ϪfyXUdZddlZddlmZddlmZddlmZddlm Z e e e d< ddl Z dZ dd lmZdd lmZdd lmZmZmZmZdd lmZmZdd lmZddlmZddlm Z m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'ddl(m)Z)e%drdZ*ddl+m,Z,ddl-m.Z.m/Z/ddl0m1Z1ddl2m3Z3ndZ*e4edddZ5ndZ5Gdde)Z6Gdde)Z7Gd d!e)Z8Gd"d#e)Z9Gd$d%e)Z:Gd&d'e)Z;Gd(d)e)Z<ed*d+gZ=Gd,d-e>Z?Gd.d/e)Z@y#e$rdZ YwxYw)0z& Tests for L{twisted.conch.checkers}. N) encodebytes) namedtuple)BytesIO)Optional cryptSkipzcannot run without crypt module) verifyObject)'InMemoryUsernamePasswordDatabaseDontUse)ISSHPrivateKeyIUsernamePassword SSHPrivateKeyUsernamePassword)UnauthorizedLoginUnhandledCredentials)Deferred)util)ShadowDatabase UserDatabase)FilePath) requireModule)MockOS)TestCase cryptography)checkers)NotEnoughAuthenticationValidPublicKey)keys)keydatazcan't run without cryptographygeteuidz0Cannot run without effective UIDs (questionable)cLeZdZdZexseZdZdZdZ dZ dZ dZ dZ d Zy ) HelperTestszl Tests for helper functions L{verifyCryptedPassword}, L{_pwdGetByName} and L{_shadowGetByName}. c"t|_yN)rmockosselfs B/usr/lib/python3/dist-packages/twisted/conch/test/test_checkers.pysetUpzHelperTests.setUp@s h cd}d}tj||}|jtj||dj ||y)z L{verifyCryptedPassword} returns C{True} if the plaintext password passed to it matches the encrypted password passed to it. secret stringsaltyz5{!r} supposed to be valid encrypted password for {!r}Ncrypt assertTruerverifyCryptedPasswordformatr%passwordsaltcrypteds r&test_verifyCryptedPasswordz&HelperTests.test_verifyCryptedPasswordCsM #++h-   * *7H = C J J  r(cd}d}tj||}|jtj||dj ||y)z L{verifyCryptedPassword} returns True if the provided cleartext password matches the provided MD5 password hash. r2z$1$saltz3{!r} supposed to be valid encrypted password for {}Nr,r1s r&test_verifyCryptedPasswordMD5z)HelperTests.test_verifyCryptedPasswordMD5RsM ++h-   * *7H = A H H  r(cd}d}tj||}|jtj||dj ||y)z L{verifyCryptedPassword} returns C{False} if the plaintext password passed to it does not match the encrypted password passed to it. z string secretr*z7{!r} not supposed to be valid encrypted password for {}N)r- assertFalserr/r0)r%r2wrongr4s r&test_refuteCryptedPasswordz&HelperTests.test_refuteCryptedPasswordasO #++h1   * *7E : E L L  r(c t}|jddddddd|jtd||j tj d|j dy ) z L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. alicesecrit first last/foo/bin/shpwdN)raddUserpatchr assertEqual _pwdGetByNamegetpwnamr%userdbs r&test_pwdGetByNamezHelperTests.test_pwdGetByNamepsW w!Q fiP 8UF+ //8&//':RSr(cz|jtdd|jtjdy)zW If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}. rDNr=)rFr assertIsNonerHr$s r&test_pwdGetByNameWithoutPwdz'HelperTests.test_pwdGetByNameWithoutPwdzs- 8UD) (009:r(c t}|jddddddddd |jtd |d |j_d |j_|jtd |j|jtjd|jd|j|jjdd g|j|jjdd gy)z L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow database if the L{spwd} is present. bob passphraser?r@spwd) osrN) rrErFrr#euidegidrrG_shadowGetByNamegetspnam seteuidCalls setegidCallsrJs r&test_shadowGetByNamez HelperTests.test_shadowGetByNames  !ulAq!Q1a@ 8VV,   4t{{+ 22596??5;QR 11At9= 11At9=r(c|jtdd|jtjd|j |j j g|j |j jgy)zP L{_shadowGetByName} returns L{None} if