def test_no_keys_for_unauthorized_user(self):
"""
If the user is not in the user database provided to
L{UNIXAuthorizedKeysFiles}, an empty iterator is returned
by L{UNIXAuthorizedKeysFiles.getAuthorizedKeys}
"""
keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x)
self.assertEqual([], list(keydb.getAuthorizedKeys('bob')))
def test_no_keys_for_unauthorized_user(self):
"""
If the user is not in the user database provided to
L{UNIXAuthorizedKeysFiles}, an empty iterator is returned
by L{UNIXAuthorizedKeysFiles.getAuthorizedKeys}
"""
keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x)
self.assertEqual([], list(keydb.getAuthorizedKeys('bob')))
def test_ignores_nonexistant_file(self):
"""
L{AuthorizedKeysFilesMapping.getAuthorizedKeys} returns only the
keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if
they exist
"""
keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x)
self.assertEqual(['key 1', 'key 2'],
list(keydb.getAuthorizedKeys('alice')))
def test_ignores_nonexistant_file(self):
"""
L{AuthorizedKeysFilesMapping.getAuthorizedKeys} returns only the
keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if
they exist
"""
keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x)
self.assertEqual(['key 1', 'key 2'],
list(keydb.getAuthorizedKeys('alice')))
def test_ignores_unreadable_file(self):
"""
L{AuthorizedKeysFilesMapping.getAuthorizedKeys} returns only the
keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if
they are readable
"""
self.sshDir.child('authorized_keys2').makedirs()
keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x,
runas=None)
self.assertEqual(['key 1', 'key 2'],
list(keydb.getAuthorizedKeys('alice')))
def test_all_keys_in_all_authorized_files_for_authorized_user(self):
"""
If the user is in the user database provided to
L{UNIXAuthorizedKeysFiles}, an iterator with all the keys in
C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned
by L{UNIXAuthorizedKeysFiles.getAuthorizedKeys}
"""
self.sshDir.child('authorized_keys2').setContent('key 3')
keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x)
self.assertEqual(['key 1', 'key 2', 'key 3'],
list(keydb.getAuthorizedKeys('alice')))
def test_all_keys_in_all_authorized_files_for_authorized_user(self):
"""
If the user is in the user database provided to
L{UNIXAuthorizedKeysFiles}, an iterator with all the keys in
C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned
by L{UNIXAuthorizedKeysFiles.getAuthorizedKeys}
"""
self.sshDir.child('authorized_keys2').setContent('key 3')
keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x)
self.assertEqual(['key 1', 'key 2', 'key 3'],
list(keydb.getAuthorizedKeys('alice')))
def test_ignores_unreadable_file(self):
"""
L{AuthorizedKeysFilesMapping.getAuthorizedKeys} returns only the
keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if
they are readable
"""
self.sshDir.child('authorized_keys2').makedirs()
keydb = UNIXAuthorizedKeysFiles(self.userdb,
parsekey=lambda x: x,
runas=None)
self.assertEqual(['key 1', 'key 2'],
list(keydb.getAuthorizedKeys('alice')))
def test_opens_unreadable_file_as_user_given_runas(self):
"""
L{AuthorizedKeysFilesMapping.getAuthorizedKeys}, if unable to read
an C{authorized_keys} file, will attempt to open it as the user
"""
self.sshDir.child('authorized_keys2').makedirs()
def runas(uid, gid, callable):
self.assertEqual((1, 2), (uid, gid))
return StringIO('key 3')
keydb = UNIXAuthorizedKeysFiles(self.userdb, parsekey=lambda x: x,
runas=runas)
self.assertEqual(['key 1', 'key 2', 'key 3'],
list(keydb.getAuthorizedKeys('alice')))
def test_opens_unreadable_file_as_user_given_runas(self):
"""
L{AuthorizedKeysFilesMapping.getAuthorizedKeys}, if unable to read
an C{authorized_keys} file, will attempt to open it as the user
"""
self.sshDir.child('authorized_keys2').makedirs()
def runas(uid, gid, callable):
self.assertEqual((1, 2), (uid, gid))
return StringIO('key 3')
keydb = UNIXAuthorizedKeysFiles(self.userdb,
parsekey=lambda x: x,
runas=runas)
self.assertEqual(['key 1', 'key 2', 'key 3'],
list(keydb.getAuthorizedKeys('alice')))
def makeService(self, options):
"""
Construct a TCPServer from a factory defined in myproject.
"""
_portal = portal.Portal(
essftp.EssFTPRealm(essftp.FilePath(options['root']).path),
options.get('credCheckers',
[SSHPublicKeyChecker(UNIXAuthorizedKeysFiles())]))
if options['keyDirectory']:
factory = OpenSSHFactory()
factory.portal = _portal
factory.dataRoot = options['keyDirectory']
factory.moduliRoot = options['moduli']
else:
factory = ConchFactory(_portal)
return internet.TCPServer(int(options["port"]), factory)
def test_implements_interface(self):
"""
L{AuthorizedKeysFilesMapping} implements L{IAuthorizedKeysDB}
"""
keydb = UNIXAuthorizedKeysFiles(self.userdb)
verifyObject(IAuthorizedKeysDB, keydb)
