal))
def main():
realm = TradeRealm()
realm.server = TradeEngine(realm)
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "guest")
checker.addUser("admin","123")
checker.addUser("0017aca","1")
checker.addUser('0017cac','1')
portal = Portal(realm, [checker])
factory = pb.PBServerFactory(portal)
reactor.listenTCP(pb.portno, factory)
reactor.run()
# Start update loop
update_stats = task.LoopingCall(websock_update)
update_stats.start(FREQUENCY)
# Connect to fne_core
report_client = reportClientFactory()
reactor.connectTCP(FNEMON_IP, FNEMON_PORT, report_client)
# Create websocket server to push content to clients
dashboard_server = dashboardFactory('ws://*:9000')
dashboard_server.protocol = dashboard
reactor.listenTCP(9000, dashboard_server)
# Start activity update loop
update_act = task.LoopingCall(gen_activity)
update_act.start(ACT_FREQUENCY)
siteResource = File('./webroot')
passwd_db = InMemoryUsernamePasswordDatabaseDontUse()
passwd_db.addUser(HTACCESS_USER, HTACCESS_PASS)
portal = Portal(publicHTMLRealm(), [passwd_db])
resource = HTTPAuthSessionWrapper(portal, [BasicCredentialFactory('auth')])
# Create static web server to push initial index.html
website = Site(resource)
reactor.listenTCP(WEB_SERVER_PORT, website)
reactor.run()
def init():
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("foobar", "2c03333fd2e55480e4685cb7d9dd3ee2ef1357bb")
portal.registerChecker(checker)
reactor.listenTCP(25, SMTPFactory(portal))
class SoledadSessionTestCase(unittest.TestCase):
"""
Tests adapted from for
L{twisted.web.test.test_httpauth.HTTPAuthSessionWrapper}.
"""
def makeRequest(self, *args, **kwargs):
request = DummyRequest(*args, **kwargs)
request.path = '/'
return request
def setUp(self):
self.username = b'foo bar'
self.password = b'bar baz'
self.avatarContent = b"contents of the avatar resource itself"
self.childName = b"foo-child"
self.childContent = b"contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Data(self.avatarContent, 'text/plain')
self.avatar.putChild(self.childName,
Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.wrapper = SoledadSession(self.portal)
def _authorizedTokenLogin(self, request):
authorization = b64encode(self.username + b':' + self.password)
request.requestHeaders.addRawHeader(b'authorization',
b'Token ' + authorization)
return getChildForRequest(self.wrapper, request)
def test_getChildWithDefault(self):
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEqual(request.responseCode, 401)
d.addCallback(cbFinished)
request.render(child)
return d
def _invalidAuthorizationTest(self, response):
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization', response)
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEqual(request.responseCode, 401)
d.addCallback(cbFinished)
request.render(child)
return d
def test_getChildWithDefaultUnauthorizedUser(self):
return self._invalidAuthorizationTest(b'Basic ' +
b64encode(b'foo:bar'))
def test_getChildWithDefaultUnauthorizedPassword(self):
return self._invalidAuthorizationTest(b'Basic ' +
b64encode(self.username +
b':bar'))
def test_getChildWithDefaultUnrecognizedScheme(self):
return self._invalidAuthorizationTest(b'Quux foo bar baz')
def test_getChildWithDefaultAuthorized(self):
request = self.makeRequest([self.childName])
child = self._authorizedTokenLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(request.written, [self.childContent])
d.addCallback(cbFinished)
request.render(child)
return d
def test_renderAuthorized(self):
# Request it exactly, not any of its children.
request = self.makeRequest([])
child = self._authorizedTokenLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(request.written, [self.avatarContent])
d.addCallback(cbFinished)
request.render(child)
return d
def test_decodeRaises(self):
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization',
b'Token decode should fail')
child = getChildForRequest(self.wrapper, request)
self.assertIsInstance(child, UnauthorizedResource)
def test_parseResponse(self):
basicAuthorization = b'Basic abcdef123456'
self.assertEqual(self.wrapper._parseHeader(basicAuthorization), None)
tokenAuthorization = b'Token abcdef123456'
self.assertEqual(self.wrapper._parseHeader(tokenAuthorization),
b'abcdef123456')
def test_unexpectedDecodeError(self):
class UnexpectedException(Exception):
pass
class BadFactory(object):
scheme = b'bad'
def getChallenge(self, client):
return {}
def decode(self, response, request):
print("decode raised")
raise UnexpectedException()
self.wrapper._credentialFactory = BadFactory()
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization', b'Bad abc')
child = getChildForRequest(self.wrapper, request)
request.render(child)
self.assertEqual(request.responseCode, 500)
errors = self.flushLoggedErrors(UnexpectedException)
self.assertEqual(len(errors), 1)
def test_unexpectedLoginError(self):
class UnexpectedException(Exception):
pass
class BrokenChecker(object):
credentialInterfaces = (IUsernamePassword, )
def requestAvatarId(self, credentials):
raise UnexpectedException()
self.portal.registerChecker(BrokenChecker())
request = self.makeRequest([self.childName])
child = self._authorizedTokenLogin(request)
request.render(child)
self.assertEqual(request.responseCode, 500)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
def getObjshPortal(protocol_class, acl_options):
realm = ObjshRealm(protocol_class)
portal = cred_portal.Portal(realm)
# ssh client's public key
sshclient_pubkey_folders = acl_options.get('client_publickeys')
if sshclient_pubkey_folders:
del acl_options['client_publickeys']
client_keydb = {}
loaded_folders = []
for sshclient_pubkey_folder in sshclient_pubkey_folders:
if sshclient_pubkey_folder in loaded_folders: continue
if not os.path.exists(sshclient_pubkey_folder): continue
loaded_folders.append(sshclient_pubkey_folder)
for file in os.listdir(sshclient_pubkey_folder):
