예제 #1
0
 def test_failOnKeyError(self):
     """
     If the getpwnam function raises a KeyError, the login fails with an
     L{UnauthorizedLogin} exception.
     """
     def getpwnam(username):
         raise KeyError(username)
     checker = checkers.UNIXPasswordDatabase([getpwnam])
     credential = UsernamePassword(b'username', b'username')
     self.assertUnauthorizedLogin(checker.requestAvatarId(credential))
예제 #2
0
    def __init__(self, *a, **kw):
        usage.Options.__init__(self, *a, **kw)

        # Call the default addCheckers (for backwards compatibility) that will
        # be used if no --auth option is provided - note that conch's
        # UNIXPasswordDatabase is used, instead of twisted.plugins.cred_unix's
        # checker
        super(Options, self).addChecker(conch_checkers.UNIXPasswordDatabase())
        super(Options, self).addChecker(conch_checkers.SSHPublicKeyChecker(
            conch_checkers.UNIXAuthorizedKeysFiles()))
        self._usingDefaultAuth = True
예제 #3
0
 def test_passInCheckers(self):
     """
     L{UNIXPasswordDatabase} takes a list of functions to check for UNIX
     user information.
     """
     password = crypt.crypt('secret', 'secret')
     userdb = UserDatabase()
     userdb.addUser('anybody', password, 1, 2, 'foo', '/bar', '/bin/sh')
     checker = checkers.UNIXPasswordDatabase([userdb.getpwnam])
     self.assertLoggedIn(
         checker.requestAvatarId(UsernamePassword('anybody', 'secret')),
         'anybody')
예제 #4
0
 def test_passInCheckers(self):
     """
     L{UNIXPasswordDatabase} takes a list of functions to check for UNIX
     user information.
     """
     password = crypt.crypt("secret", "secret")
     userdb = UserDatabase()
     userdb.addUser("anybody", password, 1, 2, "foo", "/bar", "/bin/sh")
     checker = checkers.UNIXPasswordDatabase([userdb.getpwnam])
     self.assertLoggedIn(
         checker.requestAvatarId(UsernamePassword(b"anybody", b"secret")),
         b"anybody")
예제 #5
0
    def __init__(self, *a, **kw):
        usage.Options.__init__(self, *a, **kw)

        # call the default addCheckers (for backwards compatibility) that will
        # be used if no --auth option is provided - note that conch's
        # UNIXPasswordDatabase is used, instead of twisted.plugins.cred_unix's
        # checker
        super(Options, self).addChecker(conch_checkers.UNIXPasswordDatabase())
        super(Options, self).addChecker(conch_checkers.SSHPublicKeyDatabase())
        if pamauth is not None:
            super(Options, self).addChecker(
                checkers.PluggableAuthenticationModulesChecker())
예제 #6
0
 def test_failOnBadPassword(self):
     """
     If the verifyCryptedPassword function doesn't verify the password, the
     login fails with an L{UnauthorizedLogin} exception.
     """
     def verifyCryptedPassword(crypted, pw):
         return False
     def getpwnam(username):
         return [username, username]
     self.patch(checkers, 'verifyCryptedPassword', verifyCryptedPassword)
     checker = checkers.UNIXPasswordDatabase([getpwnam])
     credential = UsernamePassword(b'username', b'username')
     self.assertUnauthorizedLogin(checker.requestAvatarId(credential))
예제 #7
0
 def test_verifyPassword(self):
     """
     If the encrypted password provided by the getpwnam function is valid
     (verified by the L{verifyCryptedPassword} function), we callback the
     C{requestAvatarId} L{Deferred} with the username.
     """
     def verifyCryptedPassword(crypted, pw):
         return crypted == pw
     def getpwnam(username):
         return [username, username]
     self.patch(checkers, 'verifyCryptedPassword', verifyCryptedPassword)
     checker = checkers.UNIXPasswordDatabase([getpwnam])
     credential = UsernamePassword(b'username', b'username')
     self.assertLoggedIn(checker.requestAvatarId(credential), b'username')
예제 #8
0
def makeService(config):
    t = factory.OpenSSHFactory()
    t.portal = portal.Portal(unix.UnixSSHRealm())
    t.portal.registerChecker(checkers.UNIXPasswordDatabase())
    t.portal.registerChecker(checkers.SSHPublicKeyDatabase())
    if pamauth is not None:
        from twisted.cred.checkers import PluggableAuthenticationModulesChecker
        t.portal.registerChecker(PluggableAuthenticationModulesChecker())
    t.dataRoot = config['data']
    t.moduliRoot = config['moduli'] or config['data']
    port = config['port']
    if config['interface']:
        # Add warning here
        port += ':interface=' + config['interface']
    return strports.service(port, t)
예제 #9
0
 def test_loopThroughFunctions(self):
     """
     UNIXPasswordDatabase.requestAvatarId loops through each getpwnam
     function associated with it and returns a L{Deferred} which fires with
     the result of the first one which returns a value other than None.
     ones do not verify the password.
     """
     def verifyCryptedPassword(crypted, pw):
         return crypted == pw
     def getpwnam1(username):
         return [username, 'not the password']
     def getpwnam2(username):
         return [username, username]
     self.patch(checkers, 'verifyCryptedPassword', verifyCryptedPassword)
     checker = checkers.UNIXPasswordDatabase([getpwnam1, getpwnam2])
     credential = UsernamePassword(b'username', b'username')
     self.assertLoggedIn(checker.requestAvatarId(credential), b'username')
예제 #10
0
    def __init__(self):
        TCPApplication.__init__(self)
        _ConsumerMixin.__init__(self)