C{spwd} is not present. rXNrQ)rFrrNr^rGr#r`rar$s r&test_shadowGetByNameWithoutSpwdz+HelperTests.test_shadowGetByNameWithoutSpwdsa 8VT* (33E:; 1126 1126r(N)__name__ __module__ __qualname____doc__rdependencySkipskipr'r5r7r;rLrOrbrdr(r&r r 8s<  &D      T;>"7r(r c`eZdZdZexseZddZdZdZ dZ dZ dZ d Z d Zd Zd Zd Zy)SSHPublicKeyDatabaseTestsz, Tests for L{SSHPublicKeyDatabase}. Nc tj|_td|_td|_d|jzdz|j zdz|_t|_|jtd|jt|j|_ t|jjtsJ|jj!d|_|j"j%t'}|j)dd d d d |jjd ||j_y)Nfoobareggspamst1 s foo t2 s egg r[.sshuserr2r?r@rA /bin/shell)rSSHPublicKeyDatabasecheckerrkey1key2contentrr#rFrrmktemppath isinstancestrchildsshDirmakedirsrrE_userdbrJs r&r'zSSHPublicKeyDatabaseTests.setUps446  *  +  )L8499DyP h  4t{{+T[[]+ $))..#...iioof-      IINN   & r(c|j|jg}|j|ddt|j|ddd|jt |dy)zJ L{SSHPublicKeyDatabase} is deprecated as of version 15.0 )offendingFunctionsrcategorymessageztwisted.conch.checkers.SSHPublicKeyDatabase was deprecated in Twisted 15.0.0: Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.r?N) flushWarningsr'rGDeprecationWarninglen)r% warningsShowns r&test_deprecatedz)SSHPublicKeyDatabaseTests.test_deprecatedsp**tzzl*K  q)*57IJ  ! Y ' F  ]+Q/r(c|jj|j|jt dd}d|_|j |jj|d|_|j |jj|d|_|j|jj|y)Nuserpasswordrorps notallowed) r~r} setContentrxr blobr.rucheckKeyr9)r%filenamerrs r& _testCheckKeyz'SSHPublicKeyDatabaseTests._testCheckKeys (#..t||<5   --d34   --d34!  ..t45r(c|jd|j|jjg|j|jjgy)z L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys file and check the keys against that file. authorized_keysNrrGr#r`rar$s r& test_checkKeyz'SSHPublicKeyDatabaseTests.test_checkKeysG ,- 1126 1126r(c|jd|j|jjg|j|jjgy)z L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys2 file and check the keys against that file. authorized_keys2Nrr$s r&test_checkKey2z(SSHPublicKeyDatabaseTests.test_checkKey2sG -. 1126 1126r(c|jjdj|jj d|j jd|j jfd}d|j _d|j _ |j|j d||jtd|j td d }d |_ |j|jj!||j#|j j$gd |j#|j j&d dgy)z If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. rrc6jd|S)Nr)chmod)r\keyFile savedSeteuids r&seteuidz>SSHPublicKeyDatabaseTests.test_checkKeyAsRoot..seteuids MM% % %r(rYrZrr[rrro)rr?rrYr@N)r~r}rrxr addCleanupr#rr\r]rFrr rr.rurrGr`ra)r%rrrrrs @@r&test_checkKeyAsRootz-SSHPublicKeyDatabaseTests.test_checkKeyAsRoots ++##$564<<( e  u-{{**  &    4;; 73 4t{{+5   --d34 11?C 11At9=r(c Td}jjd|tddtjdt j jtjjd}jj|}fd}|j|S)z L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id passed in if its C{_checkKey} method returns True. cyNTrkignoreds r& _checkKeyzASSHPublicKeyDatabaseTests.test_requestAvatarId.._checkKey r(rtestssh-rsafooc*j|dyNrrGavatarIdr%s r&_verifyz?SSHPublicKeyDatabaseTests.test_requestAvatarId.._verify   Xw /r() rFrur rpublicRSA_opensshrKey fromStringprivateRSA_opensshsignrequestAvatarId addCallback)r%r credentialsdrs` r&test_requestAvatarIdz.SSHPublicKeyDatabaseTests.test_requestAvatarIds   4<<Y7#    % %  HH   : : ; @ @ H   LL ( ( 5 0}}W%%r(cd}|j|jd|tddtjdd}|jj |}|j |tS)a( L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey} if the credentials represent a valid key without a signature. This tells the user that the key is valid for login, but does not actually allow that user to do so without a signature. cyrrkrs r&rzQSSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignature.._checkKey%rr(rrrN)rFrur rrr assertFailurerr%rrrs r&$test_requestAvatarIdWithoutSignaturez>SSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignaturesa  4<<Y7# Z!:!:D$  LL ( ( 5!!!