username, ext = os.path.splitext(file)
if username.startswith('.') or ext != '.pub': continue
try:
client_keydb[username].append(
ssh_keys.Key.fromFile(
os.path.join(sshclient_pubkey_folder, file)))
log.msg('load key-based ssh user ' + username)
except KeyError:
try:
client_keydb[username] = [
ssh_keys.Key.fromFile(
os.path.join(sshclient_pubkey_folder, file))
]
log.msg('load key-based ssh user ' + username)
except ssh_keys.BadKeyError:
log.msg('Warning! failed to load sshkey of ' +
username)
sshDB = SSHPublicKeyChecker(InMemorySSHKeyDB(client_keydb))
# this should register to portal to make it work
portal.registerChecker(sshDB)
# username, password based authentication
cascading_checker = CascadingChecker()
for acl_name, acl_settings in acl_options.items():
if acl_settings['kind'] == 'LDAP':
if LDAPBindingChecker is None:
log.msg(
'Warning: package ldaptor is not installed, LDAP authentication ignored'
)
continue
#basedn = 'dc=example,dc=com'
basedn = acl_settings['basedn']
query = '(%s=%%(name)s)' % acl_settings['uid_attrname']
cfg = ldaptor_config.LDAPConfig(basedn, {
basedn: (acl_settings['host'], acl_settings.get('port', 389))
}, None, query)
checker = LDAPBindingChecker(acl_settings['uid_attrname'], cfg)
cascading_checker.registerChecker(checker)
elif acl_settings['kind'] == 'PAM':
# system accounts
cascading_checker.registerChecker(
PamPasswordDatabase(acl_settings['usernames'],
acl_settings['username_prefix']))
elif acl_settings['kind'] == 'IN_MEMORY_ACCOUNTS':
# in memory accounts
passwdDB = InMemoryUsernamePasswordDatabaseDontUse()
for username, password in acl_settings.get('accounts', {}).items():
username = username.strip() # do not allow empty username
password = password.strip() # do not allow empty password
if password and username:
passwdDB.addUser(username, password)
log.msg('Warning! in memory account: %s' % (username))
cascading_checker.registerChecker(passwdDB)
else:
raise ValueError('Acl kind of %s is unknown' % acl_name)
portal.registerChecker(cascading_checker)
return portal
return defer.fail(failure.Failure(ewords.NoSuchUser(name)))
else:
return defer.succeed(user)
def lookupGroup(self, name):
assert isinstance(name, unicode)
name = name.lower()
try:
group = self.groups[name]
except KeyError:
return defer.fail(failure.Failure(ewords.NoSuchGroup(name)))
else:
return defer.succeed(group)
if __name__ == '__main__':
from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
realm = InMemoryWordsRealm('localhost')
realm.addGroup(Group('testing123'))
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser('testuser1', 'testpassword')
checker.addUser('testuser2', 'testpassword')
p = portal.Portal(realm, [checker])
factory = IRCFactory(realm, p)
factory.protocol = IRCUser
reactor.listenTCP(6667, factory)
reactor.run()
return text
def perspective_error(self):
raise DefinedError("exception!")
def logout(self):
print self, "logged out"
class SimpleRealm:
implements(IRealm)
def requestAvatar(self, avatarId, mind, *interfaces):
if pb.IPerspective in interfaces:
avatar = SimplePerspective()
return pb.IPerspective, avatar, avatar.logout
else:
raise NotImplementedError("no interface")
if __name__ == '__main__':
from twisted.internet import reactor
from twisted.cred.portal import Portal
from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
portal = Portal(SimpleRealm())
checker = InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser("guest", "guest")
portal.registerChecker(checker)
reactor.listenTCP(pb.portno, pb.PBServerFactory(portal))
reactor.run()
class HTTPAuthHeaderTests(unittest.TestCase):
"""
Tests for L{HTTPAuthSessionWrapper}.
"""
makeRequest = DummyRequest
def setUp(self):
"""
Create a realm, portal, and L{HTTPAuthSessionWrapper} to use in the tests.
"""
self.username = b'foo bar'
self.password = b'bar baz'
self.avatarContent = b"contents of the avatar resource itself"
self.childName = b"foo-child"
self.childContent = b"contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Data(self.avatarContent, 'text/plain')
self.avatar.putChild(self.childName,
Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.credentialFactories = []
self.wrapper = HTTPAuthSessionWrapper(self.portal,
self.credentialFactories)
def _authorizedBasicLogin(self, request):
"""
Add an I{basic authorization} header to the given request and then
dispatch it, starting from C{self.wrapper} and returning the resulting
L{IResource}.
"""
authorization = b64encode(self.username + b':' + self.password)
request.requestHeaders.addRawHeader(b'authorization',
b'Basic ' + authorization)
return getChildForRequest(self.wrapper, request)
def test_getChildWithDefault(self):
"""
Resource traversal which encounters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} instance when the request does
not have the required I{Authorization} headers.
"""
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEqual(request.responseCode, 401)
d.addCallback(cbFinished)
request.render(child)
return d
def _invalidAuthorizationTest(self, response):
"""
Create a request with the given value as the value of an
I{Authorization} header and perform resource traversal with it,
starting at C{self.wrapper}. Assert that the result is a 401 response
code. Return a L{Deferred} which fires when this is all done.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization', response)
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEqual(request.responseCode, 401)
d.addCallback(cbFinished)
request.render(child)
return d
def test_getChildWithDefaultUnauthorizedUser(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with a user which does not exist.
"""
return self._invalidAuthorizationTest(b'Basic ' +
b64encode(b'foo:bar'))
def test_getChildWithDefaultUnauthorizedPassword(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with a user which exists and the wrong
password.
