def test_multiple_authorizedkeys_file_multiuser(self, m_getpwnam):
fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
m_getpwnam.return_value = fpw
user_ssh_folder = "%s/.ssh" % fpw.pw_dir
# /tmp/home2/bobby/.ssh/authorized_keys2 = rsa
authorized_keys = self.tmp_path('authorized_keys2',
dir=user_ssh_folder)
util.write_file(authorized_keys, VALID_CONTENT['rsa'])
# /tmp/home2/bobby/.ssh/user_keys3 = dsa
user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder)
util.write_file(user_keys, VALID_CONTENT['dsa'])
fpw2 = FakePwEnt(pw_name='suzie', pw_dir='/tmp/home/suzie')
user_ssh_folder = "%s/.ssh" % fpw2.pw_dir
# /tmp/home/suzie/.ssh/authorized_keys2 = [email protected]
authorized_keys2 = self.tmp_path('authorized_keys2',
dir=user_ssh_folder)
util.write_file(authorized_keys2,
VALID_CONTENT['*****@*****.**'])
# /tmp/etc/ssh/authorized_keys = ecdsa
authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys2',
dir="/tmp")
util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa'])
# /tmp/sshd_config
sshd_config = self.tmp_path('sshd_config', dir="/tmp")
util.write_file(
sshd_config, "AuthorizedKeysFile %s %%h/.ssh/authorized_keys2 %s" %
(authorized_keys_global, user_keys))
# process first user
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
fpw.pw_name, sshd_config)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
self.assertEqual(user_keys, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
self.assertTrue(VALID_CONTENT['ecdsa'] in content)
self.assertTrue(VALID_CONTENT['dsa'] in content)
self.assertFalse(VALID_CONTENT['*****@*****.**'] in content)
m_getpwnam.return_value = fpw2
# process second user
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
fpw2.pw_name, sshd_config)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
self.assertEqual(authorized_keys2, auth_key_fn)
self.assertTrue(VALID_CONTENT['*****@*****.**'] in content)
self.assertTrue(VALID_CONTENT['ecdsa'] in content)
self.assertTrue(VALID_CONTENT['dsa'] in content)
self.assertFalse(VALID_CONTENT['rsa'] in content)
def test_multiple_authorizedkeys_file_local_global2(self, m_getpwnam):
fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
m_getpwnam.return_value = fpw
user_ssh_folder = "%s/.ssh" % fpw.pw_dir
# /tmp/home2/bobby/.ssh/authorized_keys2 = rsa
authorized_keys = self.tmp_path('authorized_keys2',
dir=user_ssh_folder)
util.write_file(authorized_keys, VALID_CONTENT['rsa'])
# /tmp/home2/bobby/.ssh/user_keys3 = dsa
user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder)
util.write_file(user_keys, VALID_CONTENT['dsa'])
# /tmp/etc/ssh/authorized_keys = ecdsa
authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys',
dir="/tmp")
util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa'])
# /tmp/sshd_config
sshd_config = self.tmp_path('sshd_config', dir="/tmp")
util.write_file(
sshd_config, "AuthorizedKeysFile %s %s %s" %
(authorized_keys_global, authorized_keys, user_keys))
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
fpw.pw_name, sshd_config)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
self.assertEqual(user_keys, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
self.assertTrue(VALID_CONTENT['ecdsa'] in content)
self.assertTrue(VALID_CONTENT['dsa'] in content)
def execute_and_check(
self, user, sshd_config, solution, keys, delete_keys=True
):
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
user, sshd_config
)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
self.assertFalse(VALID_CONTENT['dsa'] in content)
def test_new_keys_replace(self):
"""new entries with the same base64 should replace old."""
orig_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
new_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ]
expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries])
self.assertEqual(expected, found)
def test_new_keys_replace(self):
"""new entries with the same base64 should replace old."""
orig_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
new_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ]
expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries])
self.assertEqual(expected, found)
def test_new_invalid_keys_are_ignored(self):
"""new entries that are invalid should be skipped."""
orig_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), ' '.join(
('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))
]
new_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')),
'xxx-invalid-thing1', 'xxx-invalid-blob2'
]
expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries])
self.assertEqual(expected, found)
def test_new_invalid_keys_are_ignored(self):
"""new entries that are invalid should be skipped."""
orig_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
new_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')),
'xxx-invalid-thing1',
'xxx-invalid-blob2'
]
expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries])
self.assertEqual(expected, found)
def test_multiple_authorizedkeys_file_global(self, m_getpwnam):
fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
m_getpwnam.return_value = fpw
# /tmp/etc/ssh/authorized_keys = rsa
authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys',
dir="/tmp")
util.write_file(authorized_keys_global, VALID_CONTENT['rsa'])
# /tmp/sshd_config
sshd_config = self.tmp_path('sshd_config')
util.write_file(sshd_config,
"AuthorizedKeysFile %s" % (authorized_keys_global))
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
fpw.pw_name, sshd_config)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
def test_new_keys_replace(self):
"""new entries with the same base64 should replace old."""
orig_entries = [
" ".join(("rsa", VALID_CONTENT["rsa"], "orig_comment1")),
" ".join(("dsa", VALID_CONTENT["dsa"], "orig_comment2")),
]
new_entries = [
" ".join(("rsa", VALID_CONTENT["rsa"], "new_comment1")),
]
expected = "\n".join([new_entries[0], orig_entries[1]]) + "\n"
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries],
)
self.assertEqual(expected, found)
def test_multiple_authorizedkeys_file_order2(self, m_getpwnam):
fpw = FakePwEnt(pw_name='suzie', pw_dir='/home/suzie')
m_getpwnam.return_value = fpw
authorized_keys = self.tmp_path('authorized_keys')
util.write_file(authorized_keys, VALID_CONTENT['rsa'])
user_keys = self.tmp_path('user_keys')
util.write_file(user_keys, VALID_CONTENT['dsa'])
sshd_config = self.tmp_path('sshd_config')
util.write_file(
sshd_config,
"AuthorizedKeysFile %s %s" % (user_keys, authorized_keys))
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
fpw.pw_name, sshd_config)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
self.assertEqual(user_keys, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
self.assertTrue(VALID_CONTENT['dsa'] in content)
def test_new_invalid_keys_are_ignored(self):
"""new entries that are invalid should be skipped."""
orig_entries = [
" ".join(("rsa", VALID_CONTENT["rsa"], "orig_comment1")),
" ".join(("dsa", VALID_CONTENT["dsa"], "orig_comment2")),
]
new_entries = [
" ".join(("rsa", VALID_CONTENT["rsa"], "new_comment1")),
"xxx-invalid-thing1",
"xxx-invalid-blob2",
]
expected = "\n".join([new_entries[0], orig_entries[1]]) + "\n"
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries],
)
self.assertEqual(expected, found)