^44r(cd}|j|jd||jjd}|j|tS)z If L{SSHPublicKeyDatabase.checkKey} returns False, C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}. cyNFrkrs r&rzKSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey.._checkKey5r(rN)rFrurrr)r%rrs r&test_requestAvatarIdInvalidKeyz8SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey/sE   4<<Y7 LL ( ( .!!!%677r(c Rd}|j|jd|tddtjdt j jtjjd}|jj|}|j|tS)z Valid keys with invalid signatures should cause L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin} failure cyrrkrs r&rzQSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature.._checkKeyCrr(rrrr) rFrur rrrrrprivateDSA_opensshrrrrrs r&$test_requestAvatarIdInvalidSignaturez>SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature<s  4<<Y7#    % %  HH   : : ; @ @ H   LL ( ( 5!!!%677r(cd}jjd|tddddd}jj|}fd}|j |j |t S) z~ Exceptions raised while verifying the key should be normalized into an C{UnauthorizedLogin} failure. cyrrkrs r&rzSSSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._checkKeyWrr(rrNsblobssigDatassigc|jtj}jt |d|S)Nr?)flushLoggedErrorsr BadKeyErrorrGr)failureerrorsr%s r&_verifyLoggedExceptionz`SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._verifyLoggedException^s2++D,<,<=F   S[! ,Nr()rFrur r addErrbackrr)r%rrrrs` r&&test_requestAvatarIdNormalizeExceptionz@SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeExceptionQsl   4<<Y7#GT7JO LL ( ( 5  +,!!!%677r(returnN)rerfrgrheuidSkiprirjr'rrrrrrrrrrrkr(r&rmrmsJ  %~D&40 677>6&05$ 88*8r(rmc8eZdZdZeZdZdZdZdZ dZ dZ y) SSHProtocolCheckerTestsz* Tests for L{SSHProtocolChecker}. cNtj}|j|jg|j tj |j|jt g|j|jt tj y)z L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. N)rSSHProtocolCheckerrGcredentialInterfacesregisterCheckerrtr assertIsInstancer%rus r&test_registerCheckerz,SSHProtocolCheckerTests.test_registerCheckerns --/ 55r:  ) ) +  557GH    ^ ,h.K.K r(cXtj}|j|jg|j tj t |j|jt g|j|jt tj y)z If a specific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. N)rrrGrrrtr rrs r&!test_registerCheckerWithInterfacez9SSHProtocolCheckerTests.test_registerCheckerWithInterface}s--/ 55r: = = ?ARS 558I7JK    . /1N1N r(ctj}t}|jdd|j ||j t dd}fd}|j|S)z L{SSHProtocolChecker.requestAvatarId} should defer to one if its registered checkers to authenticate a user. rc*j|dyrrrs r& _callbackz?SSHProtocolCheckerTests.test_requestAvatarId.._callbackrr()rrr rErrr r)r%rupasswordDatabaserrs` r&rz,SSHProtocolCheckerTests.test_requestAvatarIdsi --/BD  '2 01  # #$4Wg$F G 0}}Y''r(ctj}d}|j|d|t}|j dd|j ||j tdd}|j|tS)z If the client indicates that it is never satisfied, by always returning False from _areDone, then L{SSHProtocolChecker} should raise L{NotEnoughAuthentication}. cyrrk)rs r&_areDonezYSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentication.._areDonerr(areDoner) rrrFr rErrr rr)r%rurrrs r&/test_requestAvatarIdWithNotEnoughAuthenticationzGSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentications} --/  7Ix0BD  '2 01  # #$4Wg$F G!!!