"""
return self._invalidAuthorizationTest(b'Basic ' +
b64encode(self.username +
b':bar'))
def test_getChildWithDefaultUnrecognizedScheme(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with an unrecognized scheme.
"""
return self._invalidAuthorizationTest(b'Quux foo bar baz')
def test_getChildWithDefaultAuthorized(self):
"""
Resource traversal which encounters an L{HTTPAuthSessionWrapper}
results in an L{IResource} which renders the L{IResource} avatar
retrieved from the portal when the request has a valid I{Authorization}
header.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(request.written, [self.childContent])
d.addCallback(cbFinished)
request.render(child)
return d
def test_renderAuthorized(self):
"""
Resource traversal which terminates at an L{HTTPAuthSessionWrapper}
and includes correct authentication headers results in the
L{IResource} avatar (not one of its children) retrieved from the
portal being rendered.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
# Request it exactly, not any of its children.
request = self.makeRequest([])
child = self._authorizedBasicLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(request.written, [self.avatarContent])
d.addCallback(cbFinished)
request.render(child)
return d
def test_getChallengeCalledWithRequest(self):
"""
When L{HTTPAuthSessionWrapper} finds an L{ICredentialFactory} to issue
a challenge, it calls the C{getChallenge} method with the request as an
argument.
"""
@implementer(ICredentialFactory)
class DumbCredentialFactory:
scheme = b'dumb'
def __init__(self):
self.requests = []
def getChallenge(self, request):
self.requests.append(request)
return {}
factory = DumbCredentialFactory()
self.credentialFactories.append(factory)
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(factory.requests, [request])
d.addCallback(cbFinished)
request.render(child)
return d
def _logoutTest(self):
"""
Issue a request for an authentication-protected resource using valid
credentials and then return the C{DummyRequest} instance which was
used.
This is a helper for tests about the behavior of the logout
callback.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
class SlowerResource(Resource):
def render(self, request):
return NOT_DONE_YET
self.avatar.putChild(self.childName, SlowerResource())
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
request.render(child)
self.assertEqual(self.realm.loggedOut, 0)
return request
def test_logout(self):
"""
The realm's logout callback is invoked after the resource is rendered.
"""
request = self._logoutTest()
request.finish()
self.assertEqual(self.realm.loggedOut, 1)
def test_logoutOnError(self):
"""
The realm's logout callback is also invoked if there is an error
generating the response (for example, if the client disconnects
early).
"""
request = self._logoutTest()
request.processingFailed(
Failure(ConnectionDone("Simulated disconnect")))
self.assertEqual(self.realm.loggedOut, 1)
def test_decodeRaises(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has a I{Basic
Authorization} header which cannot be decoded using base64.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization',
b'Basic decode should fail')
child = getChildForRequest(self.wrapper, request)
self.assertIsInstance(child, UnauthorizedResource)
def test_selectParseResponse(self):
"""
L{HTTPAuthSessionWrapper._selectParseHeader} returns a two-tuple giving
the L{ICredentialFactory} to use to parse the header and a string
containing the portion of the header which remains to be parsed.
"""
basicAuthorization = b'Basic abcdef123456'
self.assertEqual(self.wrapper._selectParseHeader(basicAuthorization),
(None, None))
factory = BasicCredentialFactory('example.com')
self.credentialFactories.append(factory)
self.assertEqual(self.wrapper._selectParseHeader(basicAuthorization),
(factory, b'abcdef123456'))
def test_unexpectedDecodeError(self):
"""
Any unexpected exception raised by the credential factory's C{decode}
method results in a 500 response code and causes the exception to be
logged.
"""
logObserver = EventLoggingObserver.createWithCleanup(
self, globalLogPublisher)
class UnexpectedException(Exception):
pass
class BadFactory:
scheme = b'bad'
def getChallenge(self, client):
return {}
def decode(self, response, request):
raise UnexpectedException()
self.credentialFactories.append(BadFactory())
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization', b'Bad abc')
child = getChildForRequest(self.wrapper, request)
request.render(child)
self.assertEqual(request.responseCode, 500)
self.assertEquals(1, len(logObserver))
self.assertIsInstance(logObserver[0]["log_failure"].value,
UnexpectedException)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
def test_unexpectedLoginError(self):
"""
Any unexpected failure from L{Portal.login} results in a 500 response
code and causes the failure to be logged.
"""
logObserver = EventLoggingObserver.createWithCleanup(
self, globalLogPublisher)
class UnexpectedException(Exception):
pass
class BrokenChecker:
credentialInterfaces = (IUsernamePassword, )
def requestAvatarId(self, credentials):
raise UnexpectedException()
self.portal.registerChecker(BrokenChecker())
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
request.render(child)
self.assertEqual(request.responseCode, 500)
self.assertEquals(1, len(logObserver))
self.assertIsInstance(logObserver[0]["log_failure"].value,
UnexpectedException)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
def test_anonymousAccess(self):
"""
Anonymous requests are allowed if a L{Portal} has an anonymous checker
registered.
