mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-04 23:45:34 +00:00
5a44f9f5b5
While we rearrange/upstream things.
gliderlabs/ssh is forked into tempfork from our prior fork
at be8b7add40
x/crypto/ssh OTOH is forked at
https://github.com/tailscale/golang-x-crypto because it was gnarlier
to vendor with various internal packages, etc.
Its git history shows where it starts (2c7772ba30643b7a2026cbea938420dce7c6384d).
Updates #3802
Change-Id: I546e5cdf831cfc030a6c42557c0ad2c58766c65f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
113 lines
2.5 KiB
Go
113 lines
2.5 KiB
Go
//go:build glidertests
|
|
// +build glidertests
|
|
|
|
package ssh
|
|
|
|
import (
|
|
"net"
|
|
"strings"
|
|
"sync/atomic"
|
|
"testing"
|
|
|
|
gossh "github.com/tailscale/golang-x-crypto/ssh"
|
|
)
|
|
|
|
func newTestSessionWithOptions(t *testing.T, srv *Server, cfg *gossh.ClientConfig, options ...Option) (*gossh.Session, *gossh.Client, func()) {
|
|
for _, option := range options {
|
|
if err := srv.SetOption(option); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
return newTestSession(t, srv, cfg)
|
|
}
|
|
|
|
func TestPasswordAuth(t *testing.T) {
|
|
t.Parallel()
|
|
testUser := "testuser"
|
|
testPass := "testpass"
|
|
session, _, cleanup := newTestSessionWithOptions(t, &Server{
|
|
Handler: func(s Session) {
|
|
// noop
|
|
},
|
|
}, &gossh.ClientConfig{
|
|
User: testUser,
|
|
Auth: []gossh.AuthMethod{
|
|
gossh.Password(testPass),
|
|
},
|
|
HostKeyCallback: gossh.InsecureIgnoreHostKey(),
|
|
}, PasswordAuth(func(ctx Context, password string) bool {
|
|
if ctx.User() != testUser {
|
|
t.Fatalf("user = %#v; want %#v", ctx.User(), testUser)
|
|
}
|
|
if password != testPass {
|
|
t.Fatalf("user = %#v; want %#v", password, testPass)
|
|
}
|
|
return true
|
|
}))
|
|
defer cleanup()
|
|
if err := session.Run(""); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestPasswordAuthBadPass(t *testing.T) {
|
|
t.Parallel()
|
|
l := newLocalListener()
|
|
srv := &Server{Handler: func(s Session) {}}
|
|
srv.SetOption(PasswordAuth(func(ctx Context, password string) bool {
|
|
return false
|
|
}))
|
|
go srv.serveOnce(l)
|
|
_, err := gossh.Dial("tcp", l.Addr().String(), &gossh.ClientConfig{
|
|
User: "testuser",
|
|
Auth: []gossh.AuthMethod{
|
|
gossh.Password("testpass"),
|
|
},
|
|
HostKeyCallback: gossh.InsecureIgnoreHostKey(),
|
|
})
|
|
if err != nil {
|
|
if !strings.Contains(err.Error(), "unable to authenticate") {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
}
|
|
|
|
type wrappedConn struct {
|
|
net.Conn
|
|
written int32
|
|
}
|
|
|
|
func (c *wrappedConn) Write(p []byte) (n int, err error) {
|
|
n, err = c.Conn.Write(p)
|
|
atomic.AddInt32(&(c.written), int32(n))
|
|
return
|
|
}
|
|
|
|
func TestConnWrapping(t *testing.T) {
|
|
t.Parallel()
|
|
var wrapped *wrappedConn
|
|
session, _, cleanup := newTestSessionWithOptions(t, &Server{
|
|
Handler: func(s Session) {
|
|
// nothing
|
|
},
|
|
}, &gossh.ClientConfig{
|
|
User: "testuser",
|
|
Auth: []gossh.AuthMethod{
|
|
gossh.Password("testpass"),
|
|
},
|
|
HostKeyCallback: gossh.InsecureIgnoreHostKey(),
|
|
}, PasswordAuth(func(ctx Context, password string) bool {
|
|
return true
|
|
}), WrapConn(func(ctx Context, conn net.Conn) net.Conn {
|
|
wrapped = &wrappedConn{conn, 0}
|
|
return wrapped
|
|
}))
|
|
defer cleanup()
|
|
if err := session.Shell(); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if atomic.LoadInt32(&(wrapped.written)) == 0 {
|
|
t.Fatal("wrapped conn not written to")
|
|
}
|
|
}
|