        #t = factory.OpenSSHFactory()
        t = MyFactory()  #Use my factory instead of the original one
        t.portal = portal.Portal(unix.UnixSSHRealm(
        ))  #Instanciate all the needed stuff to create to protocol
        t.portal.registerChecker(checkers.UNIXPasswordDatabase())
        t.portal.registerChecker(checkers.SSHPublicKeyDatabase())
        if checkers.pamauth:
            t.portal.registerChecker(
                chk.PluggableAuthenticationModulesChecker())
        t.dataRoot = '/etc/ssh'
        t.moduliRoot = '/etc/ssh'

        t.startFactory()
        self.app = t.buildProtocol("lala")
        self.app.transport = self
예제 #11
0
    def test_failOnSpecial(self):
        """
        If the password returned by any function is C{""}, C{"x"}, or C{"*"} it
        is not compared against the supplied password.  Instead it is skipped.
        """
        pwd = UserDatabase()
        pwd.addUser('alice', '', 1, 2, '', 'foo', 'bar')
        pwd.addUser('bob', 'x', 1, 2, '', 'foo', 'bar')
        pwd.addUser('carol', '*', 1, 2, '', 'foo', 'bar')
        self.patch(checkers, 'pwd', pwd)

        checker = checkers.UNIXPasswordDatabase([checkers._pwdGetByName])
        cred = UsernamePassword('alice', '')
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))

        cred = UsernamePassword('bob', 'x')
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))

        cred = UsernamePassword('carol', '*')
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))
예제 #12
0
    def test_failOnSpecial(self):
        """
        If the password returned by any function is C{""}, C{"x"}, or C{"*"} it
        is not compared against the supplied password.  Instead it is skipped.
        """
        pwd = UserDatabase()
        pwd.addUser("alice", "", 1, 2, "", "foo", "bar")
        pwd.addUser("bob", "x", 1, 2, "", "foo", "bar")
        pwd.addUser("carol", "*", 1, 2, "", "foo", "bar")
        self.patch(checkers, "pwd", pwd)

        checker = checkers.UNIXPasswordDatabase([checkers._pwdGetByName])
        cred = UsernamePassword(b"alice", b"")
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))

        cred = UsernamePassword(b"bob", b"x")
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))

        cred = UsernamePassword(b"carol", b"*")
        self.assertUnauthorizedLogin(checker.requestAvatarId(cred))
예제 #13
0
    def test_defaultCheckers(self):
        """
        L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
        and then the C{spwd} database.
        """
        checker = checkers.UNIXPasswordDatabase()