"""
unprotectedContents = b"contents of the unprotected child resource"
self.avatars[ANONYMOUS] = Resource()
self.avatars[ANONYMOUS].putChild(
self.childName, Data(unprotectedContents, 'text/plain'))
self.portal.registerChecker(AllowAnonymousAccess())
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(request.written, [unprotectedContents])
d.addCallback(cbFinished)
request.render(child)
return d
publicKeys = {
b'ssh-rsa': keys.Key.fromFile(SERVER_RSA_PUBLIC)
}
privateKeys = {
b'ssh-rsa': keys.Key.fromFile(SERVER_RSA_PRIVATE)
}
# Service handlers.
services = {
b'ssh-userauth': userauth.SSHUserAuthServer,
b'ssh-connection': connection.SSHConnection
}
def getPrimes(self):
"""
See: L{factory.SSHFactory}
"""
return PRIMES
portal = portal.Portal(ExampleRealm())
passwdDB = InMemoryUsernamePasswordDatabaseDontUse()
passwdDB.addUser(b'admin', b'123')
sshDB = SSHPublicKeyChecker(InMemorySSHKeyDB(
{b'user': [keys.Key.fromFile(CLIENT_RSA_PUBLIC)]}))
portal.registerChecker(passwdDB)
portal.registerChecker(sshDB)
ExampleFactory.portal = portal
if __name__ == '__main__':
reactor.listenTCP(5022, ExampleFactory())
reactor.run()
class HTTPAuthHeaderTests(unittest.TestCase):
"""
Tests for L{HTTPAuthSessionWrapper}.
"""
makeRequest = DummyRequest
def setUp(self):
"""
Create a realm, portal, and L{HTTPAuthSessionWrapper} to use in the tests.
"""
self.username = '******'
self.password = '******'
self.childName = "foo-child"
self.childContent = "contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Resource()
self.avatar.putChild(self.childName,
Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.credentialFactories = []
self.wrapper = HTTPAuthSessionWrapper(self.portal,
self.credentialFactories)
def _authorizedBasicLogin(self, request):
"""
Add an I{basic authorization} header to the given request and then
dispatch it, starting from C{self.wrapper} and returning the resulting
L{IResource}.
"""
authorization = b64encode(self.username + ':' + self.password)
request.headers['authorization'] = 'Basic ' + authorization
return getChildForRequest(self.wrapper, request)
def test_getChildWithDefault(self):
"""
Resource traversal which encounters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} instance when the request does
not have the required I{Authorization} headers.
"""
request = self.makeRequest([self.childName])
child = self.wrapper.getChildWithDefault(self.childName, request)
self.assertIsInstance(child, UnauthorizedResource)
def _invalidAuthorizationTest(self, response):
"""
Create a request with the given value as the value of an
I{Authorization} header and perform resource traversal with it,
starting at C{self.wrapper}. Assert that the result is a 401 response
code. Return a L{Deferred} which fires when this is all done.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
request.headers['authorization'] = response
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEqual(request.responseCode, 401)
d.addCallback(cbFinished)
render(child, request)
return d
def test_getChildWithDefaultUnauthorizedUser(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with a user which does not exist.
"""
return self._invalidAuthorizationTest('Basic ' + b64encode('foo:bar'))
def test_getChildWithDefaultUnauthorizedPassword(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with a user which exists and the wrong
password.
"""
return self._invalidAuthorizationTest('Basic ' +
b64encode(self.username +
':bar'))
def test_getChildWithDefaultUnrecognizedScheme(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with an unrecognized scheme.
"""
return self._invalidAuthorizationTest('Quux foo bar baz')
def test_getChildWithDefaultAuthorized(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{IResource} which renders the L{IResource} avatar
retrieved from the portal when the request has a valid I{Authorization}
header.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEquals(request.written, [self.childContent])
d.addCallback(cbFinished)
render(child, request)
return d
def test_getChallengeCalledWithRequest(self):
"""
When L{HTTPAuthSessionWrapper} finds an L{ICredentialFactory} to issue
a challenge, it calls the C{getChallenge} method with the request as an
argument.
"""
class DumbCredentialFactory(object):
implements(ICredentialFactory)
scheme = 'dumb'
def __init__(self):
self.requests = []
def getChallenge(self, request):
self.requests.append(request)
return {}
factory = DumbCredentialFactory()
self.credentialFactories.append(factory)
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(factory.requests, [request])
d.addCallback(cbFinished)
render(child, request)
return d
def test_logout(self):
"""
The realm's logout callback is invoked after the resource is rendered.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
class SlowerResource(Resource):
def render(self, request):
return NOT_DONE_YET
self.avatar.putChild(self.childName, SlowerResource())
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
render(child, request)
self.assertEqual(self.realm.loggedOut, 0)
request.finish()
self.assertEqual(self.realm.loggedOut, 1)
def test_decodeRaises(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has a I{Basic
Authorization} header which cannot be decoded using base64.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
request.headers['authorization'] = 'Basic decode should fail'
child = getChildForRequest(self.wrapper, request)
self.assertIsInstance(child, UnauthorizedResource)
def test_selectParseResponse(self):
"""
L{HTTPAuthSessionWrapper._selectParseHeader} returns a two-tuple giving
the L{ICredentialFactory} to use to parse the header and a string
containing the portion of the header which remains to be parsed.
"""
basicAuthorization = 'Basic abcdef123456'
self.assertEqual(self.wrapper._selectParseHeader(basicAuthorization),
(None, None))
factory = BasicCredentialFactory('example.com')
self.credentialFactories.append(factory)
self.assertEqual(self.wrapper._selectParseHeader(basicAuthorization),
(factory, 'abcdef123456'))
def test_unexpectedDecodeError(self):
"""
Any unexpected exception raised by the credential factory's C{decode}
method results in a 500 response code and causes the exception to be
logged.
"""
class UnexpectedException(Exception):
pass
class BadFactory(object):
scheme = 'bad'
def getChallenge(self, client):
return {}
def decode(self, response, request):
raise UnexpectedException()
self.credentialFactories.append(BadFactory())
request = self.makeRequest([self.childName])
request.headers['authorization'] = 'Bad abc'
child = getChildForRequest(self.wrapper, request)
render(child, request)
self.assertEqual(request.responseCode, 500)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
def test_unexpectedLoginError(self):
"""
Any unexpected failure from L{Portal.login} results in a 500 response
code and causes the failure to be logged.