%<==r(ctj}|jtdd}|j |t S)z If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. r)rrrr rr)r%rurs r&%test_requestAvatarIdInvalidCredentialz=SSHProtocolCheckerTests.test_requestAvatarIdInvalidCredentials> --/  # #$4Wg$F G!!!%9::r(ch|jtjjdy)zV The default L{SSHProcotolChecker.areDone} should simply return True. N)r.rrrr$s r& test_areDonez$SSHProtocolCheckerTests.test_areDones$ 335==dCDr(N) rerfrgrhrirjrrrrrrrkr(r&rrgs- D    ( >&;Er(rcfeZdZdZexseZdeededdfdZ dZ dZ d Z d Z d Zd Zd ZdZy)UNIXPasswordDatabaseTestsz, Tests for L{UNIXPasswordDatabase}. rusernamerNcF|j|j||y)z Assert that the L{Deferred} passed in is called back with the value 'username'. This represents a valid login for this TestCase. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. N)rGsuccessResultOf)r%rrs r&assertLoggedInz(UNIXPasswordDatabaseTests.assertLoggedIns --a0(;r(c tj}d}t}|jd|ddddddd|jd d ddd d dt }|jdd ddddddd |jd |d dddddddd |j td||j td|t }|j td|d|_d|_ tdd }|j|j|d|j|jg|j|jgd!|_|j|j|d!|j|jd"dg|j|jd"dgy#)$z L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. cdtj||}tj|d|z}|S)Nz$1$)r-)rr2r3r4s r&r4z?UNIXPasswordDatabaseTests.test_defaultCheckers..crypteds+;;x2Dkk(EDL9GNr(r=r2r?r@foorBrCrQxbar/barr:rSrTrUrVrW rDrXr[rYrZalicerbobrN)rUNIXPasswordDatabaserrErrFrrr\r]r rrrGr`rar)r%rur4rDrXr#creds r&test_defaultCheckersz.UNIXPasswordDatabaseTests.test_defaultCheckerss //1  n WWj11a   E31eVY? Wgq!Q1a; UGE:61b"b"bQ 8UC( 8VT* 4v&  +6 G33D98D ,,b1 ,,b1  G33D96B ,,q$i8 ,,q$i8r(cD|j|tjy)a Asserts that the L{Deferred} passed in is erred back with an L{UnauthorizedLogin} L{Failure}. This reprsents an invalid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{None} N)failureResultOfrrr%rs r&assertUnauthorizedLoginz1UNIXPasswordDatabaseTests.assertUnauthorizedLogins Q : :;r(c tjdd}t}|jd|dddddtj|j g}|j |jtdd dy ) zo L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. secretanybodyr?r@rrrCsanybodyssecretN) r-rrErrrIrrr )r%r2rKrus r&test_passInCheckersz-UNIXPasswordDatabaseTests.test_passInCheckerssp ;;x2y(Aq%K//0AB   # #$4Z$K Lj r(cd}d}|jtd|tj|g}tdd}|j |j |dy)z If the encrypted password provided by the getpwnam function is valid (verified by the L{verifyCryptedPassword} function), we callback the C{requestAvatarId} L{Deferred} with the username. c ||k(Sr"rkr4pws r&r/zLUNIXPasswordDatabaseTests.test_verifyPassword..verifyCryptedPassword b= r(c ||gSr"rkrs r&rIz?UNIXPasswordDatabaseTests.test_verifyPassword..getpwnams h' 'r(r/usernameNrFrrr rrr%r/rIru credentials r&test_verifyPasswordz-UNIXPasswordDatabaseTests.test_verifyPasswordsY ! ( 846KL// ;%k;?  G33J?Mr(cd}tj|g}tdd}|j|j |y)z} If the getpwnam function raises a KeyError, the login fails with an L{UnauthorizedLogin} exception. ct|r")KeyErrorrs r&rIz?UNIXPasswordDatabaseTests.test_failOnKeyError..getpwnam+s 8$ $r(rrN)rrr r r)r%rIrurs r&test_failOnKeyErrorz-UNIXPasswordDatabaseTests.test_failOnKeyError%s@  %// ;%k;?  $$W%<%.verifyCryptedPassword8rr(c |dgS)Nrrkrs r&rIzBUNIXPasswordDatabaseTests.test_failOnBadPassword..getpwnam;s k* *r(r/rrN)rFrrr r rrs r&test_failOnBadPasswordz0UNIXPasswordDatabaseTests.test_failOnBadPassword2sW   + 846KL// ;%k;?  $$W%<%.verifyCryptedPasswordKrr(c |dgS)Nznot the passwordrkrs r& getpwnam1zFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam1Ns01 1r(c |dgS)Nr2rkrs r& getpwnam2zFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam2Qs j) )r(r/rrNr)r%r/r'r)rurs r&test_loopThroughFunctionsz3UNIXPasswordDatabaseTests.test_loopThroughFunctionsCsa ! 2 * 846KL//I0FG%k;?  G33J?Mr(c  t}|jddddddd|jddddddd|jd d ddddd|jtd |tjtj g}t d d }|j|j|t dd}|j|j|t dd}|j|j|y)z If the password returned by any function is C{""}, C{"x"}, or C{"*"} it is not compared against the supplied password. Instead it is skipped. r=r?r@rrrQrcarol*rDrr(rxscarol*N) rrErFrrrHr r r)r%rDrurs r&test_failOnSpecialz,UNIXPasswordDatabaseTests.test_failOnSpecialYs n GRAr5%8 E31b%7 GS!QE59 8UC(//1G1G0HI#. $$W%<%zCAuthorizedKeyFileReaderTests.test_ignoresComments..s1r(s this is notsand this is notNrrreadAuthorizedKeyFilerGlistr%fileobjresults r&test_ignoresCommentsz1AuthorizedKeyFileReaderTests.test_ignoresCommentsvsA    //E .*<=tF|Lr(ctd}tj|d}|jdgt |y)zw L{checkers.readAuthorizedKeyFile} ignores leading whitespace in lines, as well as empty lines sg # ignore not ignored c|Sr"rkr7s r&r8zYAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLines..sAr(parseKeys not ignoredNr9r<s r&*test_ignoresLeadingWhitespaceAndEmptyLineszGAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLiness>    //+N .)4<8r(cd}td}tj||}|jdgt |y)z L{checkers.readAuthorizedKeyFile} does not raise an exception when a key fails to parse (raises a L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going cR|jdrtjd|S)Nfzfailed to parse) startswithrr)lines r& failOnSomezKAuthorizedKeyFileReaderTests.test_ignoresUnparsableKeys..failOnSomes%t$&&'899Kr(sfailed key good keyrBsgood keyNr9)r%rJr=r>s r&test_ignoresUnparsableKeysz7AuthorizedKeyFileReaderTests.test_ignoresUnparsableKeyss<  12//*M +V 5r(N) rerfrgrhrirjr?rDrKrkr(r&r4r4os D M 96r(r4c&eZdZdZeZdZdZdZy)InMemorySSHKeyDBTestsz0 Tests for L{checkers.InMemorySSHKeyDB} chtjddgi}ttj|y)z_ L{checkers.InMemorySSHKeyDB} implements L{checkers.IAuthorizedKeysDB} rskeyN)rInMemorySSHKeyDBrIAuthorizedKeysDBr%keydbs r&test_implementsInterfacez.InMemorySSHKeyDBTests.test_implementsInterfaces+ ))8fX*>?X//7r(ctjddgi}|jgt|j dy)z If the user is not in the mapping provided to L{checkers.InMemorySSHKeyDB}, an empty iterator is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rskeysrNrrOrGr;getAuthorizedKeysrQs r&test_noKeysForUnauthorizedUserz4InMemorySSHKeyDBTests.test_noKeysForUnauthorizedUsers; ))8gY*?@ T%"9"9&"ABCr(ctjdddgi}|jddgt|j dy)z If the user is in the mapping provided to L{checkers.InMemorySSHKeyDB}, an iterator with all the keys is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rabNrUrQs r&test_allKeysForAuthorizedUserz3InMemorySSHKeyDBTests.test_allKeysForAuthorizedUsersA ))8dD\*BC $tE,C,CH,M'NOr(N) rerfrgrhrirjrSrWr[rkr(r&rMrMs D8DPr(rMc:eZdZdZeZd dZdZdZdZ dZ dZ y) UNIXAuthorizedKeysFilesTestsz8 Tests for L{checkers.UNIXAuthorizedKeysFiles}. Nc &t|j|_t|jjtsJ|jj t |_|jjddddd|jjd|jjd|_ |jj |jjd}|jd d d g|_ y) Nr=r2r?r@zalice lastnamersrqrs key 1 key 2skey 1skey 2) rryrzr{r|rrrKrEr}r~r expectedKeys)r%authorizedKeyss r&r'z"UNIXAuthorizedKeysFilesTests.setUpsT[[]+ $))..