        def crypted(username, password):
            salt = crypt.crypt(password, username)
            crypted = crypt.crypt(password, '$1$' + salt)
            return crypted

        pwd = UserDatabase()
        pwd.addUser('alice', crypted('alice', 'password'), 1, 2, 'foo', '/foo',
                    '/bin/sh')
        # x and * are convention for "look elsewhere for the password"
        pwd.addUser('bob', 'x', 1, 2, 'bar', '/bar', '/bin/sh')
        spwd = ShadowDatabase()
        spwd.addUser('alice', 'wrong', 1, 2, 3, 4, 5, 6, 7)
        spwd.addUser('bob', crypted('bob', 'password'), 8, 9, 10, 11, 12, 13,
                     14)

        self.patch(checkers, 'pwd', pwd)
        self.patch(checkers, 'spwd', spwd)

        mockos = MockOS()
        self.patch(checkers, 'os', mockos)
        self.patch(util, 'os', mockos)

        mockos.euid = 2345
        mockos.egid = 1234

        cred = UsernamePassword("alice", "password")
        self.assertLoggedIn(checker.requestAvatarId(cred), 'alice')
        self.assertEquals(mockos.seteuidCalls, [])
        self.assertEquals(mockos.setegidCalls, [])
        cred.username = "******"
        self.assertLoggedIn(checker.requestAvatarId(cred), 'bob')
        self.assertEquals(mockos.seteuidCalls, [0, 2345])
        self.assertEquals(mockos.setegidCalls, [0, 1234])
예제 #14
0
    def test_defaultCheckers(self):
        """
        L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
        and then the C{spwd} database.
        """
        checker = checkers.UNIXPasswordDatabase()

        def crypted(username, password):
            salt = crypt.crypt(password, username)
            crypted = crypt.crypt(password, "$1$" + salt)
            return crypted

        pwd = UserDatabase()
        pwd.addUser("alice", crypted("alice", "password"), 1, 2, "foo", "/foo",
                    "/bin/sh")
        # x and * are convention for "look elsewhere for the password"
        pwd.addUser("bob", "x", 1, 2, "bar", "/bar", "/bin/sh")
        spwd = ShadowDatabase()
        spwd.addUser("alice", "wrong", 1, 2, 3, 4, 5, 6, 7)
        spwd.addUser("bob", crypted("bob", "password"), 8, 9, 10, 11, 12, 13,
                     14)

        self.patch(checkers, "pwd", pwd)
        self.patch(checkers, "spwd", spwd)

        mockos = MockOS()
        self.patch(util, "os", mockos)

        mockos.euid = 2345
        mockos.egid = 1234

        cred = UsernamePassword(b"alice", b"password")
        self.assertLoggedIn(checker.requestAvatarId(cred), b"alice")
        self.assertEqual(mockos.seteuidCalls, [])
        self.assertEqual(mockos.setegidCalls, [])
        cred.username = b"bob"
        self.assertLoggedIn(checker.requestAvatarId(cred), b"bob")
        self.assertEqual(mockos.seteuidCalls, [0, 2345])
        self.assertEqual(mockos.setegidCalls, [0, 1234])
예제 #15
0
파일: tcp.py 프로젝트: thurday/muXTCP 
    def sshServer(self):

        from twisted.conch import checkers, unix
        from twisted.conch.openssh_compat import factory
        from twisted.cred import portal
        from twisted.python import usage
        from twisted.application import strports

        t = factory.OpenSSHFactory()
        t.portal = portal.Portal(unix.UnixSSHRealm())
        t.portal.registerChecker(checkers.UNIXPasswordDatabase())
        t.portal.registerChecker(checkers.SSHPublicKeyDatabase())
        if checkers.pamauth:
            t.portal.registerChecker(
                checkers.PluggableAuthenticationModulesChecker())
        t.dataRoot = '/etc/ssh'
        t.moduliRoot = '/etc/ssh'

        t.startFactory()
        self.app = t.buildProtocol("lala")
        self.app.transport = self

        self.app.connectionMade()