"""
class UnexpectedException(Exception):
pass
class BrokenChecker(object):
credentialInterfaces = (IUsernamePassword, )
def requestAvatarId(self, credentials):
raise UnexpectedException()
self.portal.registerChecker(BrokenChecker())
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
render(child, request)
self.assertEqual(request.responseCode, 500)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
glob_rules_file = conf.get('nx_extract', 'rules_path')
except:
print "No rules path in conf file ! Using default (/etc/nginx/sec-rules/core.rules)"
try:
glob_user = conf.get('nx_extract', 'username')
except:
print 'No username for web access ! Nx_extract will exit.'
exit(-1)
try:
glob_pass = conf.get('nx_extract', 'password')
except:
print 'No password for web access ! Nx_extract will exit.'
exit(-1)
fd.close()
credshandler = InMemoryUsernamePasswordDatabaseDontUse(
) # i know there is DontUse in the name
credshandler.addUser(glob_user, glob_pass)
portal = Portal(HTTPRealm(), [credshandler])
credentialFactory = DigestCredentialFactory("md5", "Naxsi-UI")
webroot = HTTPAuthSessionWrapper(portal, [credentialFactory])
factory = Site(webroot)
reactor.listenTCP(port, factory)
# daemonize(stdout = '/tmp/nx_extract_output', stderr = '/tmp/nx_extract_error')
reactor.run()
class CredReceiverTests(TestCase):
"""
Tests for L{CredReceiver}, an L{IBoxReceiver} which integrates with
L{twisted.cred} to provide authentication and authorization of AMP
connections.
"""
def setUp(self):
"""
Create a L{CredReceiver} hooked up to a fake L{IBoxSender} which
records boxes sent through it.
"""
self.username = '******'
self.password = '******'
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = StubAvatar()
self.realm = StubRealm(self.avatar)
self.portal = Portal(self.realm, [self.checker])
self.server = CredReceiver()
self.server.portal = self.portal
self.client = AMP()
self.finished = loopbackAsync(self.server, self.client)
def test_otpLogin(self):
"""
L{CredReceiver.otpLogin} returns without error if the pad is valid.
"""
PAD = 'test_otpLogin'
self.portal.registerChecker(OneTimePadChecker({PAD: 'user'}))
d = self.server.otpLogin(PAD)
def cbLoggedIn(result):
self.assertEqual(result, {})
d.addCallback(cbLoggedIn)
return d
def test_otpLoginUnauthorized(self):
"""
L{CredReceiver.otpLogin} should fail with L{UnauthorizedLogin} if an
invalid pad is received.
"""
self.portal.registerChecker(OneTimePadChecker({}))
return self.assertFailure(
self.server.otpLogin('test_otpLoginUnauthorized'),
UnauthorizedLogin)
def test_otpLoginNotImplemented(self):
"""
L{CredReceiver.otpLogin} should fail with L{NotImplementedError} if
the realm raises L{NotImplementedError} when asked for the avatar.
"""
def noAvatar(avatarId, mind, *interfaces):
raise NotImplementedError()
self.realm.requestAvatar = noAvatar
PAD = 'test_otpLoginNotImplemented'
self.portal.registerChecker(OneTimePadChecker({PAD: 'user'}))
return self.assertFailure(self.server.otpLogin(PAD),
NotImplementedError)
def test_otpLoginResponder(self):
"""
L{CredReceiver} responds to the L{OTPLogin} command.
"""
PAD = 'test_otpLoginResponder'
self.portal.registerChecker(OneTimePadChecker({PAD: 'user'}))
d = self.client.callRemote(OTPLogin, pad=PAD)
def cbLoggedIn(result):
self.assertEqual(result, {})
d.addCallback(cbLoggedIn)
return d
def test_passwordLoginDifferentChallenges(self):
"""
L{CredReceiver.passwordLogin} returns a new challenge each time it is
called.
"""
first = self.server.passwordLogin(self.username)
second = self.server.passwordLogin(self.username)
self.assertNotEqual(first['challenge'], second['challenge'])
def test_passwordLoginResponder(self):
"""
L{CredReceiver} responds to the L{PasswordLogin} L{Command} with a
challenge.
"""
d = self.client.callRemote(PasswordLogin, username=self.username)
def cbLogin(result):
self.assertIn('challenge', result)
d.addCallback(cbLogin)
return d
def test_determineFromDifferentNonces(self):
"""
Each time L{PasswordChallengeResponse.determineFrom} is used, it
generates a different C{cnonce} value.
"""
first = PasswordChallengeResponse.determineFrom('a', 'b')
second = PasswordChallengeResponse.determineFrom('a', 'b')
self.assertNotEqual(first['cnonce'], second['cnonce'])
def test_passwordChallengeResponse(self):
"""
L{CredReceiver.passwordChallengeResponse} returns without error if the
response is valid.
"""
challenge = self.server.passwordLogin(self.username)['challenge']
cnonce = '123abc'
cleartext = '%s %s %s' % (challenge, cnonce, self.password)
response = sha1(cleartext).digest()
d = self.server.passwordChallengeResponse(cnonce, response)
def cbLoggedIn(result):
self.assertEqual(result, {})
d.addCallback(cbLoggedIn)
return d
def test_passwordChallengeResponseResponder(self):
"""
L{CredReceiver} responds to the L{PasswordChallengeResponse} L{Command}
with an empty box if the response supplied is valid.
"""
challenge = self.server.passwordLogin(self.username)['challenge']
d = self.client.callRemote(
PasswordChallengeResponse,
**PasswordChallengeResponse.determineFrom(challenge,
self.password))
def cbResponded(result):
self.assertEqual(result, {})
d.addCallback(cbResponded)
return d
def test_response(self):
"""
L{PasswordChallengeResponse.determineFrom} generates the correct
response to a challenge issued by L{CredReceiver.passwordLogin}.