#... "n      IINN  iioof-  **+<=!!/2%x0r(cvtj|j}ttj|y)zg L{checkers.UNIXAuthorizedKeysFiles} implements L{checkers.IAuthorizedKeysDB}. N)rUNIXAuthorizedKeysFilesrKrrPrQs r&rSz5UNIXAuthorizedKeysFilesTests.test_implementsInterfaces( 00=X//7r(ctj|jd}|jgt |j dy)z If the user is not in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. c|Sr"rkr7s r&r8zMUNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUser..QRr(rBrN)rrbrKrGr;rVrQs r&rWz;UNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUsers: 00{S T%"9"9&"ABCr(c |jjdjdtj|j d}|j |jdgzt|jdy)a If the user is in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. rskey 3c|Sr"rkr7s r&r8z`UNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUser..rer(rBrN) r~r}rrrbrKrGr_r;rVrQs r&1test_allKeysInAllAuthorizedFilesForAuthorizedUserzNUNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUsersh ,-88B00{S     *D1H1H1R,S r(ctj|jd}|j|jt |j dy)z L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist. c|Sr"rkr7s r&r8zJUNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFile..rer(rBrN)rrbrKrGr_r;rVrQs r&test_ignoresNonexistantFilez8UNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFiles@ 00{S **D1H1H1R,STr(c|jjdjtj|j d}|j |jt|jdy)z L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable. rc|Sr"rkr7s r&r8zIUNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile..rer(rBrN) r~r}rrrbrKrGr_r;rVrQs r&test_ignoresUnreadableFilez7UNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile s\ ,-66800{S **D1H1H1R,STr(r) rerfrgrhrirjr'rSrWrhrkrnrkr(r&r]r]s/ D1.8D  UUr(r]_KeyDBrVceZdZdZy)_DummyExceptionz0 Fake exception to be used for testing. N)rerfrgrhrkr(r&rqrqs  r(rqc>eZdZdZeZdZdZdZdZ dZ dZ dZ y ) SSHPublicKeyCheckerTestsz4 Tests for L{checkers.SSHPublicKeyChecker}. c &tddtjdtjj tj jd|_td|_ tj|j|_ y)Nrrrc^tjjtjgSr")rrrrr)_s r&r8z0SSHPublicKeyCheckerTests.setUp../stxx':':7;T;T'U&Vr()r rrrrrrrrrorRrSSHPublicKeyCheckerrur$s r&r'zSSHPublicKeyCheckerTests.setUp'si(    % %  HH   : : ; @ @ H  VW 33DJJ? r(cd|j_|j|jj |jt y)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that do not have a signature fails with L{ValidPublicKey}. N)r signaturer rurrr$s r& test_credentialsWithoutSignaturez9SSHPublicKeyCheckerTests.test_credentialsWithoutSignature2s: &*"  LL ( ()9)9 :N r(cd|j_|j|jj |jt j y)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that have a bad key fails with L{keys.BadKeyError}. r(N)rrr rurrrr$s r&test_credentialsWithBadKeyz3SSHPublicKeyCheckerTests.test_credentialsWithBadKey<s@ !$  LL ( ()9)9 :D.failfs !# #r(verifyN) rFrrr rurrrrrq)r%rs r&test_failureVerifyingKeyz1SSHPublicKeyCheckerTests.test_failureVerifyingKey_sV $ 488Xt,  LL ( ()9)9 :rsF  " C=I.I G+?,0,+ N&K&*5N 2y$+HAHb7(b7JG8G8TUEhUEpmDmD`16816hPHPDMU8MU` H23 4 i V