"""
challenge = self.server.passwordLogin(self.username)['challenge']
result = PasswordChallengeResponse.determineFrom(
challenge, self.password)
d = self.server.passwordChallengeResponse(**result)
def cbLoggedIn(ignored):
[(avatarId, mind, interfaces)] = self.realm.requests
self.assertEqual(avatarId, self.username)
self.assertEqual(interfaces, (IBoxReceiver, ))
# The avatar is now the protocol's box receiver.
self.assertIdentical(self.server.boxReceiver, self.avatar)
# And the avatar has been started up with the protocol's
# IBoxSender.
self.assertIdentical(self.avatar.boxSender, self.server.boxSender)
# After the connection is lost, the logout function should be
# called.
self.assertEqual(self.realm.loggedOut, 0)
self.server.connectionLost(
Failure(ConnectionDone("test connection lost")))
self.assertEqual(self.realm.loggedOut, 1)
d.addCallback(cbLoggedIn)
return d
def test_invalidResponse(self):
"""
L{CredReceiver.passwordChallengeResponse} returns a L{Deferred} which
fails with L{UnauthorizedLogin} if it is passed a response which is not
valid.
"""
challenge = self.server.passwordLogin(self.username)['challenge']
return self.assertFailure(
self.server.passwordChallengeResponse(cnonce='bar',
response='baz'),
UnauthorizedLogin)
def test_connectionLostWithoutAvatar(self):
"""
L{CredReceiver.connectionLost} does not raise an exception if no login
has occurred when it is called.
"""
self.server.connectionLost(
Failure(ConnectionDone("test connection lost")))
def test_unrecognizedCredentialsLogin(self):
"""
L{login} raises L{UnhandledCredentials} if passed a credentials object
which provides no interface explicitly supported by that function,
currently L{IUsernamePassword}.
"""
self.assertRaises(UnhandledCredentials, login, None, None)
def test_passwordChallengeLogin(self):
"""
L{login} issues the commands necessary to authenticate against
L{CredReceiver} when given an L{IUsernamePassword} provider with its
C{username} and C{password} attributes set to valid credentials.
"""
loginDeferred = login(self.client,
UsernamePassword(self.username, self.password))
def cbLoggedIn(clientAgain):
self.assertIdentical(self.client, clientAgain)
self.assertIdentical(self.server.boxReceiver, self.avatar)
loginDeferred.addCallback(cbLoggedIn)
return loginDeferred
def test_passwordChallengeInvalid(self):
"""
L{login} returns a L{Deferred} which fires with L{UnauthorizedLogin} if
the L{UsernamePassword} credentials object given does not contain valid
authentication information.
"""
boxReceiver = self.server.boxReceiver
loginDeferred = login(
self.client, UsernamePassword(self.username + 'x', self.password))
self.assertFailure(loginDeferred, UnauthorizedLogin)
def cbFailed(ignored):
self.assertIdentical(self.server.boxReceiver, boxReceiver)
loginDeferred.addCallback(cbFailed)
return loginDeferred
def test_noAvatar(self):
"""
L{login} returns a L{Deferred} which fires with L{NotImplementedError}
if the realm raises L{NotImplementedError} when asked for the avatar.
"""
def noAvatar(avatarId, mind, *interfaces):
raise NotImplementedError()
self.realm.requestAvatar = noAvatar
loginDeferred = login(self.client,
UsernamePassword(self.username, self.password))
return self.assertFailure(loginDeferred, NotImplementedError)
services = {
b'ssh-userauth': userauth.SSHUserAuthServer,
#b'ssh-userauth': authserver.SSHUserAuthServer,
b'ssh-connection': connection.SSHConnection
}
def getPrimes(self):
"""
See: L{factory.SSHFactory}
"""
return PRIMES
portal = portal.Portal(ExampleRealm())
passwdDB = InMemoryUsernamePasswordDatabaseDontUse()
passwdDB.addUser(b'user', b'password')
#sshDB = SSHPublicKeyChecker(InMemorySSHKeyDB(
# {b'user': [keys.Key.fromFile(CLIENT_RSA_PUBLIC)]}))
portal.registerChecker(passwdDB)
#portal.registerChecker(sshDB)
ExampleFactory.portal = portal
class Counter(resource.Resource):
isLeaf = True
numberRequests = 0
def render_GET(self, request):
self.numberRequests += 1
request.setHeader(b"content-type", b"text/plain")
content = u"I am request #{}\n".format(self.numberRequests)
class SSHCommandClientEndpointTestsMixin(object):
"""
Tests for L{SSHCommandClientEndpoint}, an L{IStreamClientEndpoint}
implementations which connects a protocol with the stdin and stdout of a
command running in an SSH session.
These tests apply to L{SSHCommandClientEndpoint} whether it is constructed
using L{SSHCommandClientEndpoint.existingConnection} or
L{SSHCommandClientEndpoint.newConnection}.
Subclasses must override L{create}, L{assertClientTransportState}, and
L{finishConnection}.
"""
def setUp(self):
self.hostname = b"ssh.example.com"
self.port = 42022
self.user = b"user"
self.password = b"password"
self.reactor = MemoryReactorClock()
self.realm = TrivialRealm()
self.portal = Portal(self.realm)
self.passwdDB = InMemoryUsernamePasswordDatabaseDontUse()
self.passwdDB.addUser(self.user, self.password)
self.portal.registerChecker(self.passwdDB)
self.factory = CommandFactory()
self.factory.reactor = self.reactor
self.factory.portal = self.portal
self.factory.doStart()
self.addCleanup(self.factory.doStop)
self.clientAddress = IPv4Address("TCP", "10.0.0.1", 12345)
self.serverAddress = IPv4Address("TCP", "192.168.100.200", 54321)
def create(self):
"""
Create and return a new L{SSHCommandClientEndpoint} to be tested.
Override this to implement creation in an interesting way the endpoint.
"""
raise NotImplementedError("%r did not implement create" %
(self.__class__.__name__, ))
def assertClientTransportState(self, client, immediateClose):
"""
Make an assertion about the connectedness of the given protocol's
transport. Override this to implement either a check for the
connection still being open or having been closed as appropriate.
@param client: The client whose state is being checked.
@param immediateClose: Boolean indicating whether the connection was
closed immediately or not.
"""
raise NotImplementedError(
"%r did not implement assertClientTransportState" %
(self.__class__.__name__, ))
def finishConnection(self):
"""
Do any remaining work necessary to complete an in-memory connection
attempted initiated using C{self.reactor}.
"""
raise NotImplementedError("%r did not implement finishConnection" %
(self.__class__.__name__, ))
def connectedServerAndClient(self, serverFactory, clientFactory):
"""
Set up an in-memory connection between protocols created by
C{serverFactory} and C{clientFactory}.
@return: A three-tuple. The first element is the protocol created by
C{serverFactory}. The second element is the protocol created by
C{clientFactory}. The third element is the L{IOPump} connecting
them.
"""
clientProtocol = clientFactory.buildProtocol(None)
serverProtocol = serverFactory.buildProtocol(None)
clientTransport = AbortableFakeTransport(
clientProtocol,
isServer=False,
hostAddress=self.clientAddress,
peerAddress=self.serverAddress)
serverTransport = AbortableFakeTransport(
serverProtocol,
isServer=True,
hostAddress=self.serverAddress,
peerAddress=self.clientAddress)
pump = connect(serverProtocol, serverTransport, clientProtocol,
clientTransport)
return serverProtocol, clientProtocol, pump
def test_interface(self):
"""
L{SSHCommandClientEndpoint} instances provide L{IStreamClientEndpoint}.
"""
endpoint = SSHCommandClientEndpoint.newConnection(
self.reactor, b"dummy command", b"dummy user", self.hostname,
self.port)
self.assertTrue(verifyObject(IStreamClientEndpoint, endpoint))
def test_channelOpenFailure(self):
"""
If a channel cannot be opened on the authenticated SSH connection, the
L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with
a L{Failure} wrapping the reason given by the server.
"""
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
# The server logs the channel open failure - this is expected.
errors = self.flushLoggedErrors(ConchError)
self.assertIn('unknown channel',
(errors[0].value.data, errors[0].value.value))
self.assertEqual(1, len(errors))
# Now deal with the results on the endpoint side.
f = self.failureResultOf(connected)
f.trap(ConchError)
self.assertEqual('unknown channel', f.value.value)
self.assertClientTransportState(client, False)
def test_execFailure(self):
"""
If execution of the command fails, the L{Deferred} returned by
L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping
the reason given by the server.
"""
self.realm.channelLookup[b'session'] = BrokenExecSession
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
f = self.failureResultOf(connected)
f.trap(ConchError)
self.assertEqual('channel request failed', f.value.value)
self.assertClientTransportState(client, False)
def test_execCancelled(self):
"""
If execution of the command is cancelled via the L{Deferred} returned
by L{SSHCommandClientEndpoint.connect}, the connection is closed
immediately.
"""
self.realm.channelLookup[b'session'] = UnsatisfiedExecSession
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
connected.cancel()
f = self.failureResultOf(connected)
f.trap(CancelledError)
self.assertClientTransportState(client, True)
def test_buildProtocol(self):
"""
Once the necessary SSH actions have completed successfully,
L{SSHCommandClientEndpoint.connect} uses the factory passed to it to
construct a protocol instance by calling its C{buildProtocol} method
with an address object representing the SSH connection and command
executed.
"""
self.realm.channelLookup[b'session'] = WorkingExecSession
endpoint = self.create()
factory = AddressSpyFactory()
factory.protocol = Protocol
endpoint.connect(factory)
server, client, pump = self.finishConnection()
self.assertIsInstance(factory.address, SSHCommandAddress)
self.assertEqual(server.transport.getHost(), factory.address.server)
self.assertEqual(self.user, factory.address.username)
self.assertEqual(b"/bin/ls -l", factory.address.command)
def test_makeConnection(self):
"""
L{SSHCommandClientEndpoint} establishes an SSH connection, creates a
channel in it, runs a command in that channel, and uses the protocol's
C{makeConnection} to associate it with a protocol representing that
command's stdin and stdout.
"""
self.realm.channelLookup[b'session'] = WorkingExecSession
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
protocol = self.successResultOf(connected)
self.assertNotIdentical(None, protocol.transport)
def test_dataReceived(self):
"""
After establishing the connection, when the command on the SSH server
produces output, it is delivered to the protocol's C{dataReceived}
method.
"""
self.realm.channelLookup[b'session'] = WorkingExecSession
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
protocol = self.successResultOf(connected)
dataReceived = []
protocol.dataReceived = dataReceived.append
# Figure out which channel on the connection this protocol is
# associated with so the test can do a write on it.
channelId = protocol.transport.id
server.service.channels[channelId].write(b"hello, world")
pump.pump()
self.assertEqual(b"hello, world", b"".join(dataReceived))
def test_connectionLost(self):
"""
When the command closes the channel, the protocol's C{connectionLost}
method is called.
"""
self.realm.channelLookup[b'session'] = WorkingExecSession
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
protocol = self.successResultOf(connected)
connectionLost = []
protocol.connectionLost = connectionLost.append
# Figure out which channel on the connection this protocol is associated
# with so the test can do a write on it.
channelId = protocol.transport.id
server.service.channels[channelId].loseConnection()
pump.pump()
connectionLost[0].trap(ConnectionDone)
self.assertClientTransportState(client, False)
def _exitStatusTest(self, request, requestArg):
"""
Test handling of non-zero exit statuses or exit signals.
"""
self.realm.channelLookup[b'session'] = WorkingExecSession
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
protocol = self.successResultOf(connected)
connectionLost = []
protocol.connectionLost = connectionLost.append
# Figure out which channel on the connection this protocol is associated
# with so the test can simulate command exit and channel close.
channelId = protocol.transport.id
channel = server.service.channels[channelId]
server.service.sendRequest(channel, request, requestArg)
channel.loseConnection()
pump.pump()
self.assertClientTransportState(client, False)
return connectionLost[0]
def test_zeroExitCode(self):
"""
When the command exits with a non-zero status, the protocol's
C{connectionLost} method is called with a L{Failure} wrapping an
exception which encapsulates that status.
"""
exitCode = 0
exc = self._exitStatusTest('exit-status', pack('>L', exitCode))
exc.trap(ConnectionDone)
def test_nonZeroExitStatus(self):
"""
When the command exits with a non-zero status, the protocol's
C{connectionLost} method is called with a L{Failure} wrapping an
exception which encapsulates that status.
"""
exitCode = 123
signal = None
exc = self._exitStatusTest('exit-status', pack('>L', exitCode))
exc.trap(ProcessTerminated)
self.assertEqual(exitCode, exc.value.exitCode)
self.assertEqual(signal, exc.value.signal)
def test_nonZeroExitSignal(self):
"""
When the command exits with a non-zero signal, the protocol's
C{connectionLost} method is called with a L{Failure} wrapping an
exception which encapsulates that status.
"""
exitCode = None
signal = 123
exc = self._exitStatusTest('exit-signal', pack('>L', signal))
exc.trap(ProcessTerminated)
self.assertEqual(exitCode, exc.value.exitCode)
self.assertEqual(signal, exc.value.signal)
def record(self, server, protocol, event, noArgs=False):
"""
Hook into and record events which happen to C{protocol}.
@param server: The SSH server protocol over which C{protocol} is
running.
@type server: L{IProtocol} provider
@param protocol:
@param event:
@param noArgs:
"""
# Figure out which channel the test is going to send data over so we can
# look for it to arrive at the right place on the server.
channelId = protocol.transport.id
recorder = []
if noArgs:
f = lambda: recorder.append(None)
else:
f = recorder.append
setattr(server.service.channels[channelId], event, f)
return recorder
def test_write(self):
"""
The transport connected to the protocol has a C{write} method which
sends bytes to the input of the command executing on the SSH server.
"""
self.realm.channelLookup[b'session'] = WorkingExecSession
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
protocol = self.successResultOf(connected)
dataReceived = self.record(server, protocol, 'dataReceived')
protocol.transport.write(b"hello, world")
pump.pump()
self.assertEqual(b"hello, world", b"".join(dataReceived))
def test_writeSequence(self):
"""
The transport connected to the protocol has a C{writeSequence} method which
sends bytes to the input of the command executing on the SSH server.
"""
self.realm.channelLookup[b'session'] = WorkingExecSession
endpoint = self.create()
factory = Factory()
factory.protocol = Protocol
connected = endpoint.connect(factory)
server, client, pump = self.finishConnection()
protocol = self.successResultOf(connected)
dataReceived = self.record(server, protocol, 'dataReceived')
protocol.transport.writeSequence(list(b"hello, world"))
pump.pump()
self.assertEqual(b"hello, world", b"".join(dataReceived))
# Server's host keys.
# To simplify the example this server is defined only with a host key of
# type RSA.
publicKeys = {'ssh-rsa': keys.Key.fromFile(SERVER_RSA_PUBLIC)}
privateKeys = {'ssh-rsa': keys.Key.fromFile(SERVER_RSA_PRIVATE)}
# Service handlers.
services = {
'ssh-userauth': userauth.SSHUserAuthServer,
'ssh-connection': connection.SSHConnection
}
def getPrimes(self):
"""
See: L{factory.SSHFactory}
"""
return PRIMES
portal = portal.Portal(ExampleRealm())
passwdDB = InMemoryUsernamePasswordDatabaseDontUse()
passwdDB.addUser('user', 'password')
sshDB = SSHPublicKeyChecker(
InMemorySSHKeyDB({'user': [keys.Key.fromFile(CLIENT_RSA_PUBLIC)]}))
portal.registerChecker(passwdDB)
portal.registerChecker(sshDB)
ExampleFactory.portal = portal
if __name__ == '__main__':
reactor.listenTCP(5022, ExampleFactory())
reactor.run()
def display_message(self, event):
if len(self.mailbox.messages) == 0:
return
message_num = self.message_list.list.nearest(event.y)
self.messagecontent.text.delete('0.0', T.END)
self.messagecontent.text.insert(
'0.0', self.mailbox.messages[message_num].content())
if __name__ == '__main__':
service = Service()
mailbox = Mailbox()
portal = Portal(SimpleRealm(mailbox))
auth = InMemoryUsernamePasswordDatabaseDontUse()
auth.addUser(service.username, service.password)
portal.registerChecker(auth)
f = ServerFactory()
f.protocol = POP3Server
f.protocol.portal = portal
print "Starting to listen on {}:{}...".format(service.interface,
service.port)
service.listeningPort = reactor.listenTCP(port=service.port,
factory=f,
interface=service.interface)
#root.addCleanup(service.listeningPort.stopListening)
root = T.Tk()
tksupport.install(root)
